WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 6

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.06 [2002] EPICAlert 6


Volume 9.06 March 28, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] FBI Ordered to Locate Carnivore Documents in EPIC FOIA Case
[2] ACLU, EPIC, Library Groups Challenge Internet Filtering Law
[3] Congress Holds Hearing on Surveillance Cameras in Washington, DC
[4] Bush Administration Reneges On Medical Privacy Guarantees
[5] EPIC FOIA Request Seeks Homeland Security Documents
[6] Updated EPIC Public Opinion Page; Industry Privacy Reports Biased
[7] EPIC Bookstore - Free as in Freedom
[8] Upcoming Conferences and Events

[1] FBI Ordered to Locate Carnivore Documents in EPIC FOIA Case

EPIC has won another round in its effort to compel the disclosure ofinformation about the FBI's controversial Carnivore Internetsurveillance system. In an order issued on March 25, U.S. DistrictJudge James Robertson denied a government motion for summary judgmentand directed the Bureau to expand its search for records aboutCarnivore. The judge ordered the FBI to complete within 60 days "afurther search" for records pertaining to the system.

EPIC filed its Freedom of Information Act suit against the FBI and theJustice Department in July 2000, after the agencies failed to respondto a request to expedite the processing of documents relating toCarnivore. The FBI subsequently agreed to expedite its search (whichotherwise would have taken several years), and made its "final"
release of documents in January 2001. The Bureau then prepared anitemized accounting of withheld material in support of its motion forsummary judgment, which was filed last summer. The accountingindicated that approximately 2000 pages of material were located attwo Bureau components -- the Electronic Surveillance TechnologySection (ESTS) in Quantico, Virginia, and the Contracts Unit at FBIHeadquarters -- but no other locations.

In response to the government's motion, EPIC noted that the releaseddocuments dealt only with technical aspects of Carnivore, rather thanthe legal and policy implications of the surveillance technique. EPICfurther noted that no documents had yet been located at key FBI andDOJ components, including the FBI's Office of General Counsel. JudgeRobertson agreed, finding that EPIC "has raised a 'positiveindication' that the FBI may have overlooked documents in other FBIdivisions, most notably the offices of the General Counsel andCongressional and Public Affairs."

Public disclosure of information concerning Carnivore is particularlyimportant in the aftermath of September 11, as such investigativetechniques are likely to increase in use. The controversial USAPATRIOT Act, quickly passed by Congress last fall, expresslyauthorizes the use of Carnivore and imposes certain reportingrequirements when it is used by investigators.

Judge Robertson's order is available at:

Background information on EPIC's Carnivore FOIA litigation, includingscanned images of selected documents, is available at:

[2] ACLU, EPIC, Library Groups Challenge Internet Filtering Law

Trial commenced Monday in Philadelphia challenging theconstitutionality of the Children's Internet Protection Act (CIPA),
the federal law that would require libraries to install Internetfiltering software in order to continue receiving federal technologyfunding. Congress approved CIPA in December 2000 even after its own18-member committee rejected the proposal because of the risk that"protected, harmless, or innocent speech would be accidentally orinappropriately blocked."

The law -- the third attempt by Congress to control informationavailable to minors on the Internet -- is being challenged by theAmerican Civil Liberties Union (ACLU), the American LibraryAssociation (ALA) and numerous individual plaintiffs. EPIC isparticipating in the case as co-counsel.

The plaintiffs argue that the law will arbitrarily restrict access toa wide range of information on sex, health and social issues, with noguarantee that children will actually be protected from obscenity orpornography. Critiques and studies have documented the negativeimpact of content blocking systems, particularly noting that filteringand rating systems can be viewed as fundamental architectural changesthat may facilitate the suppression of speech far more effectivelythan national laws alone. Experts testified during the first days oftrial that current Internet filtering software is so imprecise that itwould block sites discussing topics such as homosexuality, breastcancer, and menstruation. Although libraries would have the abilityto override filters if requested, librarians have testified that mostpatrons would be too embarrassed to make such requests -- even forlegitimate medical information -- and that this would be an invasionof patrons' privacy.

Plaintiffs include libraries and library associations across thecountry, individual library patrons, and authors of Web sites such, a medical information Web site offering photographsof the human body, including such things as size and shape ofgenitalia, hair and skin characteristics, and stature. These Websites, as well as many prevalent informational and educational sites(including the EPIC web site), are frequently blocked by Internetfilters.

Testimony is expected to run through next Wednesday, with a rulingexpected by early May. Should the law be upheld, libraries nationwidewould have to prepare to comply with it by July 1.


EPIC Publication, Filters & Freedom 2.0: Free Speech Perspectives onInternet Content Controls:

Peacefire, an organization that advocates the right to free speech,
sells T-shirts that list the names of some often-blocked sites:

[3] Congress Holds Hearing on Surveillance Cameras in Washington, DC

The House Committee on Government Reform held a hearing last week onthe use of video surveillance in the Nation's capital. Among thewitnesses were representatives of the Council and Government of theDistrict of Columbia, the Chief of the Metropolitan Police Department(MPD), experts in video surveillance, and civil liberties activists.
All but one of the federal agencies invited -- the National ParksService -- declined the invitation, which included the Department ofJustice and the Federal Bureau of Investigation.

The hearing revealed that video cameras have been installed in DCsince 2000 without notice or prior public consultation, and that noguidelines exist today to regulate the installation and use of videocameras. The public has recently become aware of the ever-increasinguse of video cameras by a growing number of governmental authorities,
including the MPD, the Department of Transportation, and the NationalParks Service, and without any legal guidance. Of much concern is thefact that the MPD plans to connect the 1,000 cameras already installedby various agencies to a single control room that would allow forcontinuous and centralized surveillance, which it has already done inthe past during emergency situations (e.g., the 2000 InternationalMonetary Fund protests and in the wake of 9/11 terrorism threats).
Future plans include the connection of school, traffic, metro,
shopping area and high-crime neighborhood video cameras.

As to the fundamental issues of effectiveness and reliability of videosurveillance for law enforcement purposes, no witnesses could yetprovide clear and definite answers. Most witnesses agreed thatalthough much work is still required on these issues, federalstandards or regulations for the use of video cameras are preferableto leaving law enforcement authorities to come up with state-specific,
self-regulatory guidelines.

EPIC has urged Congress and all parties involved in the planning ofWashington's video surveillance system to address the fundamentalconstitutional values at stake: privacy, freedom of movement, andlimitations on law enforcement's capability to collect informationabout citizens. EPIC has also advocated for effective oversight byCongress and the DC City Council, and recommended that procedures beput in place to ensure public accountability.

Additionally, EPIC has launched a new Web site, "ObservingSurveillance," to document and record the growth of video surveillancein the District of Columbia.

Observing Surveillance:

[4] Bush Administration Reneges On Medical Privacy Guarantees

The Department of Health and Human Services (HHS) has proposed changesto the Health Insurance Portability and Accountability Act (HIPAA)
Privacy Rule that would significantly dilute federal medical privacyprotections. While the full implications of the proposed changes arestill unclear, the new rule would eliminate the consent requirementand give parents more power to access children's medical records. Theproposed changes do improve privacy rights by shifting to an opt-insystem for marketing use of medical records. However, the proposedchanges exclude many forms of marketing from the opt-in protections.
These changes conflict with President Bush's campaign promises tocreate strong protections for medical information.

The Privacy Rule, which became effective in April 2001, provides thefirst baseline federal protection for the privacy of medicalinformation. It gives patients the right to notice of privacypolicies, a right to request restrictions on disclosure, a right toamend their records, a right to an accounting of disclosures, andrequires that health care providers obtain consent from a patientbefore using health information. The Privacy Rule has been undercontinuous attack by hospitals, health maintenance organizations, andrecently was pegged for revision or rescission by the Office ofManagement and Budget's Office of Information and Regulatory Affairs.

The changes, proposed by HHS Secretary Tommy Thompson, were based uponan overbroad reading of the Privacy Rule and false statements aboutits implications. For instance, Thompson claimed that the changeswere necessary to guarantee patient access to health care, citing thenotion that sick patients would be prevented from sending friends orrelatives to pharmacies in order to obtain filled prescriptions.
However, the Privacy Rule specifically allows pharmacies to exerciseprofessional judgment and release filled prescriptions to friends andrelatives.

While privacy advocates have acknowledged that HIPAA's consentprovisions have weaknesses, HHS' proposed changes would eliminate theconsent requirement rather than amend it to address valid concerns.

The proposed changes would also give parents greater access to theirchildren's medical files. The regulations allow disclosure based onprofessional judgment of the physician where state law is silent onthe issue of disclosing minors' information. This change was soughtby special interests that advocate the dilution of children's privacyso that parents can obtain more information about minors' access tobirth control and abortion.

The proposed changes represent a significant departure from priorpolicy positions held by President Bush. On numerous occasions duringhis presidential campaign, Bush expressed the view that privacy was a"fundamental right" and said he supported opt-in protections formedical and financial data.

Individuals are encouraged to comment on the proposed changes, and cando so on the HHS web site (see below) until April 26, 2002.

Health and Human Services Privacy Rule Site and Proposed Changes:

Health Privacy Project:

EPIC's Medical Records Privacy Page:

[5] EPIC FOIA Request Seeks Homeland Security Documents

EPIC filed a Freedom of Information Act (FOIA) request last week withthe Office of Homeland Security asking for detailed information onDirector Tom Ridge's proposal to create a new biometric identity cardfor air travelers. Director Ridge said in his February 24th speech tothe National Governor's Association, "I do think that this might be agreat opportunity for us to do some work with biometrics, and get atrusted flier program," and that he would be working closely with thenew Transportation Security Agency (TSA) in developing this program.

In a related matter, EPIC has filed a lawsuit to obtain informationfrom the TSA on its biometric identity card proposal (see EPIC Alert9.05). EPIC is also seeking further information about draftlegislation that would link the driver's license expiration date tovisa status, which the Office of Homeland Security is reported to bepreparing for various states to adopt.

Both proposals from the Office of Homeland Security implicate seriousprivacy and security risks. One proposal contemplates creating a newfederally-issued identity card using biometric identification that hassignificant privacy implications; the other aims at expanding thepurpose of a driver's license into a realm that has nothing to do withroad safety. There is a strong public interest in understanding howthese proposals are being formulated, and assessing the potentialprivacy implications of such proposals requires full and informedpublic debate on the design and purpose of the new systems. EPICbelieves that substantive proposals from the Office of HomelandSecurity involving important constitutional values and rights shouldbe subject to public oversight.

Office of Homeland Security:

"Ridge: Link Driver's License, Visa," Federal Computer Week, March 15,

EPIC's DOT/TSA lawsuit:

[6] Updated EPIC Public Opinion Page; Industry Privacy Reports Biased

EPIC has released a newly updated version of its Public Opinion andPrivacy Page to reflect survey data that shows such trends as strongsupport for opt-in privacy protections, as well as the opinion thatthe current self-regulatory framework is insufficient to protectprivacy. Polls from the past few years have increasingly shown thatthe public wants control over their data; that they believe theirprivacy would be better protected by comprehensive legislation, notself-regulation; that they value their anonymity on the Internet; andthat they fear both government and public-sector abuses of theirprivacy.

In related developments, a new report by independent privacyconsultant Robert Gellman, entitled "Privacy, Consumers, and Costs:
How The Lack of Privacy Costs Consumers and Why Business Studies ofPrivacy Costs are Biased and Incomplete," critiques business studiesof privacy and finds that they ignore the costs imposed on consumersand on society by self-regulatory systems for protecting privacy.

EPIC Public Opinion and Privacy Page:

Privacy, Consumers, and Costs: How The Lack of Privacy Costs Consumersand Why Business Studies of Privacy Costs are Biased and Incomplete:

[7] EPIC Bookstore - Free as in Freedom

FREE AS IN FREEDOM: Richard Stallman's Crusade for Free Software, bySam Williams (O'Reilly 2002).

Few who have met Richard Stallman will forget the experience.
Passionate, brilliant, and purposeful without bounds, Stallman turnsvirtually every human interaction into a quest for perfection. Hiswriting in essays such as "The Road to Tycho," a haunting story of afuture with perfect copyright control, can be as clear and asexquisite as emacs, the popular word processing program he helpedcreate.

Sam Williams' "Free as in Freedom" captures in substance and form theelegance and precision of Stallman's crusade for Free Software. Thisis a book that moves with economy through the life of the world's mostfamous hacker. The love of Chinese food, folk dance, and cleverphrases punctuate a quest driven by an unwavering belief that computercode should not be controlled, that innovation requires cooperation.

Williams draws on Steven Levy's "Hackers," the 1984 book that helpedpopularize the culture of the MIT railway club and the AI lab of the1970s and early 1980s. Williams, like Levy, helps explain a world ofall-nighters, brilliant code, and new frontiers. Many of the youngcoders today would fit very comfortably in that world, though theywould probably require MP3 players and more bandwidth.

Williams provides an interesting glimpse of Richard's early years. Hisgentle and illuminating description of the relationship betweenStallman and his mother contrasts sharply with another famous story ofa mother and her child prodigy. Bobby Fischer's mother was filledwith rage and a fierce anti-semitism that she passed on to her son.
Fischer's career was almost the antithesis of the John Nash characterportrayed in "A Beautiful Mind." Fischer battled real enemies duringthe Cold War, when the Russians feared the loss of their chessdominance, but he never earned the same level of regard from hiscolleagues as Nash would with the receipt of the Nobel Prize. In theend, Fischer's achievement was well established in the chess world,
but his life's work lacked the humanism which has so clearly madeStallman a folk hero in the computer world.

More than any person, Stallman came to exemplify the spirit ofbrilliant programmer and political crusader. Stallman's philosophyalso gave way to the General Public License, a wonderfully subversivelegal contract that prevents free software from being bound toproprietary software.

In the lore of American technical prowess, Henry Ford, AlexanderGraham Bell, and Thomas Edison stand as giants for their contributionsto scientific invention and the American economy. But perhaps it isRichard Stallman who found in the freedom to innovate not only a pathto progress, but also a political philosophy that stretches back toBenjamin Franklin and Thomas Jefferson, the true American inventor.

- Marc Rotenberg

The Right to Read (The Road to Tycho)

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Music and Theft: Sampling, Technology, and the Law. Duke Law School,
with funding from the Ford Foundation and the Center for the PublicDomain. March 30, 2002. For more information:

The International Security, Trust and Privacy Alliance (ISTPA) AnnualMembers Meeting: Digital Identity Services - Issues & Challenges.
April 8-10, 2002. Santa Clara, CA. For more information:

Consumer Protection Issues in 2002 and Beyond. Association of the Barof the City of New York, Committee on Consumer Affairs. April 11,
2002. New York, NY. For more information:

The 27th Annual AAAS Colloquium on Science and Technology Policy:
Science and Technology in a Vulnerable World: Rethinking Our Roles.
American Association for the Advancement of Science. April 11-12,
2002. Washington, DC. For more information:

Workshop on Privacy Enhancing Technologies. April 14-15, 2002. SanFrancisco, CA. For more information:

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

4th Annual MIT Sloan eBusiness Awards. Massachusetts Institute ofTechnology, Sloan School of Management. April 17, 2002. Cambridge, MA.
For more information:

4th National HIPAA Summit: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security and HIPAA Compliance. April 24-26,
2002. Washington, DC. For more information:

2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

Information Integrity World Summit. The Hands-On Summit to ProtectYour Organization: Overcoming Cyber-security and E-Privacy Threats.
Information Integrity. May 15-16, 2002. Washington, DC. For moreinformation:

Privacy Law: Emerging Issues in Employee and Consumer Relations. CLEInternational. May 16-17, 2002. Los Angeles, CA. For more information:

Personal Privacy in the Digital Age: The Challenge for State and LocalGovernments. Joint Center for eGovernance. May 19-21, 2002. Arlington,
VA. For more information:

Call For Papers - June 1, 2002 (special recognition for outstandingstudent papers). 18th Annual Computer Security Applications Conference(ACSAC): Practical Solutions to Real Security Problems. AppliedComputer Security Associates. December 9-13, 2002. Las Vegas, Nevada.
For more information:

INET 2002. Internet Crossroads: Where Technology and Policy Intersect.
Internet Society. June 18-21, 2002. Washington, DC. For moreinformation:

IViR International Copyright Law Summer Course. Royal NetherlandsAcademy of Arts and Sciences. July 8-12, 2002. Amsterdam, Netherlands.
For more information:

Privacy2002. Technology Policy Group. September 24-26, 2002.
Cleveland, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe"

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.06


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback