WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2001 >> [2001] EPICAlert 9

Database Search | Name Search | Recent Alerts | Noteup | LawCite | Help

EPIC Alert 8.09 [2001] EPICAlert 9 (17 May 2001)


 


EPIC ALERT




Volume 8.09 May 17, 2001

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_8.09.html

Table of Contents



[1] European Union Considering Data Retention Requirements
[2] WA State Court Finds Compelling Interest in Protecting SSNs
[3] Court Decisions Uphold Financial Privacy Protections
[4] "Cyber Security" FOIA Exemption Likely to Resurface
[5] House Hearing Examines Public Perceptions of Privacy
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Filters & Freedom 2.0
[8] Upcoming Conferences and Events


[1] European Union Considering Data Retention Requirements


A new report by Statewatch, a London-based civil liberties researchgroup, says that the Council of the European Union is preparing toback police agency proposals to require the retention of all telephonecalls, e-mails, faxes, and Internet activity for up to seven years.
The proposal seeks a review of existing EU laws on data protection andprivacy to meet the demands of law enforcement agencies for access toall telecommunications content and traffic data. The report is basedupon documents obtained by Statewatch reflecting the deliberations ofthe Council's Working Party on Police Cooperation.

A November 2000 memorandum from the Working Party states, "It isimpossible for investigation services to know in advance which trafficdata will prove useful in a criminal investigation. The onlyeffective national legislative measure would therefore be to prohibitthe erasure or anonymity of traffic data." Existing EU legislationrequires police agencies to obtain permission each time they seek tointercept electronic communications or search for evidence duringinvestigations. The existing laws also restrict the length of timethat service providers can keep data before it must be destroyed.

Previous efforts to grant sweeping investigative powers to Europeanlaw enforcement agencies have been defeated due to objections from theEU Data Protection Commissioners and public opposition. Early draftsof the Council of Europe's Cybercrime Convention included dataretention requirements that have been scaled back in more recentdrafts (see EPIC Alert 8.06). The European Commission's Justice andHome Affairs Council is scheduled to debate the most recent dataretention proposal on May 28.

The European Commission has recently published a new guide entitled"Data Protection in the European Union." Among other principles, theguide notes that, under the EU Data Directive, "data that identifiesindividuals must not be kept longer than necessary."

The Statewatch report on surveillance of telecommunications in Europeis available at:

http://www.statewatch.org/soseurope.htm
The guide, "Data Protection in the European Union," is available at:

http://www.europa.eu.int/comm/internal_market/en/media/dataprot/
news/guide_en.pdf


[2] WA State Court Finds Compelling Interest in Protecting SSNs


A Washington State Court has found a compelling interest in protectingSocial Security numbers (SSNs) from public dissemination, and hasordered a website operator to remove lawfully obtained SSNs from anInternet site. In City of Kirkland v. Sheehan, a website operatorposted police officers' personal information on Justicefiles.org, anInternet site critical of law enforcement. The personal informationincluded names, addresses, phone numbers, and Social Security numbers.
The court found that the site operator posted the information "tocause at least some degree of fear and apprehension in the minds oflaw enforcement personnel." The website operator promised to removethe personal information if the officers' departments would adoptcivilian police oversight boards.

The City of Kirkland brought suit to enjoin the website operator fromposting the officers' personal information, alleging that the activityinvaded the officers' privacy interests. The web site operatorclaimed a First Amendment right to post the personal information,
which apparently had been culled from public records.

The King County Superior Court allowed the website operator tocontinue posting the names, addresses, and other information relatingto the police officers. The court held that the First Amendmentprotected the publication of lawfully obtained personal informationfor political purposes, absent a credible specific threat of harm.

However, the court enjoined the site operator from publishing theofficers' Social Security numbers. The court reasoned that SSNs,
unlike names and addresses, do not "facilitate or promote substantivecommunication." Further, access to Social Security numbers allowsothers to "obtain access to and to control, manipulate or alter otherpersonal information." Accordingly, the court held that thegovernment has a compelling interest in preventing the disseminationof SSNs that overrides the operator's right to publish.

The decision in City of Kirkland v. Sheehan is available at:

http://www.politechbot.com/docs/justicefiles.opinion.051001.html


[3] Court Decisions Uphold Financial Privacy Protections


In a significant blow to the information selling industry, U.S.
District Court Judge Ellen Huvelle on April 30 issued a decisionupholding regulations restricting the sale of personal information bycredit reporting agencies and information brokers.

The case arose after the FTC and five other regulatory agencies,
following the directive of the Gramm-Leach-Bliley Act (GLB),
promulgated regulations to restrict the distribution of "creditheaders" -- the information such as name, address, and Social Securitynumber that appears at the top of a credit report. The FTC found thatsuch protections are required because this data is often used byfinancial institutions when providing or offering financial productsto consumers. Therefore, following the regulations, credit reportingagencies and credit bureaus that compile databases on consumers arerequired to provide notice and opt-out before purchasing or sellingthis information.

Information brokers, represented by plaintiffs Trans Union andIndividual References Services Group (IRSG), challenged theregulations as outside the scope of the agencies' rulemakingauthority and unconstitutional. Judge Huvelle followed precedent ofadministrative law by deferring to the agencies' clarification of"personally identifiable financial information," the definition inquestion during the rulemaking. She similarly disposed of theplaintiffs' First Amendment freedom of speech argument, holding thatthe speech in question was not of public concern because credit headerinformation "consists of information of interest solely to the speakerand the client audience." Therefore, under a lower level of scrutinythan that required by speech of public concern, the regulationsdirectly advanced a substantial governmental interest: "to protect theprivacy of consumers -- particularly the security and confidentialityof their nonpublic personal information."

Because GLB expressly exempts the dissemination of nonpublic personalinformation in order to prevent fraud or to comply with a civil,
criminal or administrative order or ruling, uses that are legitimately"of public concern" -- such as prevention of identity fraud andconformation with court orders -- are not subject to a notice andopt-out. In combination with a recent ruling against Trans Unionupholding an FTC restriction on the sale of target marketing lists,
these cases signal that federal privacy rules protect a substantialgovernmental interest and will likely withstand legal challenges fromthe information broker industry.

Individual References Services Group, Inc. v. Federal TradeCommission, et. al.:

http://www.epic.org/privacy/consumer/IRSGvFTC.pdf
Trans Union Corporation v. Federal Trade Commission:

http://www.epic.org/privacy/consumer/transunionvftc.txt


[4] "Cyber Security" FOIA Exemption Likely to Resurface


Two members of Congress have recently announced plans to introducelegislation that would exempt information concerning "cyber security"
and "critical infrastructure protection" from the disclosurerequirements of the Freedom of Information Act (FOIA). Rep. Tom Davis(R-VA) plans to reintroduce a bill to protect such information sharedby private companies with federal agencies. The new bill would likelybe modeled after the Cyber Security Information Act, which Davisco-sponsored last year with Rep. James Moran (D-VA). It would createa specific FOIA for information companies share with federalorganizations such as the Federal Computer Incident Response Center,
the coordinating center for civilian agencies on cyberattack alertsand analysis, and the National Infrastructure Protection Center at theFBI.

Sen. Robert Bennett (R-UT) has announced plans to introduce a similarbill in the Senate. Some private companies and trade associationshave been lobbying for an exemption to cover information provided tothe government that relates to weaknesses and vulnerabilities in theircomputer systems. Presidential Decision Directive (PDD) 63, signed byPresident Clinton in May 1998, identified as "critical infrastructure"
systems such as those that run the nation's electric power grid andtelecommunications networks. PDD-63 requires federal agencies tocoordinate efforts to secure those systems, most of which are underthe control of the private sector.

In Congressional testimony last year, EPIC General Counsel David Sobelsaid the Cyber Security Information Act was unneeded because existinglaw adequately protects security information submitted by the privatesector. He warned that "the proposed exemption would hide from thepublic essential information about critically important -- andpotentially controversial -- government activities undertaken inpartnership with the private sector."

EPIC's testimony on the Cyber Security Information Act is available at:

http://www.epic.org/security/cip/hr4246_testimony.html
Resources on Critical Infrastructure Protection are available at:

http://www.epic.org/security/cip/



[5] House Hearing Examines Public Perceptions of Privacy


On May 8, the House Subcommittee on Commerce, Trade, and ConsumerProtection convened a hearing on "Opinion Surveys: What Consumers HaveTo Say About Information Privacy." Hearing panelists includedrepresentatives from the Gallup Poll, the Pew Internet & American LifeProject, Privacy and American Business, the Harris Poll and opinionresearch firm Wirthlin Worldwide.

In his written testimony, Dr. Frank Newport of the Gallup Pollpresented a survey of Internet users in which about half of thosepolled said that the federal government should be doing more toprotect privacy online, a third approved of the current approach andonly thirteen percent thought the government should be doing less.
In addition, the Gallup poll found that about sixty-three percent ofInternet users are "very concerned" about government surveillance ofe-mail communications and that a nearly equal sixty percent weresimilarly concerned about online databases of personal information.

The testimony of Humphrey Taylor of the Harris Poll presented pollsstating that ninety-four percent of Internet users want companies toask for their permission before their data is used for any otherpurpose than what it was originally provided. Also, the Harris pollsfound that eighty-seven percent of Internet users want companies toexplain what information is collected from them and how it is to beused, eighty-two percent want to be able to see the informationcompanies have stored about them and eighty-two percent want to knowhow their data is secured in transmission and storage. Dr. AlanWestin of Privacy and American Business added in his testimony thatconsumers report that their views on privacy come from their ownexperiences, as well as those of their family and friends. He alsonoted that privacy now "scores as one of the top consumer andsocial-policy issues in the U.S."

In related privacy news, European Commissioner Bolkestein, in a May 11press conference, stated that the Gramm-Leach-Bliley Act (GLB) doesnot adequately compare to privacy protection guaranteed to EU citizensby the EU Data Protection Directive. Bush Administration officialsand representatives of the financial industry have been seeking anadequacy determination for the past year. Now that GLB has been foundinadequate, and given that the EU-U.S. Safe Harbor agreement does notaccomodate financial institutions, the only other route of compliancewith the EU Directive for the financial industry is the adoption ofmodel contractual clauses. The European Commission is currentlyproceeding with its model contract clauses despite earlier BushAdministration criticisms (see EPIC Alert 8.06). Internal MarketCommissioner John Mogg replied to those criticisms by noting that BushAdministration officials' letter did "not specify what difficultiesyou have with the text, but you refer to the objections raised bybusiness organisations" and added that other proposed model contractscan be presented to the European Commission for approval at a laterdate.

Written testimony and an archived audio recording of the May 8 Househearing on "Opinion Surveys: What Consumers Have To Say AboutInformation Privacy" are available at:

http://energycommerce.house.gov/107/hearings/05082001Hearing209/
hearing.htm
Information about the European Commission's draft decision on modelcontract clauses, including replies to letters sent by businessorganizations and the U.S. government is available at:

http://europa.eu.int/comm/internal_market/en/media/dataprot/news/
clausesdecision.htm


[6] EPIC Bill-Track: New Bills in Congress


*House*

H.R.1655 Personal Pictures Protection Act of 2001. To amend title 18,
United States Code, to punish the placing of sexual explicitphotographs on the Internet without the permission of the personsphotographed. Sponsor: Rep Green, Mark (R-WI). Latest Major Action:
5/1/2001 Referred to House committee: House Judiciary.

H.R.1800 Upper Mississippi River Basin Conservation Act of 2001. Toestablish the Upper Mississippi River Stewardship Initiative tomonitor and reduce sediment and nutrient loss in the Upper MississippiRiver. Sponsor: Rep Kind, Ron (D-WI). Latest Major Action: 5/10/2001Referred to House committee: House Agriculture; House Resources.

*Senate*

S.718 Amateur Sports Integrity Act. A bill to direct the NationalInstitute of Standards and Technology to establish a program tosupport research and training in methods of detecting the use ofperformance-enhancing drugs by athletes, and for other purposes. TheInternet gambling section of the bill requires institutions of highereducation to monitor Internet communications. Sponsor: Sen McCain,
John (R-AZ). Latest Major Action: 5/14/2001 Placed on SenateLegislative Calendar under General Orders.

S.803 E-Government Act of 2001. A bill to enhance the management andpromotion of electronic Government services and processes byestablishing a Federal Chief Information Officer within the Office ofManagement and Budget, and by establishing a broad framework ofmeasures that require using Internet-based information technology toenhance citizen access to Government information and services, and forother purposes. Sponsor: Sen Lieberman, Joseph I. (D-CT) - LatestMajor Action: 5/1/2001 Referred to Senate committee: SenateGovernmental Affairs.

S.840 Law Enforcement Discipline, Accountability, and Due Process Actof 2001. A bill to amend title I of the Omnibus Crime Control and SafeStreets Act of 1968 to provide standards and procedures to guide bothState and local law enforcement agencies and law enforcement officersduring internal investigations, interrogation of law enforcementofficers, and administrative disciplinary hearings, to ensureaccountability of law enforcement officers, to guarantee the dueprocess rights of law enforcement officers, and to require States toenact law enforcement discipline, accountability, and due processlaws. Sponsor: Sen Biden Jr., Joseph R. (D-DE). Latest Major Action:
5/8/2001 Referred to Senate committee: Senate Judiciary.

S.848 Social Security Number Misuse Prevention Act of 2001. A bill toamend title 18, United States Code, to limit the misuse of socialsecurity numbers, to establish criminal penalties for such misuse, andfor other purposes. Sponsor: Sen Feinstein, Dianne (D-CA). LatestMajor Action: 5/9/2001 Referred to Senate committee.

S.851 Citizens' Privacy Commission Act of 2001. A bill to establish acommission to conduct a study of government privacy practices, and forother purposes, Sponsor: Sen Thompson, Fred (R-TN). Latest MajorAction: 5/9/2001 Referred to Senate committee: Senate GovernmentalAffairs.


EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

http://www.epic.org/privacy/bill_track.html


[7] EPIC Bookstore - Filters & Freedom 2.0


Filters & Freedom 2.0: Free Speech Perspectives on Internet ContentControls, edited by the Electronic Privacy Information Center
http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/
search&searchtype=isbn&searchfor=1893044114
Originally proposed as a technological solution that would forestallofficial censorship, content filtering has been shown to pose its ownsignificant threats to free expression on the Internet. Oftencharacterized by their proponents as mere features or tools, filteringand rating systems can also be viewed as fundamental architecturalchanges that may, in fact, facilitate the suppression of speech farmore effectively than national laws alone ever could.

This newly revised edition addresses recent developments, includingnew content control legislation in the United States, efforts withinthe European Union to establish a uniform rating regime for onlinematerial, and the growing controversy over the use of filtering inpublic libraries. Partly as a result of the writings contained inthis collection, the headlong rush toward the development andacceptance of filtering and rating systems has slowed. These criticalviews must be considered carefully if we are to preserve freedom ofexpression in the online world.

For other books recommended by EPIC, browse the EPIC Bookshelf at:

http://www.powells.com/features/epic/epic.html


EPIC Publications:

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.



"Privacy & Human Rights 2000: An International Survey of Privacy Lawsand Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.



"The Privacy Law Sourcebook 2000: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.



"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.



Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can beordered through the EPIC Bookstore: http://www.epic.org/bookstore/



[8] Upcoming Conferences and Events


The Internet and State Security Forum (ISSF). Cambridge Review ofInternational Affairs. May 19, 2001. Cambridge, England. For moreinformation: http://www.cria.org.uk/

Presentation and Book Signing - Marjorie Heins, author of Not in Frontof the Children: Indecency, Censorship, and the Innocence of Youth.
Freedom Forum. May 22, 2001. Arlington, VA. For more information:
vwrightfreedomforum.org
Communication Research and Policy Workshop. Ford Foundation andComputer Professionals for Social Responsibility (CPSR). May 24, 2001.
Washington, DC. For more information: http://www.cpsr.org/ICA_workshop
It's the Public's Right. National Freedom of Information Coalition.
May 25-27, 2001. Newport Beach, CA. For more information:
http://www.reporters.net/nfoic/

Call for Papers - June 1, 2001. Summer 2001 Issue on Cybermedicine.
John Marshall Journal of Computer and Information Law. For moreinformation: 5simondostu.jmls.edu
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
http://www.tisc2001.com/

INET 2001: A Net Odyssey, Mobility and the Internet. The 11th AnnualInternet Society Conference. June 5-8, 2001. Stockholm, Sweden. Formore information: http://www.isoc.org/inet2001/

ETHICOMP 2001: Systems of the Information Society. Telecommunicationsand Informatics Technical University of Gdansk, Poland. June 18-20,
2001. Gdansk, Poland. For more information:
http://www.ccsr.cse.dmu.ac.uk/conferences/ccsrconf/ethicomp2001/

ACS/IEEE International Conference on Computer Systems and Applications2001: Taking Stock of Existing Technology, Charting Future Trends.
Lebanese American University. June 25-29, 2001. Beirut, Lebanon. Formore information:
http://www.lau.edu.lb/news-events/conferences/aiccsa2001.html
Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June27-29, 2001. Stockholm, Sweden. For more information:
http://www.idea.int/frontpage_forum2001.htm
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Studyof Technology in Organizations, Institute for Environment, Philosophyand Public Policy. December 14-16, 2001. For more information:
http://www.lancs.ac.uk/depts/philosophy/conferences/

Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community ResearchNetwork Conference. The Loka Institute. July 6-8, 2001. Austin, TX.
For more information: http://www.loka.org/

Call For Submissions - August 3, 2001. Workshop on Security andPrivacy in Digital Rights Management 2001. Eighth Association forComputing Machinery (ACM) Conference on Computer and CommunicationsSecurity. November 5, 2001. For more information:
http://www.star-lab.com/sander/spdrm/

ICSC 2001: International Conference on Social Computing. University ofBremen. October 1-3, 2001. Bremen, Germany. For more information:
http://icsc2001.informatik.uni-bremen.de/

Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For moreinformation: http://www.privacy2000.org/

Nurturing the Cybercommons, 1981-2001. Computer Professionals forSocial Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:
http://www.cpsr.org/conferences/annmtg01/

Learning for the Future. Business for Social Responsibility's NinthAnnual Conference. November 7-9, 2001. Seattle, WA. For moreinformation: http://www.bsr.org/events/2001.asp

Subscription Information


The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. A Web-based form is available forsubscribing or unsubscribing at:

http://www.epic.org/alert/subscribe.html
To subscribe or unsubscribe using email, send email toepic-newsepic.org with the subject: "subscribe" (no quotes) or"unsubscribe".

Back issues are available at:

http://www.epic.org/alert/


Privacy Policy


The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact infoepic.org if you haveany other questions.


About EPIC


The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail infoepic.org, http://www.epic.org or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online athttp://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 8.09


.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2001/9.html