======================================================================= E P I C A l e r t ======================================================================= Volume 10.14 July 3, 2003 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_10.14.html ====================================================================== Table of Contents ====================================================================== [1] High Court Upholds Library Filtering, Strikes Down Sodomy Ban [2] EPIC Urges Opt-In for FCRA Affiliate Sharing [3] National "Do-Not-Call" Telemarketing Registry Launches [4] ICANN Discusses WHOIS and New Top-Level Domains [5] Recent Reports: Video Surveillance; Internet Privacy Policies [6] News in Brief [7] EPIC Bookstore: "Emma Goldman: Made for America" [8] Upcoming Conferences and Events ====================================================================== [1] High Court Upholds Library Filtering, Strikes Down Sodomy Ban ====================================================================== In a 6-3 ruling issued on June 23, the U.S. Supreme Court declared the Children's Internet Protection Act (CIPA) constitutional. CIPA conditions the receipt of federal funds by public libraries upon installation of filtering software which blocks access to material that is obscene, child pornography, or "harmful to minors." Even as it recognized that "a filter set to block pornography may sometimes block other sites that present neither obscene nor pornographic material," the Court held that CIPA does not violate library patrons' First Amendment rights. The Court's decision relied heavily on the "ease" with which adult patrons may have the filtering software disabled and the capacity of libraries to permanently unblock any erroneously blocked site. Furthermore, the Court reasoned that CIPA does not infringe any potential fundamental right, because it simply allows Congress, under its spending power, to choose not to subsidize unfiltered Internet access in libraries. The Court emphasized that libraries are free to offer unfiltered Internet access without federal assistance. In 2001, EPIC joined with the American Civil Liberties Union and the American Library Association as co-counsel in litigation challenging the constitutionality of CIPA. As documented by EPIC's "Faulty Filters" report and other studies, filtering programs routinely block sites that clearly do not fall under categories proscribed by the law, thus burdening free speech. The lawsuit also challenged CIPA on privacy grounds. Although the law allows library patrons engaged in "bona fide research" to request access to blocked material, the complaint alleged that such a procedure forces libraries to violate "patrons' privacy and anonymity rights". On May 31, 2002, a three-judge panel in Philadelphia held that CIPA violated the First Amendment because it would restrict substantial amounts of protected speech "whose suppression serves no legitimate government interest." The Supreme Court's decision, which stands on the basic proposition that disabling the filtering software will be simple, overlooks the practical difficulties that libraries will likely face in fulfilling requests to disable. The potential of future litigation due to the consequent frustration of individuals' right to disable is high. In addition, the burden that the disabling provision of CIPA places on individual privacy, through the required disclosure of personal information, is another probable source of future litigation. In a separate case decided on June 26, the Supreme Court issued its opinion in Lawrence v. Texas, holding that a Texas law criminalizing same-sex sodomy is unconstitutional. Justice Kennedy, writing for the majority, affirmed that individuals are "entitled to respect for their private lives." He concluded the Texas statute "furthers no legitimate state interest which can justify its intrusion into the personal and private life of the individual." Importantly, the Court did not reach its decision based solely upon equal protection grounds. The Texas law specifically discriminated against gay couples, unlike a Georgia law upheld by the Supreme Court in 1986. Justice O'Connor, in a concurring opinion, said she would have overturned the Texas law, but not those sodomy laws that were applied to all people equally. The majority, however, decided the case on privacy grounds, effectively invalidating all anti-sodomy laws, and suggesting a right of privacy that may extend outside of the home. United States v. American Library Association, No. 02-361 (U.S. 2003): http://www.epic.org/free_speech/cipa/scotus/opinion.pdf EPIC CIPA Page: http://www.epic.org/free_speech/cipa.html Lawrence v. Texas, No. 02-102 (U.S. 2003): http://www.epic.org/privacy/gender/lawrencevtx.pdf EPIC Gender and Privacy Page: http://www.epic.org/privacy/gender/ ====================================================================== [2] EPIC Urges Opt-In for FCRA Affiliate Sharing ====================================================================== On June 26, the Senate Finance Committee held the fifth of six hearings on the approaching sunset of state preemption provisions in the Fair Credit Reporting Act (FCRA). The FCRA regulates the use, maintenance, and management of credit information. The provisions of the law considered in the hearing allow financial institutions to share personal information about customers with affiliated companies. Currently, financial institutions are required to notify individuals that they have a right to "opt-out" from the sharing of personal information. While some individuals may be aware of their opt-out rights, what they probably do not know is that even if they do choose to opt-out of information sharing, financial institutions may still share their personal information with other companies that are classified as "affiliates." Moreover, several financial institutions have over 1,000 affiliates, some of which engage in practices ranging far beyond customer expectations. Because the FCRA preempts state law, states cannot enact legislation to provide privacy and consumer protections that go beyond federal provisions. EPIC submitted comments on the record, advocating that preemption provisions be "sunsetted" so that states can enact stronger privacy protections. EPIC also urged that financial institutions must obtain "opt-in" consent for the sharing of all personal information. Financial services representatives on the panel argued that sunsetting the affiliate sharing loophole would make direct marketing and pre-approved credit more difficult. A representative of Citigroup applauded the affiliate sharing loophole because it allows the company to set up its own internal credit reporting agency. Advocating privacy protection, Prof. Joel Reidenberg of Fordham Law School; Julie Brill, assistant Attorney General from Vermont; and Ed Mierzwinski of the Public Interest Research Group all argued that the affiliate sharing preemption loophole in the FCRA should be sunsetted. Reidenberg argued that, when enacted, Congress intended the FCRA to act as a floor rather than a ceiling, so that states could provide further protections to individuals. Brill explained that Vermont, unlike other states, has restrictions on affiliate sharing because the state was grandfathered out of federal preemptions. While banking industry representatives argued that restrictions on affiliate sharing would harm consumers by making access to credit and mortgages more difficult, Brill testified that Vermont has seen none of these predicted problems. Drawing from the Citigroup testimony, Mierzwinski explained that the financial institutions' practice of creating internal credit reports is dangerous because these in-house credit reporting agencies completely bypass the FCRA regulations, such as accuracy and accountability requirements. In addition, he explained that states are in a better position to react quickly and tailor their laws to local problems. EPIC Letter on Affiliate Sharing: http://www.epic.org/privacy/fcra/fcra6.26.03.html EPIC Fair Credit Reporting Act Page: http://www.epic.org/privacy/fcra/ EPIC Preemption Page: http://www.epic.org/privacy/preemption/ ====================================================================== [3] National "Do-Not-Call" Telemarketing Registry Launches ====================================================================== Individuals can now enroll in the national telemarketing do-not-call registry (DNC), which was unveiled at a White House Rose Garden ceremony last week. In the opening moments of the DNC web site, the Federal Trade Commission reported that it was receiving over 100 enrollments per second. The list has now grown to over 12.5 million. EPIC and a coalition of consumer and civil liberties groups filed comments on the DNC proposal last year. Many of the protections suggested in the comments were incorporated in the FTC regulation. Most telemarketers will not call individuals enrolled in the list because the Federal Communications Commission (FCC) acted to complement the regulations promulgated by the FTC. The popularity of the DNC registry has spawned additional proposals for national opt-out databases. On Capitol Hill, opt-out databases are being considered for spam, direct mail, and credit card solicitations. The telemarketing industry has reacted strongly, claiming that it will initiate a barrage of direct mail and spam solicitations to fill the void created by the new limits on telemarketing. National "Do-Not-Call" Registry: http://www.donotcall.gov/ EPIC Telemarketing Page: http://www.epic.org/privacy/telemarketing/ ====================================================================== [4] ICANN Discusses WHOIS and New Top-Level Domains ====================================================================== The Internet Corporation for Assigned Names and Numbers (ICANN) met this week in Montreal to discuss WHOIS, the Country Code Supporting Organization, and sponsorship of a limited number new generic top-level domains. WHOIS data may expose domain name registrants' personally identifiable information (including mailing address, email address, telephone number, and fax number). Domain name registrants in the .com/.org/.net top-level domains include businesses; individuals; media organizations; non-profit groups; public interest organizations; political organization; religious organizations; and support groups. Anyone with Internet access, including stalkers, corrupt governments who dislike international exposure, spammers, intellectual property lawyers, law enforcement, consumers, individuals, etc., has access to WHOIS data. The important point is that WHOIS data lends itself to both good faith and bad faith uses, and that investigating fraud is only one of many uses of WHOIS data. During the ICANN public participation session on WHOIS, EPIC pointed out that there are various types of domain name registrants, and that policies governing the information should consider whether the registrant is a commercial or non-commercial actor. The President of ICANN closed the workshop with a recommendation that ICANN groups and constituencies work together to prioritize WHOIS issues and develop a work program. EPIC is serving on the WHOIS Privacy Steering Committee that will work to devise such a program. The ICANN Board also adopted the recommendations made by the group's Evolution and Reform Committee on the formation of a Supporting Organization for country-code names. Country-code top-level domains (ccTLDs) include, for example, .uk, .jp, and .ca. This policy-development body, known as the Country-Code Names Supporting Organization (ccNSO), will serve to develop and recommend global policies relating to ccTLDs; nurture consensus across the ccNSO's community, including the name-related activities of ccTLDs; and coordinate with other ICANN Supporting Organizations, committees, and constituencies under ICANN. Finally, ICANN posted draft materials for a request for proposals for a limited number of new generic top-level domains (gTLDs), which include, for example, .com, .org, .net, .info, and .edu. One of ICANN's main concerns is whether the request for proposals should be limited to applicants who proposed gTLDs in the November 2000 selection process, or whether new applications should also be accepted at this stage. ICANN's request for proposal draft materials are open for public comment by e-mail until August 25, 2003 (comments may be submitted to stld-rfp-comments@icann.org). The ICANN Board also requested its President to provide, no later than July 26, a detailed plan and schedule for the development of an appropriate long-term policy for the introduction of new gTLDs into the domain-name system using "predictable, transparent, and objective procedures." EPIC WHOIS Privacy Issues Report: http://www.epic.org/privacy/whois/privacy_issues_report.pdf ICANN's Montreal meeting report: http://www.icann.org/minutes/prelim-report-26jun03.htm ====================================================================== [5] Recent Reports: Video Surveillance; Internet Privacy Policies ====================================================================== The General Accounting Office (GAO) released a report on video surveillance this week that covers law enforcement use of closed circuit television (CCTV) to monitor federal property in Washington, D.C. The survey was commissioned in response to a request from the former Chair of the House Government Reform Subcommittee on the District of Columbia. The request asked the GAO to examine the implementation of the CCTV systems, and how the enforcement agencies have responded to civil liberties risks flowing from CCTV surveillance systems. Civil liberties and privacy organizations have criticized CCTV use by law enforcement, arguing that surveillance cameras invade personal privacy, infringe on demonstrators' First Amendment rights, are ripe for misuse, and have never proven to be effective (see, for instance, the findings of the August 2002 study conducted by the British Home Office, below). CCTV is used by the Metropolitan Police Department of the District of Columbia (MPDC) and the National Park Service's Park Police to monitor public areas in D.C. around the Mall and other popular tourist sites, as well as at downtown locations such as Dupont Circle, Union Station, the Old Post Office Building and a shopping area in Georgetown. The systems are allegedly used to deter crime and combat terrorism. The GAO survey found that although the MPDC's alleged primary use is to deter and detect crime, the Park Police reported using CCTV mainly to counter terrorism. Video surveillance to combat terrorism has, according to several experts' studies, not been effective in apprehending even a single terrorist, and the Park Police has not to date shown any evidence that its cameras have detected terrorism activities. Furthermore, the MPDC has been unable to demonstrate that its video surveillance has furthered the MPDC's stated primary goal of decreasing or detecting criminality. The MPDC has been urged by civil liberties groups and the D.C. City Council to draft guidelines for the use of its video surveillance system to address serious privacy concerns, and has been called upon to testify several times on the matter before Congress and the Council. In response, the department has released guidelines to address civil liberties concerns, has put into operation regulations for use, and disclosed the CCTV locations to the public. Nonetheless, the report finds that the Park Police has failed to release any usage guidelines or disclosed camera locations, although ordered to do so more than a year ago by Congress. The Park Police asserts that it is considering obtaining public input into its CCTV system and is developing an operations policy. The Annenberg Public Policy Center at the University of Pennsylvania released a study last week that questions the success and viability of consumer education on Internet privacy policies. The most startling finding is that 57 percent of adult home Internet users believe that websites with privacy policies do not share their personal information with third parties. Written by Prof. Joseph Turow, the study also found that most U.S. Internet users have no idea that websites manipulate, extract and share data to create profiles about their web visitors. In other findings, 94 percent of the report respondents agreed with the statement that "I should have a legal right to know everything that a web site knows about me." Eighty-five percent thought that a law that gave individuals the right to control how websites use and share information would either be "very" or "somewhat" effective in protecting privacy. Information on Law Enforcement's Use of Closed-Circuit Television to Monitor Selected Federal Property in Washington, D.C., GAO 03-748, June 2003: http://www.gao.gov/new.items/d03748.pdf British Home Office Research Study 252, Crime Prevention Effects of Closed Circuit Television: a Systematic Review, August 2002: http://www.homeoffice.gov.uk/rds/pdfs2/hors252.pdf EPIC Observing Surveillance Project: http://www.observingsurveillance.org EPIC Video Surveillance Page: http://www.epic.org/privacy/surveillance/ Joseph Turow, Americans and Online Privacy: The System is Broken, Annenberg Public Policy Center, June 2003: http://www.appcpenn.org/press/turow-privacy-2003.pdf ====================================================================== [6] News in Brief ====================================================================== DPPA Class Action Filed Against ChoicePoint, Lexis-Nexis Attorneys in Florida have filed a class-action lawsuit against ChoicePoint and the parent company of Lexis-Nexis for allegedly violating the Driver's Privacy Protection Act. The complaint alleges that the companies obtained driver's records in violation of federal law. Complaint in Levine v. ChoicePoint, No. 03-80491 (S.D. Fla. 2003): http://www.epic.org/privacy/profiling/levinecmp.pdf California Financial Privacy Update SB1, the California opt-in financial privacy bill, was defeated by a coalition of moderate Democrats in the state's assembly last week. The bill's sponsors will try to have the bill reconsidered, but in the meantime, privacy advocates' focus will turn to a voter initiative to be held in March 2004. Initiative organizers are on track to exceed the amount of signatures necessary for access to the ballot. The initiative, if passed, will set the strongest financial privacy standards in the nation. It requires opt-in consent before financial services companies can exploit personal information with affiliates or non-affiliates. California Privacy Initiative: http://www.californiaprivacy.org/ RIAA Threatens to ID and Sue Thousands of P2P Users The Recording Industry Association of America (RIAA) announced last week that it will aggressively pursue lawsuits against individuals who share media files online. The announcement follows the group's initial success in RIAA v. Verizon, where the music industry sought to use provisions of the Digital Millennium Copyright Act to identify P2P users with legal subpoena. EPIC RIAA v. Verizon Page: http://epic.org/privacy/copyright/verizon/ EPIC Letter On P2P Privacy: http://www.epic.org/privacy/student/p2pletter.html Government Surveillance Oversight Bill Introduced Rep. Joseph Hoeffel (D-PA) recently introduced The Surveillance Oversight and Disclosure Act (SODA) in the House of Representatives. The proposed bill would require the Department of Justice (DOJ) to report yearly to Congress on secret warrants issued under the Foreign Intelligence Surveillance Act (FISA), including an accounting of how many secret warrants are issued for electronic surveillance, physical searches, pen registers, and access to records. The DOJ would also be required to disclose how frequently such information is used in criminal proceedings. SODA is intended to give Congress greater oversight of the DOJ's foreign and domestic surveillance activities. Surveillance Oversight and Disclosure Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.2429: EPIC FISA Page: http://www.epic.org/privacy/terrorism/fisa/ ====================================================================== [7] EPIC Bookstore: "Emma Goldman: Made for America" ====================================================================== Emma Goldman, A Documentary History of the American Years: Made for America, 1890-1901, Vol. 1 (Candace Falk, Barry Pateman, Jessica Moran, eds., Univ. California Press 2003). http://www.ucpress.edu/books/pages/9079.html Emma Goldman Papers Project: http://sunsite.berkeley.edu/Goldman/ I first encountered Emma Goldman's work when an anonymous campus pamphleteer passed me a copy of "The Psychology of Political Violence." The pamphlet was bound between Goldman's famous mug shot, in which she cocks her head at the camera with a defiant look, almost inviting an altercation with the police photographer. The essay was stunning; it argued that an "attentat", an act of political propaganda by deed, was most likely to be committed by those who were sensitive to social injustice. Compared to the deeds of governments, "political acts of violence are but a drop in the ocean," and that they represent "the most compelling moment of human nature." Since then, I have read a number of Goldman texts, but none so complete and interesting as "Emma Goldman: Made for America." This is the first of four volumes edited by the Emma Goldman Papers Project at University of California-Berkeley. The Project has been meticulous in annotating and providing context for this treasure of news articles, letters, arrest records, trial transcripts, and other communications about Goldman. The text is a must have for anyone seriously engaged in a study of Goldman. Goldman entered the political scene in her early twenties, speaking to groups across the nation about anarchism, free expression, women's liberation, and free love. She was pursued by police relentlessly, and ultimately deported during the Red Scare. By the age of 30, "Red Emma," an "evil disposed and pernicious person . . . of turbulent disposition," had accomplished so much that she considered writing her memoirs. Goldman is relevant today because her words are still censored. Earlier this year, the Project planned to send a fundraising appeal that contained Goldman's quotes on war and free expression. For a short time, Berkeley administrators directed the project not to send the solicitation, but ultimately reversed the prohibition. One of the objectionable quotes was: "In the face of this approaching disaster, it behooves men and women not yet overcome by war madness to raise their voice of protest, to call the attention of the people to the crime and outrage which are about to be perpetrated on them." The controversies Emma Goldman created during her lifetime still resonate today. - Chris Jay Hoofnagle ================================ EPIC Publications: "The Privacy Law Sourcebook 2002: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002). Price: $40. http://www.epic.org/bookstore/pls2002/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2002: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $25. http://www.epic.org/bookstore/phr2002/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including data protection, telephone tapping, genetic databases, video surveillance, location tracking, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For more information: http://conferences.oreilly.com/oscon/ 1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm Integrating Privacy Into Your Overall Business Strategy: Complying with Privacy Legislation for Competitive Advantage. International Quality and Productivity Centre (IQPC Canada). July 9-10, 2003. Toronto, Canada. For more information: http://www.iqpc-canada.com/NA-1987-01 Chaos Communication Camp 2003: The International Hacker Open Air Gathering. Chaos Computer Club. August 7-10, 2003. Paulshof, Altlandsberg, Germany. For more information: http://www.ccc.de/camp/ WWW2003: 5th Annual Conference on World Wide Web Applications. Department of Information Studies, Rand Afrikaans University, and the Department of Information Systems and Technology, University of Durban-Westville. September 10-12, 2003. Durban, South Africa. For more information: http://www.udw.ac.za/www2003/ Making Intelligence Accountable, Oslo, Norway September 19-20, 2003. The Geneva Centre for the Democratic Control of Armed Forces. For more information: http://www.dcaf.ch/news/Intel%20Acct_Oslo%200903/ws_mainpage.html Privacy2003. Technology Policy Group. September 30-October 2, 2003. Columbus, OH. For more information: http://www.privacy2000.org/2003/index.html ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail < info@epic.org > Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org ,http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 10.14 ---------------------- .