==============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
==============================================================
Volume 4.10 July 10, 1997
--------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/
=======================================================================
Table of Contents
=======================================================================
[1] Post-CDA: The "Filtering" Debate Begins
[2] ALA Opposes Use of "Filtering" Software in Libraries
[3] Senate Judiciary Committee Holds Crypto Hearing
[4] European Union Rejects Key Escrow Encryption
[5] White House Releases "Framework for Global Electronic Commerce"
[6] New Bills Introduced in Congress
[7] EPIC Bookstore / EPIC Crypto Sourcebook
[8] Upcoming Conferences and Events
=======================================================================
[1] Post-CDA: The "Filtering" Debate Begins
=======================================================================
Within days of the Supreme Court's landmark Internet free speech
decision, various approaches are being touted to control and "filter"
online content. Sen. Dan Coats (R-IN), a principal co-sponsor of the
unconstitutional Communications Decency Act (CDA), announced his
intention to "construct new legislation that will pass the Court's
constitutional standard." Coats' effort is supported by the Christian
Coalition, the Family Research Council, and other proponents of the
CDA.
While Coats has not yet described his new legislative proposal, Sen.
Patty Murray (D-WA) has spelled out the key provisions of her
soon-to-be introduced "Childsafe Internet Act of 1997." The Murray
bill would adopt the "filtering" and "blocking" approach endorsed by
some opponents of the CDA, and make it a criminal offense to "misrate"
websites or "exploit childsafe chat rooms." In a press release
describing her proposed bill, Murray specifically mentioned "filtering"
software such as Cyber Patrol, Net Nanny and Surf Watch and rating
schemes such as PICS (Platform for Internet Content Selection).
More information about the CDA is available at:
http://www.epic.org/cda/
http://www.firstamendment.org/
=======================================================================
[2] ALA Opposes Use of "Filtering" Software in Libraries
=======================================================================
The American Library Association, lead plaintiff in a companion case to
the ACLU/EPIC challenge to the CDA, adopted a "Resolution on the Use of
Filtering Software in Libraries" at its annual conference on July 2. The
ALA said that "The use in libraries of software filters which block
Constitutionally protected speech is inconsistent with the United States
Constitution and federal law ...." The ALA also said that the use of
software violated the Library Bill of Rights.
The ALA defines "blocking/filtering" software to include any mechanism
used to restrict access to Internet content based a database (internal
or external to the product) or based on ratings assigned by a third
party (as in the PICS scheme).
The text of the ALA resolution follows:
RESOLUTION ON THE USE OF FILTERING SOFTWARE IN LIBRARIES
WHEREAS, On June 26, 1997, the United States Supreme Court
issued a sweeping re-affirmation of core First Amendment
principles and held that communications over the Internet
deserve the highest level of Constitutional protection; and
WHEREAS, The Court's most fundamental holding is that
communications on the Internet deserve the same level of
Constitutional protection as books, magazines, newspapers,
and speakers on a street corner soapbox. The Court found
that the Internet *constitutes a vast platform from which to
address and hear from a world-wide audience of millions of
readers, viewers, researchers, and buyers,* and that *any
person with a phone line can become a town crier with a voice
that resonates farther than it could from any soapbox*; and
WHEREAS, For libraries, the most critical holding of the
Supreme Court is that libraries that make content available
on the Internet can continue to do so with the same
Constitutional protections that apply to the books on
libraries' shelves; and
WHEREAS, The Court's conclusion that *the vast democratic
fora of the Internet* merit full constitutional protection
will also serve to protect libraries that provide their
patrons with access to the Internet; and
WHEREAS, The Court recognized the importance of enabling
individuals to receive speech from the entire world and to
speak to the entire world. Libraries provide those
opportunities to many who would not otherwise have them; and
WHEREAS, The Supreme Court's decision will protect that
access; and
WHEREAS, The use in libraries of software filters which block
Constitutionally protected speech is inconsistent with the
United States Constitution and federal law and may lead to
legal exposure for the library and its governing authorities;
now, therefore, be it
RESOLVED, That the American Library Association affirms that
the use of filtering software by libraries to block access to
constitutionally protected speech violates the Library Bill
of Rights.
More information about the ALA Office for Intellectual Freedom is
available at:
http://www.ala.org/oif.html
The Library Bill of Rights is available at:
http://www.ala.org/work/freedom/lbr.html
=======================================================================
[3] Senate Judiciary Committee Holds Crypto Hearing
=======================================================================
The Senate Judiciary Committee heard testimony on key recovery
encryption on July 9. Senator Bob Kerrey (D-NE), sponsor of The Secure
Public Networks Act (S. 909) spoke in support of the need to establish
key escrow encryption across the United States. His views were largely
shared by the next two witnesses, FBI Director Louis Freeh and NSA
Deputy Director William Crowell.
However, policy, industry and technical experts raised questions about
the key escrow proposal. Kenneth Dam, chair of the National Research
Council CRISIS panel, said that the federal government should first
determine whether key escrow works in federal agencies before
recommending its adoption by the private sector. Ray Ozzie, the
inventor of Lotus Notes, said that there were sensible applications for
key escrow in the private sector, but that a law mandating the technique
would likely increase the risk of computer-related crime. And Peter
Neumann, principal scientist at SRI, said that the inherent complexity
of the key escrow proposal raised far-reaching concerns for network
security.
Committee members seemed largely divided over the merits of key escrow.
Senators Feinstein and Kyl expressed support for the effort to require
key escrow, but Senators Ashcroft and Leahy had doubts. Both Senators
noted that there were many inconsistencies in the White House position
on cryptography.
The key person in the key escrow debate will likely be the chairman of
the Senate Judiciary Committee, Senator Orrin Hatch. He must decide
whether to move forward with Senator Kerry's legislation or to consider
other approaches to promote security and privacy on the Internet.
More information on recent developments in crypto policy, including
testimony from the Committee hearing, is available at:
http://www.epic.org/crypto/
The NRC CRISIS report is at:
http://www.nap.edu/readingroom/books/crisis/
=======================================================================
[4] European Union Rejects Key Escrow Encryption
=======================================================================
A Ministerial Conference on the Global Information Network held in Bonn,
Germany concluded this week with a recommendation that European
countries move forward with strong cryptography and promote free choice
of cryptographic services. U.S. officials had quietly lobbied European
ministers at the EU conference to adopt a statement in support of key
escrow/key recovery standards. [See next article].
The recommendation followed an opening speech at the conference by
German Economics Minister Rexrodt in which the Minister called on
countries, including the United States, to remove restrictions to the
development of strong encryption products.
Information on the GIN conference is available at:
http://www2.echo.lu/bonn/pressrel.html
=======================================================================
[5] White House Releases "Framework for Global Electronic Commerce"
=======================================================================
The White House on July 1 released its "Framework for Global Electronic
Commerce." The paper, drafted by a working group coordinated by
Presidential advisor Ira Magaziner, is essentially a rehash of existing
Clinton Administration positions on information policy issues such as
encryption, privacy and free speech. While much was made of the "free
market" approach to Internet issues, an actual reading of the document
shows that the US government will be quite busy promoting new controls
on Internet activity.
On the issue of encryption policy, the paper recommends the continuation
of controls on the export of encryption products and the adoption of a
key escrow/recovery system that would allow government access to keys.
It also notes that the U.S. will continue to attempt to pressure other
countries to adopt key escrow approaches.
On privacy, the working group recommends that industry self-regulation
will provide sufficient protection of consumer privacy. It modifies
this stand slightly for childrens' privacy issues by suggesting that
government action may be required unless voluntary solutions are quickly
offered. The paper is critical of the efforts of the European Union,
where member countries have restricted the flow of personal information
to countries such as the United States, which do not have adequate legal
privacy protections. The policy paper briefly mentions the possibility
of the "appropriate use" of anonymous systems to protect privacy.
On content regulation, the paper notes that "unnecessary regulations
could cripple the growth and diversity of the Internet." The working
group recommends that filtering and ratings systems be adopted so that
laws to restrict content would not be necessary: "to the extent ... that
effective technology becomes available, content regulations
traditionally applied on radio and television would not need to be
applied to Internet." The paper notes that the United States intends to
promote this position before international bodies.
The Framework for Global Electronic Commercen is available at:
http://www.whitehouse.gov/WH/New/Commerce/
=======================================================================
[6] New Bills Introduced in Congress
=======================================================================
H.R. 1964. Communications Privacy and Consumer Empowerment Act
introduced by Rep. Ed Markey (D-MA) on June 19. The bill would require
the Federal Trade Commission and FCC to conduct reviews of privacy and
to propose changes in regulations; promote screening software for
blocking online content; order the NTIA to conduct a survey on network
security and reliability; and prohibit restrictions on encryption sales
in interstate commerce and any key escrow requirements by federal or
state officials. The bill has been referred to the House Commerce
Committee.
H.R. 1972. Children's Privacy Protection and Parental Empowerment Act of
1997. Introduced by Rep. Bob Franks (R-NJ) on June 19. Would prohibit
"list brokers" from selling or purchasing information about children
without written consent of a parent. Would also require marketers to
provide parents access to information collected about a child and
prohibit the use of prison inmate labor to process childrens' data. The
bill has 30 cosponsors. See the EPIC Kids Privacy Page at:
http://www.epic.org/privacy/kids/
=======================================================================
[7] EPIC Bookstore / EPIC Crypto Sourcebook
=======================================================================
The EPIC Bookstore includes a wide range of books on privacy,
cryptography and free speech that can be ordered on-line. Many of the
books are available at up to 40% off list price.
New titles include:
"Protect Your Privacy on the Internet" by Bryan Pfaffenberger
"Digital Cash" by Peter Wayner
"Contested Commodities" by Margaret Jane Radin
Other popular titles:
"The Right to Privacy" by Ellen Alderman & Caroline Kennedy
"Who Knows: Safeguarding Your Privacy in a Networked World"
by Ann Cavoukian & Don Tapscott
"Applied Cryptography" by Bruce Schneier
Also available is the 1997 EPIC Cryptography and Privacy Sourcebook.
Check out the EPIC Bookstore at:
http://www.epic.org/bookstore/
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
Defcon, July 11-13. Las Vegas, NV. Contact: http://www.defcon.org.
4th Annual Privacy Issues Forum. July 10-11, 1997. Auckland, New
Zealand. Sponsored by NZ Privacy Commissioner. Contact: Terry Debenham,
Fax +649-302 2305 or email privacy@iprolink.co.nz.
Hacking In Progress. August 8-10, 1997. Almere, Netherlands. Sponsored
by Hac-Tic. Contact: http://www.hip97.nl/
Beyond HOPE. August 8-10, New York City. Sponsored by 2600. Contact:
http://www.hope.net.
TELECOM Interactive 97. September 8-14, 1997. Geneva, Switzerland.
Sponsored by the International Telecommunications Union. Contact:
telecom-interactive@itu.int or http://gold.itu.int/TELECOM/int97/
AST3: Cryptography and Internet Privacy. September 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact: pi@privacy.org.
http://www.privacy.org/pi/conference/brussels/
19th Annual International Privacy and Data Protection Conference.
September 17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data
Protection and Privacy Commission. Email privacy@infoboard.be
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
http://www.confpriv.qc.ca/
Managing the Privacy Revolution '97. October 21-23, 1997. Washington,
DC. Sponsored by Privacy and American Business. Contact:
http://shell.idt.net/~pab/conf97.html
RSA'98 -- The 1998 RSA Data Security Conference. January 12-16, 1998.
San Francisco, CA. Contact kurt@rsa.com or http://www.rsa.com/conf98/
(Send calendar submissions to alert@epic.org)
=======================================================================
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. To subscribe, send email to epic-news@epic.org wih
the subject: "subscribe" (no quotes) or use the subscription form at:
http://www.epic.org/alert/subscribe.html
Back issues are available at:
http://www.epic.org/alert/
=======================================================================
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research. For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.
---------------------- END EPIC Alert 4.10 -----------------------