EPIC logo
         @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
         @     @  @   @   @        @ @   @     @     @  @    @
         @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
         @     @      @   @       @   @  @     @     @  @    @
         @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
     Volume 4.03                               February 27, 1997
                              Published by the
                Electronic Privacy Information Center (EPIC)
                              Washington, D.C.
  Table of Contents
  [1] New Report Details FBI/European Tapping Agreements
  [2] Airline Security Report Released
  [3] Briefs Filed in Reno v. ACLU Internet "Indecency" Challenge
  [4] Crypto Legislation Introduced
  [5] Clipper Upgrade at DOD/Litigation Update
  [6] State Department Reports Widespread Illegal Wiretapping Worldwide
  [7] New Medical Privacy Survey
  [8] Upcoming Conferences and Events
   [1] New Report Details FBI/European Tapping Agreements
  A report issued on Feb. 24 by Statewatch, a London-based advocacy
  organization, shows that the FBI has been working with its counterparts
  in the European Union for five years to create a "global tapping
  system."  The report reveals the existence of a Memorandum of
  Understanding to ensure that surveillance of all existing and new
  technologies is compatible and coordinated with the FBI's efforts to
  advance its "digital telephony" agenda within the United States.
  The FBI's plan is to facilitate wiretapping worldwide by pressuring
  countries to harmonize national laws on interception; increase
  cooperation of telecommunications providers; ensure equipment has
  interception standards incorporated; and create de facto global
  standards by persuading as many countries as possible to cooperate and
  by providing compatible equipment to non-participating countries.
  To achieve these goals, the FBI and its EU counterparts wrote a
  resolution adopted by the Council of the European Union on "the lawful
  interception of telecommunications."  The Council issued the resolution
  on Jan 17, 1995 (unpublished until November 1996) and a Memorandum of
  Understanding on the requirements that need to be adopted into all
  laws.  The MOU has been signed by the 15 member countries of the EU, and
  the US.  There have also been "expressions of support" from Australia,
  Canada, and Norway.  The FBI and EU have also pushed the requirements as
  standards before the international telecommunications standards bodies
  such as the ITU and pressured other countries to adopt them.
  The requirements are almost exactly the same as the FBI demands for
  digital telephony.  They include "real-time access" to the "entire
  telecommunication transmitted" sent to a "law enforcement monitoring
  facility", access to all associated call data, geographic location
  information for mobile phone users, decrypted information for all
  operator-provided encryption, and response times "in urgent cases within
  hours or minutes."
  The report notes that even countries that do not agree will be
    The strategy appears to be to first get the "Western world" (EU, US
    plus allies) to agree to "norms" and "procedures" and then to sell
    these products to Third World countries -- who even if they do not
    agree to "interception orders" will find their telecommunications
    monitored ... the minute it hits the airwaves.
  The digital telephony proposal has received significant criticism in
  the United States since its adoption in 1994.  The FBI originally
  claimed that law provided a mandate to simultaneously monitor a
  significantly higher percentage of phone lines that is current practice
  in the US.  That interpretation was withdrawn after public protect.
  The FBI then claimed that the law would require the development of a
  global locator system based on the nation's telephone system. That
  interpretation was also withdrawn after public protect.  Several
  members of Congress have said that they will oppose future funding of
  the plan.
  A copy of the Statewatch report, the Council of Europe Resolution and
  more information is available at:
   [2] Airline Security Report Released
  The White House Commission on Airline Safety and Security released its
  final recommendations for improving airline security on February 12.
  The recommendations include a call for the use of the controversial
  technique of "profiling" passengers to determine if they are security
  threats.  This would involve creating new databases of passengers and
  checking those systems each time a person flies.  If the person fits the
  profile, he or she would be subject to more intrusive searches and
  questioning before being permitted to board a flight.  The Commission
  also recommended the use of security profiles developed by the FBI or
  At about the same time that the Commission report was released, the
  Washington Post reported that Arab-Americans were often stopped at
  airports by security officers.
  EPIC has joined a coalition of 19 civil liberties, religious,
  Arab-American and conservative organizations that sent a letter to Vice
  President Gore addressing the privacy implications of the
  recommendations.  The letter urges that ID checks, profiling, and new
  intrusive x-ray technology be rejected, and that all decisions of the
  FAA that might affect civil liberties be open to public scrutiny.
  More information on the issue, including the final report and the
  coalition letter, are available at:
   [3] Briefs Filed in Reno v. ACLU Internet "Indecency" Challenge
  The plaintiffs in the landmark case of Reno v. ACLU submitted their
  briefs to the U.S. Supreme Court on February 20. The case, which will
  be argued on March 19, presents the Court with its first opportunity to
  apply the First Amendment to the Internet and will thus have a lasting
  impact on the medium. The specific issue before the Court is whether a
  special three-judge court in Philadelphia was correct when it enjoined
  enforcement of the controversial Communications Decency Act (CDA) in a
  ground-breaking decision issued last June.
  The brief filed by the ACLU, EPIC and 18 other plaintiffs notes that
  the lower court judges made hundreds of detailed factual findings about
  the Internet to support their conclusion that the CDA is
  unconstitutional. The court's findings conclusively show that it is
  impossible for most speakers on the Internet to distinguish between
  adults and minors in their audience, and therefore they cannot comply
  with the CDA's prohibition against the dissemination of "indecent"
  material to minors. The CDA would thus reduce all Internet
  communication to a level that is suitable for children, a result that
  the Supreme Court has consistently condemned.
  The ACLU/EPIC brief also addresses the privacy implications of the CDA
  -- a point often overlooked in the censorship debate. By making it a
  crime to distribute certain information to minors, the CDA would
  destroy anonymity on the Internet and mandate the use of age and
  identity verification mechanisms to screen the online audience. The
  brief argues that "it is unconstitutional to require adults to
  'register' in order to gain access to constitutionally protected
  speech" and that "a registration requirement would also prevent
  Americans from exercising their First Amendment right to engage in
  communication anonymously on the Internet."
  Briefs were also submitted by the group of plaintiffs led by the
  American Library Association, and dozens of individuals and
  organizations who signed on to the eleven friend-of-the-court
  ("amicus") briefs filed in opposition to the CDA.
  The ACLU/EPIC brief, as well as links to several of the other
  submissions, are available at:
   [4] Crypto Legislation Introduced
  Several bills have been introduced in Congress to liberalize export
  control laws, protect the legal right to use all forms of encryption,
  and to prevent the imposition of mandatory key escrow encryption.  The
  proposals would effectively end the attempt by the White House to force
  the adoption of cryptographic techniques designed for third party
  On February 27, Senator Conrad Burns reintroduced the Pro-CODE
  legislation to promote commerce and privacy on the Internet.  Senator
  Burns said that "support has been building in Congress every year and
  will soon reach a critical mass as it becomes apparant that the
  administration policy could devastate our high-tech sector and a vital
  Internet."  The bill has gained the support of twenty Senators.
  However, one new provision in the bill would create a secret
  Information Security Board that would give law enforcement agencies
  special access to the development of new plans for privacy enhancing
  technologies.  EPIC has said that such a board should operate subject to
  the Federal Advisory Committee Act, which requires that government
  business be conducted in the open.  EPIC also recommended that the board
  be composed of a wide range of organizations, including users groups,
  technical experts, and consumer advocates.  At the same time that
  Senator Burns introduced Pro-CODE, Senator Patrick Leahy (D-VT)
  introduced the Encryption Communications Privacy Act.  The bill would
  protect the right to use encryption, but would criminalize the use of
  encryption in furtherance of a crime and also sets up a legal framework
  to promote key escrow.
  Earlier this month, Rep. Bob Goodlatte (R-VA) re-introduced the Security
  and Freedom Through Encryption (SAFE) Act (H.R. 695).  The bill, which
  has over 50 cosponsors, relaxes crypto export controls and prohibits
  mandatory key escrow.  It also creates new criminal penalties for using
  encryption to further a criminal act.
  More information on encryption policy is available from:
   [5] Clipper Upgrade at DOD/Litigation Update
  Federal Computer Week has reported that the Defense Department plans to
  modify the Fortezza encryption card to no longer generate a "Law
  Enforcement Access Field" or "LEAF."  Fortezza was introduced as a
  companion to the Clipper Chip and uses the same algorithm. Several
  commentators suggested that this development signal the "death of
  Clipper."  In fact, the revision to Fortezza signals its movement
  to Clipper 4.0.
  Sources tell EPIC that the NSA is likely to adopt the "key recovery"
  technology currently being promoted by the U.S. government for use in
  the revised Fortezza card.  The agency hopes that with the new cards, it
  will be able to pressure other government agencies to adopt the
  technology and expand the market for key recovery products, something
  that it was unable to do with Fortezza and the Clipper Chip.
  Meanwhile, the Federal court hearing the 1993 CPSR/EPIC FOIA case
  seeking information on the Clipper Chip has ordered the National
  Security Agency to submit additional information to the court.  The
  court found that the NSA failed to adequately explain why the documents
  it is withholding should not be released.  The agency must submit the
  additional information by March 5.
  And the U.S. Court of Appeals for the D.C. Circuit has modified its
  order remanding the Karn v. Department of State case back down to the
  District Court.  The appellate court has now suggested that the trial
  court examine the procedural and constitutional issues in more detail.
  The ruling is somewhat more favorable to Phil Karn than was the
  original order.
  More information on the Karn case is available at:
  The EPIC Litigation Docket is available at:
   [6] State Department Reports Widespread Illegal Wiretapping Worldwide
  The U.S. State Department reports that privacy invasions and illegal
  wiretapping were widespread across the world in 1996.
  The "Country Reports for Human Rights Practices for 1996" find that
  most countries in the world have constitutional and legal guarantees of
  the right to privacy and the secrecy of mail and communications.
  However, in over 90 countries, the survey reports that police, defense
  and intelligence agencies routinely violate those rights to monitor
  political opponents, human rights workers and journalists.
  This report comes at the same time that the U.S. Justice Department
  continues to push international organizations such as the OECD, G-7,
  Council of Europe and others to promote wiretapping and to limit
  technical tools to prevent illegal electronic surveillance.
  Excerpts from the 1994, 1995 and 1996 State Department reports are
  available at the Privacy International web page at:
   [7] New Medical Privacy Survey
  The Center for Disease Control has released a new report on privacy
  statutes in the United States.  "The Legislative Survey of State
  Confidentiality Laws, with Specific Emphasis on HIV and Immunization"
  was prepared by Professor Lawrence Gostin of Georgetown University Law
  Center, along with Zita Lazzarini of the Harvard School of Public
  Health and Kathleen M. Flaherty of the Georgetown/Johns Hopkins Program
  on Law and Public Health
  The report examines current state and federal laws protecting the
  confidentiality of health information.  It focuses on four specific
  areas: public health information held by government; privately held
  health care information; HIV and AIDS-related information; and
  immunization information.
  The report is available at:
   [8] Upcoming Conferences and Events
  DIAC- Community Space and CyberSpace- What's the Connection? March 1-2,
  1997. Seattle, WA. Sponsored by CPSR. Contact:
  ACM'97 -- The Next 50 Years of Computing. March 3-5, 1997, San Jose,
  CA. Sponsored by the Association for Computing. Contact:
  CFP97: Commerce & Community. March 11-14, 1997. Burlingame, California.
  Sponsored by the Association for Computing Machinery. Contact:
  cfp97@cfp.org or http://www.cfp.org
  Privacy Summit. March 15, 1997, Burlingame, California. 8.30 am - 10.30
  am. Contact: akrause@igc.apc.org or dhurley@well.com
  Eurosec'97: the Seventh Annual Forum on Information Systems Quality and
  Security. March 17-19, 1997. Paris, France. Sponsored by XP Conseil.
  Contact: http://ourworld.compuserve.com/homepages/eurosec/
  CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and
  Control. June 4-7, 1997. Chicago, Illinois. Sponsored by the John
  Marshall Law School. Contact: cyber97@jmls.edu.
  Ethics in the Computer Society: The Second Annual Ethics and Technology
  Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola
  University Chicago. http://www.math.luc.edu/ethics97
  INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
  Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
  inet97@isoc.org or http://www.isoc.org/inet97
  Privacy laws & Business 10th Anniversary Conference. July 1-3, 1997.
  St. John's College, Cambridge, England. Contact:
  AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
  Belgium. Sponsored by Privacy International and EPIC. Contact:
  pi@privacy.org. http://www.privacy.org/pi/conference/brussels/
  19th Annual International Privacy and Data Protection Conference. Sept.
  17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection
  and Privacy Commission.
  International Conference on Privacy. September 23-26, 1997. Montreal,
  Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
  (Send calendar submissions to alert@epic.org)
  The EPIC Alert is a free biweekly publication of the Electronic Privacy
  Information Center. To subscribe, send email to epic-news@epic.org with
  the subject: "subscribe" (no quotes) or use the subscription form at:
  Back issues are available at:
  The Electronic Privacy Information Center is a public interest research
  center in Washington, DC. It was established in 1994 to focus public
  attention on emerging privacy issues such as the Clipper Chip, the
  Digital Telephony proposal, national ID cards, medical record privacy,
  and the collection and sale of personal information. EPIC is sponsored
  by the Fund for Constitutional Government, a non-profit organization
  established in 1974 to protect civil liberties and constitutional
  rights. EPIC publishes the EPIC Alert, pursues Freedom of Information
  Act litigation, and conducts policy research. For more information,
  email info@epic.org, HTTP://www.epic.org or write EPIC, 666
  Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
  (tel), +1 202 547 5482 (fax).
  If you'd like to support the work of the Electronic Privacy Information
  Center, contributions are welcome and fully tax-deductible. Checks
  should be made out to "The Fund for Constitutional Government" and sent
  to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
  Individuals with First Virtual accounts can donate at
  Your contributions will help support Freedom of Information Act and
  First Amendment litigation, strong and effective advocacy for the right
  of privacy and efforts to oppose government regulation of encryption
  and funding of the National Wiretap Plan.
  Thank you for your support.
  ---------------------- END EPIC Alert 4.03 -----------------------


Return to:

Alert Home Page | EPIC Home Page