WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 14

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.14 [2003] EPICAlert 14


Volume 10.14 July 3, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] High Court Upholds Library Filtering, Strikes Down Sodomy Ban
[2] EPIC Urges Opt-In for FCRA Affiliate Sharing
[3] National "Do-Not-Call" Telemarketing Registry Launches
[4] ICANN Discusses WHOIS and New Top-Level Domains
[5] Recent Reports: Video Surveillance; Internet Privacy Policies
[6] News in Brief
[7] EPIC Bookstore: "Emma Goldman: Made for America"

[8] Upcoming Conferences and Events

[1] High Court Upholds Library Filtering, Strikes Down Sodomy Ban

In a 6-3 ruling issued on June 23, the U.S. Supreme Court declared theChildren's Internet Protection Act (CIPA) constitutional. CIPAconditions the receipt of federal funds by public libraries uponinstallation of filtering software which blocks access to materialthat is obscene, child pornography, or "harmful to minors."

Even as it recognized that "a filter set to block pornography maysometimes block other sites that present neither obscene norpornographic material," the Court held that CIPA does not violatelibrary patrons' First Amendment rights. The Court's decision reliedheavily on the "ease" with which adult patrons may have the filteringsoftware disabled and the capacity of libraries to permanently unblockany erroneously blocked site. Furthermore, the Court reasoned thatCIPA does not infringe any potential fundamental right, because itsimply allows Congress, under its spending power, to choose not tosubsidize unfiltered Internet access in libraries. The Courtemphasized that libraries are free to offer unfiltered Internet accesswithout federal assistance.

In 2001, EPIC joined with the American Civil Liberties Union and theAmerican Library Association as co-counsel in litigation challengingthe constitutionality of CIPA. As documented by EPIC's "FaultyFilters" report and other studies, filtering programs routinely blocksites that clearly do not fall under categories proscribed by the law,
thus burdening free speech. The lawsuit also challenged CIPA onprivacy grounds. Although the law allows library patrons engaged in"bona fide research" to request access to blocked material, thecomplaint alleged that such a procedure forces libraries to violate"patrons' privacy and anonymity rights". On May 31, 2002, athree-judge panel in Philadelphia held that CIPA violated the FirstAmendment because it would restrict substantial amounts of protectedspeech "whose suppression serves no legitimate government interest."

The Supreme Court's decision, which stands on the basic propositionthat disabling the filtering software will be simple, overlooks thepractical difficulties that libraries will likely face in fulfillingrequests to disable. The potential of future litigation due to theconsequent frustration of individuals' right to disable is high. Inaddition, the burden that the disabling provision of CIPA places onindividual privacy, through the required disclosure of personalinformation, is another probable source of future litigation.

In a separate case decided on June 26, the Supreme Court issued itsopinion in Lawrence v. Texas, holding that a Texas law criminalizingsame-sex sodomy is unconstitutional. Justice Kennedy, writing for themajority, affirmed that individuals are "entitled to respect for theirprivate lives." He concluded the Texas statute "furthers nolegitimate state interest which can justify its intrusion into thepersonal and private life of the individual."

Importantly, the Court did not reach its decision based solely uponequal protection grounds. The Texas law specifically discriminatedagainst gay couples, unlike a Georgia law upheld by the Supreme Courtin 1986. Justice O'Connor, in a concurring opinion, said she wouldhave overturned the Texas law, but not those sodomy laws that wereapplied to all people equally. The majority, however, decided thecase on privacy grounds, effectively invalidating all anti-sodomylaws, and suggesting a right of privacy that may extend outside of thehome.

United States v. American Library Association, No. 02-361 (U.S. 2003):
Lawrence v. Texas, No. 02-102 (U.S. 2003):
EPIC Gender and Privacy Page:

[2] EPIC Urges Opt-In for FCRA Affiliate Sharing

On June 26, the Senate Finance Committee held the fifth of sixhearings on the approaching sunset of state preemption provisions inthe Fair Credit Reporting Act (FCRA). The FCRA regulates the use,
maintenance, and management of credit information. The provisions ofthe law considered in the hearing allow financial institutions toshare personal information about customers with affiliated companies.
Currently, financial institutions are required to notify individualsthat they have a right to "opt-out" from the sharing of personalinformation. While some individuals may be aware of their opt-outrights, what they probably do not know is that even if they do chooseto opt-out of information sharing, financial institutions may stillshare their personal information with other companies that areclassified as "affiliates." Moreover, several financial institutionshave over 1,000 affiliates, some of which engage in practices rangingfar beyond customer expectations.

Because the FCRA preempts state law, states cannot enact legislationto provide privacy and consumer protections that go beyond federalprovisions. EPIC submitted comments on the record, advocating thatpreemption provisions be "sunsetted" so that states can enact strongerprivacy protections. EPIC also urged that financial institutions mustobtain "opt-in" consent for the sharing of all personal information.

Financial services representatives on the panel argued that sunsettingthe affiliate sharing loophole would make direct marketing andpre-approved credit more difficult. A representative of Citigroupapplauded the affiliate sharing loophole because it allows the companyto set up its own internal credit reporting agency.

Advocating privacy protection, Prof. Joel Reidenberg of Fordham LawSchool; Julie Brill, assistant Attorney General from Vermont; and EdMierzwinski of the Public Interest Research Group all argued that theaffiliate sharing preemption loophole in the FCRA should be sunsetted.
Reidenberg argued that, when enacted, Congress intended the FCRA toact as a floor rather than a ceiling, so that states could providefurther protections to individuals. Brill explained that Vermont,
unlike other states, has restrictions on affiliate sharing because thestate was grandfathered out of federal preemptions. While bankingindustry representatives argued that restrictions on affiliate sharingwould harm consumers by making access to credit and mortgages moredifficult, Brill testified that Vermont has seen none of thesepredicted problems. Drawing from the Citigroup testimony, Mierzwinskiexplained that the financial institutions' practice of creatinginternal credit reports is dangerous because these in-house creditreporting agencies completely bypass the FCRA regulations, such asaccuracy and accountability requirements. In addition, he explainedthat states are in a better position to react quickly and tailor theirlaws to local problems.

EPIC Letter on Affiliate Sharing:
EPIC Fair Credit Reporting Act Page:

EPIC Preemption Page:

[3] National "Do-Not-Call" Telemarketing Registry Launches

Individuals can now enroll in the national telemarketing do-not-callregistry (DNC), which was unveiled at a White House Rose Gardenceremony last week. In the opening moments of the DNC web site, theFederal Trade Commission reported that it was receiving over 100enrollments per second. The list has now grown to over 12.5 million.

EPIC and a coalition of consumer and civil liberties groups filedcomments on the DNC proposal last year. Many of the protectionssuggested in the comments were incorporated in the FTC regulation.
Most telemarketers will not call individuals enrolled in the listbecause the Federal Communications Commission (FCC) acted tocomplement the regulations promulgated by the FTC.

The popularity of the DNC registry has spawned additional proposalsfor national opt-out databases. On Capitol Hill, opt-out databasesare being considered for spam, direct mail, and credit cardsolicitations. The telemarketing industry has reacted strongly,
claiming that it will initiate a barrage of direct mail and spamsolicitations to fill the void created by the new limits ontelemarketing.

National "Do-Not-Call" Registry:

EPIC Telemarketing Page:

[4] ICANN Discusses WHOIS and New Top-Level Domains

The Internet Corporation for Assigned Names and Numbers (ICANN) metthis week in Montreal to discuss WHOIS, the Country Code SupportingOrganization, and sponsorship of a limited number new generictop-level domains.

WHOIS data may expose domain name registrants' personally identifiableinformation (including mailing address, email address, telephonenumber, and fax number). Domain name registrants in top-level domains include businesses; individuals;
media organizations; non-profit groups; public interest organizations;
political organization; religious organizations; and support groups.
Anyone with Internet access, including stalkers, corrupt governmentswho dislike international exposure, spammers, intellectual propertylawyers, law enforcement, consumers, individuals, etc., has access toWHOIS data. The important point is that WHOIS data lends itself toboth good faith and bad faith uses, and that investigating fraud isonly one of many uses of WHOIS data.

During the ICANN public participation session on WHOIS, EPIC pointedout that there are various types of domain name registrants, and thatpolicies governing the information should consider whether theregistrant is a commercial or non-commercial actor. The President ofICANN closed the workshop with a recommendation that ICANN groups andconstituencies work together to prioritize WHOIS issues and develop awork program. EPIC is serving on the WHOIS Privacy Steering Committeethat will work to devise such a program.

The ICANN Board also adopted the recommendations made by the group'sEvolution and Reform Committee on the formation of a SupportingOrganization for country-code names. Country-code top-level domains(ccTLDs) include, for example, .uk, .jp, and .ca. Thispolicy-development body, known as the Country-Code Names SupportingOrganization (ccNSO), will serve to develop and recommend globalpolicies relating to ccTLDs; nurture consensus across the ccNSO'scommunity, including the name-related activities of ccTLDs; andcoordinate with other ICANN Supporting Organizations, committees, andconstituencies under ICANN.

Finally, ICANN posted draft materials for a request for proposals fora limited number of new generic top-level domains (gTLDs), whichinclude, for example, .com, .org, .net, .info, and .edu. One ofICANN's main concerns is whether the request for proposals should belimited to applicants who proposed gTLDs in the November 2000selection process, or whether new applications should also be acceptedat this stage. ICANN's request for proposal draft materials are openfor public comment by e-mail until August 25, 2003 (comments may besubmitted to The ICANN Board alsorequested its President to provide, no later than July 26, a detailedplan and schedule for the development of an appropriate long-termpolicy for the introduction of new gTLDs into the domain-name systemusing "predictable, transparent, and objective procedures."

EPIC WHOIS Privacy Issues Report:
ICANN's Montreal meeting report:

[5] Recent Reports: Video Surveillance; Internet Privacy Policies

The General Accounting Office (GAO) released a report on videosurveillance this week that covers law enforcement use of closedcircuit television (CCTV) to monitor federal property in Washington,
D.C. The survey was commissioned in response to a request from theformer Chair of the House Government Reform Subcommittee on theDistrict of Columbia. The request asked the GAO to examine theimplementation of the CCTV systems, and how the enforcement agencieshave responded to civil liberties risks flowing from CCTV surveillancesystems.

Civil liberties and privacy organizations have criticized CCTV use bylaw enforcement, arguing that surveillance cameras invade personalprivacy, infringe on demonstrators' First Amendment rights, are ripefor misuse, and have never proven to be effective (see, for instance,
the findings of the August 2002 study conducted by the British HomeOffice, below). CCTV is used by the Metropolitan Police Department ofthe District of Columbia (MPDC) and the National Park Service's ParkPolice to monitor public areas in D.C. around the Mall and otherpopular tourist sites, as well as at downtown locations such as DupontCircle, Union Station, the Old Post Office Building and a shoppingarea in Georgetown. The systems are allegedly used to deter crime andcombat terrorism.

The GAO survey found that although the MPDC's alleged primary use isto deter and detect crime, the Park Police reported using CCTV mainlyto counter terrorism. Video surveillance to combat terrorism has,
according to several experts' studies, not been effective inapprehending even a single terrorist, and the Park Police has not todate shown any evidence that its cameras have detected terrorismactivities. Furthermore, the MPDC has been unable to demonstrate thatits video surveillance has furthered the MPDC's stated primary goal ofdecreasing or detecting criminality.

The MPDC has been urged by civil liberties groups and the D.C. CityCouncil to draft guidelines for the use of its video surveillancesystem to address serious privacy concerns, and has been called uponto testify several times on the matter before Congress and theCouncil. In response, the department has released guidelines toaddress civil liberties concerns, has put into operation regulationsfor use, and disclosed the CCTV locations to the public. Nonetheless,
the report finds that the Park Police has failed to release any usageguidelines or disclosed camera locations, although ordered to do somore than a year ago by Congress. The Park Police asserts that it isconsidering obtaining public input into its CCTV system and isdeveloping an operations policy.

The Annenberg Public Policy Center at the University of Pennsylvaniareleased a study last week that questions the success and viability ofconsumer education on Internet privacy policies. The most startlingfinding is that 57 percent of adult home Internet users believe thatwebsites with privacy policies do not share their personal informationwith third parties. Written by Prof. Joseph Turow, the study alsofound that most U.S. Internet users have no idea that websitesmanipulate, extract and share data to create profiles about their webvisitors.

In other findings, 94 percent of the report respondents agreed withthe statement that "I should have a legal right to know everythingthat a web site knows about me." Eighty-five percent thought that alaw that gave individuals the right to control how websites use andshare information would either be "very" or "somewhat" effective inprotecting privacy.

Information on Law Enforcement's Use of Closed-Circuit Television toMonitor Selected Federal Property in Washington, D.C., GAO 03-748,
June 2003:
British Home Office Research Study 252, Crime Prevention Effects ofClosed Circuit Television: a Systematic Review, August 2002:
EPIC Observing Surveillance Project:
EPIC Video Surveillance Page:

Joseph Turow, Americans and Online Privacy: The System is Broken,
Annenberg Public Policy Center, June 2003:

[6] News in Brief

DPPA Class Action Filed Against ChoicePoint, Lexis-Nexis
Attorneys in Florida have filed a class-action lawsuit againstChoicePoint and the parent company of Lexis-Nexis for allegedlyviolating the Driver's Privacy Protection Act. The complaint allegesthat the companies obtained driver's records in violation of federallaw.

Complaint in Levine v. ChoicePoint, No. 03-80491 (S.D. Fla. 2003):

California Financial Privacy Update
SB1, the California opt-in financial privacy bill, was defeated by acoalition of moderate Democrats in the state's assembly last week. Thebill's sponsors will try to have the bill reconsidered, but in themeantime, privacy advocates' focus will turn to a voter initiative tobe held in March 2004. Initiative organizers are on track to exceedthe amount of signatures necessary for access to the ballot. Theinitiative, if passed, will set the strongest financial privacystandards in the nation. It requires opt-in consent before financialservices companies can exploit personal information with affiliates ornon-affiliates.

California Privacy Initiative:

RIAA Threatens to ID and Sue Thousands of P2P Users
The Recording Industry Association of America (RIAA) announced lastweek that it will aggressively pursue lawsuits against individuals whoshare media files online. The announcement follows the group'sinitial success in RIAA v. Verizon, where the music industry sought touse provisions of the Digital Millennium Copyright Act to identify P2Pusers with legal subpoena.

EPIC RIAA v. Verizon Page:

EPIC Letter On P2P Privacy:

Government Surveillance Oversight Bill Introduced
Rep. Joseph Hoeffel (D-PA) recently introduced The SurveillanceOversight and Disclosure Act (SODA) in the House of Representatives.
The proposed bill would require the Department of Justice (DOJ) toreport yearly to Congress on secret warrants issued under the ForeignIntelligence Surveillance Act (FISA), including an accounting of howmany secret warrants are issued for electronic surveillance, physicalsearches, pen registers, and access to records. The DOJ would also berequired to disclose how frequently such information is used incriminal proceedings. SODA is intended to give Congress greateroversight of the DOJ's foreign and domestic surveillance activities.

Surveillance Oversight and Disclosure Act:


[7] EPIC Bookstore: "Emma Goldman: Made for America"

Emma Goldman, A Documentary History of the American Years: Made forAmerica, 1890-1901, Vol. 1 (Candace Falk, Barry Pateman, JessicaMoran, eds., Univ. California Press 2003).
Emma Goldman Papers Project:

I first encountered Emma Goldman's work when an anonymous campuspamphleteer passed me a copy of "The Psychology of PoliticalViolence." The pamphlet was bound between Goldman's famous mug shot,
in which she cocks her head at the camera with a defiant look, almostinviting an altercation with the police photographer. The essay wasstunning; it argued that an "attentat", an act of political propagandaby deed, was most likely to be committed by those who were sensitiveto social injustice. Compared to the deeds of governments, "politicalacts of violence are but a drop in the ocean," and that they represent"the most compelling moment of human nature."

Since then, I have read a number of Goldman texts, but none socomplete and interesting as "Emma Goldman: Made for America." This isthe first of four volumes edited by the Emma Goldman Papers Project atUniversity of California-Berkeley. The Project has been meticulous inannotating and providing context for this treasure of news articles,
letters, arrest records, trial transcripts, and other communicationsabout Goldman. The text is a must have for anyone seriously engaged ina study of Goldman.

Goldman entered the political scene in her early twenties, speaking togroups across the nation about anarchism, free expression, women'sliberation, and free love. She was pursued by police relentlessly,
and ultimately deported during the Red Scare. By the age of 30, "RedEmma," an "evil disposed and pernicious person . . . of turbulentdisposition," had accomplished so much that she considered writing hermemoirs.

Goldman is relevant today because her words are still censored.
Earlier this year, the Project planned to send a fundraising appealthat contained Goldman's quotes on war and free expression. For ashort time, Berkeley administrators directed the project not to sendthe solicitation, but ultimately reversed the prohibition. One of theobjectionable quotes was: "In the face of this approaching disaster,
it behooves men and women not yet overcome by war madness to raisetheir voice of protest, to call the attention of the people to thecrime and outrage which are about to be perpetrated on them." Thecontroversies Emma Goldman created during her lifetime still resonatetoday.

- Chris Jay Hoofnagle

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty countries around the world. The survey examinesa wide range of privacy issues including data protection, telephonetapping, genetic databases, video surveillance, location tracking, IDsystems and freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. Formore information:

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunkand Science Fiction. August 11-13, 2003. Prague, Czech Republic. Formore information:
Integrating Privacy Into Your Overall Business Strategy: Complyingwith Privacy Legislation for Competitive Advantage. InternationalQuality and Productivity Centre (IQPC Canada). July 9-10, 2003.
Toronto, Canada. For more information:
Chaos Communication Camp 2003: The International Hacker Open AirGathering. Chaos Computer Club. August 7-10, 2003. Paulshof,
Altlandsberg, Germany. For more information:

WWW2003: 5th Annual Conference on World Wide Web Applications.
Department of Information Studies, Rand Afrikaans University, and theDepartment of Information Systems and Technology, University ofDurban-Westville. September 10-12, 2003. Durban, South Africa. Formore information:

Making Intelligence Accountable, Oslo, Norway September 19-20, 2003.
The Geneva Centre for the Democratic Control of Armed Forces. For moreinformation:
Privacy2003. Technology Policy Group. September 30-October 2, 2003.
Columbus, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:
Subscribe/unsubscribe via e-mail:

Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Problems or questions? e-mail

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail , or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 10.14


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback