WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 5

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.05 [2002] EPICAlert 5


Volume 9.05 March 15, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] National Freedom of Information Day -- March 16, 2002
[2] EPIC Files FOIA Lawsuit for Air Travel Security Documents
[3] Council of Europe Considers Cybercrime Protocols
[4] UK Holds Big Brother Awards
[5] Scarfo "Key Logger" Case Ends in Plea Bargain
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online
[8] Upcoming Conferences and Events

[1] National Freedom of Information Day -- March 16, 2002

Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue to a farce or a tragedy or perhaps both. -- James Madison
On March 16 -- James Madison's birthday -- EPIC will join with otheropen government advocates to emphasize the value and importance of theFreedom of Information Act.

The public's right of access to government information is acornerstone of our democratic society. Free and open access toinformation is a basic principle that has enabled the United States toendure and prosper for more than 200 years. For more than a quarterof a century, the Freedom of Information Act (FOIA) has ratified thepublic's right to know what the government, its agencies, and itsofficials have done. It has substituted public oversight for secrecy,
and our country has benefited from the truths that been extracted frompublic records. Although our nation must be safeguarded from furtheracts of terrorism, we must never allow the public's right to know,
enshrined in the FOIA, to be suppressed for the sake of officialconvenience. Our system of representative democracy depends on thefree flow of information produced, collected and published by thegovernment and available to the American people so they canparticipate as an informed electorate and be aware of actions thegovernment takes in their name.

On October 12, 2001, Attorney General John Ashcroft issued amemorandum on behalf of the Bush Administration, directing federalagency heads -- with the full support of the Department of Justice --
to search for and use any legal authority for denying access torecords under FOIA. This policy of secrecy is incompatible with thevalues of a free society.

In February, the House Government Reform Committee, with oversight onFOIA issues, marked up a draft update of its popular "Citizen's Guideon Using the Freedom of Information Act and the Privacy Act of 1974 toRequest Government Records." Rep. Henry Waxman (D-CA) offered, andCommittee Chair Dan Burton (R-IN) approved, the addition of thefollowing paragraphs to the 2002 draft:

The history of the act reflects that it is a disclosure law. It presumes that requested records will be disclosed,
and the agency must make its case for withholding in terms of the act's exemptions to the rule of disclosure. . . .
Contrary to the instructions issued by the Department of Justice on October 12, 2001, the standard should not be to allow the withholding of information whenever there is merely a "sound legal basis" for doing so.

The action represents a symbolic, bipartisan Congressional repudiationof the Attorney General's October directive.

In these trying times, our future as a nation and as individuals willbe determined by how successfully we use information. That is whyEPIC urges individuals and associations across American to join incelebrating the public's "right to know" on Freedom of InformationDay, March 16. EPIC has created an online "Freedom of Information ActGallery" to showcase some of the information recently made public as aresult of the law.

EPIC's Freedom of Information Act Gallery:

EPIC's Former Secrets Page:

Information on the 2002 National Freedom of Information Dayconference, "Access & Security in a Time of Crisis," is available at:

[2] EPIC Files FOIA Lawsuit for Air Travel Security Documents

EPIC filed suit on March 14 against the Department of Transportation(DOT), seeking the expedited release of documents concerning proposedair travel security systems. EPIC asserts in the lawsuit that thepotential privacy implications of such proposals require full andinformed public debate on the design of security systems.

In early February, EPIC submitted Freedom of Information Act (FOIA)
requests to DOT for records relating to the newly-createdTransportation Security Administration's plans to develop a biometricidentification card for use in a "trusted passengers" program, and toestablish airline passenger screening and profiling systems. Notingthe privacy issues surrounding these initiatives and the substantialpublic interest in security matters, EPIC requested "expeditedprocessing" of its requests -- a procedure Congress mandated in 1996to hasten the disclosure of information concerning matters of "currentexigency to the American public." Despite a legal requirement torender a decision on an expedition request within 10 days, DOT neverresponded to EPIC's request.

EPIC does not question the need for effective air travel security, butbelieves that there is no reason to develop these procedures under ashroud of secrecy. The public has a significant interest in the designof new security systems and ensuring that privacy rights are respected.

EPIC's lawsuit is available at:

ID Card for Air Passengers, Washington Times, Jan. 31, 2002:

Intricate Screening of Fliers in Works, Washington Post, Feb. 1, 2002:

[3] Council of Europe Considers Cybercrime Protocols

On February 7, the Council of Europe publicly released a draft of theFirst Additional Protocol to the Convention on Cybercrime on thecriminalization of acts of a racist or xenophobic nature committedthrough computer systems. The Convention itself was signed inNovember 2001 by most of the body's 43 member states, as well asobserver nations Canada, Japan, South Africa and the U.S. (see EPICAlert 8.23). It is the first international treaty to address crimescommitted in "cyberspace," including intellectual property violations,
computer-related fraud, child pornography, hacking, and thedistribution of hacking tools. It greatly expands law enforcementinvestigative powers, including real time electronic surveillance andaccess to user records maintained by Internet Service Providers, notonly for these crimes, but also for any other crime "committed bymeans of a computer system" or for "the collection of evidence inelectronic form" of a crime. It also requires signatory countries toprovide each other with mutual legal assistance in investigations. Ithas been widely criticized by civil liberties, privacy, and securityadvocates as disproportionately weighted in favor of law enforcementinterests.

The protocol is an optional supplement to the Convention that willcriminalize the "making available" or "distribution" of racist andxenophobic material through a computer system. An articlecriminalizing the "denial or justification of racist or xenophobiccrimes" is stated in the draft to be under preparation. The draft wasmade available the day after the Global Internet Liberty Campaign(GILC) -- an international coalition of civil liberties and humanrights groups -- sent a letter to the Council of Europe asking for itsrelease in conformity with "principles of transparency and democraticdecision-making." Although the U.S. government is participating inthe negotiation of this protocol, it has stated that it does notintend to sign it due to the obvious inconsistencies with the FirstAmendment.

GILC also sent a letter to the Council of Europe on February 28following reports that the body was considering a second optionalprotocol on "terrorist messages and the decoding thereof." AlthoughGILC has not received an official response from the Council of Europe,
member groups in the U.S. have been assured by the government that nosuch proposal is moving forward. Work on the First AdditionalProtocol is expected to be completed by April 30, 2002.

The draft Protocol is available on the Council of Europe site at:

GILC's February 6 letter to the Council of Europe is available at:

GILC's February 28 letter to the Council of Europe is available at:

For more information on the Treaty generally see:

[4] UK Holds Big Brother Awards

On March 4, Privacy International presented the 4th annual UK "BigBrother" awards to the government and private sector organizationsthat have done the most to invade personal privacy in Britain. Theaward for "Worst Public Servant" went to Sir Richard Wilson, CabinetSecretary; "Most Invasive Company" went to Norwich Union; "MostAppalling Project" went to the National Criminal Intelligence Service(NCIS), and "Most Heinous Organization" went to the Department ofEducation and Skills. A "Lifetime Menace" award was given to thenational identification and data sharing scheme.

"Winston" awards were also given to individuals and organizations thathave made an outstanding contribution to the protection of privacy, aswell as to people who have been victims of privacy invasion. Thoseindividuals and organizations were: Maurice Frankel, Campaign forFreedom of Information; Lord Andrew Phillips; The Daily Telegraph;
David Shaylor; and Ilka Schroeder, Member of the European Parliament.

Other countries that have held Big Brother Awards so far this yearinclude Denmark, France, and the Netherlands. Hungary, Germany,
Austria, and Switzerland all presented Big Brother Awards late lastyear.

Detailed information about the 2002 UK Big Brother Awards is availableat:

For more information on the Big Brother Awards, see:

The Campaign for Freedom of Information Web site is located at:

[5] Scarfo "Key Logger" Case Ends in Plea Bargain

The federal government and Nicodemo Scarfo, Jr. entered into a pleaagreement on February 28, ending a case that raised novel privacyissues. In a decision issued in December, a federal judge in NewJersey upheld the legality of the FBI's use of a "key logger system"
secretly installed on Scarfo's computer to capture his encryptionpassphrase, and denied a defense motion to suppress evidence obtainedthrough the technique. As a result of the plea bargain, there will beno appellate consideration of the issues raised in the case.

The gambling and loansharking case against Scarfo became the first totest the legality of law enforcement efforts to counter the use ofencryption. Scarfo's lawyers had argued that the "key-logger system"
violated both the Fourth Amendment (by collecting more informationthan needed) and the federal wiretap statute (by intercepting modemtransmissions without a wiretap order). They asserted that theyneeded, through pre-trial discovery, a detailed explanation of thetechnology to determine whether its use was improper.

In a decision issued on December 26, U.S. District Judge NicholasPolitan upheld the legality of the FBI's use of the technique anddenied a defense motion to suppress evidence obtained through it.
Judge Politan also allowed prosecutors to keep secret the specifics ofthe technology, saying disclosure "would cause identifiable damage tothe national security of the United States." The government hadearlier invoked the Classified Information Procedures Act (CIPA) toconceal details of the surveillance system (see EPIC Alert 8.16). Theevents of September 11 seem to have had an influence in the case;
Judge Politan wrote in the first paragraph of his opinion that "thematter takes on added importance in light of recent events andpotential national security implications."

The court's opinion is available at:

Other selected court documents on the Scarfo case are available at:

[6] EPIC Bill-Track: New Bills in Congress


H.R.3806 Paul Revere Freedom to Warn Act. To amend title 5, UnitedStates Code, to protect those who defend the United States byexercising their duty as patriots to warn against the existence ofthreats to weaknesses created by institutional failures that should beidentified and corrected in a timely manner, and for other purposes.
Sponsor: Rep Israel, Steve (D-NY). Latest Major Action: 2/27/2002Referred to House committee: House Judiciary; House Government Reform.

H.R.3825 Homeland Security Information Sharing Act. To provide for thesharing of homeland security information by Federal intelligence andlaw enforcement agencies with State and local entities. Sponsor: RepChambliss, Saxby (R-GA). Latest Major Action: 2/28/2002 Referred toHouse committee: House Select Committee on Intelligence; HouseJudiciary; House Government Reform.

H.R.3833 Dot Kids Implementation and Efficiency Act of 2002. Tofacilitate the creation of a new, second-level Internet domain withinthe United States country code domain that will be a haven formaterial that promotes positive experiences for children and familiesusing the Internet, provides a safe online environment for children,
and helps to prevent children from being exposed to harmful materialon the Internet, and for other purposes. Sponsor: Rep Shimkus, John(R-IL). Latest Major Action: 3/7/2002 House committee/subcommitteeactions: Forwarded by Subcommittee to Full Committee by Voice Vote.
Committees: House Energy and Commerce.

H.R.3844 To strengthen Federal Government information security,
including through the requirement for the development of mandatoryinformation security risk management standards. To strengthen FederalGovernment information security, including through the requirement forthe development of mandatory information security risk managementstandards. Sponsor: Rep Davis, Tom (R-VA). Latest Major Action:
3/5/2002 Referred to House committee: House Government Reform; HouseScience.

H.R.3911 Telemarketing Relief Act of 2002. To direct the Federal TradeCommission to issue rules that establish a list of telephone numbersof consumers who do not want to receive telephone calls fortelemarketing purposes, and for other purposes. Sponsor: Rep Johnson,
Nancy L. (R-CT). Latest Major Action: 3/7/2002 Referred to Housecommittee: House Energy and Commerce; House Financial Services; HouseAgriculture.


S.1974 Federal Bureau of Investigation Reform Act of 2002. A bill tomake needed reforms in the Federal Bureau of Investigation, and forother purposes. Sponsor: Sen Leahy, Patrick J. (D-VT). Latest MajorAction: 2/28/2002 Referred to Senate committee: Senate Judiciary.

S.1981 Enhanced Penalties for Enabling Terrorists Act of 2002. A billto enhance penalties for fraud in connection with identificationdocuments that facilitates an act of domestic terrorism. Sponsor: SenBoxer, Barbara (D-CA). Latest Major Action: 3/1/2002 Referred toSenate committee: Senate Judiciary.

S.1989 National Cyber Security Defense Team Authorization Act. A billto authorize the establishment of a National Cyber Security DefenseTeam for purposes of protecting the infrastructure of the Internetfrom terrorist attack. Sponsor: Sen Schumer, Charles E. (D-NY) LatestMajor Action: 3/5/2002 Referred to Senate committee: Senate Judiciary.

S.1995 Genetic Information Nondiscrimination Act of 2002. A bill toprohibit discrimination on the basis of genetic information withrespect to health insurance and employment. Sponsor: Sen Snowe,
Olympia J. (R-ME). Latest Major Action: 3/6/2002 Referred to Senatecommittee: Senate Health, Education, Labor, and Pensions.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online

Privacy Defended: Protecting Yourself Online, by Gary Bahadur, WilliamChan, and Chris Weber.

Privacy Defended is a comprehensive yet highly readable book thatexplains why you should care about online privacy and security in thisdigital age, and teaches you step-by-step how to use various tricksand technologies to protect your privacy. It examines legal threatsto privacy (such as people-finder Web sites, online public records,
the Gramm-Leach-Bliley Act, and the PATRIOT Act) as well as illegalthreats (such as hackers, insidious business tactics, spyware, andidentity theft), and shows you how to understand and avoid thosethreats. Also contained in the book are good summaries of the historyof the right to privacy and privacy-related cases and laws, a brieflisting of privacy organizations and initiatives, and numerousexamples of privacy-enhancing tools that you can use to protect yourpersonal information and communications. There are also a fewchapters devoted to technical information that relates to setting upsecure networks and detecting security breaches.

Written in a personal yet technology-savvy tone by three computer andnetwork security experts, Privacy Defended is a great resource on howto protect yourself against threats to your privacy and security. Itcontains a great deal of in-depth information about laws andtechnology, but you don't have to be an expert in either of thosefields to find this book both useful and easy to read.

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

HIPAA Summit West II: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security, and HIPAA Compliance. March 13-15,
2002. San Francisco, CA. For more information:

Eighth Annual National Conference, "Managing the NEW PrivacyRevolution," and First Annual Privacy Expo 2002. Privacy & AmericanBusiness and Privacy Council. March 20-22, 2002. Washington, DC. Formore information:

Fourth Annual e-ProtectIT Infrastructure Security Conference. NorwichUniversity. March 20-22, 2002. Northfield, Vermont. For moreinformation:

The Role of the Federal Communications Commission in the Digital Era:
A Panel Discussion at Duke Law School. Duke Fellowship in IntellectualProperty and the Public Domain. March 25, 2002. Durham, NC. For moreinformation:

International Symposium on Freedom of Information and Privacy. Officeof the New Zealand Privacy Commissioner. March 28, 2002. Auckland, NewZealand. For more information:

Consumer Protection Issues in 2002 and Beyond. Association of the Barof the City of New York, Committee on Consumer Affairs. April 11,
2002. New York, NY. For more information:

The 27th Annual AAAS Colloquium on Science and Technology Policy:
Science and Technology in a Vulnerable World: Rethinking Our Roles.
American Association for the Advancement of Science. April 11-12,
2002. Washington, DC. For more information:

Workshop on Privacy Enhancing Technologies. April 14-15, 2002. SanFrancisco, CA. For more information:

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

4th Annual MIT Sloan eBusiness Awards. Massachusetts Institute ofTechnology, Sloan School of Management. April 17, 2002. Cambridge, MA.
For more information:

4th National HIPAA Summit: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security and HIPAA Compliance. April 24-26,
2002. Washington, DC. For more information:

2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

Information Integrity World Summit. The Hands-On Summit to ProtectYour Organization: Overcoming Cyber-security and E-Privacy Threats.
Information Integrity. May 15-16, 2002. Washington, DC. For moreinformation:

Privacy Law: Emerging Issues in Employee and Consumer Relations. CLEInternational. May 16-17, 2002. Los Angeles, CA. For more information:

Personal Privacy in the Digital Age: The Challenge for State and LocalGovernments. Joint Center for eGovernance. May 19-21, 2002. Arlington,
VA. For more information:

Call For Papers - June 1, 2002 (special recognition for outstandingstudent papers). 18th Annual Computer Security Applications Conference(ACSAC): Practical Solutions to Real Security Problems. AppliedComputer Security Associates. December 9-13, 2002. Las Vegas, Nevada.
For more information:

INET 2002. Internet Crossroads: Where Technology and Policy Intersect.
Internet Society. June 18-21, 2002. Washington, DC. For moreinformation:

Privacy2002. Technology Policy Group. September 24-26, 2002.
Cleveland, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe"

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.04


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback