WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 18

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.18 [2002] EPICAlert 18


Volume 9.18 October 7, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Testifies Before Congress on Anti-Privacy Bill
[2] European Conference Reaffirms Support for Data Directive
[3] Landmark Public Domain Case To Be Argued Before Supreme Court
[4] Student Profilers Settle Privacy Cases with FTC
[5] Intellectual Property, Digital Rights Management, Online Privacy
[6] First Monday 2002: Civil Liberties In A New America
[7] EPIC Bookstore - Books by Christine L. Borgman and Bruce Schneier
[8] Upcoming Conferences and Events

[1] EPIC Testifies Before Congress on Anti-Privacy Bill

On September 24, EPIC Executive Director Marc Rotenberg testifiedbefore the House Subcommittee on Commerce, Trade, and ConsumerProtection on the Consumer Privacy Protection Act, H.R. 4678. Thehearing was chaired by Rep. Cliff Stearns (R-FL), the original sponsorof the bill. In addition to Mr. Rotenberg, six industryrepresentatives testified about the bill.

The EPIC testimony noted that the bill favors industry over theconsumer and the invasion of privacy over the protection of privacy inalmost every key provision. It would require companies to adoptprivacy policies; however, no restrictions are placed on what thepolicies can say, and the policies could be substantively changed atany time. The bill also allows sale of personal data to third partiesas long as a benefit is offered to the customer, which could simply bethe services originally sought. Furthermore, the Act provides nosafeguards against disclosure of personally identifiable informationto law enforcement agencies.

The bill would also preempt all state and local information privacylaws. Recent privacy victories such as an "opt-in" standard forfinancial information sharing in North Dakota and San Mateo County,
California would thus be repealed. Local interest in privacyprotection has sprung up across the country, but further efforts wouldbe stymied by this bill.

Mr. Rotenberg noted that even the White House panel charged withprotecting the country from cyberterrorism had shown greater regardfor privacy protection. Meanwhile, the industry representativespraised the bill. When asked by a committee member about the costs ofcompliance with the bill, they responded that their policies werealready in compliance with the bill's requirements, and implementationcosts would be minimal.

EPIC's Testimony is available at:

Hearing Notice and Links to Witness Testimony:

H.R. 4678, Consumer Privacy Protection Act of 2002:

[2] European Conference Reaffirms Support for Data Directive

A landmark conference in Brussels with leading privacy experts,
industry leaders, and data protection officials, ended with supportfor the continued implementation of the European Union Data Directive,
but noted areas where implementation could be improved and newopportunities for privacy protection pursued.

Fritz Bolkestein, European Commissioner for Internal Markets, saidthat "the Commission will hesitate before embarking on any kind of newlegislative action, even those involving minor amendments. Ratherthan embarking on legislative change which, of course, can be slow toproduce results, we should first exploit all more pragmaticpossibilities at our disposal." Peter Hustinx, the Dutch DataProtection Commissioner, expressed the view of many when he said thatno one had suggested that the principles in the Directive are notvalid or that the Directive is unworkable.

The conference explored a wide range of issues related to theimplementation of the Data Directive, the growth of the Internet, theprocessing of sound and image files, and international issuesincluding data transfers, applicable law, and jurisdiction.

Among the speakers were Lene Espersen, Danish Minister of Justice;
Giacomo Santini, vice-chairman of the Committee on Citizens' Freedomsand Rights, Justice and Home Affairs of the European Parliament; andStefano Rodotà, President of the Working Party of Article 29 of theDirective (committee of Data Protection Commissioners in theCommunity).

EPIC Executive Director Marc Rotenberg chaired a session on theInternet and Privacy Enhancing Technologies, which included HelmutBäumler of the German Data Protection Authority, Lee Bygrave of theUniversity of Oslo, Stephanie Perrin of zeroknowledge, MauriceWessling of Bits of Freedom, and Jason Albert with Covington & Burlingin Brussels. The session explored opportunities and obstacles for thedevelopment of new techniques to safeguard privacy.

Simon Davies, Director General of Privacy International, summarizing areport on the rights and interests of data subjects, urged theCommission to continue to seek input from the public and to ensurethat the Directive continues to uphold its critical purpose ofsafeguarding human rights.

In conclusion, Mr. Bolkestein suggested that the Commission wouldconsider several proposals for future Community action, including:

* the simplification of notification requirements;

* reduction of divergences in Member States practices;

* a more determined effort to promote privacy enhancing technologies;

* more flexible arrangements for the transfer of personal data to third countries, together with a clearer and more uniform interpretation of the rules;

* promotion of self-regulatory approaches and in particular Codes of Conduct that can contribute to the free movement of personal data.

A report from the Commission is expected later this year.

European Commission, Data Protection:

Data Protection Conference and Report of the Implementation of theDirective 95/46/EC:

Privacy International:

EPIC, Privacy and Human Rights: An International Survey of PrivacyLaws and Developments:

[3] Landmark Public Domain Case To Be Argued Before Supreme Court

On Wednesday, October 9, the U.S. Supreme Court will hear the case ofEldred v. Ashcroft, the challenge to the controversial 1998 Sonny BonoCopyright Term Extension Act (CTEA). The CTEA lengthened copyrightterms by 20 years, stretching them to 70 years after an artist'sdeath. This effectively prevents hundreds of thousands of works(notably, and not coincidentally, Mickey Mouse) from falling into thepublic domain for an additional 20 years. Eldred is the firstchallenge to copyright extensions to reach the Supreme Court.

Although the outcome of this case has significant consequences for thefuture of the CTEA, the public domain, and copyright in general, theSupreme Court on Wednesday will be considering the more narrowquestion of whether Congress has the right to extend copyright law ifthe change does not promote the "progress of science and useful arts"
as stated in Article 1, Section 8 of the Constitution. ProfessorLawrence Lessig, who will argue for Eldred before the Court, arguesthat Congress should extend copyright protection only if the change isaimed at promoting new creative works. The CTEA, rather thanpromoting the progress of arts and sciences, prevents works fromfalling into the public domain (where they can be used to create newand significant works: Shakespeare and Disney, for example, borrowedliberally from prior works in creating their masterpieces) despite thefact that no incentive will urge the works' creators, long dead, toproduce new works. The government counters that the 1998 Act promotesthe arts by protecting their economic value, thereby fostering greaterincentives to create.

The copyright term limit in 1790, as passed by the First Congress, was14 years, plus another 14 if the creator was still alive. Under thisstandard, Mickey Mouse, first introduced in 1928, would have enteredthe public domain in 1956. Under the CTEA, Mickey Mouse will notenter the public domain until 2023. (Prior to the passage of theCTEA, Mickey would have entered the public domain in 2003).

On the eve of the Court hearing, "The Bookmobile" is scheduled toreach Washington, DC on Tuesday night. It is a "mobile digitallibrary capable of downloading public domain books from the Internetvia satellite and printing them anytime, anywhere, for anyone." TheBookmobile, which is intended to illustrate the value of books and theimportance of the public domain, left San Francisco on September 30,
and has stopped at schools and libraries across the nation.

Information on The Bookmobile is available at:

Legal materials on Eldred v. Ashcroft are available at:

[4] Student Profilers Settle Privacy Cases with FTC

The Federal Trade Commission (FTC) has settled cases against AmericanStudent List (ASL) and the National Research Center for College andUniversity Admissions (NRCCUA) for collecting personal informationfrom students through deceptive practices. The FTC complaint allegedthat the companies operated a scheme to cull marketing data throughsurveys administered under the pretense of college admissions andscholarship opportunities.

NRCCUA sent letters to schools asking teachers to dedicate classroomtime to administering detailed surveys for college admissions andfinancial aid purposes. These "Post-Secondary Planning" surveyselicited detailed personal information from students, including theirreligious affiliations, personal interests, and social attitudes. Thesurveys did have a privacy notice, but the language implied that theinformation was for educational purposes only. NRCCUA marketed theinformation collected to higher education institutions, but alsoshared the information with ASL, which used the data for directmarketing. ASL is a list brokerage company that sells personalinformation in "Teenage Lifestyle Interests," "Ethnic Families," and"Preschool" databases.

The settlement requires the companies to improve their privacy noticesby disclosing future marketing use of the survey data incommunications with students and teachers. Also, the companies cannotuse data collected prior to the settlement for "non-educationalmarketing purposes." However, this still allows use of student datafor student "recognition" programs, book clubs, magazinesubscriptions, and other "educational" products.

The FTC's action follows a prosecution brought by the New YorkAttorney General against Student Marketing Group (SMG), a similarstudent-profiling company (see EPIC Alert 9.16).

FTC Settlement with Student Profilers:

EPIC's Student Privacy Page:

[5] Intellectual Property, Digital Rights Management, Online Privacy

Several recent bills and proposals to increase intellectual propertyprotection rights could significantly impact online privacy.

In July, Rep. Howard Berman (D-CA) introduced H.R. 5211, thePeer-to-Peer Piracy Prevention Act, a bill which would "limit theliability of copyright owners for protecting their works onpeer-to-peer networks." Under the bill, copyright owners would beexempt from all State and Federal statutory and common law liabilityfor engaging in self-help, including "disabling, interfering with,
blocking, diverting, or otherwise impairing the unauthorizeddistribution, display, performance, or reproduction . . . on apublicly accessible peer-to-peer file trading network." Whileproponents of the bill claim it would only permit the use of innocuoustechnologies, the language of the bill fails to limit the copyrightowner's self-help activities other than in terms of direct monetaryloss of "$50 per impairment." For copyright owners to effectivelyreduce P2P piracy, they are likely to employ more invasive measures inan escalating "arms race" with peer-to-peer software. As it becomesharder to discover what is being exchanged across P2P networks, and asthe distinction blurs between the peer-to-peer file trading networksand other general Internet communications such as e-mail and Webbrowsing, copyright owners may scrutinize the content ofcommunications in order to identify potentially infringingtransactions. Furthermore, it may become increasingly difficult toeven identify which system within a local network is running a file-
sharing application, requiring more sophisticated surveillance on thepart of the copyright owner. This sort of activity is a necessarypredicate to taking the self-help measures proposed in H.R. 5211, andcould open the door to significant invasions of user privacy.

Meanwhile, Rep. Billy Tauzin (R-LA) has circulated a draft bill thatwould mandate the adoption of a "broadcast flag" in devices receivingdigital television broadcast; the FCC has also initiated a request forcomments on a similar rule. In theory, the flag allows copyrightowners to signal that redistribution or duplication of certain contentbroadcast over the public airwaves is prohibited. The implications ofthe mandate, however, could be far-reaching as copyright owners seekto gain complete control over their content. For example, the flag'spresence might trigger certain devices to report back to the copyrightowner that unauthorized duplication is taking place. Furthermore, theflag could be used to prohibit traditional "fair use" of copyrightedworks. Since details on the actual implementation of the broadcastflag remain unresolved, EPIC plans to monitor these developmentsclosely.

Finally, Rep. Zoe Lofgren (D-CA) and Rep. Rick Boucher (D-VA) eachintroduced legislation in the past week to protect consumer's rightsand limit some of the more invasive provisions of the DigitalMillenium Copyright Act. Although action on the bills is unlikely inthe remaining days of this Congressional session, these bills will setthe stage in the next Congress for a debate over the balance betweenthe rights of copyright owners and consumers.

H.R. 5211, Peer-to-Peer Piracy Prevention Act of 2002:

Tauzin Draft of Broadcast Flag Mandate:

H.R. 5522, Digital Choice and Freedom Act of 2002:

H.R. 5544, Digital Media Consumers' Rights Act of 2002:

[6] First Monday 2002: Civil Liberties In A New America

Today, October 7, marks First Monday 2002. First Monday is anorganizing effort by the Alliance for Justice to bring attention to acritical public policy issue each year and to reach out to youngpeople, mobilizing them to become activists for change. Founded in1994, First Monday began as an annual event coinciding with theopening of the Supreme Court's session on the first Monday in October.
It was originally designed to support law students who wereconsidering careers in public interest law. Over time, First Mondayhas grown to become a rallying point for the entire public interestcommunity, including progressive students in social work, medicine,
public health, nursing and undergraduate colleges.

The purpose of this year's First Monday theme, "Civil Liberties in aNew America," is to raise awareness about the importance of civilliberties after September 11th. This is accomplished through theorganization of numerous grassroots events involving students andcommunity members across the nation.

At the heart of First Monday is a documentary film that serves as thecornerstone for every First Monday event, whether they arecampus-based educational events, city-wide screenings, communityforums, or ongoing organizing by activists and advocates. The filmscoincide with each year's focus and have explored such topics ashunger and homelessness, the death penalty, and the gun violenceepidemic.

It's not too late to bring First Monday: Civil Liberties in a NewAmerica to your community or campus. Contact First Monday today ifyou want to host a screening of their film "Of Rights and Wrongs: TheThreat to America's Freedoms," featuring Susan Sarandon and the musicof Bruce Springsteen. First Monday activists are also taking actionby signing "Subpoenas for Information" addressed to Attorney GeneralJohn Ashcroft, pressuring him to lift the veil of secrecy at theJustice Department and answer important questions concerning civilliberties. You can add your voice to the growing chorus seekinginformation from Attorney General Ashcroft by signing on to thesubpoena.

This year, there are over 200 events being planned on campuses and incommunities from Maine to California. Get involved in this nationalmobilization to protect America's freedoms!

Sign the subpoena on the First Monday Web site at:

To find the First Monday event nearest you, go to:

[7] EPIC Bookstore - Books by Christine L. Borgman and Bruce Schneier

From Gutenberg to the Global Information Infrastructure: Access toInformation in the Networked World, by Christine L. Borgman
Will the emerging global information infrastructure (GII) create arevolution in communication equivalent to that wrought by Gutenberg,
or will the result be simply the evolutionary adaptation of existingbehavior and institutions to new media? Will the GII improve accessto information for all? Will it replace libraries and publishers?
How can computers and information systems be made easier to use?
What are the trade-offs between tailoring information systems to usercommunities and standardizing them to interconnect with systemsdesigned for other communities, cultures, and languages?

This book takes a close look at these and other questions oftechnology, behavior, and policy surrounding the GII. Topics coveredinclude the design and use of digital libraries; behavioral andinstitutional aspects of electronic publishing; the evolving role oflibraries; the life cycle of creating, using, and seeking information;
and the adoption and adaptation of information technologies. The booktakes a human-centered perspective, focusing on how well the GII fitsinto the daily lives of the people it is supposed to benefit.

Taking a unique holistic approach to information access, the bookdraws on research and practice in computer science, communications,
library and information science, information policy, business,
economics, law, political science, sociology, history, education, andarchival and museum studies. It explores both domestic andinternational issues. The author's own empirical research iscomplemented by extensive literature reviews and analyses.

Secrets and Lies: Digital Security in a Networked World, by BruceSchneier
Internationally recognized information security expert Bruce Schneierprovides a practical, straightforward guide to understanding andachieving security throughout computer networks. Schneier uses hisextensive field experience with his own clients to dispel the mythsthat can mislead you while trying to build secure systems. He alsoclearly covers everything you'll need to know to protect yourcompany's digital information. And he shows you how to assess yourbusiness and corporate security needs so that you can choose the rightproducts and implement the right processes.

Both of the above books are available through the EPIC Bookstore at:

EPIC Publications:

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location tracking, IDsystems and freedom of information laws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Bridging the Digital Divide: Challenge and Opportunities. 3rd WorldSummit on Internet and Multimedia. October 8-11, 2002. Montreux,
Switzerland. For more information:

Symposium: The Rule of Law in the Information Age: Reconciling PrivateRights and Public Interest. The Catholic University of America Schoolof Law, Interdisciplinary Program in Law and Religion and theInstitute for Communications Law Studies. October 9-10, 2002.
Washington, DC. For more information:

2002 WSEAS International Conference on Information Security (ICIS'02). World Scientific and Engineering Academy and Society. October14-17, 2002. Rio de Janeiro, Brazil. For more information:

Privacy & Data Security Academy & Expo. International Association ofPrivacy Officers (IAPO). October 16-18, 2002. Chicago, IL. For moreinformation:

Privacy Law and Policy: Meeting the Challenges of Technology,
Terrorism, and Accountability. Council on Law in Higher Education(CLHE). October 20-22, 2002. Washington, DC. For more information:

Privacy Trends: Complying With New Demands. Riley Information ServicesInc. and the Commonwealth Centre for Electronic Governance. October22, 2002. Ottawa, Canada. For more information:

Symposium on Privacy and Security (SPS). Stiftung für Datenschutz undInformationssicherheit (SDI), Basel/Switzerland. October 30-31, 2002.
Zurich, Switzerland. For more information:

3rd Annual Privacy and Security Workshop: Privacy & Security: TotallyCommitted. Centre for Applied Cryptographic Research, University ofWaterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For moreinformation:

First Hawaii Biometrics Conference. Windward Community College,
Pacific Center for Advanced Technology Training (PCATT). November10-13, 2002. Waikiki, HI. For more information:

Transformations in Politics, Culture and Society. Inter-
Disciplinary.Net. December 6-8, 2002. Brussels, Belgium. For moreinformation:

18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied ComputerSecurity Associates. December 9-13, 2002. Las Vegas, NV. For moreinformation:

Third Annual Privacy Summit. International Association of PrivacyOfficers. February 26-28, 2003. Washington, DC. For more information:

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe" (no quotes)

Help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.18


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback