EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 4.11	                                 July 23, 1997
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] AOL to Sell Subscriber Telephone Numbers
[2] Search Engine Rating Scheme Touted at White House
[3] Another House Committee Approves SAFE Crypto Bill
[4] FTC Acts on Kids' Privacy
[5] Cellular Phone Group Asks FCC to Set Wiretap Standards
[6] New Bills in Congress
[7] New at the EPIC Bookstore
[8] Upcoming Conferences and Events
[1] AOL to Sell Subscriber Telephone Numbers
In a quiet change to its privacy policy, America Online will soon be
adding subscriber phone numbers to the list of personal information that
it sells to direct marketers.  The company may also match member lists
against "publicly available third-party data" to develop lists for
outside direct mail opportunities.  Previously, AOL's privacy policy
prevented the disclosure of subscriber telephone numbers, while allowing
the company to sell member names and addresses.
The new policy, which is to take effect on July 31, can be found in the
relatively obscure "Terms of Service" area of the online service.  No
notice of the new policy has been provided on the "Welcome" screen where
new AOL features are typically announced.  The revised policy states that
     We make our mailing list (name and address) available to
     select independent companies that offer products and information
     we think may interest you.  Additionally, we may make the list
     with telephone numbers available to companies with which AOL,
     Inc. has contractual marketing and online relationships for the
     purpose of permitting such companies to offer products and
     services over the telephone.  AOL, Inc. may also match the
     Member lists against publicly available third-party data
     (demographic information, areas of interest, etc.) to develop
     lists for use by these companies.
The new policy, which is to take effect on July 31, also points out that
AOL discloses individual information in an aggregated form in order to
describe its services to prospective partners, advertisers and other
third parties.  AOL may also use publicly available third-party data such
as demographic information and areas of interest to assist AOL in their
"programming, editorial research and to offer special opportunities to
our Members."
While AOL will generally not disclose "navigational" or "transactional"
information (such as where you go or what you buy through AOL) to third
parties, it may use such information to develop member lists for
companies with which AOL has a contractual marketing relationship.
For years (and most recently before the Federal Trade Commission),
industry has argued that self-regulation and not legislation is the only
way to ensure that businesses protect individual privacy in electronic
media.  If AOL's new privacy policy is representative of industry's
vision of what self regulation entails, users may have real cause for
More information on online privacy is available at:
[2] Search Engine Rating Scheme Touted at White House
Leading industry groups suggested on July 16 that they may exclude
material from widely used search engines unless the authors agree to
attach subjective rating labels to all web pages and other online
information. Less than three weeks after the Supreme Court struck down
the Communications Decency Act, a far more sweeping proposal to restrict
information available on the Internet -- "filtering," "blocking" and
rating online content -- was touted at a White House summit meeting.
Announcing the Administration's "Strategy for a Family Friendly
Internet," President Clinton described the private sector initiative that
will presumably preclude the need for new content-control legislation:
     For ["family-friendly"] controls to work to their full
     potential, we also need to encourage every Internet site,
     whether or not it has material harmful for young people, to
     label its own content as the Vice President described just a
     few moments ago. To help to speed the labeling process along,
     several Internet search engines -- the Yellow Pages of
     cyberspace, if you will -- will begin to ask that all Web
     sites label content when applying for a spot in their
     I want to thank Yahoo, Excite and Lycos for this important
     commitment. You're helping greatly to assure that self-
     labeling will become the standard practice. And that must
     be our objective.
While such an approach might seem preferable to CDA-type legislation at
first glance, it raises the specter of an Internet where only the
equivalent of "PG" rated content could be found through the search
engines users have come to depend on.  EPIC is encouraging users to
contact the search services and oppose such rating requirements as
fundamentally at odds with free speech principles.
More information on filtering/blocking/rating, and contact information
for the major search engines, is available at:
[3] Another House Committee Approves SAFE Crypto Bill
The House International Relations Committee approved the SAFE encryption
bill on July 22.  The legislation, which had already been approved by the
House Judiciary Committee, would substantially relax U.S. export controls
on encryption.  By a vote of 22-13, the committee rejected an amendment
offered by Chairman Benjamin Gilman (R-NY) that would have permitted the
President to maintain strict controls on the technology upon a finding
that "the export of such items would adversely affect the national
The Committee's rejection of Gilman's amendment was particularly
significant, given that top officials from the FBI, National Security
Council and the Drug  Enforcement Agency took the unusual step of
appearing before the panel to warn that use of encryption by criminals
would hamper their ability to fight crime.  Secretary of Defense William
Cohen also transmitted a written appeal to the Committee members in which
he urged rejection of the SAFE bill.
While encryption reform efforts have moved forward in the House,
prospects in the Senate are less promising.  On June 18, the Senate
Commerce Committee approved the Secure Public Networks Act (S. 909),
which was introduced by Sens. Bob Kerrey (D-NE) and John McCain (R-AZ).
That bill contains a number of coercive measures that would force
widespread domestic adoption of key escrow encryption techniques
The SAFE bill will now be considered by the Commerce, National Security,
and Intelligence committees in the House, which are expected to vote on
the legislation by early September.
More information on the SAFE bill is available at:
[4] FTC Acts on Kids' Privacy
The Federal Trade Commission has found that a web site which collects
data from kids and then sells it without notice is engaging in a
deceptive business practice in violation of the Federal Trade Commission
The Center for Media Education brought the complaint against KidsCom on
May 13, 1996, charging that the popular children's Web site was using
deceptive and unfair practices to market to children.  CME filed the
petition in an effort to address the growing problem of deceptive and
unfair marketing practices targeting children on the Web.
The Commission's action marks the first formal articulation of policy by
the agency's Bureau of Consumer Protection regarding what is permissible
when marketing to children online.  The FTC letter sets out broad
principles that apply generally to online information collection from
children. The FTC stated that:
     A practice is unfair under Section 5 if it causes, or is likely
     to cause, substantial injury to consumers which is not reasonably
     avoidable and is not outweighed by countervailing benefits to
     consumers or competition.(11) We believe that it would likely
     be an unfair practice in violation of Section 5 to collect
     personally identifiable information, such as name, e-mail
     address, home address or phone number, from children and
     sell or otherwise disclose such identifiable information to
     third parties without providing parents with adequate notice,
     as described above, and an opportunity to control the
     collection and use of the information.
Because KidsCom changed the operation of its website after the CME
complaint was filed, the FTC said that it would take no enforcement
action. The FTC letter concluded:
     We will continue to monitor KidsCom, as well as other
     commercial Web site operators, to ascertain whether they may
     be engaged in deceptive or unfair practices. Hereafter, staff
     may recommend law enforcement proceedings against marketers
     who engage in deceptive information practices, or who unfairly
     use personally identifiable information collected from
FTC Letter Ruling is available at:
CME Statement is available at:
[5] Cellular Phone Group Asks FCC to Set Wiretap Standards
The Cellular Telephone Industry Association (CTIA) on July 16 asked the
Federal Communications Commission to step in to help develop the
standards for wiretapping under the Communications Assistance for Law
Enforcement Act (CALEA).  The telephone industry and the FBI have been
quietly meeting for two years to develop the new standards required by
the law.  The CTIA is objecting to additional FBI demands not included in
the law such as that cellular phones function as tracking devices.
In a July 15 letter to FBI Director Louis Freeh, the head of CTIA, Thomas
Wheeler, called the FBI position "intractable" and detailed how FBI and
law enforcement objections prevent an industry-sponsored standard from
being adopted.  In response, the Bureau called the CTIA action a "short
circuit" of the standards process and denied that it was seeking
additional powers.  Both the industry position and the FBI demands are
problematic from a privacy perspective, as both would facilitate easier
wiretapping and the collection of transactional information.
CALEA requires that all telecommunications providers redesign their
systems by October 1998 to make wiretapping of new communications
technologies easier.  Phone companies are eligible to receive $500
million from the FBI to implement the new systems.
More information on CALEA and wiretapping is available from:
[6] New Bills in Congress
H.R. 2180. On-Line Copyright Liability Limitation Act.  Would limit
liability for online service providers that are not aware that
copyrighted materials are going over their networks.  Introduced by Rep.
Coble (R-NC) on July 16. Referred to the Committee on the Judiciary.
H.R.2198.  Genetic Privacy and Nondiscrimination Act of 1997.  Would
limit use and disclosure of genetic information by health insurance
companies; prohibit employers from attempting to acquire, or to use,
genetic information, or "to require a genetic test of an employee or
applicant for employment" or to disclose the information.  Introduced by
Rep. Stearns (R-FL) on July 17.  Referred to the Committee on Commerce,
and in addition to the Committees on Government Reform and Oversight,
Education and the Workforce, and Veterans' Affairs.
An up-to-date list of pending legislation is available at:
[7] New at the EPIC Bookstore
The EPIC Bookstore includes a wide range of books on privacy,
cryptography and free speech that can be ordered online.  Many of the
books are available at up to 40 percent off list price.
New titles include:
  "Protect Your Privacy on the Internet" by Bryan Pfaffenberger
  "Digital Cash" by Peter Wayner
  "Contested Commodities" by Margaret Jane Radin
Other popular titles:
  "The Right to Privacy" by Ellen Alderman & Caroline Kennedy
  "Who Knows: Safeguarding Your Privacy in a Networked World"
   by Ann Cavoukian & Don Tapscott
  "Applied Cryptography, 2nd Edition" by Bruce Schneier
We are also now featuring _The Tin Drum_ by Gunther Grass.  The novel, a
bizarre but extraordinary diary of a young boy who refuses to grow up
during the rise and fall of Nazi Germany, is considered by some the
greatest German novel written since WWII.  In 1979, the film version of
the Tin Drum received an Academy Award for Best Foreign Film.  However,
in recent months, groups that oppose "pornography" have persuaded the
Oklahoma City Library to remove copies of the film from the public
library.  For this reason, we are now making the book available at the
EPIC Bookstore.
Support the Freedom to Read.
Check out the EPIC Bookstore at:
[8] Upcoming Conferences and Events
Hacking In Progress. August 8-10, 1997. Almere, Netherlands. Sponsored by
Hac-Tic. Contact: http://www.hip97.nl/
Beyond HOPE. August 8-10, New York City. Sponsored by 2600. Contact:
TELECOM Interactive 97.  September 8-14, 1997. Geneva, Switzerland.
Sponsored by the International Telecommunications Union.  Contact:
telecom-interactive@itu.int or http://gold.itu.int/TELECOM/int97/
AST3: Cryptography and Internet Privacy. September 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact: pi@privacy.org.
19th Annual International Privacy and Data Protection Conference.
September 17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data
Protection and Privacy Commission. Email privacy@infoboard.be
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
Managing the Privacy Revolution '97. October 21-23, 1997. Washington, DC.
Sponsored by Privacy and American Business. Contact:
RSA'98 -- The 1998 RSA Data Security Conference.  January 12-16, 1998.
San Francisco, CA.  Contact kurt@rsa.com or http://www.rsa.com/conf98/
             (Send calendar submissions to alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center.  To subscribe, send email to epic-news@epic.org wih
the subject: "subscribe" (no quotes) or use the subscription form at:
Back issues are available at:
The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information.  EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.
Thank you for your support.
  ---------------------- END EPIC Alert 4.11 -----------------------

Return to:

Alert Home Page | EPIC Home Page