WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 7

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.07 [2002] EPICAlert 7


Volume 9.07 April 11, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Microsoft Backs Down, Privacy & Security Risks Bury Hailstorm
[2] Colorado Upholds Rights of Anonymity, Privacy in Bookseller Records
[3] EPIC Files Suit Against Office of Homeland Security
[4] EPIC Files Comments on the Telemarketing Sales Rule
[5] Anti-Consumer DoubleClick Settlement Proposed
[6] EPIC Advocates Anonymity in Internet Broadcast Listening
[7] EPIC Bookstore - Fahrenheit 451
[8] Upcoming Conferences and Events

[1] Microsoft Backs Down, Privacy & Security Risks Bury Hailstorm

As of today, Microsoft has abandoned its Hailstorm or "My Services"
platform because of privacy and security risks inherent in centralizedstorage of personal information. Additionally, Microsoft was unableto find partner companies that were willing to use the Hailstormsystem for collecting information on consumers. Microsoft's Hailstormis a system of remotely accessible services that were dependent uponidentification of Internet users and storage of their personal data.

In July and August 2001, EPIC and fifteen leading consumerorganizations filed complaints with the Federal Trade Commission (FTC)
alleging that Hailstorm and its related services violated federalconsumer protection laws. The groups argued that Microsoft's systemwould give the company unprecedented ability to track and profile over200 million Passport accounts as users browsed the internet andengaged in e-commerce.

Despite Microsoft's claims to the contrary, user privacy and securitywere not protected by Hailstorm. After filing the complaints,
security problems with Hailstorm's services emerged continuously.

Now, Microsoft plans to sell Hailstorm to individual companies,
allowing decentralized building of "data centers." EPIC will continueto monitor the development of Hailstorm and pursue actions withfederal authorities if necessary.

EPIC Sign Out of Passport Page:

Microsoft Has Shelved Its Internet 'Persona' Service, New York Times,
Apr. 11, 2002:

[2] Colorado Upholds Rights of Anonymity, Privacy in Bookseller Records

In a First Amendment case with national significance, the ColoradoSupreme Court ruled this week that a Denver bookstore does not have togive sales records to police seeking information in a druginvestigation.

The case arose after Tattered Cover, a Denver-based bookstore,
challenged a court order for book purchase records. The local drugtask force police sought the records after finding a Tattered CoverBook Store envelope containing a methamphetamine lab and drug-making"how-to" books outside a mobile home they raided in Denver. Theenvelope was printed with an invoice number and the trailer's address,
but no name. The investigators requested a list of the customer'sbook purchases over a 30-day period as well as information about thespecific invoice.

A Denver district judge initially ordered Tattered Cover Book Storeowner Joyce Meskis to tell police who purchased two books on drugmanufacturing from her store. Tattered Cover argued that requiringbooksellers to turn over this information would chill speech by makingcustomers afraid to purchase controversial titles. The bookstoreurged the court to follow the lead of a federal court in Washington,
DC, which ruled in 1998 -- when independent counsel Kenneth Starrsubpoenaed Monica Lewinsky's book buying records while investigatingPresident Bill Clinton's relationship with the former intern -- thatcustomer records enjoy First Amendment protection and can besubpoenaed only if the police demonstrate a “compelling need” for them.

The state Supreme Court, in a 51-page opinion overturning the districtcourt opinion, recognized that the First Amendment and a section ofthe Colorado Constitution "protect an individual's fundamental rightto purchase books anonymously, free from governmental interference."
Customer purchase records enjoy First Amendment protection and mayonly be disclosed to the police if there is a "compelling need" thatoutweighs the interests of the customers. The court concluded that,
in this case, the law enforcement need was not sufficiently compellingto outweigh the harm threatened, in part because law enforcementofficials sought the purchase record for reasons related to thecontents of the books that the suspect may have purchased, and in partbecause the police had reasonable alternative measures ofinvestigation at their disposal.

The court also set a high standard for similar cases in the future byruling that bookstores "must be afforded an opportunity for a hearingprior to the execution of any search warrant" seeking customers'
book-buying records.

Although the decision applies only to the Colorado courts, it willhave national significance, as the opinion has been the strongeststatement by any court to date on the importance of protectingcustomer privacy in bookstores.

Tattered Cover, Inc. v. City of Thornton, Colorado Supreme CourtOpinion:

EPIC’s Page on Free Speech and Anonymity:

[3] EPIC Files Suit Against Office of Homeland Security

EPIC filed suit last week against the Office of Homeland Security(OHS), seeking the expedited release of documents concerning thedevelopment of a national identification system. These documents werethe subject of a Freedom of Information Act (FOIA) request in March(see Alert 9.06). The suit is filed in the District Court for theDistrict of Columbia (EPIC v. OHS, Civil Action No. 02-0620). Atissue is a critical test of open government. Under well-establishedopen record laws, an organization with the policymaking powers of theOffice of Homeland Security has an obligation to the American peopleto ensure that their decision-making is subject to public oversight.
The administration will shortly need to take a position on whether theOHS is subject to FOIA.

In a related effort, congressional leaders have been battling theadministration to have OHS Director Tom Ridge testify before theappropriations committees. The nation is being asked to spend $38billion on homeland security, and there is an urgent need to install aproper structure of accountability and oversight so that this money isspent appropriately. A number of potentially privacy-invasive schemesmight receive support in the budget, and it is vital that the publichave the opportunity to participate in an informed debate before newmeasures are approved. EPIC has written to Senate and House leadersin support of their efforts to exercise oversight over Ridge's newoffice, and to apprise them of the EPIC lawsuit.

EPIC's new page on Government Oversight and Homeland Security:

EPIC v. Office of Homeland Security, filed April 2, 2002, D.C. Dist.

[4] EPIC Files Comments on the Telemarketing Sales Rule

EPIC and thirteen leading consumer advocacy groups have filed commentswith the Federal Trade Commission (FTC) on proposed changes to theTelemarketing Sales Rule (TSR). The TSR governs how manytelemarketers make calls to individuals' homes. The proposed changesto the TSR would create a national do-not-call (DNC) list, aprohibition on the purchase of pre-acquired account data, newrestrictions on blocking or altering Caller ID, and many new consumerprotections for individuals who make purchases from telemarketers.

EPIC's comments advocate the creation of a DNC list that would allowindividuals to opt-out from telemarketing. Enrollment in this listshould be possible by postal mail, a toll-free call, or by submissionof telephone numbers over the Internet. This national DNC list wouldsupplement state lists rather than replace them.

The comments also argue forcefully for placing an affirmativeobligation on telemarketers to send accurate Caller ID informationwith each sales call. Currently, most telemarketers do not block oralter Caller ID information. Instead, they purchase a phone servicethat ordinarily does not transmit Caller ID information. The FTC'sproposed change would not address this common method of circumventingthe transmission of Caller ID.

Unfortunately, the FTC's regulation of telemarketers will not apply tocommon carriers (such as phone companies and airlines), banks, orinsurance companies. To remedy this, EPIC has commented that the FTCshould coordinate with other federal agencies to broaden the scope ofprotections against telemarketing for individuals.

Individuals can comment on the proposed changes to the TSR until April15, 2002. Instructions for submitting comments are available on theEPIC Telemarketing Page.

EPIC's Comments on Proposed Changes to the Telemarketing Sales Rule:

EPIC Telemarketing Page:

[5] Anti-Consumer DoubleClick Settlement Proposed

On March 28, Internet advertising company DoubleClick Inc, agreed tosettle federal and state class action lawsuits pending against it foronline privacy violations. Under the proposed settlement issued by aNew York federal district court, DoubleClick will, among other things,
be required to provide easy-to-read explanations of its onlinecollection practices in its privacy policy; to conduct a publicinformation banner ad campaign, consisting of 300 million banneradvertisements containing information on how to protect privacy; toset their cookies to expire within five years; and to institutepolicies for the protection and routine purging of personalinformation. DoubleClick also agreed to pay up to $1.8 million incosts and fees to the 31 law firms representing the plaintiffs. Thesettlement class includes "[a]ll persons in the United States who havehad any information about their computers or about them gathered byDoubleClick as a result of their Internet activity or who have hadDoubleClick cookies placed upon their computers or browsers fromJanuary 1, 1996 through and including March 28, 2002." A Courthearing to approve the settlement will be held on May 21, 2002.
Persons who wish to object to the terms of the settlement must file awritten submission with the Court no later than May 6, 2002.

The class action lawsuits focused on DoubleClick's plans to linkpersonally identifiable information to the detailed profiles it hadcreated on Internet users by relying on tracking technologies such ascookies and web bugs. These plans were revealed in January 2000 andled EPIC to file a formal complaint with the Federal Trade Commission.
The complaint alleged that DoubleClick's intention to merge these twodatabases violated its previous assurances that information collectedon Internet users would remain anonymous, and therefore amounted to anunfair and deceptive practice. EPIC does not regard the proposedsettlement as sufficient to ensure the protection of personalinformation online, and believes that legislation is needed to preventcompanies from abusing their customers' data in the future.

In the absence of progress at the federal level, there are indicationsthat this kind of legislation may be coming from the states. A billis currently pending before the Minnesota legislature which wouldprohibit Internet Service Providers (ISPs) from disclosing theircustomers' personal information to third parties. This would make itthe first state in the country to restrict the sale of informationabout Internet users.

Proposed DoubleClick settlement:

Background on EPIC's complaint about DoubleClick:

News coverage of the Minnesota bill is available at:

[6] EPIC Advocates Anonymity in Internet Broadcast Listening

On April 5, EPIC joined the Electronic Frontier Foundation (EFF) insubmitting comments to the U.S. Copyright Office on changes tocopyright regulation that would endanger the privacy of Internet radiolisteners. The proposed regulations would require webcasting servicesto collect and share listeners' information, including the countrylocation, time zone, log-in time, channel, and the unique identifierassigned to the listener.

EFF, EPIC, the Fresno Free College Foundation, KFCF (88.1 FM), andKPFA radio argue that no collection of personal data is required bythe law or in practice for the purposes of determining the number andtype of songs consumed by listeners. The goals sought by the CopyrightOffice could be met by simply collecting aggregate data on listeners'

Content providers increasingly are using copyright restrictions asjustification for tracking individuals and their choices in mediaconsumption. In addition to tracking and reporting requirements,
content owners have developed new digital restriction technologiesthat tie individuals' identities to the music, books, and video thatthey consume. These technologies can enable unprecedented profilingof individuals and their tastes in music, books, and ideas themselves.

Individuals can file reply comments until April 26, 2002 on theability of individuals to hear webcasts anonymously by visiting theU.S. Copyright Office page linked below.

Joint Comments on Internet Broadcasts and Anonymity:

EPIC's Digital Rights Management and Privacy Page:

U.S. Copyright Office: Notice and Recordkeeping for Use of SoundRecordings Under Statutory License:

[7] EPIC Bookstore - Fahrenheit 451

Fahrenheit 451, by Ray Bradbury.

It seemed both appropriate and ironical to review Ray Bradbury'sFahrenheit 451 at this point in time. Earlier this month the USCongress began consideration of a bill that would ban the unauthorizedreproduction of digital works. At almost the same time, federalprosecutors urged a court in Philadelphia to require technology inpublic libraries that would block access to information that someconsider offensive.

There is no kerosene dripping from the pages of books in Washington orPhiladelphia, but digital words would not burn. The methods oferadication must be more subtle, the technique more sophisticated.

It is tempting when reading Bradbury's classic work on censorship todraw parallels to book burnings from an earlier era, to make theobvious connection between the firemen in Bradbury's novel who setaflame houses that contained the printed word and those who gatherednot so long ago to burn the words of Albert Einstein, Thomas Mann,
Marcel Proust, Margaret Sanger, and H.G. Wells.

But Fahrenheit 451 is not simply about book burning. This is a worldwhere the culture of censorship has permeated the public and theprivate. There is no intellectual life. There is no political life.
Interactive broadband technology provides endless entertainmentthrough the full-screen images that appear on the walls of a parlorroom. Words of meaning cannot be transmitted in any physical media.
They must be memorized and passed on as they were before the printingpress, before the written word.

The protagonist Guy Montag, a fireman who will disavow his profession,
confronts this reality in a series of encounters. First with a youngwoman who asks questions he cannot answer. Then with an old teacherwho recalls a past that cannot be recorded. And finally with hisboss, the Chief Firefighter who can quote Pope, Milton and Shaw, andthen smile as a house and its contents are engulfed in flames.

Montag's future is not without hope. He will fare better thanOrwell's Winston, Kafka's K, or the Prisoner before Dostoevsky's GrandInquisitor. Still, the reconstruction of culture, literature, andhistory once recorded words are banished cannot be assumed. When asingle person can recall only one essay of Thoreau's or a chapter fromBertrand Russell, the unique quality of information -- its ability toflow without bounds -- is effectively exterminated.

Perhaps it is unfair to compare the current legislative efforts toprotect copyright interests or to prevent children from being exposedto images and words that are beyond their years with the unambiguoushorror of burning a book because of the ideas contained inside. Buttechnology does not make such distinctions, and capability createsopportunity. Already software filters have been turned oncontroversial ideas and unpopular organizations. And new copyrighttechniques will digitally incinerate recorded words that mightotherwise be widely available.

In this year when many city mayors are urging residents to share theexperience of reading a common book, Los Angeles Mayor Jim Hahn hasasked those in L.A. to read Fahrenheit 451. And Ray Bradbury'spresence last week at a new mid-Wilshire bookstore, more than fiftyyears after the first publication of Fahrenheit 451, is a powerfulreminder of the value of the written word.

- Marc Rotenberg

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

Public Workshop: Your Freedom of Information and Privacy Rights: Howto use Canadian laws to get access to information and protect yourprivacy. BC Freedom of Information and Privacy Association. April 11,
2002. Vancouver, BC, Canada. For more information:

Public Forum: Access to Legal and Government Information in the "NewEra." BC Freedom of Information and Privacy Association. April 12,
2002. Vancouver, BC, Canada. For more information:

The 27th Annual AAAS Colloquium on Science and Technology Policy:
Science and Technology in a Vulnerable World: Rethinking Our Roles.
American Association for the Advancement of Science. April 11-12,
2002. Washington, DC. For more information:

Workshop on Privacy Enhancing Technologies. April 14-15, 2002. SanFrancisco, CA. For more information:

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

4th Annual MIT Sloan eBusiness Awards. Massachusetts Institute ofTechnology, Sloan School of Management. April 17, 2002. Cambridge, MA.
For more information:

Digital Landscapes: Redrawing the Boundaries in Entertainment, Mediaand the Law. Stanford Law & Technology Association, StanfordEntertainment & Sports Law Association, and Stanford Technology LawReview. April 20, 2002. Stanford, CA. For more information:

4th National HIPAA Summit: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security and HIPAA Compliance. April 24-26,
2002. Washington, DC. For more information:

Conference on Cyber Security and Disclosure. Stanford Law SchoolCenter for Internet and Society. May 9, 2002. Stanford, CA. For moreinformation:

2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

Information Integrity World Summit. The Hands-On Summit to ProtectYour Organization: Overcoming Cyber-security and E-Privacy Threats.
Information Integrity. May 15-16, 2002. Washington, DC. For moreinformation:

Privacy Law: Emerging Issues in Employee and Consumer Relations. CLEInternational. May 16-17, 2002. Los Angeles, CA. For more information:

Personal Privacy in the Digital Age: The Challenge for State and LocalGovernments. Joint Center for eGovernance. May 19-21, 2002. Arlington,
VA. For more information:

Call For Papers - June 1, 2002 (special recognition for outstandingstudent papers). 18th Annual Computer Security Applications Conference(ACSAC): Practical Solutions to Real Security Problems. AppliedComputer Security Associates. December 9-13, 2002. Las Vegas, Nevada.
For more information:

INET 2002. Internet Crossroads: Where Technology and Policy Intersect.
Internet Society. June 18-21, 2002. Washington, DC. For moreinformation:

IViR International Copyright Law Summer Course. Royal NetherlandsAcademy of Arts and Sciences. July 8-12, 2002. Amsterdam, Netherlands.
For more information:

Privacy2002. Technology Policy Group. September 24-26, 2002.
Cleveland, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe" (no quotes)

Help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.07


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback