EPIC Alert 2.06 

Volume 2.06                                                      April 28, 1995 



Published by the
 Electronic Privacy Information Center (EPIC)
Washington, DC
info@epic.org



Table of Contents
 



[1] EPIC Sends Letter to Congress on Terrorism Bill



In a letter sent April 27 to Senator Orin Hatch, the Electronic Privacy
Information Center, urged the Congress to proceed cautiously in the
wake of the tragic bombing incident in Oklahoma.  EPIC said that "any
expansion of federal authority to investigate political activity could
have a profound impact upon communication networks and the future of
electronic democracy."  Senator Hatch held hearings on April 27 on
counter-terrorism proposals.

The EPIC letter focused on the history of the Attorney General
guidelines that permit the government to conduct investigations of
domestic organizations.  The original guidelines were issued in 1976
by Attorney General Edward Levi.  The "Levi Guidelines," as they came
to be known, recognized the FBI's legitimate investigative needs while
seeking to protect the First Amendment rights of dissident politic
organizations.  The Guidelines were promulgated in the wake of
Watergate and the revelations of the Senate's Church Committee
investigation. According to EPIC, the Levi Guidelines reflected the
post- Watergate consensus that the investigation of controversial or
unpopular political groups had at times been overzealous and had
violated fundamental constitutional rights.

In 1983 President Reagan's Attorney General, William French Smith,
issued a new set of guidelines that replaced the Levi Guidelines.  The
"Smith Guidelines" were far less restrictive than the Levi Guidelines.
As President Reagan's FBI Director William Webster said, the Smith
Guidelines "should eliminate any perceptions that actual or imminent
commission of a violent crime is a prerequisite to investigation."

The critical section of the Smith Guidelines cited in the EPIC letter
provides that "[a] domestic security/terrorism investigation may be
initiated when facts or circumstances reasonably indicate that two or
more persons are engaged in an enterprise for the purpose of
furthering political or social goals wholly or in part through
activities that involve force or violence and a violation of the
criminal laws of the United States."

EPIC said that "the current guidelines provide the FBI with ample
authority to initiate investigations of organizations and individuals
similar to those alleged to have been involved in the Oklahoma City
bombing."  EPIC noted that public information concerning paramilitary
right-wing organizations in general -- and the Michigan Militia in
particular -- has been readily available to the FBI and other law
enforcement agencies for some time.  EPIC also noted that former
Attorney General Griffin Bell and former Assistant Attorney General
Victoria Toensing have recently expressed the view that the FBI
possessed sufficient authority under the Smith Guidelines to
investigate and monitor the activities of this organization and
affiliated individuals.

Finally, EPIC urged Senator Hatch to give similar careful
consideration to any proposals for the modification of the wiretap
statute or privacy statutes that would diminish the freedoms that all
American currently enjoy.

EPIC's Letter to Senator Hatch and other materials on domestic
security investigations and the counterterrorism bill is available via
WWW from http://epic.org/terrorism/



[2]  Supreme Court Upholds Anonymous Speech




In an important case for privacy and free speech advocates, the
Supreme Court ruled recently that the First Amendment protects
anonymous political speech. In McIntyre v. Ohio Election Commission,
decided April 19, 1995, the Court struck down an Ohio law that required 
the disclosure of personal identity on political literature.

The petitioner McIntyre distributed pamphlets opposing a proposed
school tax levy.  The pamphlets were signed simply "Concerned Parents
and Taxpayers." McIntyre was fined under a provision of the Ohio code
that prohibited the distribution of campaign literature that does not
contain the name and address of the person who issued the literature.

The Supreme Court ruled that the ordinance violates the First
Amendment.  The Court said that the ordinance burdened core political
speech and noted that the documents covered by the law included only
publications intended to influence voters on political issues. The
Court relied in part on a 1960 opinion, Talley v. California, which
held that the First Amendment protected anonymous speech.

The Supreme Court also said that the ban on anonymous speech is not
justified by the state's asserted interest in preventing the
distribution of fraudulent and libelous information. The Court said
that there are more direct ways to address that problem and said also
that the code's  broad prohibition of anonymous leaflets covered all
documents, regardless of whether they are arguably false or
misleading.

Justice Steven's opinion for the Court note that arguments favoring
the ratification of the Constitution advanced in the Federalist Papers
were published under fictitious names. Justice Stevens said "quite
apart from any threat of persecution, an advocate may believe her
ideas will be more persuasive if her readers are unaware of her
identity.  Anonymity thereby provides a way for a writer who may be
personally unpopular to ensure that readers will not prejudge her
message simply because they do not like its proponent." Stevens
concluded "Under our Constitution, anonymous pamphleteering is not a
pernicious, fraudulent practice, but an honorable tradition of
advocacy and of dissent.  Anonymity is a shield from the tyranny of
the majority. "

In a surprising and somewhat strained opinion, Justice Scalia wrote in
dissent that he could "imagine no reason why an anonymous leaflet is
any more honorable, as a general matter, than an anonymous phone call
or an anonymous letter.  It facilitates wrong by eliminating
accountability, which is ordinarily the very purpose of the
anonymity."

The Court's opinion in McIntyre vs Ohio Election Commission may be
significant for several emerging privacy issues. Anonymity is a hotly
debated topic in such areas as on-line commerce, the Intelligent
Transportation System, electronic mail, and news groups postings.  The
Court's opinion in McIntyre makes clear that, at least as far as the
expression of political opinion is concerned, the Court will continue
to view anonymous speech as protected by the First Amendment.

A copy of the opinion is available via ftp/gopher from cpsr.org/cpsr/
free_speech/mcintyre.txt or http://epic.org/free_speech/



[3]  Virginia Removes SSN, SSA to Match SSN Records with State DMV's




Governor George Allen on March 18 signed a bill allowing Virginia
residents the option to not have their Social Security Numbers on
their driver's licenses. Virginia now joins 40 other states in not
requiring SSN's to be placed on the face of the driver's license. The
new law also allows residents to use their work address or a post 
office box as their address on the license.

The legislation comes after 3 years of work by consumer and civil
liberties groups including CPSR, the ACLU and the Virginia Citizen's
Consumers' Council.  The Bill passed the State Senate 39-0 and the
House 71-28. Police groups and the DMV expressed no opposition to the
bill.

In a related action, the Social Security Administration announced that
it was filing for an exemption to the Federal Privacy Act to allow it
to verify Social Security Numbers for the state DMV's. The SSA is
offering to verify SSNs for state DMVs under the "routine use"
exception of the Privacy Act.

The SSA claims that the proposal is justified under the notion that
improving state IDs would improve efficiency of federal programs. The
proposal is part of a growing movement in the federal government to
create an identification system for immigration control and other
federal programs.

The SSA attempted to conduct a similar matching program with the
credit bureaus in the 1980's but withdrew the program after the
Congress Research Service stated that it was illegal.

A copy of the Federal Register Notice is available at cpsr.org
/cpsr/privacy/epic/ssa_dmv_notice.txt. Comments are due by May 8. Send
comments to SSA Privacy Officer, Social Security Administration, Room
3-A-6 Operations Building, 6401 Security Blvd., Baltimore, MD 21235 or
faxed to (410) 966-0869.



 [4] Appeals Court Rules on Pager Privacy




The US Court of Appeals for the 4th Circuit ruled on March 30 that
communications of digital pagers are protected by the Electronic
Privacy Communications Act (ECPA). The appeals court overturned a
lower court decision that ruled that duplicate "clone pagers" could be
obtained using a lower legal standard usually reserved for
transactional information. The Appeals court found that since pagers
could receive more information than just telephone numbers they were
therefor protected as electronic communications.

Under ECPA, interception of electronic communications requires that a
judge issue a warrant showing "probable cause." However, ECPA only
requires that for pen registers, which are devices that capture the
telephone numbers dialed by a particular telephone line, that a judge
"certify" that the "information likely to be obtained is relevant to
an ongoing criminal investigation," a much lower standard.  Since
1985, when the use of those devices were regulated by the ECPA, no
federal judge has rejected any of the 22,000 warrant requests made by
law enforcement officials. This lower standard is also now used to
regulate law enforcement access to electronic transactional records
under the recently passed Law Enforcement Communications Assistance
Act of 1994.

The court rejected the lower courts analysis based on legislative
history of ECPA and a recognition that digital pagers can receive
additional messages beyond mere telephone numbers:

	[A] digital display pager programmed to receive numeric
	transmissions has the capability to receive by that means
	coded substantive messages--whether  or not it happens to
	do so during a particular period of interception by clone
	pager--is what makes the interception subject to the
	authorization requirements of sections 2516 and 2518.

The case began when the Durnham, NC police department began to
investigate one of its own employees and obtained a court order using
the pen register standard for obtaining a "clone pager" that would
intercept messages intended for Jamie Brown. The police department has
also obtained a court order authorizing pen requesters to be placed on
Brown's telephones. After a month, the police department was unable to
find any evidence of wrong doing and sent a letter to brown
apologizing for the investigation, describing it as "failing to meet
high standards of professionalism." Brown then filed suit against the
police department under the civil action available under the ECPA.

The case has been remanded back to the lower court, which will now
decide if the police are not liable because they are immune or they
acted in good faith.



 [5] House Passes Family Privacy Bill




As part of the Contract with America, the US House of Representatives
on April 4 approved the Family Privacy Protection Act of 1995 by a 
vote of 418-7.  

The bill requires that anyone conducting a survey funded in part with
federal funds must obtain the prior written consent of parents of
minors before the children can be surveyed about a number of sensitive
areas. Those areas include parental political affiliation or beliefs;
mental or psychological problems; sexual behavior or attitudes;
illegal, antisocial, or self incriminating behavior; privileged
relationships such as with physicians or clergy; and religious
affiliations or beliefs. Congress enacted a provision last year that
only prohibited the Department of Education from asking these
questions.

There are exceptions for criminal investigations for child abuse,
immigration, tax and customs laws, financial eligibility and academic
tests.  It is now pending before the Senate Committee on Governmental
Affairs.

The text of the bill is available at cpsr.org /cpsr/privacy/epic/
104th_congress_bills/hr1271_family_privacy.txt



 [6] Russian Decree on Crypto




According to a memo prepared for the Washington law firm of Steptoe &
Johnson, Russian President Yeltsin's edict "On Measures to Observe the
Law in Development, Production, Sale and Use of Encryption Devices and
on  Provision of Services in Encrypting Information" (April 3, 1995)
will restrict the use of encryption technologies by Russian government
agencies, State-owned, private and foreign entities.

The Edict bans the development, import, sale and use of unlicensed
encryption devices, as well as of "protected technological means of
storage, processing and transmission of information", and directs the
Federal Counterintelligence Service and other enforcement agencies to
ensure compliance and to prosecute violators.

The Edict designates the Federal Agency of Government
Telecommunications and Information attached to the Office of the RF
President (FAGTI)as the authority responsible for the review of
applications and issuance of licenses.  The FAGTI, headed by a
Director General, reports directly to the RF President and -- in a
familiar combination of SIGINT and COMSEC authority -- is responsible
for the security of government communications, as well as for
intelligence operations in connection with encrypted and coded
information  The intelligence branch of FAGTI, also headed by a
Director General, is semi-autonomous and and operates "in accordance
with the Russian  Federation Law 'On External Intelligence'".

At least one article written by a prominent Russian mathematician and
published in the influential Russian newspaper Izvestia on April 20,
1995 harshly criticized the Edict as overbroad, granting unlimited
discretion to the secret police and ignorant customs officers,
violating civil rights, creating obstacles for international
cooperation in the field of exchange and processing of information,
and making meaningless the recently adopted intellectual property
laws.  The article expresses concern that the new statutes seek to
revive and legitimize KGB methods in controlling Russian society.

Thanks again to the firm of Steptoe & Johnson for this information.



[7] Wiretap Watch: More Freeh on Encryption




From Senate Judiciary Committee Hearing on Terrorism, April 27, 1995

"...  Just as important and perhaps more frightening and more
destructive is terrorists communicating over the Internet in encrypted
conversations, for which we will have no available means to read and
understand unless that encryption problem is dealt with immediately."
...

From Hearing of the House Judiciary Committee on International Terrorism,
April 6, 1995

"... An even more difficult problem with respect to counterterrorism
fighting has to do with encryption.  Powerful drug cartels as well as
terrorist organizations are aware of the hiding and concealing power
of strong encryption and are making headway to develop that technology
to defeat counterterrorism investigations. This will be an increasing
technology problem, which we know the Congress is eager to take up."



[8] EPIC Privacy Resources



   
   -> Oppose the National Wiretap Plan!  Email wiretap@epic.org,
      call 1-800-651-1489, or http://epic.org/wiretap/

   -> Check out the EPIC Web Page - http://epic.org
      New information on the Counter terrorism proposals in Congress
      and analysis by Georgetown Law School Professor David Cole

The EPIC Online Guide to Privacy Resources (updated 4/16/95) contains 
a complete listing of privacy resources
(http://cpsr.org/cpsr/privacy/epic/privacy_resources_faq.html)

The EPIC Legislative Overview lists bills in the 104th Congress 
that affect Civil Liberties and Privacy (updated 3/22/95) 
(http://cpsr.org/cpsr/privacy/epic/104th_congress_bills/)



[9] Upcoming Privacy Related Conferences and Events




The 1995 Summer Security Conference "Summercon." June 2-4 1995.
Atlanta, GA. Speakers include Eric Hughes (cypherpunks), Bob Stratton
(Alternet). Email scon@fc.net or http://www.fc.net/scon.html

Society and the Future of Computing 95. June 11-14,1995. Durango,
Colorado. Sponsored by USACM. Email sfc95@lanl.gov
http://www.lanl.gov/LANLNews/Conferences/.sfc95/sfcHome.html

INET '95. June 28-30, 1995. Honolulu, HI. Sponsored by the Internet
Society. Speakers on privacy include Frank Tuerkheimer (University of
Wisconsin School of Law.), Marc Rotenberg (EPIC), Bill Burrington
(AOL). Contact inet95@isoc.org.

Key Players in the Introduction of Information Technology: Their
Social Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: nolod@ccr.jussieu.fr.

DEF CON III. August 4-6, 1995. Las Vegas. Major hacker conference.
Contact: dtangent@defcon.org or http://dfw.net/~aleph1/defcon

Advanced Surveillance Technologies. Sept. 4, 1995. Copenhagen,
Denmark. Sponsored by Privacy International and EPIC. Contact
pi@privacy.org. HTTP://privacy.org/pi/conference/

17th International Conference of Data Protection and Privacy
Commissioners. September 6-8, 1995. Copenhagen, Denmark. Sponsored by
the Danish Data Protection Agency.  Contact Henrik Waaben, +45 33 14
38 44 (tel), +45 33 13 38 43 (fax).

InfoWarCon '95. September 7-8, 1995. Arlington, VA. Sponsored by NCSA
and OSS. Email: Winn@Infowar.Com.

"Managing the Privacy Revolution." Privacy & American Business. Oct.
31 - Nov. 1, 1995. Washington, DC.  Speakers include C.B. Rogers
(Equifax). Contact Alan Westin 201/996-1154.

11th Annual Computer Security Applications Conference: The conference
includes technical papers, panels, vendor presentations, and tutorials
that address the application of computer security and safety
technologies in the civil, defense, and commercial environments.
December 11-15, 1995, New Orleans, Louisiana. Contact Vince Reed at
(205)890-3323 or vreed@mitre.org.

               (Send calendar submissions to Alert@epic.org)





The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe, send the message:

    SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname

to listserv@cpsr.org.  You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce.

Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org
/cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). An
HTML version of the current issue is available from
http://epic.org





The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues.  For more information, email info@epic.org, WWW at
HTTP://epic.org or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202)
547-5482 (fax).

The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a
national membership organization of people concerned about the impact
of technology on society.  For information contact: cpsr-info@cpsr.org

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act
litigation, strong and effective advocacy for the right of privacy and
efforts to oppose Clipper and Digital Telephony wiretapping proposals.

Current FOIA cases include: EPIC v. National Security Council (effort
to uncover information surrounding Security Policy Board, EPIC v. FBI 
(effort to obtain information justifying wiretap legislation),  CPSR v. 
National Security Agency (records relating to Clipper and NSA decision to 
classify public documents), CPSR v. National Institute of Standards and
Technology (records regarding development of Digital Signature Standard), 
and CPSR v. Secret Services (activities of Secret Service in beak-up of 2600 
group at Pentagon City)

Thank you for your support.