WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 13

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.13 [2002] EPICAlert 13


Volume 9.13 July 11, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Urges Accountability for Homeland Security Department
[2] Supreme Court Limits FERPA, Expands Student Drug Testing
[3] EU Confirms Probe of Microsoft Passport
[4] Privacy Groups Demand Protection of Users' Anonymity Online
[5] DC Police Use Surveillance Cameras on the Fourth of July
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Organization Man
[8] Upcoming Conferences and Events

[1] EPIC Urges Accountability for Homeland Security Department

In testimony before the House Energy and Commerce Committee on July 9,
EPIC General Counsel David Sobel urged rejection of a proposal toexempt from the Freedom of Information Act (FOIA) large amounts ofmaterial relating to "infrastructure protection" and counter-terrorismmeasures. Testifying on the Bush Administration's legislation tocreate a new Department of Homeland Security, Sobel said an FOIAexemption would "cast a shroud of secrecy over one of the Department'scritical functions, removing any semblance of meaningful publicaccountability." The secrecy provision is the latest in a series ofproposals designed to encourage private sector operators of "criticalinfrastructures" to voluntarily share with the government informationconcerning security flaws and other vulnerabilities in their systems.

A broad coalition of civil liberties, environmental and consumerorganizations has expressed serious concerns about such proposals,
which would render the public unable to hold the new Departmentaccountable should it fail to make effective use of information itobtains. As Sobel told the committee, "What did DHS know and when didit know it?" is a question that will go unanswered if the secrecyprovision becomes law.

Sobel also noted that a new FOIA exemption designed to protectvoluntarily-submitted private sector information is not needed. FOIAcaselaw makes it clear that existing exemptions contained in the Actprovide adequate protection against harmful disclosures of "criticalinfrastructure information." Most significantly, Exemption 4, whichprotects against disclosures of trade secrets and confidentialinformation, extends to virtually all of the "critical infrastructure"
material that properly could be withheld from disclosure. Exemptionproponents have not cited a single instance in which a federal agencyhas disclosed voluntarily submitted data against the express wishes ofan industry submitter.

In his testimony, Sobel noted the irony of Congress discussing thedesire of private companies to keep secret potentially embarrassinginformation at a time when the disclosure practices of many in thebusiness world are being scrutinized. He told the committee that "ifa company is willing to fudge its financial numbers to maintain itsstock price, it would be similarly inclined to hide behind a 'criticalinfrastructure' FOIA exemption in order to conceal gross negligence inits maintenance and operation of a chemical plant or a transportationsystem."

The secrecy provision is becoming a key point of contention asCongress quickly moves to finalize Homeland Security legislation.
House action on the bill is scheduled to be completed tomorrow, July12.

EPIC's testimony on the Homeland Security bill is available at:

Background information is available at EPIC's Critical InfrastructureProtection page:

[2] Supreme Court Limits FERPA, Expands Student Drug Testing

The Supreme Court concluded its 2001 term with two decisions that willdiminish student privacy. In Gonzaga University v. Doe, a Universityofficial informed a state teacher licensing board that a graduate wasaccused of sexual misconduct. The graduate sued under the FamilyEducation Rights and Privacy Act of 1974 (FERPA), a law thatconditions federal funding on the protection of students' educationalrecords. The Court held that FERPA does not create an individualright to sue. Instead, enforcement of the privacy protections restswith the Secretary of Education where a educational institution has a"policy or practice" of disclosing student records inappropriately. Ina dissenting opinion, Justices Stevens and Ginsburg argued that FERPAdoes create individual rights, and that every federal circuit courthad recognized an individual right to bring suit under the statute.

In Board of Ed. v. Earls, the Supreme Court expanded the ability ofschool administrators to engage in suspicionless drug testing ofstudents. In the case, a student was required to submit a urinesample in order to participate in non-athletic extracurricularactivities such as choir and an academic club. The Court reasonedthat drug tests were justified under the "special needs" exception tothe Fourth Amendment because the students had a reduced expectation ofprivacy and because the government has a interest in preventing druguse. In a strong dissent, four justices called the testing plan"perverse," as it targeted students who were least likely to engage inillegal drug use.

Gonzaga Univ. v. Doe, No. 01-679, 536 U.S. ___ (2002).

Board of Ed. of Independent School Dist. No. 92 of Pottawatomie Cty. v.
Earls, No. 01-332, 536 U.S. ___ (2002):

[3] EU Confirms Probe of Microsoft Passport

European Union (EU) officials have issued their first officialconfirmation of an investigation into the Microsoft Passportidentification and authentication service. The Article 29 WorkingParty has issued a statement outlining legal issues raised by thePassport system.

The Working Party will inquire into whether Microsoft is givingindividuals adequate notice of information processing and transferringof data; whether adequate consent from the individual is beingobtained; whether Passport affiliates have adequate privacy protectionrules; whether Passport's use of a unique identifier is necessary; thequality of data collected by the system; the rights of individuals toaccess or delete their Passport profile; and the security risks in thePassport system.

The stakes are rising because Microsoft recently announced plans toimplement a Digital Rights Management Operating System called"Palladium." The Palladium system would limit the use of contentthrough software and hardware controls. These controls could also beused to identify individuals and eliminate anonymous communication.
Additionally, in order to legitimize the Passport system, Microsofthas begun a partnership to develop Passport as an authentication toolfor credit card transactions.

A competing identification system, called Project Liberty, is alsodeveloping. This week, the project's sponsors will release thespecifications for their federated identification scheme. ProjectLiberty presents the same risks as Microsoft's Passport. It willlikely be used to profile individuals' web surfing habits, as thegroup's stated goals include the ability to "[e]nable commercial andnon-commercial organizations to realize new revenue and cost savingopportunities that economically leverage their relationships withcustomers, business partners, and employees."

"First orientations of the Article 29 Working Party concerning on-lineauthentication services," EU Article 29 Working Party, July 2, 2002(PDF document):

EPIC's Passport Investigation Docket Page:

EPIC's Sign Out of Passport Page:

[4] Privacy Groups Demand Protection of Users' Anonymity Online

In a letter sent to over 100 Internet Service Providers (ISPs),
Internet discussion boards, and other online companies, EPIC, in acoalition of civil liberties and privacy groups, urged the adoption ofpolicies protecting the rights of users to engage in anonymous speechover the Internet. The letter asked each company to include in itsprivacy policy a promise that it would notify any customer whosepersonal information or identity is subpoenaed.

The Supreme Court has repeatedly found that anonymous speech is aright protected by the First Amendment. That right has come underattack in recent years through a growing number of "cyberSLAPP"
(Strategic Lawsuits Against Public Participation) lawsuits, in whichcompanies file suit just to discover the identity of their onlinecritics -- often in order to silence or intimidate them. In acyberSLAPP suit, the target of anonymous online criticism typicallyfiles a lawsuit against an anonymous "John Doe" defendant and thenissues an identity-seeking subpoena to an ISP. CyberSLAPP cases areconsidered unfair because the 'punishment' that often matters most toaverage citizens (i.e. the loss of anonymity) comes not afterconsideration and judgment by a court or jury, but as a result of themere filing of a lawsuit. Although some online service providersalready notify their customers when they receive subpoenas foridentifying information, there is currently no legal requirement thatISPs notify their customers before complying with such subpoenas, eventhough many of the lawsuits are frivolous and have no chance ofprevailing in court.

The anti-SLAPP coalition also announced the unveiling of a new Website that includes a broad range of information about the cyberSLAPPissue, from a "Frequently Asked Questions" list for the general publicto legal briefs and other detailed information about ongoing legalbattles.

The new cyberSLAPP Web site is available at:

EPIC's Free Speech Page:

[5] DC Police Use Surveillance Cameras on the Fourth of July

The United States Park Police and District of Columbia Police operatedvideo surveillance cameras during the Fourth of July festivities onthe National Mall. The Park Police said they installed temporarycameras and would draft guidelines for their permanent use.

Discussion of the cameras' installation came as a surprise to thecongressional committee overseeing the District of Columbia, promptingmembers of the committee to call for guidelines that would treat theuse of video surveillance like any other form of electronicsurveillance. EPIC sought details of the Park Police plans in Marchunder open government law, but was informed that no records existed.
EPIC is currently seeking under the Freedom of Information Act anyrecords of surveillance conducted by the Park Police during the July4th celebration.

ACTION: DC Council Considers Cameras - Your Views Still Needed
The District of Columbia has extended the deadline for acceptingpublic comments on the video surveillance regulations until July 27,
2002. You should act now to express your views on this matter.

Send your comments via our link below, or send them directly to:
Ms. Phyllis Jones, Secretary to the Council, Suite 5, John A. WilsonBuilding, 1350 Pennsylvania Avenue, N.W., Washington, DC 20004.

DC Surveillance Comment page:

EPIC's Video Surveillance page:

Observing Surveillance:

[6] EPIC Bill-Track: New Bills in Congress


H.R.4757 Our Lady of Peace Act. To improve the national instantcriminal background check system, and for other purposes. Sponsor: RepMcCarthy, Carolyn (D-NY). Latest Major Action: 5/16/2002 Referred toHouse committee. Latest Status: Referred to the House Committee on theJudiciary. Committees: House Judiciary.

H.R.4779 To authorize appropriations for fiscal years 2002 through2004 for the United States Customs Service for antiterrorism, druginterdiction, and other operations, for the Office of the UnitedStates Trade Representative, for the United States International TradeCommission, and for other purposes. Sponsor: Rep Crane, Philip M.
(R-IL). Latest Major Action: 5/21/2002 Referred to House committee.
Latest Status: Referred to the House Committee on Ways and Means.
Committees: House Ways and Means.

H.R.4860 United States Commission on an Open Society with SecurityAct. To establish the United States Commission on an Open Society withSecurity. Sponsor: Rep Norton, Eleanor Holmes (D-DC). Latest MajorAction: 6/5/2002 Referred to House subcommittee. Latest Status:
Referred to the Subcommittee on Economic Development, Public Buildingsand Emergency Management. Committees: House Transportation andInfrastructure.

H.R.5005 Homeland Security Act of 2002. To establish the Department ofHomeland Security, and for other purposes. Sponsor: Rep Armey, RichardK. (R-TX). Latest Major Action: 6/27/2002 House committee/subcommitteeactions. Latest Status: Committee Hearings Held. Committees: HouseSelect Committee on Homeland Security; House Agriculture; HouseAppropriations; House Armed Services; House Energy and Commerce; HouseFinancial Services; House Government Reform; House Select Committee onIntelligence; House International Relations; House Judiciary; HouseScience; House Transportation and Infrastructure; House Ways andMeans.

H.R.5057 To prevent and punish counterfeiting and copyright piracy,
and for other purposes. Sponsor: Rep Smith, Lamar (R-TX). Latest MajorAction: 6/27/2002 Referred to House committee. Latest Status: Referredto the House Committee on the Judiciary. Committees: House Judiciary.

H.R.5061 To amend part D of title IV of the Social Security Act toimprove the collection of child support arrears in interstate cases.
Sponsor: Rep Woolsey, Lynn C. (D-CA). Latest Major Action: 6/27/2002Referred to House committee. Latest Status: Referred to the HouseCommittee on Ways and Means. Committees: House Ways and Means.


S.2476 International Cooperation Against Terrorism Act of 2002. A billto improve antiterrorism efforts, and for other purposes. Sponsor: SenSchumer, Charles E. (D-NY). Latest Major Action: 5/8/2002 Referred toSenate committee. Latest Status: Read twice and referred to theCommittee on Foreign Relations. Committees: Senate Foreign Relations.

S.2534 Reducing Crime and Terrorism at America's Seaports Act of 2002.
A bill to reduce crime and prevent terrorism at America's seaports.
Sponsor: Sen Biden Jr., Joseph R. (D-DE). Latest Major Action:
5/21/2002 Referred to Senate committee. Latest Status: Read twice andreferred to the Committee on Finance. Committees: Senate Finance.

S.2537 Dot Kids Implementation and Efficiency Act of 2002. A bill tofacilitate the creation of a new, second-level Internet domain withinthe United States country code domain that will be a haven formaterial that promotes positive experiences for children and familiesusing the Internet, provides a safe online environment for children,
and helps to prevent children from being exposed to harmful materialon the Internet, and for other purposes. Sponsor: Sen Dorgan, Byron L.
(D-ND). Latest Major Action: 5/21/2002 Referred to Senate committee.
Latest Status: Referred to the Committee on Commerce, Science, andTransportation. Committees: Senate Commerce, Science, andTransportation.

S.2541 Identity Theft Penalty Enhancement Act of 2002. A bill to amendtitle 18, United States Code, to establish penalties for aggravatedidentity theft, and for other purposes. Sponsor: Sen Feinstein, Dianne(D
CA). Latest Major Action: 5/22/2002 Referred to Senate committee.
Latest Status: Read twice and referred to the Committee on theJudiciary. Committees: Senate Judiciary.

S.2629 Federal Privacy and Data Protection Policy Act of 2002. A billto provide for an agency assessment, independent review, and InspectorGeneral report on privacy and data protection policies of Federalagencies, and for other purposes. Sponsor: Sen Torricelli, Robert G.
(D-NJ). Latest Major Action: 6/17/2002 Referred to Senate committee.
Latest Status: Read twice and referred to the Committee onGovernmental Affairs. Committees: Senate Governmental Affairs.

S.2659 To amend the Foreign Intelligence Surveillance Act of 1978 tomodify the standard of proof for issuance of orders regardingnon-United States persons from probable cause to reasonable.... A billto amend the Foreign Intelligence Surveillance Act of 1978 to modifythe standard of proof for issuance of orders regarding non-UnitedStates persons from probable cause to reasonable suspicion. Sponsor:
Sen DeWine, Michael (R-OH). Latest Major Action: 6/20/2002 Referred toSenate committee. Latest Status: Read twice and referred to theCommittee on Intelligence. Committees: Senate Intelligence.

S.2661 Video Voyeurism Act of 2002. A bill to amend title 18, UnitedStates Code, to prohibit video voyeurism in the special maritime andterritorial jurisdiction of the United States. Sponsor: Sen DeWine,
Michael (D-OH). Latest Major Action: 6/20/2002 Referred to Senatecommittee. Latest Status: Read twice and referred to the Committee onthe Judiciary. Committees: Senate Judiciary.

S.2686 A bill to strengthen national security by providingwhistleblower protections to certain employees at airports, and forother purposes. Sponsor: Sen Grassley, Charles E. (R-IA). Latest MajorAction: 6/26/2002 Referred to Senate committee. Latest Status: Readtwice and referred to the Committee on Commerce, Science, andTransportation. Committees: Senate Commerce, Science, andTransportation.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - The Organization Man

The Organization Man, by William H. Whyte Jr. (1st Ed. 1956)

The youth have abandoned Protestant values of individualism andcompetitive struggle for a collectivist system that emphasizessurvival of the group and blunts creative spirit and ambition. Soargued William H. Whyte Jr. in "The Organization Man," a bookdetailing the decline of American values for a culture of conformity.
At its first printing in 1956, the book had a profound effect. Lastmonth, the University of Pennsylvania Press republished the text withan afterword by Whyte's wife.

Whyte writes with disdain for the organization, be it the corporation,
the labor union, university, or law firm -- any entity that dictatesthat creativity only flows from "group think," that "belongingness" isthe desire of every individual, and that science can be applied toindividuals in order to create organization men. The brotherhood ofthe organization is in reality a prison, a slave morality that employsmindless social science to control deviance and to create a bland,
predictable life. Organization grade schools turn introverts intoextroverts. Organization churches ignore basic religious tradition inorder to appeal to a larger audience. Organization colleges emphasizepractical training over academic coursework, and use the fraternity toidentify and eliminate "aberrant tendencies." And, organizationbusinesses use tools such as the "Harwald Group-Thinkometer," toeliminate the troublesome "personality factor."

For the organization to operate, individuals must believe that they donot have control over their own lives. They must believe that burninga bridge, or engaging in some form of social deviance, will result inharm to their future. This is creating a generation of people whofear authority and have abandoned their duties as moral agents insociety.

Whyte argues that the individual needs to fight the organization. Theindividual, using education and spirit, must recognize that there areconflicts between the individual and society. One way to fight, Whytesuggests, is to cheat on personality tests. Whyte's advice is toappear complacent, conservative, and submissive to group or socialinterests: "you should try to answer as if you were like everybodyelse."

Whyte died in 1999. However, his ideas from 50 years ago have clearlyinfluenced modern rejections of work- and consumption-orientedsociety, such as Chuck Palahniuk's "Fight Club" (1996), Mike Judge's"Office Space" (1999), and the work of Kalle Lasn and AdbustersMagazine.

- Chris Hoofnagle

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

IViR International Copyright Law Summer Course. Royal NetherlandsAcademy of Arts and Sciences. July 8-12, 2002. Amsterdam, Netherlands.
For more information:

O'Reilly Open Source Convention. O'Reilly and Associates. July 22-26,
2002. San Diego, CA. For more information:

Cyberwar, Netwar and the Revolution in Military Affairs: Real Threatsand Virtual Myths. International School on Disarmament and Research onConflicts (ISODARCO). August 3-13, 2002. Trento, Italy. For moreinformation:

IT and Law. University of Geneva, University of Bern, SwissAssociation of IT and Law. September 9-10, 2002. Geneva, Switzerland.
For more information:

ILPF Conference 2002: Security v. Privacy. Internet Law & PolicyForum. September 17-19, 2002. Seattle, WA. For more information:

Privacy2002: Information, Security & New Global Realities. TechnologyPolicy Group. September 24-26, 2002. Cleveland, OH. For moreinformation:

Bridging the Digital Divide: Challenge and Opportunities. 3rd WorldSummit on Internet and Multimedia. October 8-11, 2002. Montreux,
Switzerland. For more information:

2002 WSEAS International Conference on Information Security (ICIS'02). World Scientific and Engineering Academy and Society. October14-17, 2002. Rio de Janeiro, Brazil. For more information:

IAPO Privacy & Security Conference. International Association ofPrivacy Officers. October 16-18, 2002. Chicago, IL. For moreinformation:

3rd Annual Privacy and Security Workshop: Privacy & Security: TotallyCommitted. Centre for Applied Cryptographic Research, University ofWaterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For moreinformation:

18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied ComputerSecurity Associates. December 9-13, 2002. Las Vegas, NV. For moreinformation:

Third Annual Privacy Summit. International Association of PrivacyOfficers. February 26-28, 2003. Washington, DC. For more information:

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe" (no quotes)

Help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.13


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback