WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2003 >> [2003] EPICAlert 23

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 10.23 [2003] EPICAlert 23


Volume 10.23 November 13, 2003

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.

Table of Contents

[1] Report Raises More Questions About Voting Machines
[2] Attorneys General Oppose Spam Legislation
[3] Gore Calls for Repeal of the Patriot Act
[4] Members of Congress Object to New Postal Rule
[5] Courts Issue Wiretapping Decisions
[6] News in Brief
[7] EPIC Bookstore: Credit Card Nation
[8] Upcoming Conferences and Events

[1] Report Raises More Questions About Voting Machines

The Congressional Research Service (CRS) of the Library of Congresshas presented to Congress a report entitled, "Election Reform andElectronic Voting Systems: Analysis of Security Issues." The reportwas written in response to rising concern and questions regarding newelectronic voting systems after recent allegations that these systemsuse software that is subject to alarming security vulnerabilities. Thereport analyzes the controversy surrounding direct recordingelectronic (DRE) voting machines - the first fully computerized votingsystem - while putting it in the larger context of election practicesand voting machine development. It details the types of threats andvulnerabilities that could jeopardize the voting process, as well asthe specific complaints broached by security experts.

While the CRS took pains not to take a position in the debate, it doesrecognize that recent analysis demonstrates the existence of securityflaws in DREs, which are cause for concern. As the report states, "atleast some current DREs clearly exhibit security vulnerabilities.
Those vulnerabilities pose potential . . . risks to the integrity ofelections." It goes on to list a number of different proposals beingadvocated to address these vulnerabilities, including ensuring thatsecurity protocols are followed, improving the standards andcertification process for voting machines, use of open source computercode, and improvements in verifiability and transparency. The lastpoint is one that computer scientists and voting activists have beenpushing for, specifically by requiring voter-verifiable paperprint-outs of vote selection for voters to review. The CRS stopsshort of issuing any recommendations, but does indicate that furtherinvestigation and action should be taken regarding this matter.

Meanwhile, the voting machine debate has only grown fiercer, asCalifornia state officials have halted certification of Dieboldelectronic voting machines after allegations surfaced that uncertifiedsoftware may have been installed in some of the machines used in oneof its counties. The state has further required that Diebold pay foran audit of all the company's voting machines used in the state toensure their operability before going ahead with the certification.
And in Fairfax County, Virginia, a judge ordered logs of tenelectronic voting machines made by Advanced Voting Solutions to beinspected, after machine malfunctioning caused long delays in thecounty's vote tallying and raised questions as to voting integrity.
Local Republicans have alleged that glitches in several of themachines prevented voters from voting for their candidates.

In Pennsylvania, members of the Swarthmore Coalition for the DigitalCommons, a student organization at Swarthmore College, are taking heatfrom Diebold for hosting web pages linked to thousands of leakedDiebold memos that detail flaws in the company's voting machinesoftware. The company claims posting such information is a violationof the Digital Millennium Copyright Act, and has sent outcease-and-desist letters to force websites and ISP's to take down thememos, which the college has complied with. However, the studentshave continued to protest, claiming the company is suppressing freespeech. The Electronic Frontier Foundation and Stanford Law School'sCenter for Internet and Society have filed a lawsuit requesting atemporary restraining order against Diebold's cease-and-desistactivities on behalf of the students.

The CRS Report on electronic voting is available at:

The Swarthmore Coalition complaint is available at:

For background information, see EPIC's Voting page at:

[2] Attorneys General Oppose Spam Legislation

A coalition of state attorneys general from around the country signeda November 4 letter urging Congress to address the many loopholes andexemptions that plague the CAN-SPAM Act of 2003 before the bill comesto a vote in the House.

A version of the Act, S. 877, passed in the Senate last month. Theattorneys general criticize the Senate version, which would preemptstronger state spam law in several states, for its minimalistprotection of individuals. As the letter states: "Its substantiveprotections are weak, as are its damage provisions." The bill"virtually assure[s] that it will engender litigation, rather thandeter unlawful conduct."

Specifically, the attorneys general point out that the current spambill: uses a "standard [of proof that] exceeds what is found in otherconsumer protection statutes;" allows spammers to "escape liability
by insulating themselves from knowledge;" "creates a loophole forspammers who may argue the primary purpose of their email is somethingother than advertising;" "forecloses any liability for merchants,
except in extremely limited circumstances;" and opens a loopholewhereby spammers do not have to offer an opt-out option to individualsfor technical reasons (as in the case where the spammer's inbox isfull).

The coalition of state attorneys general includes the legal officersfrom: California, Kansas, Maryland, Nevada, Texas, Vermont, Virginiaand Washington.

More than thirty states have spam laws that may face preemption by theCAN-SPAM Act. California's spam law, which will go into effect in2004 if not preempted, is the toughest in the nation. It wouldrequire e-mail advertisers to seek permission before sendingadvertisements, give individuals strong, enforceable opt-outcapabilities, and allow individuals to sue violators for $1000 perunwanted e-mail.

The state attorneys general's letter to Congress is available at:

The text of S. 877 is available at:

For background information, see EPIC's Spam page at:

[3] Gore Calls for Repeal of the Patriot Act

On Sunday, November 9, former Vice President Al Gore was welcomed by acrowd of 3,000 at Constitution Hall in an event sponsored by theAmerican Constitution Society and Speaking about freedomand security, Gore brought the crowd to their feet when he called fora repeal of the Patriot Act. He stated, "I believe the Patriot Acthas turned out to be, on balance, a terrible mistake, and that itbecame a kind of Tonkin Gulf Resolution conferring Congress' blessingfor this President's assault on civil liberties."

Gore further stated that while the Act does contain a few neededchanges in the law, overall, the Patriot Act is a dangerous extensionof power. He stated, "I believe strongly that the few good featuresof this law should be passed again in a new, smaller law -- but thatthe Patriot Act must be repealed." Gore accused President Bush oferoding personal freedoms and weakening the nation's security through"mass violations of civil liberties" in the war on terrorism. Hechided the administration for its "implicit assumption" that Americansmust give up traditional freedoms in order to be safe from terrorists.
He believes the law has actually done little in terms of security toprotect Americans from terrorism.

The former Vice President criticized the Bush administration forseeking an overwhelming amount of privacy and secrecy for its ownactivities, whilst intruding further into the lives of privatecitizens by increasing surveillance and detention powers. He stated,
"Where civil liberties are concerned, they have taken us much fartherdown the road to an intrusive, Big Brother-style government -- towardthe dangers prophesized by George Orwell in his book '1984' -- thananyone ever thought would have been possible in the United States."

The text of Al Gore's speech is available at:

For background information, see EPIC's Patriot Act page at:

[4] Members of Congress Object to New Postal Rule

Sen. Joseph Lieberman (D-CT) and Reps. Henry Waxman (D-CA), David R.
Obey (D-WI) and John Olver (D-MA) have sent a letter to the U.S.
Postal Service urging the agency to revisit a new "cooperativemailing" rule, which becomes effective on November 13. The changes tothe rule would broaden for-profit mailers' access to discounted ratesnormally reserved only for charities and non-profits. It allowsfor-profit mailers to send solicitations on behalf of charities atdiscounted mailing rates.

The new rule presents a number of risks to the public and charities.
First, it will increase the amount of junk mail that individualsreceive. Second, it allows for-profit mailers to take advantage ofthe public and charities by charging exorbitant rates for thesolicitations. Third, it encourages for-profit mailers to createbogus charities that attract donations simply for the enrichment ofthe for-profit mailer. Finally, the new rule jeopardizes legitimatecharities, because the credibility of their solicitations suffer as aresult of the for-profit mailers' activities.

To illustrate these risks, the Members' letter detailed the case of"Vantage," a commercial mailer that illegally used the nonprofit ratesto send 78 million pieces of mail. Vantage kept most of the moneyraised on behalf of the charities: "According to the government,
Vantage received 76 percent of all money donated to the relevantnonprofit organizations. In one example, over a two-year period,
Vantage received approximately 86 percent of the donated money(Vantage received approximately $20.6 million out of $23.8 milliondonated)."

The cooperative mailing rule is the latest move by the Postal Servicethat benefits direct marketers at public expense. It comes at a timewhen the Federal Communications and Federal Trade Commissions areattempting to curb unwanted telephone and e-mail marketing. Earlierin the fall, the Postal Service proposed sender identificationrequirements for certain classes of mail that eventually would benefitbulk mailers by allowing them to track delivery and response tooffers. The agency also subsidizes bulk mail by giving discounts tomailers who deliver solicitations in certain formats, while cuttingservices to the public by reducing hours and closing post officelocations. In April 2002, the American Postal Workers Union claimedthat discounts to bulk mailers resulted in a $700 million subsidy tothe marketing industry. These actions are giving rise to new callsfor a do-not-mail list and for curbs on the list brokerage industry.

The letter from Members of Congress to the Postal Service is availableat:

For background information, see EPIC's Postal Service Privacy page at:

[5] Courts Issue Wiretapping Decisions

Two federal courts have issued opinions relating to federal wiretaplaw. In Glazner v. Glazner, the 11th Circuit (en banc) overturned aninterspousal wiretapping immunity, and a district court inMassachusetts issued a memorandum in In re Pharmatrak, dealing withalleged wiretap violations by third party monitoring of website usage.
In an opinion dated October 16, 2003, the Court of Appeals for the11th Circuit overturned an interspousal exception to federalwiretapping laws. The court overruled the case Simpson v. Simpson,
which established an exception within the 11th Circuit to the federalwiretapping law (Title III) for interspousal wiretaps within themarital home. Judge Dubina, writing for the majority, noted that thetext of Title III "makes no distinction between married and unmarriedpersons or between spouses and strangers." The court also noted thatan overwhelming majority of other federal and state courts haveexplicitly refused to adopt the Simpson interspousal immunity to TitleIII.

A federal district court had previously granted summary judgment todefendant James Glazner and refused to hold the defendant civillyliable for placing a recording device on a telephone, under theinterspousal immunity of the Simpson case. His wife, ElisabethGlazner, filed a civil complaint under Title III because the recordingdevice had recorded conversations between her and third partieswithout consent of either party to the conversations.

The Court of Appeals also applied the ruling retroactively, findingthat all states within the 11th Circuit had already criminalized thedefendant's wiretapping activity. In addition, several states hadalso created state civil liability for wiretapping. None of thosestate laws contained exceptions for interspousal wiretapping. The twodissents in the decision disagreed only with the decision to apply theruling retroactively, but agreed with the central holding ofoverturning the Simpson interspousal wiretapping immunity.

Separately, a Massachusetts federal district court issued a memorandumfinding that defendants Pharmatrak and several pharmaceuticalcompanies lacked sufficient intent for liability under the ElectronicCommunications Privacy Act of 1986 (ECPA). The defendant Pharmatraksold NETcompare, a web site traffic monitoring service, to thedefendant pharmaceutical companies, which collected information aboutusers of the web sites of the pharmaceutical companies. NETcomparecollected personal information on some users. The class actionplaintiffs were consumer users of the pharmaceutical company websites, alleging that the defendants secretly intercepted and accessedpersonal information through the use of computer "cookies" and otherdevices.

The district court noted that the Court of Appeals had defined a highstandard of intent under the ECPA that required that the "conduct orcausing of result must have been the person's conscious objective." Tosupport a finding of no intent, the court relied on the fact that anexpert found only 232 individual profiles were available from 18.7million users; the majority of personal information had been collectedthrough programming errors on the part of other parties; and thedefendants' lack of knowledge of the personal information.

The 11th Circuit en banc decision in Glazner v. Glazner is available at:

The district court memorandum in In re Pharmatrak is available at:

For background information, see EPIC's Wiretapping page at:

[6] News in Brief

EPIC has posted on its website 100 consumer complaints to the FederalCommunications Commission regarding telemarketing activity. Thecomplaints, which were obtained under the Freedom of Information Actand do not reveal the identities of the telemarketing victims, clearlydemonstrate the need for a national Do-Not-Call Registry. Thecomplaints fall roughly into three categories: telemarketers whoignore or frustrate individuals' requests to stop calling;
telemarketers who become abusive or harass individuals; and thefrustration that individuals experience as a result of autodialer andprerecorded voice calls. These complaints demonstrate that the newtelemarketing regulations are a rational response to serious abuses inthe telemarketing industry.

The telemarketing complaints are available at:

For background information, see EPIC's Do-Not-Call Registry Timelineat:

For background information, see EPIC's Telemarketing page at:

The Federal Communications Commission announced that it will hold aforum on Voice over Internet Protocol (VoIP) issues on December 1,
2003, and that it will then issue a Notice of Public Rule Making(NPRM) "to inquire about the migration of voice services to IP-basednetworks and gather public comment on the appropriate regulatoryenvironment for these services". The FCC has invited individuals froma variety of backgrounds in industry and government to presentinformation on issues related to VoIP. The hearing will discussregulation and classification questions, including those raised in theVonage v. Minnesota Public Utilities Commission case. The discussionwill be open to public comment after which time the FCC intends tofollow with a Report and Order on the VoIP issues raised in theproceeding.

The FCC new release on the hearing is available at:

Chairman Michael Powell's letter to Sen. Ron Wyden re: the hearing isavailable at:

The Court decision in Vonage v. Minnesota Public Utilities Commissionis available at:

The Federal Communications Commission approved a mandate to include ananti-piracy mechanism called a broadcast flag in digital broadcasttelevision. The flag serves as a signal to digital TV receptionequipment to limit the "indiscriminate" redistribution of thebroadcast content. In the Report and Order, the FCC permitted the useof the flag at the discretion of the broadcaster. The FCC alsoestablished compliance rules for manufacturers of electronicequipment, who will have to include flag detectors in their consumerproducts. Commissioners Copps and Adelstein dissented in part fromthe order, voicing concerns over the scope of the flag protection,
which includes non-copyrightable content and content in the publicdomain, such as news and political debate, as well as with lack ofconsumer privacy safeguards.

The FCC news release is available at:

The FCC Report and Order in the Matter of Digital Broadcast ContentProtection is available at:

Commissioner Michael Copps' statement is available at:

Commissioner Jonathan Adelstein's statement is available at:

A new study by the World Privacy Foundation found individuals seekingemployment are subject to a host of new privacy risks including saleof their personal information. The study, authored by Pam Dixon of thenewly-formed World Privacy Forum, focuses on over 50 job search websites and in-store kiosks that collect application informationelectronically. Serious questions are raised regarding compliance withEqual Employment Opportunity laws. Title VII prohibits employmentdiscrimination based on race, color, religion, sex or national origin;
employers must inform applicants that supplying this information isvoluntary. However, several job seeking sites do not make thisdisclosure, and seem to require the applicant to disclose theinformation.

Dixon found some positive developments in the online job search field.
These included more anonymous access to job web site listings, andquick responses to privacy questions sent to the companies. However,
many job sites require registration for access to information neededto send a job application, and an increase was found in the use ofpersistent third-party cookies. Dixon makes a series ofrecommendations in the report, including a call upon the Federal TradeCommission and Equal Employment Opportunity Commission to investigateuses of job seeker data and compliance with federal law.

The 2003 Job Search Privacy Study is available at:

For background information, see EPIC's Workplace Privacy page at:

[7] EPIC Bookstore: Credit Card Nation

Dr. Robert D. Manning, Credit Card Nation, The Consequences ofAmerica's Addiction to Credit (Basic Books, 2000).

As Congress considers amendments to our country's first federalprivacy law, the Fair Credit Reporting Act, there is almost nodiscourse about the problems presented by credit card debt in ournation. Even the Brookings Institution avoided a critical analysis,
and instead knelt at the foot of the industry, praising it and coiningthe phrase "the miracle of instant credit." (Vatican sources laterinformed us that Brookings nominated Visa and MasterCard forcanonization.) The orthodoxy that credit could only do good deedsprevailed through the entire debate, and critics of companies thatroutinely lend their victuals to the improvident at 20 percentinterest, compounded, somehow seemed unpatriotic.

Indeed, the credit industry has been successful in creating a culturalsea change in the United States, linking access to credit withAmerican values, argues Robert Manning, a professor at RochesterInstitute of Technology. The industry has shifted individuals' valuesfrom a puritan work and save ethic, to one where many managehigh-interest debt. The danger is that many Americans are atheightened risk of personal bankruptcy. Credit card companies havealso sought safe haven in states with weak consumer protection laws,
allowing them to circumvent regulations designed to shield individualsagainst usury. As a result, common life events such as divorce,
losing a job, or undergoing medical treatment can easily plunge afamily into serious trouble. Identity theft also is exacerbated, asthe industry has resisted laws that would help prevent issuance ofcredit to impostors.

Portions of the book addressing credit marketing on college campusesare compelling. The credit industry markets heavily to collegestudents, who often have no credit history and no income. They alsoprovide more cards and higher credit lines if the student "maxes out"
accounts. This business model actually works because students will"juggle" credit by using their educational loans to pay the monthlybalances. The result is that a large number of students enter theworkforce under high-interest debt. Meanwhile, credit companieswhitewash the problems by pumping funding into industry-friendly thinktanks, such as Georgetown University's Credit Research Center.
Manning's book presents a well-footnoted and cogently-argued caseagainst one of the most powerful industries in the world. I highlyrecommend it, and after reading it, I smote mammon itself by cuttingup all of my credit cards.

Chris Jay Hoofnagle

EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40.

The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.

"FOIA 2002: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 21stedition fully updates the manual that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or need to learn how to litigatethem), this is an essential reference manual.

"Privacy & Human Rights 2003: An International Survey of Privacy Lawsand Developments" (EPIC 2002). Price: $35.

This survey, by EPIC and Privacy International, reviews the state ofprivacy in over fifty-five countries around the world. The surveyexamines a wide range of privacy issues including data protection,
passenger profiling, genetic databases, video surveillance, ID systemsand freedom of information laws.

"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens free expression.

"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand the basic responsibilities for businesses in the online economy.

"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:

EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption to law enforcement.

EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:

EPIC Bookstore

"EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

PATRIOT Acts I and II: The New Assault on Liberty? Next IndependentPolicy Forum. November 13, 2003. Oakland, CA. For more information:
RFID Privacy Workshop. Massachusetts Institute of Technology.
November 15, 2003. Boston, Massachusetts. For more information:

Trespassing in Cyberspace. Justice Talking - National Public Radio.
November 18, 2003. Philadelphia, PA. For more information:

American Society of Access Professionals Workshop. November 18-19,
2003. St. Louis, Missouri. For more information:

In the Aftermath of September 11: Defending Civil Liberties in theNation's Capital. UDC David A. Clarker School of Law. November 21,
2003. Washington, DC. For more information:

Are You being Watched? Security vs. Privacy. Science and TechnologyPolicy Program at NAS. November 21, 2003. Washington, DC. For moreinformation: call (202) 334-3570.

Claim Democracy Conference. The Center for Voting and Democracy.
November 22-23. Washington, DC. For more information:

Media Freedoms and the Arab World. The Arab Archives Institute.
December 6-8, 2003. Amman, Jordan. For more information: or see

WHOLES - A Multiple View of Individual Privacy in a Networked World.
Swedish Institute of Computer Science. January 30-31, 2004. Stockholm,
Sweden. For more information:

O'Reilly Emerging Technology Conference. February 9-12, 2004. SanDiego, CA. For more information:

Securing Privacy in the Internet Age. Stanford Law School. March13-14, 2004. Palo Alto, CA. For more information:

International Conference on Data Privacy and Security in a GlobalSociety. Wessex Institute. May 11-14, 2004. Skiathos, Greece. Formore information:

O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. Formore information:

Subscription Information

Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:

Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

Subject: "help" (no quotes)

Problems or questions? e-mail <

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do not enhance (linkto other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription information". Please contact if you wouldlike to change your subscription e-mail address, if you areexperiencing subscription/unsubscription problems, or if you have anyother questions.

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
e-mail, or write EPIC, 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute online at:

Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and expanding wiretapping powers.

Thank you for your support.

END EPIC Alert 10.23


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback