============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.01 January 26, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] Court Blocks Discharge in Navy/AOL Privacy Case [2] Excerpts From Court Decision in Navy/AOL Privacy Case [3] EPIC Obtains U.S. Crypto Czar's Travel Records [4] McCain Announces New Net Censorship Plan [5] Gore Calls for Genetic Discrimination Ban [6] Encryption Policy Update [7] EPIC Bookstore [8] Upcoming Conferences and Events ======================================================================= [1] Court Blocks Discharge in Navy/AOL Privacy Case ======================================================================= A federal judge has enjoined the dismissal of a highly decorated sailor after finding that the proposed discharge was based upon information the Navy obtained from America Online in apparent violation of federal privacy law. The decision, issued today by U.S. District Judge Stanley Sporkin, concludes that Naval investigators "likely" violated the federal Electronic Communications Privacy Act (ECPA) when they requested and received confidential subscriber information from AOL, the nation's largest online service. (Excerpts from the decision are included below). Navy officials had ordered the discharge of the sailor, Timothy R. McVeigh (no relation to the convicted Oklahoma City bomber), on the ground that McVeigh violated the military's "Don't Ask, Don't Tell" policy on homosexuality. The Navy's proposed action is based entirely upon information obtained from AOL linking the sailor to a "screen name" on the system in which the user's marital status was listed as "gay." The information was received from AOL in violation of ECPA, which prohibits the government from obtaining "information pertaining to a subscriber" without a court order or subpoena. In addition to the privacy protections contained in ECPA, AOL's contractual "Terms of Service" prohibit the company from disclosing such information to *any* third party "unless required to do so by law or legal process." McVeigh's lawsuit is the first case to challenge governmental access to sensitive subscriber information maintained by an online service. In a statement issued when the suit was filed last week, EPIC said, "It is an important test of federal privacy law that will determine whether government agents can violate the law with impunity, or whether they will be held accountable for illegal conduct in cyberspace." EPIC noted that the incident also raises serious questions concerning the adequacy of contractual privacy protections like those contained in the AOL subscriber agreement. In a letter sent to Navy Secretary John Dalton on January 14, EPIC urged a postponement of McVeigh's discharge pending an investigation of the Navy's conduct. EPIC noted that, "Any other result would make a mockery of federal privacy law and subject the American people to intrusive and unlawful governmental surveillance." More information on the case, including a form for sending faxes to the White House and the Pentagon, is available at: http://www.hrc.org/mcveigh/ ======================================================================= [2] Excerpts From Court Decision in Navy/AOL Privacy Case ======================================================================= From the Memorandum Opinion of U.S. District Judge Stanley Sporkin in McVeigh v. Cohen, et al. (Civil Action 98-116, D.D.C.): The [investigative] steps taken by the Navy in its "pursuit" of the Plaintiff were not only unauthorized under its [Don't Ask, Don't Tell] policy, but likely illegal under the Electronic Communications Privacy Act of 1986 (ECPA). . . . The government knew, or should have known, that by turning over the information without a warrant, AOL was breaking the law. Yet the Navy, in this case, directly solicited the information anyway. What is most telling is that the Naval investigator did not identify himself when he made his request. . . . In these days of "big brother," where through technology and otherwise the privacy interests of individuals from all walks of life are being ignored or marginalized, it is imperative that statutes explicitly protecting these rights be strictly observed. . . . Certainly, the public has an inherent interest in the preservation of privacy rights as advanced by the Plaintiff in this case. With literally the entire world on the world-wide web, enforcement of the ECPA is of great concern to those who bare the most personal information about their lives in private accounts through the Internet. In this case in particular, where the government may well have violated a federal statute in its zeal to brand the Plaintiff a homosexual, the actions of the Navy must be more closely scrutinized by the Court. ======================================================================= [3] EPIC Obtains U.S. Crypto Czar's Travel Records ======================================================================= Following a year-long legal battle, EPIC has obtained over 500 pages of materials from the U.S. State Department on the international travels of David Aaron, the former U.S. Envoy for Cryptography. Aaron also served as U.S. Ambassador to the Organization for Economic Cooperation and Development when the OECD was developing its encryption policy guidelines. The released documents show Ambassador Aaron made frequent trips around the world lobbying for international adoption of key escrow encryption. He visited Australia, Belgium (both the European Union & Belgian governments), Canada, France, Germany, Japan, Switzerland and the United Kingdom. The documents also indicate that he went to South Africa, and met with the counselor of the Latvian embassy in Paris and with Russian Finance Ministry officials. Even before Aaron was appointed as President Clinton's "Special Envoy for Cryptography," U.S. State Department messages indicate that the United States was making overtures to various countries via American embassies around the world. These include the diplomatic posts in Canberra, London, Tokyo, Ottawa, Tel Aviv, Paris, Bonn, The Hague and Moscow. One message to these foreign posts announced the revised U.S. cryptography export policy (the key recovery within two years or "no export" rule). The public announcement of that policy was made on October 1, 1996. Aaron apparently was not always greeted warmly in his travels. In Japan, the government requested that the meetings be kept secret and that the press not be informed. Even the U.S. Embassy in Japan was less than enthusiastic -- the embassy suggested that Aaron and his delegation could take the airport bus to their hotel rather than be picked up by an embassy driver. ======================================================================= [4] McCain Announces New Net Censorship Plan ======================================================================= Sen. John McCain (R-AZ), Chairman of the Senate Commerce Committee, announced on January 20 that he is planning to introduce a new bill regulating access to speech on the Internet. He announced that he will introduce legislation to link FCC subsidies for public schools' Internet connections to a requirement that schools "limit students' access to indecent Internet material in the classroom." Many observers believe that such a provision would require the installation of software filters. As EPIC and other groups have found, filters can restrict access to broad categories of protected speech. As such, mandating their use could violate the First Amendment's free speech guarantees. McCain later clarified his intent and now says that the proposed legislation would only require that filters be installed, not necessarily used. McCain told the Arizona Star, "I believe they will turn the filters on once they've seen what's out on the Internet, but I don't think my judgment is better than theirs." McCain announced that he would introduce the bill on February 10. ======================================================================= [5] Gore Calls for Genetic Discrimination Ban ======================================================================= Vice President Al Gore announced on January 20 that the White House is supporting legislation that would bar employers from discriminating against employees on the basis of genetic information. Gore said, "We want legislation that will prevent employers from requesting or requiring genetic information for hiring or for setting salaries; that will stop employers from using this genetic information to discriminate or segregate the workplace; and that will ensure that genetic information is not disclosed without the explicit permission of the individual." The Vice President also announced the release of a new report, "Genetic Information and the Workplace," produced by the Departments of Labor, Justice and HHS and the EEOC. The report describes cases of genetic discrimination and reviews previous surveys of the intended use of genetic information by employers and insurers. The report reviews state and federal protections and finds that they are not sufficient to provide Americans with adequate protection against genetic discrimination in the workplace. "Federal leadership is necessary to ensure that all workers are protected against discrimination based on genetic information." More information on genetic and medical privacy is available at: http://www.epic.org/privacy/medical/ ======================================================================= [6] Encryption Policy Update ======================================================================= Sen. John Ashcroft (R-MO) announced at the RSA Data Security Conference on January 13 that he plans to hold hearings in late February on encryption legislation. Sen. John McCain (R-AZ) has also indicated that he would continue to push his controversial Secure Public Networks Act. Rep. Bob Goodlatte (R-VA) also indicated that he is continuing to push for adoption of the SAFE Act (HR 695). The Commerce Department published new regulations for implementing the Wassenaar Arrangement on January 15. Wassenaar is a 1996 multi-lateral agreement of 33 countries to impose export controls on arms and "dual-use" technologies such as computers. It is intended to replace the Cold War era CoComm regulations. For encryption technologies, controls on some automated teller and virus protection devices are relaxed, but generally restrictions on encryption devices will remain in effect. An unofficial transcript of the U.S. Court of Appeals argument in the Bernstein v. Department of State challenge to export control regulations is now available from the Electronic Frontier Foundation at: http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/ More information on encryption policy is available at: http://www.epic.org/crypto/ ======================================================================= [7] EPIC Bookstore ======================================================================= The EPIC Bookstore now features "Privacy on the Line: The Politics of Wiretapping and Encryption," by Whitfield Diffie and Susan Landau. Diffie and Landau argue that if we are to retain the privacy that characterized face-to-face relationships in the past, we must build the means of protecting that privacy into our communication systems. They strip away the hype surrounding the policy debate to examine the national security, law enforcement, commercial, and civil liberties issues. They discuss the social function of privacy, how it underlies a democratic society, and what happens when it is lost. Other popular titles at the EPIC Bookstore include: - "Technology and Privacy: The New Landscape," edited by Philip E. Agre and Marc Rotenberg. - "The Electronic Privacy Papers," by Bruce Schneier and David Banisar. - "The Privacy Rights Handbook: How to Take Control of Your Personal Information," by Beth Givens. - "Who Knows: Safeguarding Your Privacy in a Networked World," by Ann Cavoukian & Don Tapscott. - "Digital Cash," by Peter Wayner. - "Shamans, Software, and Spleens: Law and the Construction of the Information Society," by James Boyle. Visit the EPIC Bookstore at: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI. http://www.cwi.nl/conferences/FC98 7th USENIX Security Symposium. January 26-29, 1998. San Antonio, TX Sponsored by USENIX & CERT. http://www.usenix.org/sec/sec98.html The Eighth Conference on Computers, Freedom & Privacy. February, 18-20, 1998. Austin, TX. Contact: mlemley@mail.law.utexas.edu. http://www.cfp.org/ ETHICOMP98 March 25-27,1998. Erasmus University The Netherlands. Sponsored by the Centre for Computing and Social Reponsibility Contact: http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and USACM. http://www.acm.org/usacm/events/policy98/ INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. http://www.isoc.org/inet98/ (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 5.01 -----------------------
Return to: