EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.01	                                 January 26, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Court Blocks Discharge in Navy/AOL Privacy Case
[2] Excerpts From Court Decision in Navy/AOL Privacy Case
[3] EPIC Obtains U.S. Crypto Czar's Travel Records
[4] McCain Announces New Net Censorship Plan
[5] Gore Calls for Genetic Discrimination Ban
[6] Encryption Policy Update
[7] EPIC Bookstore
[8] Upcoming Conferences and Events
[1] Court Blocks Discharge in Navy/AOL Privacy Case
A federal judge has enjoined the dismissal of a highly decorated sailor
after finding that the proposed discharge was based upon information the
Navy obtained from America Online in apparent violation of federal
privacy law.  The decision, issued today by U.S. District Judge Stanley
Sporkin, concludes that Naval investigators "likely" violated the federal
Electronic Communications Privacy Act (ECPA) when they requested and
received confidential subscriber information from AOL, the nation's
largest online service. (Excerpts from the decision are included below).
Navy officials had ordered the discharge of the sailor, Timothy R.
McVeigh (no relation to the convicted Oklahoma City bomber), on the
ground that McVeigh violated the military's "Don't Ask, Don't Tell"
policy on homosexuality.  The Navy's proposed action is based entirely
upon information obtained from AOL linking the sailor to a "screen name"
on the system in which the user's marital status was listed as "gay."
The information was received from AOL in violation of ECPA, which
prohibits the government from obtaining "information pertaining to a
subscriber" without a court order or subpoena.  In addition to the
privacy protections contained in ECPA, AOL's contractual "Terms of
Service" prohibit the company from disclosing such information to *any*
third party "unless required to do so by law or legal process."
McVeigh's lawsuit is the first case to challenge governmental access to
sensitive subscriber information maintained by an online service.  In a
statement issued when the suit was filed last week, EPIC said, "It is an
important test of federal privacy law that will determine whether
government agents can violate the law with impunity, or whether they will
be held accountable for illegal conduct in cyberspace."  EPIC noted that
the incident also raises serious questions concerning the adequacy of
contractual privacy protections like those contained in the AOL
subscriber agreement.
In a letter sent to Navy Secretary John Dalton on January 14, EPIC urged
a postponement of McVeigh's discharge pending an investigation of the
Navy's conduct.  EPIC noted that, "Any other result would make a mockery
of federal privacy law and subject the American people to intrusive and
unlawful governmental surveillance."
More information on the case, including a form for sending faxes to the
White House and the Pentagon, is available at:
[2] Excerpts From Court Decision in Navy/AOL Privacy Case
From the Memorandum Opinion of U.S. District Judge Stanley Sporkin in
McVeigh v. Cohen, et al. (Civil Action 98-116, D.D.C.):
  The [investigative] steps taken by the Navy in its "pursuit" of the
  Plaintiff were not only unauthorized under its [Don't Ask, Don't Tell]
  policy, but likely illegal under the Electronic Communications Privacy
  Act of 1986 (ECPA).  . . .
  The government knew, or should have known, that by turning over the
  information without a warrant, AOL was breaking the law.  Yet the Navy,
  in this case, directly solicited the information anyway.  What is most
  telling is that the Naval investigator did not identify himself when he
  made his request.  . . .
  In these days of "big brother," where through technology and otherwise
  the privacy interests of individuals from all walks of life are being
  ignored or marginalized, it is imperative that statutes  explicitly
  protecting these rights be strictly observed.  . . .
  Certainly, the public has an inherent interest in the preservation of
  privacy rights as advanced by the Plaintiff in this case.  With
  literally the entire world on the world-wide web, enforcement of the
  ECPA is of great concern to those who bare the most personal
  information about their lives in private accounts through the Internet.
  In this case in particular, where the government may well have violated
  a federal statute in its zeal to brand the Plaintiff a homosexual, the
  actions of the Navy must be more closely scrutinized by the Court.
[3] EPIC Obtains U.S. Crypto Czar's Travel Records
Following a year-long legal battle, EPIC has obtained over 500 pages of
materials from the U.S. State Department on the international travels of
David Aaron, the former U.S. Envoy for Cryptography.  Aaron also served
as U.S. Ambassador to the Organization for Economic Cooperation and
Development when the OECD was developing its encryption policy
The released documents show Ambassador Aaron made frequent trips around
the world lobbying for international adoption of key escrow encryption.
He visited Australia, Belgium (both the European Union & Belgian
governments), Canada, France, Germany, Japan, Switzerland and the United
Kingdom.  The documents also indicate that he went to South Africa, and
met with the counselor of the Latvian embassy in Paris and with Russian
Finance Ministry officials.
Even before Aaron was appointed as President Clinton's "Special Envoy for
Cryptography," U.S. State Department messages indicate that the United
States was making overtures to various countries via American embassies
around the world.  These include the diplomatic posts in Canberra,
London, Tokyo, Ottawa, Tel Aviv, Paris, Bonn, The Hague and Moscow.  One
message to these foreign posts announced the revised U.S. cryptography
export policy (the key recovery within two years or "no export" rule).
The public announcement of that policy was made on October 1, 1996.
Aaron apparently was not always greeted warmly in his travels.  In Japan,
the government requested that the meetings be kept secret and that the
press not be informed.  Even the U.S. Embassy in Japan was less than
enthusiastic -- the embassy suggested that Aaron and his delegation could
take the airport bus to their hotel rather than be picked up by an
embassy driver.
[4] McCain Announces New Net Censorship Plan
Sen. John McCain (R-AZ), Chairman of the Senate Commerce Committee,
announced on January 20 that he is planning to introduce a new bill
regulating access to speech on the Internet.  He announced that he will
introduce legislation to link FCC subsidies for public schools' Internet
connections to a requirement that schools "limit students' access to
indecent Internet material in the classroom."
Many observers believe that such a provision would require the
installation of software filters. As EPIC and other groups have found,
filters can restrict access to broad categories of protected speech.  As
such, mandating their use could violate the First Amendment's free speech
guarantees.  McCain later clarified his intent and now says that the
proposed legislation would only require that filters be installed, not
necessarily used.  McCain told the Arizona Star, "I believe they will
turn the filters on once they've seen what's out on the Internet, but I
don't think my judgment is better than theirs."
McCain announced that he would introduce the bill on February 10.
[5] Gore Calls for Genetic Discrimination Ban
Vice President Al Gore announced on January 20 that the White House is
supporting legislation that would bar employers from discriminating
against employees on the basis of genetic information.
Gore said, "We want legislation that will prevent employers from
requesting or requiring genetic information for hiring or for setting
salaries; that will stop employers from using this genetic information to
discriminate or segregate the workplace; and that will ensure that
genetic information is not disclosed without the explicit permission of
the individual."
The Vice President also announced the release of a new report, "Genetic
Information and the Workplace," produced by the Departments of Labor,
Justice and HHS and the EEOC. The report describes cases of genetic
discrimination and reviews previous surveys of the intended use of
genetic information by employers and insurers.
The report reviews state and federal protections and finds that they are
not sufficient to provide Americans with adequate protection against
genetic discrimination in the workplace.  "Federal leadership is
necessary to ensure that all workers are protected against discrimination
based on genetic information."
More information on genetic and medical privacy is available at:
[6] Encryption Policy Update
Sen. John Ashcroft (R-MO) announced at the RSA Data Security Conference
on January 13 that he plans to hold hearings in late February on
encryption legislation.  Sen. John McCain (R-AZ) has also indicated that
he would continue to push his controversial Secure Public Networks Act.
Rep. Bob Goodlatte (R-VA) also indicated that he is continuing to push
for adoption of the SAFE Act (HR 695).
The Commerce Department published new regulations for implementing the
Wassenaar Arrangement on January 15.  Wassenaar is a 1996 multi-lateral
agreement of 33 countries to impose export controls on arms and
"dual-use" technologies such as computers.  It is intended to replace the
Cold War era CoComm regulations.  For encryption technologies, controls
on some automated teller and virus protection devices are relaxed, but
generally restrictions on encryption devices will remain in effect.
An unofficial transcript of the U.S. Court of Appeals argument in the
Bernstein v. Department of State challenge to export control regulations
is now available from the Electronic Frontier Foundation at:
More information on encryption policy is available at:
[7] EPIC Bookstore
The EPIC Bookstore now features "Privacy on the Line: The Politics of
Wiretapping and Encryption," by Whitfield Diffie and Susan Landau.
Diffie and Landau argue that if we are to retain the privacy that
characterized face-to-face relationships in the past, we must build the
means of protecting that privacy into our communication systems.  They
strip away the hype surrounding the policy debate to examine the national
security, law enforcement, commercial, and civil liberties issues.  They
discuss the social function of privacy, how it underlies a democratic
society, and what happens when it is lost.
Other popular titles at the EPIC Bookstore include:
 - "Technology and Privacy: The New Landscape," edited by
   Philip E. Agre and Marc Rotenberg.
 - "The Electronic Privacy Papers," by Bruce Schneier and David Banisar.
 - "The Privacy Rights Handbook: How to Take Control of
   Your Personal Information," by Beth Givens.
 - "Who Knows: Safeguarding Your Privacy in a Networked World,"
   by Ann Cavoukian & Don Tapscott.
 - "Digital Cash," by Peter Wayner.
 - "Shamans, Software, and Spleens: Law and the Construction of
    the Information Society," by James Boyle.
Visit the EPIC Bookstore at:
[8] Upcoming Conferences and Events
Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI.
7th USENIX Security Symposium. January 26-29, 1998. San Antonio, TX
Sponsored by USENIX & CERT. http://www.usenix.org/sec/sec98.html
The Eighth Conference on Computers, Freedom & Privacy. February,
18-20, 1998. Austin, TX. Contact: mlemley@mail.law.utexas.edu.
ETHICOMP98 March 25-27,1998.  Erasmus University The Netherlands.
Sponsored by the Centre for Computing and Social Reponsibility
Contact: http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and
USACM. http://www.acm.org/usacm/events/policy98/
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society.  http://www.isoc.org/inet98/
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.
Thank you for your support.
  ---------------------- END EPIC Alert 5.01 -----------------------

Return to:

Alert Home Page | EPIC Home Page