EPIC logo
   
      =============================================================
   
          @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
          @     @  @   @   @        @ @   @     @     @  @    @
          @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
          @     @      @   @       @   @  @     @     @  @    @
          @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   
      ==============================================================
      Volume 4.02                                  January 24, 1997
      --------------------------------------------------------------
   
                               Published by the
                 Electronic Privacy Information Center (EPIC)
                               Washington, D.C.
   
                             http://www.epic.org/
   
   =======================================================================
   Table of Contents
   =======================================================================
   
   [1] Appeals Court Punts Crypto Export Case
   [2] Stage Set for Supreme Court CDA Showdown
   [3] FBI Releases New Wiretap Capacity Notice
   [4] New Government Crypto Algorithm Sought
   [5] States Introduce New Privacy Bills
   [6] EPIC Congressional Bill Tracking
   [7] Upcoming Conferences and Events
   
   =======================================================================
   [1] Appeals Court Punts Crypto Export Case
   =======================================================================
   
   The federal appeals court in Washington, DC has decided to sit out the
   battle over encryption policy, at least for now.  In a brief decision
   issued on January 21, the court remanded Philip Karn's legal challenge
   to encryption export controls back to the lower court (which rejected
   Karn's claims last year).  The court acted "in light of the recent
   Executive Order transferring regulatory authority of non-military
   cryptographic computer source code to the Commerce Department, and the
   Commerce Department's promulgation of a new regulation [controlling
   exports]."  Despite a spirited discussion of the status of source code
   under the First Amendment at the oral argument in the case on January
   10, the court expressly declined to "reach the constitutional issues
   raised by this appeal."  EPIC, joined by the ACLU, Internet Society,
   and the U.S. Public Policy Committee of the Association for Computing
   Machinery, filed a "friend of the court" (amicus) brief in support of
   Karn's position.
   
   The court's decision returns the focus of attention to Congress, where
   Sen. Conrad Burns will re-introduce the "Promotion of Commerce On-Line
   in the Digital Era (Pro-CODE) Act" next week.  Sen. Burns, joined by
   Sen. Patrick Leahy, will appear via satellite at the RSA Data Security
   Conference in San Francisco, following the keynote address of the
   Administration's "crypto czar," Ambassador David Aaron.  The Senators
   are expected to announce a new legislative push for Pro-CODE, which
   would substantially relax export controls on encryption.
   
   A copy of the court's decision in the Karn case, and other materials
   on cryptography export controls, is available at:
   
        http://www.epic.org/crypto/export_controls/
   
   =======================================================================
   [2] Stage Set for Supreme Court CDA Showdown
   =======================================================================
   
   The U.S. Supreme Court has scheduled oral argument in Reno v. ACLU for
   March 19 at 10 a.m.  The decision in the landmark case will be the
   high court's first pronouncement on the crucial issue of free speech
   in cyberspace.  The specific question before the Court is whether the
   Communications Decency Act (CDA), which criminalizes the transmission
   of "indecent" material via the Internet, violates the constitutionally
   protected rights of net users.  A three-judge court in Philadelphia
   struck down the CDA last June, and the government appealed that ruling
   to the Supreme Court.
   
   In a brief filed on January 21, the Justice Department argues that the
   full potential of the Internet can only be realized if parents can be
   assured that their children will not be exposed to "indecency" on the
   net.  The government further contends that a system of "age
   verification" could be imposed on websites to prevent minors from
   accessing such material.  Such a procedure would, among other things,
   eliminate users' ability to receive information anonymously on the
   Internet and require the maintenance of logs identifying all
   recipients of material that might be deemed "indecent" or "offensive"
   under the CDA.
   
   Briefs challenging the CDA are due to be filed on February 20.  EPIC
   is participating as both plaintiff and co-counsel in Reno v. ACLU.  An
   extensive archive of materials on the case is available at:
   
        http://www.epic.org/cda/
   
   =======================================================================
   [3] FBI Releases New Wiretap Capacity Notice
   =======================================================================
   
   On January 14, the Federal Bureau of Investigation released a revised
   notice detailing the level of telecommunications surveillance it seeks
   under the Communications Assistance for Law Enforcement Act of 1994
   (the "digital telephony" law).
   
   The notice is the Bureau's second attempt to set forth its demands for
   increased surveillance capacity.  The first notice, issued in October
   1995, was widely criticized as an open-ended blueprint for a massive
   expansion of law enforcement snooping. The new request, while somewhat
   more clearly presented, also anticipates significant growth in
   surveillance activity.
   
   The new FBI notice calls for substantial increases in surveillance of
   both landline and wireless communications over the next ten years,
   with a total maximum capacity of 57,749 simultaneous intercepts to be
   conducted in the United States.  Calculating out the percentages
   provided by the FBI, by 1998 the FBI anticipates an increase of 33
   percent of landline interceptions and 70 percent of wireless phones.
   By 2004, the Bureau estimates a total increase of 74 percent in
   interceptions of landline phones and 277 percent in wireless phones.
   
   Public comments on the FBI notice are due by February 17.  They should
   be submitted in triplicate to the Telecommunications Industry Liaison
   Unit, Federal Bureau of Investigation, P.O. Box 220450, Chantilly, VA
   20153-0450. A copy of the notice and is available at:
   
        http://www.epic.org/privacy/wiretap/
   
   =======================================================================
   [4] New Government Crypto Algorithm Sought
   =======================================================================
   
   The U.S. National Institute of Standards and Technology (NIST) has
   issued a notice calling for a new encryption algorithm to replace the
   Data Encryption Standard (DES).
   
   The new standard, to be called the Advanced Encryption Standard (AES)
   must be a public, symmetric block cipher with a flexible key length,
   that can be implemented into hardware or software and free from patent
   restrictions.
   
   The new algorithm reflects the failure of the Skipjack algorithm (that
   was implemented in the Clipper Chip and the Fortezza card) to be
   adopted by the marketplace.  However, a separate NIST advisory
   committee made up of government officials and supporters of key escrow
   is developing a "key management infrastructure" that would be used
   with the new algorithm.
   
   A copy of the NIST notice is available at:
   
        http://www.epic.org/crypto/aes_notice.html
   
   =======================================================================
   [5] State Privacy Roundup
   =======================================================================
   
   Nevada Junk Email Bill.  In Nevada, Senator William Raggio, the
   majority leader of the Nevada Senate, introduced a bill (S.B. 13) that
   would prohibit sending unsolicited email for commercial purposes.
   
   New Jersey Kids Privacy.  In New Jersey, Sen. Robert W. Singer has
   introduced the Children's Privacy Protection and Parental Empowerment
   Act. The bill would prohibit marketers from disclosing information
   about children without their parents' consent.  It is based on the
   federal bill introduced by Rep. Bob Franks.
   
   California Car Tracking.  In California, Sen. John Burton, chair of
   the Judiciary Committee, plans to introduce legislation that would
   prohibit police from  placing tracking devices on people's cars
   without a warrant. The bill was written after the Orange County
   Registrar reported that police used hundreds of these devices each
   year without ever informing the targets, their lawyers or the court.
   
   Maryland Data Matching.  The legislature is debating a bill to
   authorize data matching of records using Social Security Numbers.
   Clifford W. Layman, director of the Maryland Child Support Enforcement
   Administration, testified that under the new federal welfare bill,
   Maryland would loose $229 million in federal funds unless "the state
   records social security numbers on marriage applications, divorce
   decrees, paternity and support orders, death certificates and
   drivers', professional and occupational license applications.  The
   state must also grant child support agencies authority to sift through
   utility, cable and financial company information to search for
   non-paying parents."
   
   =======================================================================
   [6] EPIC Congressional Bill Tracking
   =======================================================================
   
   EPIC has created a bill tracking service for privacy and online civil
   liberties bills introduced in the 105th Congress.  The service links
   to a copy of each bill, summarizes the relevant provisions, links to
   any floor statements, analysis or testimony and provides the name of
   the sponsor and its current status.
   
   The EPIC Online Guide to 105th Congress Privacy and Cyber-Liberties
   Bills is available at:
   
        http://www.epic.org/privacy/bill_track.html
   
   =======================================================================
   [7] Upcoming Conferences and Events
   =======================================================================
   
   1997 RSA Data Security Conference. January 28-31, 1997. San Francisco,
   CA. Contact: http://www.rsa.com
   
   Shaping the Future: Law, Electronic Commerce and the [Superhigh]way
   Ahead. February 1, 1997. San Francisco, California. Sponsored by
   Hastings Communications and Entertainment Law Journal,
   Hewlett-Packard, and Wilson Sonsini Goodrich & Rosati. Contact: Curtis
   Rau 
   
   Financial Cryptography 1997 (FC97). February 24-28, 1997. Anguilla,
   BWI. Sponsored by the International Association for Cryptologic
   Research. http://www.cwi.nl/conferences/FC97
   
   DIAC- Community Space and CyberSpace- What's the Connection? March
   1-2, 1997. Seattle, WA. Sponsored by CPSR. Contact:
   http://www.scn.org/tech/diac-97/index.html
   
   ACM'97 -- The Next 50 Years of Computing.  March 3-5, 1997, San Jose,
   CA. Sponsored by the Association for Computing. Contact:
   http://www.acm.org/acm97.
   
   CFP97: Commerce & Community. March 11-14, 1997. Burlingame,
   California. Sponsored by the Association for Computing Machinery.
   Contact: cfp97@cfp.org or http://www.cfp.org
   
   Eurosec'97: the Seventh Annual Forum on Information Systems Quality
   and Security. March 17-19, 1997. Paris, France. Sponsored by XP
   Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/
   
   CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and
   Control June 4-7, 1997. Chicago, Illinois. Sponsored by the John
   Marshall Law School. Contact: cyber97@jmls.edu.
   
   Ethics in the Computer Society: The Second Annual Ethics and
   Technology Conference. June 6-7, 1997. Chicago, Ill. Sponsored by
   Loyola University Chicago.  http://www.math.luc.edu/ethics97
   
   INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
   Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
   inet97@isoc.org or http://www.isoc.org/inet97
   
   Privacy laws & Business 10th Anniversary Conference. July 1-3, 1997.
   St. John's College, Cambridge, England. Contact:
   info@privacylaws.co.uk.
   
   AST3: Cryptography and Privacy. September 15, 1997. Brussels, Belgium.
   Sponsored by Privacy International and EPIC. Contact: pi@privacy.org.
   
   19th Annual International Privacy and Data Protection Conference. Sept
   17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection
   Commission.
   
   International Conference on Privacy. September 23-26, 1997. Montreal,
   Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
   
               (Send calendar submissions to alert@epic.org)
   
   =======================================================================
   
   The EPIC Alert is a free biweekly publication of the Electronic
   Privacy Information Center. To subscribe, send email to
   epic-news@epic.org with the subject: "subscribe" (no quotes)
   or use the subscription form at:
   
      http://www.epic.org/alert/subscribe.html
   
   Back issues are available via http://www.epic.org/alert/
   
   =======================================================================
   
   The Electronic Privacy Information Center is a public interest
   research center in Washington, DC. It was established in 1994 to focus
   public attention on emerging privacy issues such as the Clipper Chip,
   the Digital Telephony proposal, national id cards, medical record
   privacy, and the collection and sale of personal information. EPIC is
   sponsored by the Fund for Constitutional Government, a non-profit
   organization established in 1974 to protect civil liberties and
   constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom
   of Information Act litigation, and conducts policy research. For more
   information, email info@epic.org, HTTP://www.epic.org or write EPIC,
   666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544
   9240 (tel), +1 202 547 5482 (fax).
   
   If you'd like to support the work of the Electronic Privacy
   Information Center, contributions are welcome and fully
   tax-deductible. Checks should be made out to "The Fund for
   Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
   SE, Suite 301, Washington DC 20003. Individuals with First Virtual
   accounts can donate at http://www.epic.org/epic/support.html
   
   Your contributions will help support Freedom of Information Act and
   First Amendment litigation, strong and effective advocacy for the
   right of privacy and efforts to oppose government regulation of
   encryption and funding of the National Wiretap Plan.
   
   Thank you for your support.
   
    ---------------------- END EPIC Alert 4.02 -----------------------
   
   


Return to:

Alert Home Page | EPIC Home Page