============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 4.02 January 24, 1997 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] Appeals Court Punts Crypto Export Case [2] Stage Set for Supreme Court CDA Showdown [3] FBI Releases New Wiretap Capacity Notice [4] New Government Crypto Algorithm Sought [5] States Introduce New Privacy Bills [6] EPIC Congressional Bill Tracking [7] Upcoming Conferences and Events ======================================================================= [1] Appeals Court Punts Crypto Export Case ======================================================================= The federal appeals court in Washington, DC has decided to sit out the battle over encryption policy, at least for now. In a brief decision issued on January 21, the court remanded Philip Karn's legal challenge to encryption export controls back to the lower court (which rejected Karn's claims last year). The court acted "in light of the recent Executive Order transferring regulatory authority of non-military cryptographic computer source code to the Commerce Department, and the Commerce Department's promulgation of a new regulation [controlling exports]." Despite a spirited discussion of the status of source code under the First Amendment at the oral argument in the case on January 10, the court expressly declined to "reach the constitutional issues raised by this appeal." EPIC, joined by the ACLU, Internet Society, and the U.S. Public Policy Committee of the Association for Computing Machinery, filed a "friend of the court" (amicus) brief in support of Karn's position. The court's decision returns the focus of attention to Congress, where Sen. Conrad Burns will re-introduce the "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act" next week. Sen. Burns, joined by Sen. Patrick Leahy, will appear via satellite at the RSA Data Security Conference in San Francisco, following the keynote address of the Administration's "crypto czar," Ambassador David Aaron. The Senators are expected to announce a new legislative push for Pro-CODE, which would substantially relax export controls on encryption. A copy of the court's decision in the Karn case, and other materials on cryptography export controls, is available at: http://www.epic.org/crypto/export_controls/ ======================================================================= [2] Stage Set for Supreme Court CDA Showdown ======================================================================= The U.S. Supreme Court has scheduled oral argument in Reno v. ACLU for March 19 at 10 a.m. The decision in the landmark case will be the high court's first pronouncement on the crucial issue of free speech in cyberspace. The specific question before the Court is whether the Communications Decency Act (CDA), which criminalizes the transmission of "indecent" material via the Internet, violates the constitutionally protected rights of net users. A three-judge court in Philadelphia struck down the CDA last June, and the government appealed that ruling to the Supreme Court. In a brief filed on January 21, the Justice Department argues that the full potential of the Internet can only be realized if parents can be assured that their children will not be exposed to "indecency" on the net. The government further contends that a system of "age verification" could be imposed on websites to prevent minors from accessing such material. Such a procedure would, among other things, eliminate users' ability to receive information anonymously on the Internet and require the maintenance of logs identifying all recipients of material that might be deemed "indecent" or "offensive" under the CDA. Briefs challenging the CDA are due to be filed on February 20. EPIC is participating as both plaintiff and co-counsel in Reno v. ACLU. An extensive archive of materials on the case is available at: http://www.epic.org/cda/ ======================================================================= [3] FBI Releases New Wiretap Capacity Notice ======================================================================= On January 14, the Federal Bureau of Investigation released a revised notice detailing the level of telecommunications surveillance it seeks under the Communications Assistance for Law Enforcement Act of 1994 (the "digital telephony" law). The notice is the Bureau's second attempt to set forth its demands for increased surveillance capacity. The first notice, issued in October 1995, was widely criticized as an open-ended blueprint for a massive expansion of law enforcement snooping. The new request, while somewhat more clearly presented, also anticipates significant growth in surveillance activity. The new FBI notice calls for substantial increases in surveillance of both landline and wireless communications over the next ten years, with a total maximum capacity of 57,749 simultaneous intercepts to be conducted in the United States. Calculating out the percentages provided by the FBI, by 1998 the FBI anticipates an increase of 33 percent of landline interceptions and 70 percent of wireless phones. By 2004, the Bureau estimates a total increase of 74 percent in interceptions of landline phones and 277 percent in wireless phones. Public comments on the FBI notice are due by February 17. They should be submitted in triplicate to the Telecommunications Industry Liaison Unit, Federal Bureau of Investigation, P.O. Box 220450, Chantilly, VA 20153-0450. A copy of the notice and is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [4] New Government Crypto Algorithm Sought ======================================================================= The U.S. National Institute of Standards and Technology (NIST) has issued a notice calling for a new encryption algorithm to replace the Data Encryption Standard (DES). The new standard, to be called the Advanced Encryption Standard (AES) must be a public, symmetric block cipher with a flexible key length, that can be implemented into hardware or software and free from patent restrictions. The new algorithm reflects the failure of the Skipjack algorithm (that was implemented in the Clipper Chip and the Fortezza card) to be adopted by the marketplace. However, a separate NIST advisory committee made up of government officials and supporters of key escrow is developing a "key management infrastructure" that would be used with the new algorithm. A copy of the NIST notice is available at: http://www.epic.org/crypto/aes_notice.html ======================================================================= [5] State Privacy Roundup ======================================================================= Nevada Junk Email Bill. In Nevada, Senator William Raggio, the majority leader of the Nevada Senate, introduced a bill (S.B. 13) that would prohibit sending unsolicited email for commercial purposes. New Jersey Kids Privacy. In New Jersey, Sen. Robert W. Singer has introduced the Children's Privacy Protection and Parental Empowerment Act. The bill would prohibit marketers from disclosing information about children without their parents' consent. It is based on the federal bill introduced by Rep. Bob Franks. California Car Tracking. In California, Sen. John Burton, chair of the Judiciary Committee, plans to introduce legislation that would prohibit police from placing tracking devices on people's cars without a warrant. The bill was written after the Orange County Registrar reported that police used hundreds of these devices each year without ever informing the targets, their lawyers or the court. Maryland Data Matching. The legislature is debating a bill to authorize data matching of records using Social Security Numbers. Clifford W. Layman, director of the Maryland Child Support Enforcement Administration, testified that under the new federal welfare bill, Maryland would loose $229 million in federal funds unless "the state records social security numbers on marriage applications, divorce decrees, paternity and support orders, death certificates and drivers', professional and occupational license applications. The state must also grant child support agencies authority to sift through utility, cable and financial company information to search for non-paying parents." ======================================================================= [6] EPIC Congressional Bill Tracking ======================================================================= EPIC has created a bill tracking service for privacy and online civil liberties bills introduced in the 105th Congress. The service links to a copy of each bill, summarizes the relevant provisions, links to any floor statements, analysis or testimony and provides the name of the sponsor and its current status. The EPIC Online Guide to 105th Congress Privacy and Cyber-Liberties Bills is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] Upcoming Conferences and Events ======================================================================= 1997 RSA Data Security Conference. January 28-31, 1997. San Francisco, CA. Contact: http://www.rsa.com Shaping the Future: Law, Electronic Commerce and the [Superhigh]way Ahead. February 1, 1997. San Francisco, California. Sponsored by Hastings Communications and Entertainment Law Journal, Hewlett-Packard, and Wilson Sonsini Goodrich & Rosati. Contact: Curtis RauFinancial Cryptography 1997 (FC97). February 24-28, 1997. Anguilla, BWI. Sponsored by the International Association for Cryptologic Research. http://www.cwi.nl/conferences/FC97 DIAC- Community Space and CyberSpace- What's the Connection? March 1-2, 1997. Seattle, WA. Sponsored by CPSR. Contact: http://www.scn.org/tech/diac-97/index.html ACM'97 -- The Next 50 Years of Computing. March 3-5, 1997, San Jose, CA. Sponsored by the Association for Computing. Contact: http://www.acm.org/acm97. CFP97: Commerce & Community. March 11-14, 1997. Burlingame, California. Sponsored by the Association for Computing Machinery. Contact: cfp97@cfp.org or http://www.cfp.org Eurosec'97: the Seventh Annual Forum on Information Systems Quality and Security. March 17-19, 1997. Paris, France. Sponsored by XP Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/ CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and Control June 4-7, 1997. Chicago, Illinois. Sponsored by the John Marshall Law School. Contact: cyber97@jmls.edu. Ethics in the Computer Society: The Second Annual Ethics and Technology Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola University Chicago. http://www.math.luc.edu/ethics97 INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala Lumpur, Malaysia. Sponsored by the Internet Society. Contact: inet97@isoc.org or http://www.isoc.org/inet97 Privacy laws & Business 10th Anniversary Conference. July 1-3, 1997. St. John's College, Cambridge, England. Contact: info@privacylaws.co.uk. AST3: Cryptography and Privacy. September 15, 1997. Brussels, Belgium. Sponsored by Privacy International and EPIC. Contact: pi@privacy.org. 19th Annual International Privacy and Data Protection Conference. Sept 17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection Commission. International Conference on Privacy. September 23-26, 1997. Montreal, Canada. Sponsored by the Commission d'Acces a l'information du Quebec. (Send calendar submissions to alert@epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or use the subscription form at: http://www.epic.org/alert/subscribe.html Back issues are available via http://www.epic.org/alert/ ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national id cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info@epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 4.02 -----------------------