WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2002 >> [2002] EPICAlert 8

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 9.08 [2002] EPICAlert 8


Volume 9.08 April 25, 2002

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Senate Considers Internet Privacy Legislation
[2] Observing Surveillance: Public Protests, April 2002
[3] Groups Oppose National ID Standards, Medical Privacy Rule Changes
[4] EPIC and Other Free Speech Groups Cite Post-9/11 Info Restrictions
[5] Privacy International Announces U.S. Big Brother Awards
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Body of Secrets
[8] Upcoming Conferences and Events

[1] Senate Considers Internet Privacy Legislation

EPIC's Executive Director Marc Rotenberg testified at a full SenateCommerce Committee hearing today on bipartisan legislation to protectprivacy online. He testified that "the Online Personal Privacy Act isan important step forward in the advancement of privacy law in theUnited States." The Act, which has ten committee sponsors, follows ahybrid approach to privacy regulation adopted by the European Union bysupporting an opt-in requirement for "sensitive personallyidentifiable information" and a weaker opt-out standard for otherpersonal information. The bill follows most other fair informationpractices, including robust notice, access requirements, securityobligations, and opportunities for enforcement. Among the mostsignificant concessions to industry groups is that the Act willpreempt state legislation on online privacy.

EPIC's testimony focused on a few key areas of concern. The bill ascurrently drafted gives too much power to law enforcement agenciesthat seek access personally identifiable information by not requiringjudicial review of such requests. From a consumer perspective, thebill is too narrow in providing access only to information that theconsumer knows he or she has given to the company, rather than all theinformation the company has collected about the consumer. The Actplaces a great deal of faith in the ability of the Federal TradeCommission (FTC) to pursue privacy violations; while this approach canpotentially work, it will require extensive public oversight.
Rotenberg argued that the private right of action that industryopposes is actually a severely watered down provision and that itneeds to be strengthened. He also suggested broadening categories ofsensitive personal information to include intellectual freedom andpolitical beliefs, along with the protection of religious beliefs andparty affiliation already contained in the bill. Finally, heencouraged research into genuine privacy enhancing technologies thatenable online transactions while minimizing privacy risks.

Frank Torres of Consumers Union testified that his organizationsupports the bill as currently drafted and is willing to live with thefederal preemption if the opt-in requirement for sensitive personalinformation remains robust. The representatives from andthe financial services industry raised the question of why online andoffline collection of data should be treated differently. Theysuggested that either there should be privacy legislation for bothworlds, or no legislation at all. The financial services industryargued that it is already regulated under the Gramm-Leach-Bliley lawand that is sufficiently restrictive. They also argued that industryself-regulation is working successfully. Hewlett Packard urgedinclusion of a safe harbor provision in the Act to insulate companiesfrom enforcement if they are members of a certified seal program suchas BBBOnline or TrustE.

The Committee was receptive to the concerns expressed by thewitnesses, but as one Senator commented, recent polling data showsthere is overwhelming public support for stronger privacy protectionon the Internet. The Online Personal Privacy Act seeks to establishtrust and confidence in the disclosure of personal information in theonline environment. This is central to the growth of electroniccommerce and the online marketplace.

EPIC also participated in the public announcement of a new billintroduced by Rep. Bob Barr (R-GA) titled the Federal AgencyProtection of Privacy Act. Rep. Barr's bill, which enjoys bipartisansupport, would require federal agencies to issue privacy impactanalyses when promulgating rules. The impact statements follow FairInformation Practices and require agencies to evaluate the noticeprovided to individuals, access to personal information affected,
limitations on use of the data, and limitations on collection ofinformation to maximize privacy. Rep. Barr plans to hold a hearing onthis bill next week.

EPIC's testimony is available at:

The "Online Privacy Protection Act," Senate Bill 2201 is available at:

A section-by-section analysis of the bill is available at:

Witness testimony is available at:

The Federal Agency Protection of Privacy Act is available at:

[2] Observing Surveillance: Public Protests, April 2002

EPIC has updated the Observing Surveillance Web site to include a mapof camera locations in areas of downtown Washington, D.C. The mapshows icons that indicate both the locations of surveillance camerasinstalled by the D.C. Metropolitan Police Department (MPD) and theprojected surveillance radius of those cameras, as reported in a March22 Washington Post article. Additionally, the site contains manyphotos of cameras, taken with different levels of zoom to show thesurrounding area where each camera is situated, as well as close-upimages of the cameras.

Additionally, the D.C. MPD recently released preliminary guidelinesfor the usage of Closed Circuit Television (CCTV) cameras in theDistrict. The guidelines state that:

The CCTV systems represent a valid use of a government's power to protect its citizens and will be activated as needed during special events in which there is a potential threat to public safety, critical incidents, heightened states of alert or for traffic control.

It is also noted that the cameras "[will not be] operated where thereis a reasonable expectation of privacy," and that "[i]f any CCTVsystems are mounted in residential areas, public notice will be givenwith the exception of those utilized pursuant to a court order." EPICsubmitted a series of FOIA requests (see Alert 9.04) for details aboutthe camera system before these draft guidelines were released, and hasyet to receive any responsive documents.

MPD's Draft General Order on CCTV Cameras is available at:

Observing Surveillance:

[3] Groups Oppose National ID Standards, Medical Privacy Rule Changes

On April 15, EPIC submitted a letter for the record of a hearing inthe Senate Subcommittee on Oversight of Government Management,
Restructuring, and the District of Columbia, advising against adoptingplans to standardize the state driver's license system. The letterdraws attention to recent polling data that highlights the public'sgrowing reluctance to establish a national identification system. Arecent poll conducted by Gartner, Inc. reveals that only 26 percent ofthe population supports a card, while 41 percent are opposed to it.
The poll also shows that state motor vehicle departments, along withthe IRS, are seen by the public to be among the least trustworthygovernment agencies to administer such a system if it were developed.
Another poll, by the Washington Post, found that 44 percent ofAmericans think that a national identification card -- even if it isvoluntary -- is "a way to keep track of people and is an invasion ofpeople's civil liberties and privacy."

The National Research Council has released a new study that calls fora "serious and sustained analysis and discussion of the complexconstellation of issues presented by nationwide identity systems." Thereport stresses that understanding the goals of such a system iscritical, and cautions the public and policymakers that "before anydecisions can be made about whether to attempt some kind of nationwideidentity system, the question of what is being discussed (and why)
must be answered." EPIC has advocated that there needs to be greaterpublic discussion about the desirability and feasibility of theseproposals, and released a policy report earlier this year, entitled"Your Papers, Please," which details how such proposals create anational identification system that raises significant privacy andsecurity risks (see Alert 9.03).

In medical privacy news, EPIC has joined the Health Privacy Project inurging the Department of Health and Human Services to reject manyrecently proposed changes to the Health Insurance Portability andAccountability Act (HIPAA) Privacy Rule. These changes, proposed bySecretary of Health Tommy Thompson, would diminish patient protectionsby eliminating the consent requirement for access to healthinformation, increasing the ability to market products based on healthconditions, and giving parents more power to access children's medicalrecords.

The comments cover a broad range of changes to the Privacy Rule,
including a provision that would allow the collection and use ofprotected health information related to the "quality, safety, oreffectiveness" of Food and Drug Administration regulated products andactivities. The plain language of this provision would allow thecollection and use of personal information for purposes completelyunrelated to health care, including product satisfaction surveys.
Additionally, the proposed changes alter the definition of marketingso that individuals cannot opt-out of targeted advertising. Thecomments oppose these changes, and advocate a rule that wouldestablish an opt-in standard for medical marketing to patients.

Individuals are also encouraged to comment on the proposed changes,
and can do so by visiting the Health Privacy Project website untilApril 26, 2002.

EPIC's Letter to the Senate Subcommittee is available at:

National Research Council Report, "IDs -- Not That Easy: QuestionsAbout Nationwide Identity Systems," is available at:

EPIC Report, "Your Papers, Please: From the State Drivers License toa National Identification System" ("Watching the Watchers" series):

Health Privacy Project (to comment, click "Send Comments to HHS"):

EPIC's Medical Privacy Page:

[4] EPIC and Other Free Speech Groups Cite Post-9/11 Info Restrictions

EPIC today joined with other free expression and open governmentadvocates in a statement marking the six-month anniversary ofCongress' passage of the USA PATRIOT Act. The statement details thelegislation's chilling effect on speech, as well as other governmentefforts to restrict public access to information. The statement wasreleased by the Free Expression Network (FEN) at a Capitol Hill pressconference that featured Sen. Russell Feingold and Rep. Patsy Mink,
both vocal critics of the legislation.

The USA PATRIOT Act is the anti-terrorism legislation rushed throughCongress in the aftermath of September 11. Because of the emotionalfervor of the time and the pressure surrounding efforts to remedy andprevent terrorist actions, the legislation was enacted after littledebate or review by either house of Congress, with little dissent:
only 66 Representatives and one Senator voted against the Act.

Speaking at today's press conference were two of the Act's most vocalcritics: Senator Russell Feingold (D-WI) -- the only dissenting memberof the Senate -- and Representative Patsy Mink (D-HI). Both stressedtheir confidence, six months after the Act's passage, that theircontroversial decisions to vote against the USA PATRIOT were correct.
Feingold stated, "The need for vigilance against the excesses ofunbridled governmental power is greater than ever as the fight againstterrorism continues." Mink, a third-generation Japanese-Americanwhose family lived through the ill-conceived Japanese internment campsfollowing the bombing of Pearl Harbor, referred to the terroristattacks as "anesthesia foisted upon the Constitution," which acted tosubdue and silence dissent. But, she stated, "anesthesia wears off,"
and it is now time to take a serious look at the effects andconsequences of the Act's passage.

Mink cited the restrictions placed by the Administration on release ofdocuments under the Freedom of Information Act (FOIA) as a threat tocivil liberties and open government following September 11 (Rep. Minkhelped draft the FOIA). Sen. Feingold's remarks emphasized hisconcern about the Act's "business records" provision, which gives theFBI broad new power to subpoena records in terrorism investigations,
even where the records aren't directly connected to a suspect in suchan investigation.

The FEN statement details other specific instances of governmentsecrecy, surveillance, and encroachment upon the freedoms ofassociation and speech in the past six months, and concludes that "thehasty measures that were taken in the immediate wake of the attacks ofSeptember 11 should now be reconsidered, and we should reaffirm theright to free expression, open government, discussion and debate thathave kept us strong and free for more than two hundred years."

The FEN statement is available at:

Sen. Feingold's Senate floor statement on the USA PATRIOT Act (October25, 2001) is available at:

[5] Privacy International Announces U.S. Big Brother Awards

At last week's Computers, Freedom & Privacy (CFP) conference in SanFrancisco, Privacy International announced the winners of the FourthAnnual United States Big Brother Awards. Winners were selected by ajudging panel made up of lawyers, academics, consultants, journalists,
and civil rights activists. Candidates for the awards were initiallynominated by the public and experts in the field.

The award for "Most Invasive Proposal" went to the Expanded ComputerAssisted Passenger Screening Program's plan to profile and spy ontravelers. Runners-up included the Washington, D.C. videosurveillance system (see EPIC's Face Recognition page) and theAmerican Association of Motor Vehicle Administrators for theirnational ID scheme (see EPIC's National ID Card page). The title of"Greatest Corporate Invader" was given to Larry Ellison, CEO ofOracle, for backing a national ID card plan using his software.
"Worst Public Official" was awarded to Attorney General John Ashcroft,
for attacking privacy and freedom of information, and the "LifetimeMenace" award went to Admiral John Poindexter and the new Office ofInformation Awareness.

"Brandeis" awards, named after U.S. Supreme Court Justice LouisBrandeis, were awarded to state Senator Jackie Speier, for leading thefight for financial privacy and consumer rights in California; WarrenLeach, for "exposing the dirty deeds of the credit bureaus for overthirty years;" and a special mention was given to the San FranciscoChronicle Editorial Page. The Brandeis awards are given to entitiesthat have done excellent work to protect and champion privacy.

For more information, see PI's Big Brother Awards Page:

EPIC's National ID Card Page:

EPIC's Face Recognition Page:

[6] EPIC Bill-Track: New Bills in Congress


H.R.3983 Maritime Transportation Antiterrorism Act of 2002. To ensurethe security of maritime transportation in the United States againstacts of terrorism, and for other purposes. Sponsor: Rep Young, Don(R-AK). Latest Major Action: 3/20/2002 House committee/subcommitteeactions: Ordered to be Reported (Amended). Committees: HouseTransportation and Infrastructure.

H.R.4043 To bar Federal agencies from accepting for anyidentification-related purpose and State-issued driver's license, orother comparable identification document, unless the State requireslicenses or comparable documents issued to nonimmigrant aliens toexpire upon the expiration of the aliens' nonimmigrant visas, and forother purposes. Sponsor: Rep Flake, Jeff (R-AZ) Latest Major Action:
3/20/2002 Referred to House committee: House Government Reform; HouseAdministration; House Judiciary; House Armed Services.


S.2048 Consumer Broadband and Digital Television Promotion Act. A billto regulate interstate commerce in certain devices by providing forprivate sector development of technological protection measures to beimplemented and enforced by Federal regulations to protect digitalcontent and promote broadband as well as the transition to digitaltelevision, and for other purposes. Sponsor: Sen Hollings, Ernest F.
(D-SC). Latest Major Action: 3/21/2002 Referred to Senate committee:
Senate Commerce, Science, and Transportation.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Billsin the 107th Congress, is available at:

[7] EPIC Bookstore - Body of Secrets

Body of Secrets: Anatomy of the Ultra-Secret National Security Agency -
From the Cold War Through the Dawn of a New Century, by James Bamford.

The NSA is the largest, most secretive, and most powerful intelligenceagency in the world. With a staff of 38,000 people, it dwarfs the CIAin budget, manpower, and influence. Recent headlines have linked itto the economic espionage throughout Europe and to the ongoing huntfor the terrorist leader Osama bin Laden.

James Bamford first penetrated the wall of silence surrounding the NSAin 1982, with the much-talked-about bestseller The Puzzle Palace. InBody of Secrets, he offers shocking new details about the innerworkings of the agency, gathered through unique access to thousands ofinternal documents and interviews with current and former officials.
Unveiling extremely sensitive information for the first time, Bamfordexposes the role the NSA played in numerous Soviet bloc Cold Warconflicts and discusses its undercover involvement in the Vietnam War.
His investigation into the NSA's technological advances during thelast fifteen years brings to light a network of global surveillanceranging from on-line listening posts to sophisticated intelligence-
gathering satellites. In a hard-hitting conclusion, he warns that theNSA is a two-edged sword. While its worldwide eavesdroppingactivities offer the potential for tracking down terrorists anduncovering nuclear weapons deals, it also has the capability to listenon global personal communications.

[Review originally printed in EPIC Alert 8.08, May 2, 2001.]

**James Bamford will be coming to Barnes & Noble Booksellers in Georgetown, Washington, D.C. for a discussion and signing of "Body of Secrets." Event details: Wednesday, May 1, 7:30-8:30 P.M.,
3040 M Street, NW. Call 202-965-9880 for more information.

EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Lawsand Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including, data protection, telephonetapping, genetic databases, ID systems and freedom of informationlaws.

"The Privacy Law Sourcebook 2001: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20.

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

4th National HIPAA Summit: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security and HIPAA Compliance. April 24-26,
2002. Washington, DC. For more information:

Education and Technological Consciousness. Center for EducationalOutreach & Innovation, Teachers College, Columbia University. May 3-4,
2002. New York, NY. For more information:

First Amendment In Transition: Has Settled Law Become Unsettled?
Freedom Forum. May 8, 2002. Arlington, VA. For more information:

Conference on Cyber Security and Disclosure. Stanford Law SchoolCenter for Internet and Society. May 9, 2002. Stanford, CA. For moreinformation:

2002 IEEE Symposium on Security and Privacy. IEEE and theInternational Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

O'Reilly Emerging Technology Conference. O'Reilly and Associates. May13-16, 2002. Santa Clara, CA. For more information:

Information Integrity World Summit. The Hands-On Summit to ProtectYour Organization: Overcoming Cyber-security and E-Privacy Threats.
Information Integrity. May 15-16, 2002. Washington, DC. For moreinformation:

Privacy Law: Emerging Issues in Employee and Consumer Relations. CLEInternational. May 16-17, 2002. Los Angeles, CA. For more information:

Personal Privacy in the Digital Age: The Challenge for State and LocalGovernments. Joint Center for eGovernance. May 19-21, 2002. Arlington,
VA. For more information:

Call For Papers - June 1, 2002 (special recognition for outstandingstudent papers). 18th Annual Computer Security Applications Conference(ACSAC): Practical Solutions to Real Security Problems. AppliedComputer Security Associates. December 9-13, 2002. Las Vegas, Nevada.
For more information:

Third Annual Institute on Privacy Law. Practising Law Institute. June3-4, 2002, San Francisco, CA; June 24-25, New York, NY. For moreinformation:

INET 2002. Internet Crossroads: Where Technology and Policy Intersect.
Internet Society. June 18-21, 2002. Washington, DC. For moreinformation:

The Public Voice in Internet Policy Making. June 22, 2002. Washington,
DC. The Electronic Privacy Information Center (EPIC) will host aone-day public symposium to discuss the future of our rights andfreedoms in the information age. The event is being hosted inconjunction with INET 2002 and is free and open to the public. Formore information:

IViR International Copyright Law Summer Course. Royal NetherlandsAcademy of Arts and Sciences. July 8-12, 2002. Amsterdam, Netherlands.
For more information:

O'Reilly Open Source Convention. O'Reilly and Associates. July 22-26,
2002. San Diego, CA. For more information:

Cyberwar, Netwar and the Revolution in Military Affairs: Real Threatsand Virtual Myths. International School on Disarmament and Research onConflicts (ISODARCO). August 3-13, 2002. Trento, Italy. For moreinformation:

ILPF Conference 2002: Security v. Privacy. Internet Law & PolicyForum. September 17-19, 2002. Seattle, WA. For more information:

Privacy2002. Technology Policy Group. September 24-26, 2002.
Cleveland, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:

Subject line: "subscribe" or "unsubscribe" (no quotes)

Help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription email address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learnLatin at the same time! Receive a free "sed quis custodietipsos custodes?" coffee mug with donation of $75 or more.

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 9.08


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback