WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 3

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.03 [2002] EPICAlert 3


Volume 9.03 February 13, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Opposition to National ID System Grows
[2] Comcast Backs Down from Tracking Web Users
[3] EPIC Urges Verizon, Ameritech to Drop Marketing Plans
[4] Individuals Encouraged to Comment on Telemarketing Sales Rule
[5] CPSR Announces New "Privaterra" Coalition
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Web Security, Privacy & Commerce
[8] Upcoming Conferences and Events

[1] Opposition to National ID System Grows

By compelling standardization of the issuance and content of driver'slicenses, including additional immigration and biometric data fields,
and obtaining legislative support for the implementation of its DriverRecord Information Verification System (DRIVerS) to link state andnational driver records, the American Association of Motor VehicleAdministrators (AAMVA) hopes to effect a nationally interoperablerepository of drivers' personal information: a National ID system inall but name.

EPIC has been involved in two key initiatives opposing AAMVA's plan toconvert the state driver's license into a de facto National ID card.
In a letter sent to President Bush and Transportation Secretary Minetaon Monday February 11, 2002, EPIC joined a broad coalition of civilliberties groups urging the administration to reject the creation of aNational ID Card through the standardization of state driver'slicenses. Also, EPIC today released the latest policy report in itsWatching the Watchers series, entitled "Your Papers, Please: From theState Drivers License to a National Identification System." The paperoffers a detailed assessment of the AAMVA proposal in the context ofprevailing security concerns, Constitutional values and Congress'
history of protecting the privacy of driver's license information.

While EPIC supports efforts to detect and prevent fraud andcounterfeiting of driver's licenses, AAMVA's move to standardizedriver's licenses, to collect more invasive personal information, andto expand the legitimate function of state motor vehicle authoritiesmust be rejected. The increased reliance on a single form ofidentification compromises privacy and exacerbates the risks andconsequences of identity theft.

The new report recommends that there should be wider public debateabout the details and the consequences of AAMVA's nationalidentification card and driver's license system. The combination oftechnical concerns and prevalent American Constitutional valuesprotecting freedom of movement, privacy, and anonymity stronglysuggest that this and any National ID system should be rejected.

Letter Sent by Coalition to President Bush and Secretary Mineta:

"Your Papers, Please: From the State Drivers License to a NationalIdentification System" is available at:

EPIC's National ID Page:

[2] Comcast Backs Down from Tracking Web Users

Comcast Corp., which yesterday acknowledged that it had begun trackingthe Web browsing activities of its one million high-speed Internetsubscribers without notifying them, announced today that it will nolonger be engaging in this practice. Comcast's acknowledgment of itstracking activities raised questions from Representative Edward Markey(D-MA), a long-time privacy advocate in Congress. Markey sent aletter to Comcast asking about "the nature and extent of anytransgressions of the law that may have resulted in consumer privacybeing compromised," stating that he believed Comcast should beprohibited from collecting information without obtaining consent,
pursuant to the 1984 Cable Act.

Although the practice was part of a technology overhaul that Comcastclaims was not intended to infringe on privacy, experts agree that anunnecessarily large amount of information was being collected, andthat the use for that information was not clear. "Once a companycollects this kind of data, it's really inviting all kinds of requestsfor access," said EPIC General Counsel David Sobel. "If they can'tidentify a specific need for collecting it, Comcast should take thenecessary steps to eliminate it."

Comcast had been recording subscriber IP addresses, along withInternet addresses of each requested Web page. This information wasbeing stored "temporarily," although no figure has been providedstating exactly how long the information was being stored. Some angryComcast customers likened this practice to the FBI's controversialCarnivore surveillance technology.

Other large Internet providers such as America Online and Earthlinkwere quoted in reports as saying that they do not track theirsubscribers' Web browsing habits, citing privacy reasons.

Comcast Cable Communications President Stephen Burke claims that theinformation the company was collecting has "never been connected toindividual subscribers and has been purged automatically to protestsubscriber privacy," though he added that "[b]eginning immediately, wewill stop storing this individual customer information in order tocompletely reassure our customers that the privacy of theirinformation is secure."

Rep. Markey's Letter to Comcast is available at:

[3] EPIC Urges Verizon, Ameritech to Drop Marketing Plans

In letters to Ameritech President Gail Torreano and Verizon PresidentIvan Seidenberg, EPIC has urged the companies to suspend their plansto use records of telephone calls for marketing purposes. Both phonecompanies sent opt-out notice to customers in their most recentbilling statements. The notices, which required customers to call atoll-free telephone number to opt-out of the sale of their callingdata, sparked controversy as customers cited privacy concerns andexperienced difficulty attempting to opt-out.

The information that Verizon and Ameritech are planning on using isknown as customer proprietary network information (CPNI), and includesthe information contained within a billing statement, such as callsdialed.

In late January, in response to a national campaign led by EPIC, withthe support of state Attorneys General and consumers nationwide, QwestCommunications withdrew plans for opt-out marketing with CPNI. Thecompany has stated that it will wait to devise its plans until theFederal Communications Commission (FCC) has proposed a final rule onthe issue. EPIC's letters to Verizon and Ameritech urged thecompanies to follow Qwest's example.

EPIC initiated the campaign for opt-in by filing comments, signed by17 consumer organizations, with the FCC last November. The FCC'srequest for comments followed a federal court decision that the FCC'sopt-in proposal violated the First Amendment because there was notadequate evidence that opt-in would protect customer privacyinterests. The comments noted that 86% of consumers favor opt-in forcommunications services.

EPIC's letter to Ameritech President Gail Torreano:

EPIC's letter to Verizon President Ivan Seidenberg:

For a history of the debate, see EPIC's CPNI page:

[4] Individuals Encouraged to Comment on Telemarketing Sales Rule

EPIC has urged individuals to submit comments to the Federal TradeCommission (FTC) on the Telemarketing Sales Rule (TSR). The TSRgoverns how many telemarketers can contact individuals, and changes tothe rule proposed by the FTC may have a significant effect on limitingsales calls.

EPIC has posted a five-point guide to commenting on the privacy issuesin the TSR. First, individuals should support a national Do-Not-Call(DNC) list. Second, the FTC should require telemarketers to sendaccurate caller ID information every time a sales call is initiated.
Third, the FTC should require improvement to autodialers so that "deadair" or "abandoned" calls are eliminated. Fourth, the FTC should banthe collection and sharing of pre-acquired account information. Last,
the FTC should find ways to expand the scope of the TSR, so that allcommercial entities that engage in telemarketing are subject to therule.

Individuals can comment until March 29, 2002.

EPIC's recommendations to the public for comment are online at:

Individuals can comment on the FTC web site:

[5] CPSR Announces New "Privaterra" Coalition

On January 30, Computer Professionals for Social Responsibility (CPSR)
announced Privaterra, a new coalition of computer professionals, humanrights workers and human rights organizations joined to harness thepower of technology and help protect human rights workers worldwide.
Established in December 2001, Privaterra will be an ongoing project ofCPSR.

Privaterra is a volunteer-based organization with offices in theUnited States and Canada, and members in North America, South Americaand Europe. To help human rights workers and organizations conducttheir activities in safety, and to protect the safety and anonymity ofthose they serve, Privaterra is seeking funding, donations-in-kind,
and qualified volunteers.

Privaterra provides human rights workers with technology and teachesthem how to secure their information and communications. The group isalso constructing a protected clearinghouse of information andresources relating to privacy and security for human rightsorganizations.

Privacy and security oriented NGOs from all over the world, includingAmnesty International, have contributed support to the newly formedorganization, recognizing the critical need for secure communicationsin the fight for human rights.

Privaterra Website:

CPSR Website:

[6] EPIC Bill-Track: New Bills in Congress


H.R.3482 Cyber Security Enhancement Act of 2001. To provide greatercybersecurity. Sponsor: Rep Smith, Lamar (R-TX). Latest Major Action:
12/13/2001 Referred to House committee: House Judiciary.

H.R.3483 Intergovernmental Law Enforcement Information Sharing Act of2001. To amend title 31, United States Code, to provide forintergovernmental cooperation to enhance the sharing of lawenforcement information. Sponsor: Rep Horn, Stephen (R-CA). LatestMajor Action: 12/13/2001 Referred to House committee: House Judiciary.

H.R.3494 Use NICS in Terrorist Investigations Act. To give the FederalBureau of Investigation access to NICS records in law enforcementinvestigations, and for other purposes. Sponsor: Rep McCarthy, Carolyn(D-NY). Latest Major Action: 1/14/2002 Referred to House subcommittee:
House Judiciary.

H.R.3525 Enhanced Border Security and Visa Entry Reform Act of 2001.
To enhance the border security of the United States, and for otherpurposes. Sponsor: Rep Sensenbrenner, F. James, Jr. (R-WI). LatestMajor Action: 12/20/2001 Referred to Senate committee: HouseJudiciary; House Select Committee on Intelligence; House InternationalRelations; House Ways and Means; House Transportation andInfrastructure; Senate Judiciary.

H.R.3555 United States Security (`USA') Act of 2001. To prevent,
prepare for, and respond to the threat of terrorism in America, andfor other purposes. Sponsor: Rep Menendez, Robert (D-NJ). Latest MajorAction: 12/28/2001 Referred to House Committees: House Energy andCommerce; House Transportation and Infrastructure; House Education andthe Workforce; House Government Reform; House Ways and Means; HouseArmed Services; House International Relations; House Select Committeeon Intelligence; House Financial Services; House Judiciary.

H.R.3600 National Border Security Agency Act. To establish a NationalBorder Security Agency. Sponsor: Rep Tancredo, Thomas G. (R-CO).
Latest Major Action: 1/15/2002 Referred to House Subcommittee: HouseGovernment Reform; House Judiciary; House Transportation andInfrastructure; House Ways and Means.


S.1881 Telemarketing Intrusive Practices Act of 2001. A bill torequire the Federal Trade Commission to establish a list of consumerswho request not to receive telephone sales calls. Sponsor: Sen Dodd,
Christopher J. (D-CT). Latest Major Action: 12/20/2001 Referred toSenate committee: Senate Commerce, Science, and Transportation.

S.1900 Cyberterrorism Preparedness Act of 2002. A bill to protectagainst cyberterrorism and cybercrime, and for other purposes.
Sponsor: Sen Edwards, John (D-NC). Latest Major Action: 1/28/2002Referred to Senate Committees: Senate Commerce, Science, andTransportation.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Web Security, Privacy & Commerce

Web Security, Privacy & Commerce, by Simson Garfinkel (O'Reilly, 2ndEd., November 2001).

This new, expanded edition, nearly twice the size of the firstedition, explores web security risks and how to minimize them. Aimedat web users, administrators, and content providers, Web Security,
Privacy & Commerce covers Windows and Unix environments, InternetExplorer and Netscape Navigator, and many other programs, products,
and features: cryptography, SSL, the Public Key Infrastructure (PKI),
digital signatures, digital certificates, privacy threats such ascookies, log files, web logs, and web bugs, hostile mobile code, andweb publishing (intellectual property, P3P, digital payments,
client-side digital signatures, code signing, PICS).

Web Security, Privacy & Commerce is the definitive reference on Websecurity risks and technologies and methods you can use to protectyour organization, your system, your network, and your privacy.

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

The Biometric Consortium Conference. February 13-15, 2002 (rescheduledfrom September 12-14, 2001). Arlington, VA. For more information:

Congressional Briefing on Cybersecurity. Forum on Technology &
Innovation. February 14, 2002. Washington, DC. For more information:

CLA 6th Annual Cyberspace Camp Conference. Computer Law Association.
February 14-16. San Jose, CA. For more information:

2nd Annual BNA Summit: Combatting Cyber Attacks on your CorporateData. Bureau of National Affairs. February 27-28, 2002. Washington,
DC. For more information:

Rethinking Law & Marketing in the Age of Privacy & Security. WileyRein & Fielding LLP. February 28, 2002. Redwood Shore, CA. For moreinformation:

Understanding Privacy: New Laws, New Challenges. BC Freedom ofInformation and Privacy Association (FIPA). March 11-12, 2002.
Vancouver, British Columbia, Canada. For more information:

HIPAA Summit West II: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security, and HIPAA Compliance. March 13-15,
2002. San Francisco, CA. For more information:

Eighth Annual National Conference, "Managing the NEW PrivacyRevolution," and First Annual Privacy Expo 2002. Privacy & AmericanBusiness and Privacy Council. March 20-22, 2002. Washington, DC. Formore information:

Fourth Annual e-ProtectIT Infrastructure Security Conference. NorwichUniversity. March 20-22, 2002. Northfield, Vermont. For moreinformation:

International Symposium on Freedom of Information and Privacy. Officeof the New Zealand Privacy Commissioner. March 28, 2002. Auckland, NewZealand. For more information:

Workshop on Privacy Enhancing Technologies. April 14-15, 2002. SanFrancisco, CA. For more information:

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

INET 2002. Internet Society. June 18-21, 2002. Washington, DC. Formore information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe"

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.03


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback