WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.11 [2003] EPICAlert 11


Volume 10.11 June 6, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] EPIC Conference Explores Privacy and Technology Issues
[2] Ashcroft Testifies on PATRIOT Act Implementation
[3] Inspector General Criticizes DOJ on September 11 Detainees
[4] FCC Opens Door to Media Consolidation
[5] Council of Europe Adopts Declaration of Freedom on the Internet
[6] News in Brief
[7] EPIC Bookstore: Privacy Times
[8] Upcoming Conferences and Events

[1] EPIC Conference Explores Privacy and Technology Issues

"There was of course no way of knowing whether you were being watchedat any given moment." - George Orwell, 1984.

In honor of the 100th anniversary of George Orwell's birth, EPIChosted a conference on June 2 entitled "Privacy and Technology:
Looking Back, Looking Ahead" at the National Press Club in Washington,
DC. Members of EPIC's advisory board discussed the challenges of newtechnologies as they relate to privacy and surveillance, the role oflaw in safeguarding freedom, and the role of technology insafeguarding freedom.

In talking about new technologies as they relate to privacy andsurveillance, many panelists, including Professor Daniel Solove ofSeton Hall Law School, discussed the risks of the DefenseDepartment's proposed Terrorism Information Awareness (TIA) system andthe government's expanding use of third-party information brokers.
Dr. Barbara Simons of the U.S. Association of Computing Machinerydiscussed data mining problems and issues related to false positiveresults. She also noted how often a technology bias leads towardtechnological solutions to problems that would best be solved bynon-technological means. Professor Oscar Gandy of the University ofPennsylvania's Annenberg School of Communication concluded the panelby comparing industrialization's impact on the environment with thenegative externalities on privacy produced by government securitytechnologies.

Regarding the role of law in safeguarding freedom, Professor JerryKang of the UCLA Law School presented two different visions ofpervasive computing and how they might alter legal paradigms.
Professor Anita Ramasatry of the University of Washington Law Schoolexpressed concern over a lack of due process in current securitysystems, while Judith Krug, the Director of the American LibraryAssociation's Office for Intellectual Freedom, discussed efforts tomodify Section 215 of the PATRIOT Act, which allows authorities toexamine book sales and library records.

When it came to the role of technology in safeguarding freedom,
Professor Ann Bartow of the University of South Carolina School of Lawdiscussed how the Digital Millennium Copyright Act in some casesprevents users from fully understanding the technology that they use.
Dr. David Chaum's discussion centered on voting technology and thesimultaneous need for voter anonymity and voting audit trails. Dr.
Peter Neumann's opening presentation also discussed the issue ofensuring privacy and integrity in the voting process. The conferenceconcluded with Dr. Bruce Schneier, Chief Technology Officer ofCounterpane Internet Security, who presented a five-part framework foranalyzing the nature of security threats and determining thesuitability of security solutions.

EPIC Privacy and Technology Conference Website:

[2] Ashcroft Testifies on PATRIOT Act Implementation

After a long hiatus, Attorney General Ashcroft appeared before theHouse Judiciary Committee to answer questions concerning the JusticeDepartment's implementation of the controversial USA PATRIOT Act.
Ashcroft began his testimony by stating that terrorists still pose asignificant threat to American security. He said that without thetools provided by the PATRIOT Act, combating terrorism would bedifficult if not "impossible." He warned Committee members that, "Aswe consider the Constitutional methods we use to fight the enemies offreedom, we must remember that terrorism threatens our future."
Ashcroft concluded his testimony by describing measures to expand thePATRIOT Act, including adding to the definition of "material supportto terrorists" punishable under the Act, increasing the maximumpenalties for terrorism, and allowing for pretrial detentions interrorism cases.

The House Judiciary Committee has been at the forefront of efforts toensure legislative oversight of Executive Branch powers granted in thePATRIOT Act. Last month the Justice Department submitted writtenresponses to a series of questions surrounding the implementation ofthe PATRIOT Act (See Alert 10.10). The questions from the Committeemembers during the hearing focused on the impact of the Department'spolicies on privacy and civil liberties. Rep. James Sensenbrenner(R-WI), chair of the Committee, said that his support of the PATRIOTAct was neither "perpetual, nor unconditional" and that he wanted toconsider the long term effect of the measure even if might producesome short term results. Ranking member John Conyers (D-MI) remindedAshcroft that America was "marching into history" and that theterrorists must be dealt with in the context of Constitutional valuessuch as due process, which "separate us from our enemies."

The first line of questioning focused on the legislative oversight ofthe Justice Department. Ashcroft acknowledged that he did not consultwith members of Congress concerning his significant revisions of theAttorney General Guidelines governing security investigations. Hepromised to be more forthcoming with Congress in the future. Severalmembers questioned the Attorney General concerning the use of libraryand bookstore records during investigations following passage of thePATRIOT Act.

Rep. William Delahunt (D-MA) criticized the Justice Department'spenchant for excessive secrecy saying, "It appears that the Americanpeople feel that the government is intent on prying into every nookand cranny of people's private lives, while at the same time doing allit can to block access to government information that would inform theAmerican people about what is being done in their name." In responseto a question about data mining, Ashcroft advocated a policy of"minimization." He noted that faulty data is a problem and said thatthe best safeguard is to ensure that the FBI obtains only informationrequired for investigations. Ashcroft stated that he did not believethat FBI is conducting data mining on non-criminal suspects. Inregards to the Terrorist Information Awareness system, Ashcroftrecognized the need for operational safeguards, efficacy and accuracyof search tools, and security systems to prevent unauthorized access.

The Attorney General was also repeated questioned about the InspectorGeneral's report on the abusive practices concerning the September 11detainees (see item below). Finally, a number of Committee members,
instead of taking the opportunity to examine how the JusticeDepartment is employing the sweeping anti-terrorism laws, asked aseries of questions about the Department's effort to stop peer to peerfile sharing of copyrighted material.

Attorney General Ashcroft's Prepared Statement:


EPIC Attorney General Guidelines page:

[3] Inspector General Criticizes DOJ on September 11 Detainees

The Inspector General of the Department of Justice has released a198-page report examining the treatment of people who were held onimmigration charges in connection with the investigation of theSeptember 11, 2001 terrorist attacks. The report details how theJustice Department used federal immigration laws to detain 762persons, mostly of Arab or South Asian origin, who were suspected ofhaving ties to the attacks or connections to terrorism, or who weresimply encountered during the course of the FBI's inquiry into theattacks. The report highlights serious problems with the round-up andtreatment of the 762 detainees, including arbitrary detentions,
prolonged detentions, restrictive detention conditions, and in someinstances physical and verbal abuse. The Office of Inspector Generalis an independent internal investigation unit within the JusticeDepartment.

The report, instigated by media reports and reports from human rightsorganizations, paints a picture of chaos immediately following theattacks, followed by a long period of negligence that left detaineesin administrative limbo. Only after details of the abusive treatmentemerged in the press did the Department begin to process the detaineesmore quickly in January 2002. DOJ has not apologized for its actions,
but instead has taken the position that the crisis atmosphereimmediately after September 11, and the fact that all the personsdetained were in technical violation of immigration laws, makes it"unfair to criticize the conduct" of Department officials. TheDepartment spokesperson said that, "We make no apologies for findingevery legal way possible to protect the American public from furtherterrorist attacks." EPIC and a coalition of public interest groups islitigating under the Freedom of Information Act to require disclosureof the names of the detainees; the case is now pending before the D.C.
Circuit Court of Appeals.

According to the report, the Justice Department instituted a "no bond"
policy for all detainees connected to the terrorism probe after theattacks -- even though immigration officials quickly questioned thepolicy's legality. Without bail, terrorism suspects remained in jailfor an average of nearly three months, much longer than the FBIprojected before it cleared most of them for release, the report said.
In addition, detainees faced monumental difficulties and weeks ofdelay before they were allowed to make phone calls and find lawyers.
Some were kept for months in cells illuminated 24 hours a day and wereescorted in handcuffs, leg irons and waist chains. Most of thedetainees were eventually found to have no connection to the terroristattacks.

The September 11 Detainees Report, Office of Inspector General:

CNSS/EPIC v. Department of Justice (detainee FOIA case):

[4] FCC Opens Door to Media Consolidation

On June 2 the Federal Communications Commission voted 3-2 along partylines to relax the rules surrounding media ownership. Theregulations, among other things, would permit a television station toown a newspaper in the same media market. The agency received anunprecedented 750,000 public comments, with 99 percent opposed toderegulation, but only held a single official hearing on the issue inRichmond, Virginia last winter. The Center for Public Integrityreports that in the months leading up to the final decision, agencystaff met with senior industry lobbyists behind closed doors on 71different instances, while they privately met with public interestadvocates only 5 times.

The FCC decision came under close scrutiny in the Senate CommerceCommittee; at a hearing on June 3, several senators voiced theirbipartisan opposition to the Commission's decision to promote mediaconcentration. Lawmakers warned that the deregulation of the radiomedia market promoted significant consolidation, and that the new FCCrules could produce a similar environment for other media outlets.
Consumers Union, the Media Access Project, and other public interestgroups have begun a campaign to educate people about the consequencesof the FCC decision and to mobilize a grassroots campaign to supportstronger public interest regulations.

The agency decision to deregulate is spurred by the belief that newinformation sources including cable, satellite, and Internet, allowfor enough diversity and that dominance by a handful of media mogulsshould no longer be a concern. Critics charge that traditional mediaoutlets continue to dominate how most people receive their news, andthat the media giants in the offline world are using their position toextend their power in the online world. In addition, the FCC proposalto allow wireline broadband to be exempt from open access requirementswould further consolidate the dominance of information providers whoincreasingly straddle the content and transmission industries. Publicinterest advocates contend that the FCC's commitment to mediaderegulation does not serve the important public interest values,
including localism, diversity, and competition. "This is the mostsweeping and destructive rollback of consumer protection rules in thehistory of American broadcasting," said Commissioner Adelstein whovoted against the measure.

FCC Press Release on Decision: (PDF)

"Behind Closed Doors," Center for Public Integrity Report:

FCC Critique, Consumer Federation of America and Consumers Union:

[5] Council of Europe Adopts Declaration of Freedom on the Internet

The Council of Europe (CoE) Committee of Ministers adopted on May 28 a"Declaration on Freedom of Communication on the Internet" thatestablishes seven principles underlining freedom of communication, andcondemns practices aimed at restricting or controlling Internetaccess, especially for political reasons.

Most notable among the principles enshrined in the Declaration is theacknowledgement that CoE Member States must respect Internet users'
anonymity, "in order to ensure protection against online surveillanceand to enhance the free expression of information and ideas."

Another principle condemns the practice of governmental blocking andfiltering measures ordered preventively, that is, before any decisionis taken by competent national authorities on the illegality of a website. The Declaration recommends that Internet content, if it is to beremoved or blocked, must be clearly identified, and that Article 10,
paragraph 2 of the Convention for the Protection of Human Rights andFundamental Freedoms be followed.

The declaration also tackles the issue of the liability of serviceproviders for Internet content by providing that CoE Member Statesshould not impose on service providers a general obligation to monitorcontent on the Internet to which they give access, that they transmitor store, closely following in that the legal framework of the EUE-Commerce Directive (2000/31/EC). However, contrary to theDirective, the Council of Europe emphasizes that where CoE MemberStates regulate at the national level the obligations of serviceproviders, they need to protect the freedom of expression and therights of users to information.

The Council of Europe is an intergovernmental organization formed in1949 by West European countries that is currently composed of 45member countries from across Europe. Its main role is "to strengthendemocracy, human rights and the rule of law throughout its Memberstates," which it does mainly by promoting the binding rules of theEuropean Convention for the Protection of Human Rights and FundamentalFreedoms of 1950 (ECHR), an international convention covering a widerange of civil and political rights that is enforced by the EuropeanCourt of Human Rights in Strasbourg.

Council of Europe Declaration (May 28, 2003):

EPIC Page on Anonymity:

EPIC's Filters & Freedom 2.0:

[6] News in Brief

Tivo Sells Viewing Data
Tivo, a company that sells digital video recorders, announced thisweek that the company will sell aggregate information collected fromcustomers' viewing habits. Tivo's product is capable of trackingindividuals' second-by-second viewing behaviors, and whethercommercials were skipped using the device. Tivo claims that theinformation sold to advertisers will be anonymous, and not revealpersonal or household-level viewing data.

AOL/Microsoft Agreement on Digital Rights Management
America Online and Microsoft came to an agreement last week that willresult in the companies entering into a partnership to develop digitalmedia initiatives. The move is likely to accelerate the developmentof Digital Rights Management (DRM) systems, many of which are privacyinvasive and incompatible with fair use rights. Many DRMs, includingsystems developed by Microsoft, link individuals' identity to thecontent they choose, thus enabling tracking and profiling ofintellectual pursuits.

EPIC Digital Rights Management Page:

California Privacy Laws Advance
This week, California Governor Gray Davis announced support for Sen.
Jackie Speier's (D-San Francisco) financial information privacy bill,
SB 1. The bill would improve notice requirements and require opt-inconsent from the consumer before information could be sold tonon-affiliates. Individuals could opt-out of affiliate sharing underthe law, but a recent compromise would allow such sharing if theaffiliates are in the same line of business.

A second bill, SB 27, sponsored by Sen. Liz Figueroa (D-Fremont)
passed the State Senate. That bill would require businesses todisclose whether personal information is being sold to marketersupon a consumer's request. If information is being sold, the businessmust also disclose the sources and recipients of the data andthe actual information disclosed. Businesses could not condition asale of a product on waving this rights of access, and a failure tocomply with the law carries civil penalties.

SB 1:

SB 27:

North Dakota Enacts Two Privacy Laws
Rep. Jim Kasper (R-Fargo) has introduced three privacy bills inthe North Dakota legislature, two of which are now law in that State.
HB 1478 requires financial services institutions to obtain opt-inconsent before exploiting personal information for joint marketingpurposes. The law also requires a rulemaking to limit financialinformation sharing exemptions in the Gramm-Leach-Bliley Act of 1999.

A second bill, HB 1179, requires a rulemaking that may result in the adoption ofopt-in regulations for insurance industry sharing of information amongnon-affiliates. A third measure, HB 1477, would have restrictedaffiliate sharing and joint marketing agreements in the securitiesindustry, but that bill failed narrowly in the State Senate.

HB 1478:

HB 1179:

Industry Anti-Privacy Commercial in North Dakota:

[7] EPIC Bookstore: Privacy Times

Privacy Times

Since 1981, Privacy Times has provided its readers with accuratereporting, objective analysis and thoughtful insight into the eventsthat shape the ongoing debate over privacy. Publisher Evan Hendricksis a widely respected and thoughtful member of the privacy community.
Privacy Times is the leading subscription-only newsletter coveringprivacy & Freedom of Information Law and policy. It is read largely byattorneys and professionals who must stay abreast of the legislation,
litigation, and executive branch activities, as well as consumer news,
technology trends and business developments. Subscriptions are alsoavailable for individuals.

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location tracking, IDsystems and freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

June 23-27, 2003. Partenit, Crimea, Ukraine. For more information:

Press Freedom on the Internet. The World Press Freedom Committee. June26-28, 2003. New York, NY. For more information:

Building the Information Commonwealth: Information Technologies andProspects for Development of Civil Society Institutions in theCountries of the Commonwealth of Independent States.
Interparliamentary Assembly of the Member States of the Commonwealthof Independent States (IPA). June 30-July 2, 2003. St. Petersburg,
Russia. For more information:

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. Formore information:

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunkand Science Fiction. August 11-13, 2003. Prague, Czech Republic. Formore information:

Integrating Privacy Into Your Overall Business Strategy: Complyingwith Privacy Legislation for Competitive Advantage. InternationalQuality and Productivity Centre (IQPC Canada). July 9-10, 2003.
Toronto, Canada. For more information:

Chaos Communication Camp 2003: The International Hacker Open AirGathering. Chaos Computer Club. August 7-10, 2003. Paulshof,
Altlandsberg, Germany. For more information:

WWW2003: 5th Annual Conference on World Wide Web Applications.
Department of Information Studies, Rand Afrikaans University, and theDepartment of Information Systems and Technology, University ofDurban-Westville. September 10-12, 2003. Durban, South Africa. Formore information:

Making Intelligence Accountable, Oslo, Norway September 19-20, 2003.
The Geneva Centre for the Democratic Control of Armed Forces. For moreinformation:

Privacy2003. Technology Policy Group. September 30-October 2, 2003.
Columbus, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:

Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Problems or questions? e-mail

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 10.11


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback