WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 20

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.20 [2002] EPICAlert 20


Volume 9.20 October 24, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information
[2] EPIC Files Comments at FCC to Protect Telephone Privacy
[3] Public Protest Over Data Retention Increases in Europe
[4] DC City Council Discusses Regulation of Surveillance Cameras
[5] National Academies Report on "Sensitive but Unclassified"

[6] California Leads States in Privacy Protection
[7] EPIC Bookstore - CTRL [SPACE]

[8] Upcoming Conferences and Events

[1] EPIC FOIA Lawsuit Seeks USA PATRIOT Act Information

The Electronic Privacy Information Center today filed a Freedom ofInformation Act (FOIA) lawsuit asking a federal court to order theDepartment of Justice to account for its use of the extraordinary newsurveillance powers granted to it by Congress last year. The recordsrequested concern the government's implementation of the USA PATRIOTAct, legislation that was passed in the wake of the September 11terrorist attacks. By amending laws such as the Foreign IntelligenceSurveillance Act (FISA), the USA PATRIOT Act vastly expanded thegovernment's authority to obtain personal information about thoseliving in the United States, including United States citizens.

EPIC and the American Civil Liberties Union filed the lawsuit asattorneys for their organizations and for the American BooksellersFoundation for Free Expression and the Freedom to Read Foundation,
citing concerns that the new surveillance laws threaten the FirstAmendment-protected activities of librarians, library patrons,
booksellers and their customers, and investigative journalists. TheFOIA request, which was submitted to DOJ and the FBI on August 21,
seeks general information about the use of new surveillance powers,
including the number of times the government has:

Directed a library, bookstore or newspaper to produce "tangible things," e.g, the titles of books an individual has purchased or borrowed or the identity of individuals who have purchased or borrowed certain books;

Initiated surveillance of Americans under the expanded Foreign Intelligence Surveillance Act;

Conducted "sneak and peek" searches, which allow law enforcement to enter people's homes and search their belongings without informing them until long after;

Authorized the use of devices to trace the telephone calls or e-mails of people who are not suspected of any crime;

Investigated American citizens or permanent legal residents on the basis of activities protected by the First Amendment (e.g.,
writing a letter to the editor or attending a rally).

Some of the information was previously sought by the House JudiciaryCommittee, and last week Rep. James Sensenbrenner (R-WI), the Chairmanof the Committee, reported that he had received some of theinformation in classified form.

The EPIC/ACLU court complaint is available at:

Information on the USA PATRIOT Act is available at:

[2] EPIC Files Comments at FCC to Protect Telephone Privacy

On October 21, EPIC filed comments with the Federal CommunicationsCommission (FCC) urging it to protect the privacy of telephonecustomers when a telecommunications company goes out of business orwants to sell customer information as a business asset.

The comments relate to the use by telecommunications carriers of"customer proprietary network information" (CPNI), which includes thename, telephone number, call information and services subscribed to bya telephone customer. In 1998, the FCC formulated its initial ruleregarding CPNI, which required telecommunications carriers to obtainexplicit customer approval (opt-in) before using customer informationin any manner inconsistent with provision of services (for example,
building detailed profiles based on personal information obtainedthrough private telephone calls).

Following a court challenge to the FCC's 1998 CPNI rule, the FCCadopted a new rule in July 2002, which allowed telephone companies andtheir affiliates to use customer information with only opt-outapproval from the customer. Opt-out allows the company to use CPNIuntil a customer specifically informs the company otherwise. However,
the July 2002 rule requires opt-in customer approval when a companythat has no business relationship with a customer tries to use ordisclose CPNI. In the July 2002 ruling, the FCC sought public commenton whether a company that is going out of business should be allowedto sell CPNI as a business asset. In addition, the FCC asked whethera company who is going out of business or merges with another companyshould be able to share customer information with the company who isgoing to take over the business.

EPIC's position is that the sale of CPNI as a business asset createsserious privacy concerns for consumers and should not be allowed. Inthe case of a sale, EPIC urged the FCC to require that any companyseeking to sell its CPNI provide opt-in notification to customers,
prohibiting any sale of personal information without a customer'sconsent. In addition, EPIC urged the FCC to require companies to usean opt-in approach before sharing CPNI when going out of business ormerging with another telecommunications company. EPIC reasoned thatan opt-in approach is necessary to protect customers' privacy becausecustomers often have no previous business relationship with the newtelephone company, and do not always have an alternative phone companyto choose from if they do not want to accept service from the newcompany.

EPIC's comments are available at:

See EPIC's CPNI page:

[3] Public Protest Over Data Retention Increases in Europe

The prospect of generalized and systematic surveillance of electroniccommunications across Europe is raising many pressing questions.
Several recent developments in Europe show that the principle of dataretention, introduced in the recent EU Directive on Privacy andElectronic Communications (Dir. 2002/58/EC) is facing strong criticismby privacy experts, data protection commissioners, civil libertiesgroups, and the ISP industry.

This summer, the Danish government, current President of the EuropeanCouncil, sent to all Member States a "questionnaire on traffic dataretention." The document intended to gather comments with respect tothe regulation, practice and experiences of traffic data retention inEU countries. The responses were examined at a September 16 meetingof an EU Council expert group (the Multidisciplinary Group onOrganized Crime), and most of the EU Member States' answers are nowavailable. They reveal that most governments wish they could soonimplement an EU-wide data retention regulation with harmonizedstandards and requirements.

On September 11, during the International Conference of DataProtection Commissioners in Cardiff, the European Data ProtectionCommissioners (also known as the "Working Party Article 29"), releaseda declaration strongly warning against any future EU-wide mandatoryand systematic data retention scheme. "Such retention," theyasserted, "would be an improper invasion of the fundamental rightsguaranteed to individuals by Article 8 of the European Convention onHuman Rights." They argued that retention of traffic data forpurposes of law enforcement must occur for a limited period of timeand only where necessary, appropriate and proportionate in ademocratic society.

A few days ago, the press reported that the British Internet ServiceProviders Association ("ISPA") is refusing to voluntarily implementthe Home Office's controversial data retention scheme, which is partof the Anti-Terrorism Crime and Security Act enacted last year. Thetrade group is worried about the huge cost and privacy implications ofa data retention scheme that would radically change their customerdata storage and management procedures to allow law enforcement access.

Meanwhile, in Spain and Germany, civil liberties groups are fightingagainst their governments' data retention endeavors. Kriptopolis, aSpanish activist organization, opposes some of the provisions of thenew Spanish "Law of Information Society Services and ElectronicCommerce" ("LSSI"), one of which compels all telecommunicationscompanies and ISPs to retain their customers' traffic and locationdata for 12 months. Stop1984, a civil liberties organization based inGermany, is also launching a campaign to raise public awareness aboutdata retention proposals in Europe, creating a Web page with links toother anti-data retention organizations, and collecting and organizingmaterial related to the retention of electronic communications data.

Danish Presidency's questionnaire on traffic data retention, August14, 2002:

EU Member States' answers to the questionnaire, September 16, 2002:

Statement of the European Data Protection Commissioners at theInternational Conference in Cardiff (September 9-11, 2002) onmandatory systematic retention of telecommunication traffic data:


Stop1984's Anti-Data Retention Network:

For more information on developments related to data retention, seeEPIC's data retention Web page:

[4] DC City Council Discusses Regulation of Surveillance Cameras

The Judiciary Committee of the D.C. City Council on October 22unanimously approved the proposed regulations governing the use ofsurveillance cameras in Washington, DC. The regulations will now beconsidered by the full Council on November 7, after which they willserve as an interim measure while the Council drafts permanentlegislation. Councilmember Kathy Patterson is drafting thislegislation, which will be the subject of a public hearing scheduledfor December 12. The legislative debates are expected to considerwhether the surveillance camera system is an effective or necessarycrime-fighting tool and whether it is an appropriate investment ofpublic funds. Meanwhile, the interim regulations are at least animportant first step toward protecting the privacy of D.C. residentsand visitors, and they help to set the baseline for future debates inother parts of the country. However, the current regulations stillcontain significant deficiencies that will hopefully be cured in thefinal legislation.

In March, the D.C. City Council passed emergency legislation requiringthe Metropolitan Police Department (MPD) to draft regulations for theuse of the surveillance cameras. The Council acted after learningfrom media reports that the MPD had constructed an 8 million-dollarsurveillance camera system in the District. The MPD regulations haveimproved significantly from their April draft, in which they statedthat cameras are a "valid law enforcement tool" useful in combatingcrime and even the "fear of crime," and provided for littleaccountability or safeguards. At the Council's public hearing inJune, EPIC Executive Director Marc Rotenberg testified on theregulations, noting several specific clauses in the regulations whereimprovements were necessary to protect the rights of residents andvisitors (see EPIC Alert 9.12).

The final version of the regulations includes some of the changessuggested by critics of the surveillance camera system, includingEPIC, the NAACP, and the National Capital Area ACLU. The regulationsnow limit the cameras to two uses: to help manage public resourcesduring major public events and demonstrations, and to coordinatetraffic control. No cameras will be installed for general crimedeterrence purposes until legislation approving it is enacted. Section2501.3 explicitly states, "Under no circumstances shall the CCTVsystems be used for the purpose of infringing upon First Amendmentrights." The regulations will also create an extensive audit trail ifrecording is authorized. However, they fail to properly consider theexpectation of privacy in public spaces and also do not provide cleardefinitions for key terminology, including, for example, "exigentcircumstances." In addition, the regulations do not address the needfor the system, and therefore should not be understood as legitimizingthe use of surveillance cameras.

Police chief Charles Ramsey has requested public comments on thesystem and on specific camera installations. Comments should be sentto Terrence D. Ryan, General Counsel, Metropolitan Police Department,
Room 4125, 300 Indiana Avenue, NW, Washington, D.C. 20001. The CityCouncil is also accepting public comments (see EPIC Alert 9.13).
Further, there is a new slide show on the Observing Surveillance Website that documents the presence of the MPD's surveillance cameras.

EPIC's Video Surveillance page:

Observing Surveillance:

[5] National Academies Report on "Sensitive but Unclassified"

In a recent report, the National Academies asked the federalgovernment to abstain from creating inadequately defined categories of"sensitive, but unclassified" information, while recognizing theirresponsibility to help protect the United States from terrorism andother national security threats.

The National Academies expressed their concern that inadequatelydefined categories of "sensitive, but unclassified" do not providesufficient guidance on what data should be restricted from publicaccess. Furthermore, while acknowledging that some restrictions onpublic information may be necessary to protect strategic secrets, theNational Academies emphasized the necessity of openness to scientificand technological advancement, including advancements in counteringnational security threats.

Vague criteria on when to classify and/or restrict public access toscientific information create confusion among scientists, engineers,
researchers and government officials responsible for enforcingregulations, thereby hindering progress and weakening nationalsecurity. The National Academies accordingly maintained that anappropriate and necessary balance between security and opennessrequires clearly defined categories of information, recommending arenewal of dialogue between the scientific, engineering and researchcommunity and policy-makers to develop clear criteria for "sensitive,
but unclassified" information.

The National Academies' full report on the role of science andtechnology in countering terrorism is available at:

[6] California Leads States in Privacy Protection

California leads the states in providing individuals with privacyprotections, according to a ranking performed by Robert Ellis Smith ofthe Privacy Journal. The other states ranking in the top ten areMinnesota, Connecticut, Florida, Hawaii, Illinois, Massachusetts, NewYork, Washington, and Wisconsin.

The ranking is based on "Compilation of State and Federal PrivacyLaws," a recently updated Privacy Journal publication that describesmore than 1200 state and federal laws on the confidentiality ofpersonal information. States are assigned points based on protectionsfor medical, financial, credit, and library records. Extra pointsaccrue to states with Constitutional privacy safeguards, and to thosethat have been assertive in protecting privacy through regulation andlitigation.

Under the Privacy Journal ranking system, the federal government wouldfall among the next-to-last tier of states for privacy protection. Thefederal government provides only limited protections for financial andmedical records, no statutory protection for library records, andweakened protections against law enforcement surveillance as a resultof the USA PATRIOT Act.

Privacy Journal:

[7] EPIC Bookstore - CTRL [SPACE]

CTRL [SPACE]: Rhetorics of Surveillance from Bentham to Big Brother,
edited by Thomas Y. Levin, Ursula Frohne, and Peter Weibel.

Video surveillance is an important topic that is currently beingexplored by policymakers, civil liberties organizations, and thepublic at large. However, another important group has joined thediscussion about the subject of surveillance: artists. Just as theuse of surveillance cameras in public spaces raises important policyquestions, the cameras themselves are a form of visual media, and thusthe arts community has also become involved in the debate. "CTRL[SPACE]" uses the arts as a springboard to explore different ideas andissues surrounding surveillance and its history, from philosophicalquestions posed by Michel Foucault and Jeremy Bentham to 21st-centuryAmerica's growing obsession with "reality television." It also servesas an exhaustive catalog for the recent art exhibition of the samename, held from October 13, 2001 to February 24, 2002 at the ZKMCenter for Art and Media in Karlsruhe, Germany.

The book features numerous essays and artistic works by and about manydiverse groups, including the Surveillance Camera Players, the NewYork Civil Liberties Union's "NYC Surveillance Camera Project," andnoted creative personalities such as Yoko Ono and Andy Warhol. Alarge, elaborately designed work comprising over 650 pages of imagesand text, "CTRL [SPACE]" feels at home in a library full of policybooks, philosophy books, art books, and/or all (or none) of the above.

- Kate Rears

For more perspectives on video surveillance, see the ObservingSurveillance project:

EPIC Publications:

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location tracking, IDsystems and freedom of information laws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Liberties Lost! First Central European Cyber Liberties Conference(CECLC). Quintessenz and VIBE!AT User Group. October 25, 2002. Vienna,
Austria. For more information:

Symposium on Privacy and Security (SPS). Stiftung für Datenschutz undInformationssicherheit (SDI), Basel/Switzerland. October 30-31, 2002.
Zurich, Switzerland. For more information:

2nd Courtroom 21 Conference on Privacy and Public Access to CourtRecords. Courtroom 21 (College of William & Mary and the NationalCenter for State Courts). Williamsburg, VA. October 31-November 2,
2002. For more information:

3rd Annual Privacy and Security Workshop: Privacy & Security: TotallyCommitted. Centre for Applied Cryptographic Research, University ofWaterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For moreinformation:

First Hawaii Biometrics Conference. Windward Community College,
Pacific Center for Advanced Technology Training (PCATT). November10-13, 2002. Waikiki, HI. For more information:

Call for Proposals: November 15, 2002. CFP2003: 13th Annual Conferenceon Computers, Freedom, and Privacy. Association for ComputingMachinery (ACM). April 1-4, 2003. New York, NY. For more information:

Ninth ACM Conference on Computer and Communications Security (CCS).
Association for Computing Machinery (ACM) Special Interest Group onSecurity, Audit, and Control (SIGSAC). November 18-22, 2002.
Washington, DC. For more information:

eSafe Programme 2003-2004 -- Hearing on Options & Requirements.
European Commission. November 27-28, 2002. Kirchberg, Luxembourg. Formore information:

International Conference: Privacy: Cost to Resource. Safeguards forCitizens, Opportunities for Businesses: Advantages of aPrivacy-Oriented Market. Garante per la Protezione dei Dati Personali(Italian Data Protection Commission). December 5-6, 2002. Rome, Italy.
For more information:

Transformations in Politics, Culture and Society. Inter-
Disciplinary.Net. December 6-8, 2002. Brussels, Belgium. For moreinformation:

18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied ComputerSecurity Associates. December 9-13, 2002. Las Vegas, NV. For moreinformation:

O'Reilly Bioinformatics Technology Conference. February 3 - 6, 2003.
San Diego, CA. For more information:

Third Annual Privacy Summit. International Association of PrivacyOfficers. February 26-28, 2003. Washington, DC. For more information:

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. Formore information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe" (no quotes)

Help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.20


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback