============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 4.08 June 5, 1997 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] FTC Privacy Hearings Set to Begin [2] FBI Director Seeks Enhanced Surveillance Capabilities [3] Cryptographers Call Key-Escrow Unworkable [4] Anti-Spam Legislation Introduced [5] Clinton Endorses Privacy Rights [6] Annual U.S. Wiretap Report Released [7] 1997 EPIC Cryptography Sourcebook Now Available [8] Upcoming Conferences and Events ======================================================================= [1] FTC Privacy Hearings Set to Begin ======================================================================= The Federal Trade Commission will hold a week-long public workshop on consumer privacy issues, beginning June 10. Topics will include consumer privacy on-line, children's privacy, unsolicited email (spam), and computer databases. Several surveys, reports, and proposals are expected to be released. The hearing follows a similar hearing last year when the FTC first began exploration of consumer privacy issues. The Electronic Privacy Information Center will be participating in several of the FTC panels. EPIC submitted comments to the FTC in which it argued for an enforceable code of fair information practices and the protection of anonymity on-line. EPIC said that "the best approach for Internet privacy would be to develop a Code of Fair Information Practices that would provide clear guidelines for users and service providers. This is the approach that the United States had historically taken in areas where there was public recognition of the need to protect privacy interests. It is also the approach that many countries are taking today to protect privacy interests in the online world." EPIC will be releasing a report on Internet Privacy at the National Press Club on Monday, June 9. More details will be available at the EPIC web site on Monday. More information on the FTC Public Workshop on Consumer Privacy is available at: http://www.ftc.gov/bcp/privacy2/index.html The EPIC FTC Privacy page (including our comments to the Commission) is available at: http://www.epic.org/privacy/internet/ftc/ ======================================================================= [2] FBI Director Seeks Enhanced Surveillance Capabilities ======================================================================= Testifying before the Senate Judiciary Committee on June 4, FBI Director Louis Freeh asserted that Congress must give the Bureau "the capability to deal with current and future technology" by enhancing its ability to conduct electronic surveillance. Specifically, Freeh called for full funding of the controversial 1994 digital telephony law; enactment of a "balanced legislative solution" to the encryption issue; and new legal authority to conduct "multipoint electronic surveillance." On the encryption front, Freeh told the Committee that the nation is at a "historical crossroads" on the issue and repeated his frequent claim that "uncrackable encryption will allow drug lords, terrorists and even gangs to communicate with impunity." The FBI Director touted key-recovery techniques, criticized pending encryption legislation and suggested a need for domestic controls: Other than some kind of key recovery system, there is no technical solution. Several bills have recently been introduced in Congress that address certain aspects of the encryption issue. The legislative proposals introduced thus far would largely remove existing export controls on encryption and promote the widespread availability and use of any type of encryption, regardless of the impact on public safety and national security, and these proposals do not address the public safety issue associated with the availability and use of encryption within the United States. The full text of Director Freeh's testimony is available at: http://www.epic.org/crypto/legislation/freeh_6_4_97.html ======================================================================= [3] Cryptographers Call Key-Escrow Unworkable ======================================================================= As the White House and the FBI continue to pursue a key-recovery encryption policy, a new study provides important baseline information for evaluating the implications of such an approach to security technology. On May 21, several distinguished cryptographers and computer scientists released a new report, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption." The report is the first in-depth examination of the risks and implications of government-promoted key-recovery systems. The report concludes that "the deployment of a global key-recovery-based encryption infrastructure to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end-user." The authors note that "building a secure infrastructure of the breathtaking scale and complexity demanded by these requirements is far beyond the experience and current competency of the field." The report's authors, recognized leaders in the cryptography and computer science field, include Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller and Bruce Schneier. The text of the report is available at: http://www.crypto.com/key_study/report.shtml ======================================================================= [4] Anti-Spam Legislation Introduced ======================================================================= Two bills designed to regulate unsolicited commercial e-mail were recently introduced in Congress. On May 23, Rep. Chris Smith (R-NJ) introduced H.R. 1748, the Netizen Protection Act of 1997, while Sen. Frank Murkowski (R-AK) introduced S. 771, the Unsolicited Commercial Electronic Mail Choice Act of 1997 on May 21. Both bills attempt to control "spam," or junk e-mail, through the imposition of civil liability or civil penalties. However, the two measures are fundamentally different in the way they attempt to control unsolicited commercial e-mail. Smith's bill takes an "opt-in" approach. This means that unsolicited commercial e-mail would be prohibited unless a potential recipient gives his or her consent to receive the communication. It also includes a provision permitting the transmission of commercial e-mail where there is a pre-existing business or personal relationship between the sender and the recipient. Murkowski's bill contains an "opt-out" provision. This means that unsolicited commercial e-mail could be sent unless a potential recipient affirmatively indicates that they do not want to receive the communication. Such a preference could be sent to the party sending the unsolicited commercial e-mail or to the potential recipient's Internet service provider. The bill would also require that a sender of unsolicited commercial e-mail include the term "advertisement" in the subject line as well as contact information and correct routing information so recipients can identify and contact the sender. If either of these bills become law, they could face Constitutional challenges on the ground that they interfere with the sender's First Amendment right to free speech. Senator Robert Torricelli (D-NJ) is also planning to introduce a bill to regulate unsolicited commercial e-mail, but the details are not yet available. The text of the Smith bill is available at: http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.1748: The text of the Murkowski bill is available at: http://thomas.loc.gov/cgi-bin/query/z?c105:S.771: ======================================================================= [5] Clinton Endorses Privacy Rights ======================================================================= In a commencement address at Morgan State University on May 18, President Clinton called privacy "one of our most cherished freedoms" and said that technology should not "break down the wall of privacy and autonomy free citizens are guaranteed in a free society." The speech contained the most detailed references to personal privacy the President has yet made: Today, when marketers can follow every aspect of our lives, from the first phone call we make in the morning to the time our security system says we have left the house, to the video camera at the toll booth and the charge slip we have for lunch, we cannot afford to forget this most basic lesson. As the Internet reaches to touch every business and every household and we face the frightening prospect that private information -- even medical records -- could be made instantly available to the world, we must develop new protections for privacy in the face of new technological reality. The President also called for legislation to prohibit insurance companies from using genetic screening information to determine the premium rates or eligibility of Americans for health insurance. The full text of the Presidential address is available at: http://www.epic.org/privacy/laws/clinton_speech_5_18_97.html ======================================================================= [6] Annual U.S. Wiretap Report Released ======================================================================= The use of electronic surveillance for criminal and national security investigations increased substantially in 1996, according to statistics recently released by the Administrative Office of the U.S. Courts and the Department of Justice. Court orders for national security wiretaps and bugs approved under the Foreign Intelligence Surveillance Act (FISA) increased at the greatest rate, rising over 20 percent, from 697 orders in 1995 to 839 orders in 1996. Such orders are approved by the Foreign Intelligence Surveillance Court, a secretive panel of nine judges appointed by the Chief Justice of the United States. No FISA applications were denied in 1996 -- indeed, the FISA court has never denied a request for a surveillance order in its 20-year existence. Court orders for electronic surveillance by state and federal agencies for criminal purposes also increased, from 1058 in 1995 to 1150 in 1996 (a nine percent increase). However, for the first time in eight years, a court denied a surveillance application. Extensions of surveillance orders increased from 834 to 887. In all, interceptions were in effect for a total of 43,635 days in 1996. The vast majority of interceptions continued to occur in drug-related cases: 71.4 percent (821 total) for drug investigations; 9.9 percent (114) for gambling; 9.1 percent (105) for racketeering; 3.5 percent (41) for homicide and assault and a few each for bribery, kidnapping, larceny and theft, and loan sharking. No orders were issued for "arson, explosives, and weapons" investigations. Electronic surveillance continued to be relatively inefficient. Overall, 2.2 million conversations were captured in 1996. A total of 1.7 million intercepted conversations were deemed not "incriminating" by prosecutors. Each interception resulted in the capture of an average of 1,969 conversations. Prosecutors reported that on average, 422 (21.4 percent) of the conversations were "incriminating." Federal intercepts were particularly efficient, with only 15.6 percent of the intercepted conversations reported as "incriminating." More information on wiretapping is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [7] 1997 EPIC Cryptography Sourcebook Now Available ======================================================================= The 1997 edition of EPIC's "Cryptography and Privacy Sourcebook" is now available. The 300-page volume contains an extensive collection of key documents central to the controversies over privacy and security in the Information Age. Included are reports, briefing papers, pending bills and materials obtained under the Freedom of Information Act detailing the development of U.S. government policy on encryption. As the National Research Council has noted, "important source documents can be found ... in the cryptography policy source books published annually by the Electronic Privacy Information Center." To order: send payment of $25 (check or cash) to Sourcebook, EPIC, 666 Pennsylvania Ave., S.E., Washington, DC 20003. Please allow three weeks for delivery within the U.S. ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Ethics in the Computer Society: The Second Annual Ethics and Technology Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola University Chicago. http://www.math.luc.edu/ethics97 Public Workshop on Consumer Privacy. June 10-13, 1997. Washington, DC. Sponsored by the Federal Trade Commission. Contact: http://www.ftc.gov/os/9703/privacy.htm Cyberpayments 97. June 19-20, 1997. Washington, DC. Sponsored by NACHA. Contact: http://www.nacha.org INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala Lumpur, Malaysia. Sponsored by the Internet Society. Contact: inet97@isoc.org or http://www.isoc.org/inet97 Informational Meeting of the Global Internet Liberty Campaign (GILC). June 25, 1997. INET 97, Putra World Trade Center, Kuala Lumpur, Malaysia. Contact: rotenberg@epic.org. Privacy Laws & Business 10th Anniversary Conference. July 1-3, 1997. St. John's College, Cambridge, England. Contact: info@privacylaws.co.uk. 4th Annual Privacy Issues Forum., July 10-11, 1997. Auckland, New Zealand. Sponsored by NZ Privacy Commissioner. Contact: Terry Debenham, Fax +649-302 2305 or email privacy@iprolink.co.nz. Communities, Culture, Communication, and Computers (C**5): On the Role of Professionals in the Information Age. August 20-22, 1997. Paderborn, Germany. Sponsored by FIFF. Contact: c5@uni-paderborn.de AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels, Belgium. Sponsored by Privacy International. Contact: pi@privacy.org. http://www.privacy.org/pi/conference/brussels/ 19th Annual International Privacy and Data Protection Conference. Sept. 17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection and Privacy Commission. International Conference on Privacy. September 23-26, 1997. Montreal, Canada. Sponsored by the Commission d'Acces a l'information du Quebec. http://www.confpriv.qc.ca/ Managing the Privacy Revolution '97. October 21-23, 1997. Washington, DC. Sponsored by Privacy and American Business. Contact: http://shell.idt.net/~pab/conf97.html (Send calendar submissions to alert@epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or use the subscription form at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 4.08 -----------------------
Alert Home Page | EPIC Home Page