EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.02	                                February 10, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] New World Survey Finds Few Crypto Controls
[2] McCain Introduces Internet School Filtering Act
[3] U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy
[4] State Department Releases World Human Rights Report
[5] Canada Proposes Comprehensive Privacy Law
[6] Fingerprinting is on the Rise
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events
[1] New World Survey Finds Few Crypto Controls
The Global Internet Liberty Campaign (GILC) has released the first
comprehensive review of cryptography policies around the globe.
"Cryptography and Liberty: An International Survey of Encryption
Policy" is based on a survey of more than two hundred countries and
regions.  The purpose of the survey was to determine whether countries
are limiting the availability of new technologies that are used by
Internet users and others to protect personal privacy.
According to the GILC report, most countries in the world do not have
controls on the use of cryptography.  "In the vast majority of
countries, cryptography may be freely used, manufactured and sold
without restriction."  The report says that recent trends in
cryptography policy suggest greater liberalization in the use of this
technology, which was originally controlled during the Cold War for
reasons of national security.
A rough breakdown of the countries into five categories -- from "Red"
through "Yellow" to "Green" -- indicating how restrictive the policies
toward encryption are, found that most countries are grouped toward
the "Green" end of the spectrum, while a handful of countries fall in
the "Red" category.  Those countries are Belarus, China, Israel,
Pakistan, Russia and Singapore.
The GILC report notes the "surprising" policies of the United States,
given that "virtually all of the other democratic, industrial nations
have few if any controls on the use of cryptography."  The report
suggest that the U.S. position may be explained by "the dominant role
that state security agencies in the United States hold in the
development of encryption policy."
But the report warns that law enforcement agencies in the U.S. and
elsewhere will continue to push for an encryption "key management
infrastructure" that would expand electronic surveillance of private
communications.  The report concludes by urging the development of a
public education campaign to inform various political, labor and
social groups on the benefits of and techniques for using encryption.
The GILC encryption survey is available on the Internet at:
[2] McCain Introduces Internet School Filtering Act
On February 9, Senator John McCain (R-AZ) introduced "The Internet
School Filtering Act."  The proposed legislation would require schools
and libraries receiving federal Internet subsidies to install systems
"to filter or block matter deemed to be inappropriate for minors."
The bill is co-sponsored by Senators Ernest Hollings (D-SC), Dan Coats
(R-IN) and Patty Murray (D-WA).
Libraries would be required to certify that at least one computer uses
a filtering system so that "it will be appropriate for minors' use."
A library would have to inform the Federal Communications Commission
within 10 days if it decided to change its filtering system or drop
its use completely.
A number of surveys have shown that all current filtering and rating
systems block out thousands, if not millions, of  web pages that are
not obscene or indecent.  A recent study of a popular filtered search
engine conducted by EPIC found that it filtered out 99 percent of
material on non-controversial topics such as the American Red Cross,
the Boy Scouts, and pages created by elementary school students.
More information on the McCain bill and filters is available from the
Internet Free Express Alliance web page at:
[3] U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy
A federal appeals court ruled on February 3 that a government research
laboratory that secretly tested employees for various genetic and
medical conditions had violated their privacy.  The U.S. Court of
Appeals for the Ninth Circuit ruled that the testing of administrative
and clerical workers for syphilis, sickle cell trait and pregnancy
without their consent was a violation of Federal and State
constitutional rights to privacy and the Civil Rights Act of 1964.
The employees had consented to a general medical exam as a condition
of being hired and filled out questionnaires.  The court found the
genetic tests were intrusive and that completing the questionnaire was
not sufficient grounds to justify the intrusion:
    [I]t is not reasonable to infer that a person who answers a
    questionnaire upon personal knowledge is put on notice that
    his employer will take intrusive means to verify the accuracy
    of his answers.  There is a significant difference between
    answering on the basis of what you know about your health
    and consenting to let someone else investigate the most intimate
    aspects of your life . . .
    That one has consented to a general medical
    examination does not abolish one's privacy right not to be
    tested for intimate, personal matters involving one's health --
    nor does consenting to giving blood or urine samples, or
    filling out a questionnaire.  As we have made clear, revealing
    one's personal knowledge as to whether one has a particular
    medical condition has nothing to do with one's expectations
    about actually being tested for that condition.
The court also found that the state constitutional right to privacy
was violated.  In the matter of black and female employees who were
given additional tests, the court found that those tests violated the
Civil Rights Act of 1964.  A claim based on the Americans with
Disabilities Act was rejected.  The appeals court directed the lower
court to make additions findings on the adequacy of the notice given
to the employees.
More information on medical privacy is available at:
[4] State Department Releases World Human Rights Report
The U.S. State Department released its annual Human Rights Guide on
January 29, finding that privacy rights around the world were again
widely violated. The report covers a wide range of issues, from
disappearances to children's rights -- including free speech and
Wiretaps continued to be abused around the world.  The State
Department reports that abuses of wiretapping occurred in 90
countries.  The worst regions were Africa, the Middle East, Asia and
many of the countries that made up the former Soviet Union.  On a
positive note, the situation in Latin America has improved markedly
over the last few years. The report has some notable omissions.  There
is no mention of the European Court of Human Rights' finding that
police in the United Kingdom had illegally wiretapped a police
constable who had alleged sexual harassment. The report also omits a
major decision by the Indian Supreme Court on illegal tapping in
A number of countries limit use of the Internet.  In Burma, a 1996 law
requires government permission before accessing the Internet.  In
Eritrea, the government has prohibited online access outright.
Singapore and China were also mentioned for their Internet controls.
Many counties in the Middle East also limited access for various
Other technologies are also limited.  In many countries in the Middle
East and Asia, the legality of satellite dishes is unclear.  Iraqi and
Burmese laws impose imprisonment for possession of the devices without
government permission.  Some countries, such as Bahrain, reportedly
keep tight controls on dishes while others, such as Saudi Arabia and
Syria, have regulations but do not seem to enforce them.
Privacy and communications related excerpts from the State Department
reports are available from the Privacy International Page at:
[5] Canada Proposes Comprehensive Privacy Law
A Canadian task force has recommended that comprehensive privacy laws
be enacted in Canada.  The Task Force on Electronic Commerce made up
of Industry Canada and Justice Canada found that for electronic
commerce to succeed, "consumers, business and government ... need to
feel confident about how our personal information is gathered, stored,
and used."   This can be achieved "by setting clear and predictable
rules governing the protection of personal information."
A major impetus for the effort is the European directive on privacy,
which goes into effect in October 1998.  The EU directive requires all
counties in the European Union to enact strict privacy laws and to
limit transfers to countries -- such as the U.S. and Canada -- which
do not provide the same level of protection. In Canada, the federal
Privacy Act only applies to government agencies.  Only the Province of
Quebec has adopted laws that protect the privacy of information held
by private corporations.  Outside of Quebec, the report found that
protections, as in the U.S., are "sporadic and uneven."
The task force recommended that a starting point for protections
should be the Canadian Standards Association's Model Code for the
Protection of Personal Information, which was adopted last year.
However, the model code is only voluntary, so legislation is required
to ensure that it is implemented widely and to provide for redress if
it is violated.
The paper seeks comments on a number of issues, including obligations
of information holders, the power of agencies to investigate and
enforce protections, who will have jurisdiction, and the cooperation
between federal and provincial officials.  Comments are due on March
A copy of the task force report is available at:
[6] Fingerprinting is on the Rise
Fingerprinting -- once reserved for suspected criminals -- is becoming
a national plague.  The FBI estimated that it will process 14 million
requests for fingerprints.  In January 1998, Michigan parents were
outraged when administrators of the state's standardized education
tests apparently broke the law by requiring 122,000 public school
fifth-graders to submit their fingerprints without parental
permission.  The fingerprints were collected as part of a science
segment in this year's Michigan Educational Assessment Program test.
The 1985 Child Identification and Protection Act requires written
permission for children to be fingerprinted unless the child is a
delinquent or otherwise ordered to be fingerprinted by a judge.
Many states are now using fingerprints for drivers licenses.  This is
in part being pushed by the American Association of Motor Vehicle
Administrators (AAMVA).  The AAMVA wants to develop standards so that
information can be exchanged between agencies and jurisdictions.
Banks in 27 states, under pressure from national and state banking
associations, have instituted policies which require fingerprinting
for some people who cash checks.  In a  recent survey,  the California
Public Interest Research Group (CALPIRG) found that only one year
after the practice first began, nearly every large bank in California
now requires a fingerprint to cash a non-account holder's check and at
least one bank also requires all customers opening new accounts to
provide fingerprints. The group warned that, if left unchecked, the
trend will spread to all bank account holders and to other industries.
Fingerprinting on driver's licenses has become increasingly
controversial. In Georgia, a campaign  to  repeal the fingerprinting
requirement for licenses is under way.  A bill to repeal the law
allowing the practice passed the State Senate last year.  In Alabama,
the Department of Public Safety scuttled a plan to fingerprint all
driver's license applicants in 1997 after protests.  In Washington
State, a bill that would have required fingerprints on all driver's
licenses was also rejected by the State Senate last year.
[7] New Congressional Bills and Upcoming Hearings
Upcoming Hearings
* Senate *
February 10, 1998.  Commerce, Science and Transportation. To hold
hearings to examine incidents of indecency on the Internet. SR-253.
9:30 a.m.
February 10, 1998.  Permanent Subcommittee on Investigations. To hold
oversight hearings on fraud on the Internet. SD-342. 9:30 a.m.
February 10, 1998.  Commerce, Science and Transportation  -- Science,
Technology, and Space Subcommittee.  To hold hearings to examine
current computer security vulnerabilities within civilian Federal
agencies and current activities to prevent unauthorized computer
access.  SR-253. 2:30 p.m.
February 26, 1998.  Labor and Human Resources. To resume hearings to
examine the confidentiality of medical information. SD-430. 10 a.m.
March 11, 1998.  Judiciary Committee. Hearings on encryption policy.
Sponsored by Senator Ashcroft and Leahy.
* New Bills *
H.R.3131. Makes reports written by the Congressional Research Service
available to the public via the Internet. Introduced by  Rep. Shays on
January 28, 1998.  Referred to the Committee on House Oversight.
H. R. 3174. Requires electronic preservation and filing of reports
filed with the Federal Election Commission by certain persons; to
require such reports to be made available through the Internet; and
for other purposes. Introduced by Rep. White (R-WA) on February 5,
1998.  Referred to the Committee on House Oversight.
S 1578. Makes reports written by the Congressional Research Service
available to the public via the Internet. Introduced by Sen. McCain
(R-AZ) on January 28, 1998.  Referred to the Committee on Rules and
S.1594. Digital Signature and Electronic Authentication Law (SEAL) of
1998. Facilitates the use of electronic authentication techniques by
financial institutions.  Introduced by Senator Bennett (R-UT) on
February 2, 1998. Referred to the Committee on Banking, Housing, and
Urban Affairs.
[8] Upcoming Conferences and Events
Cyber-Labels: For Better or For Worse?  Jim Miller, World Wide Web
Consortium, and Barry Steinhardt, Electronic Frontier Foundation.
February 17, 1998. Sponsored by the Cyberspace Policy Institute.
The Eighth Conference on Computers, Freedom & Privacy. February,
18-20, 1998. Austin, TX. Contact: mlemley@mail.law.utexas.edu.
"Building Trust in Electronic Commerce" ICX London Conference -
Digital Signatures and Trusted Third Parties One Whitehall Place,
19th February 1998.  Westminster, London. Sponsored by International
Commerce Exchange. Contact: http://www.icx.org
Financial Cryptography '98. February 23-26, 1998. Anguilla, BWI.
Workshop on Societal, Ethical, and Policy Dimensions of Information
Technology, Computer Science Dept, Princeton University, Feb. 28 -Mar
1. Contact:  http://dimacs.rutgers.edu/Workshops/Ethical/index.html.
ETHICOMP98 March 25-27,1998.  Erasmus University The Netherlands.
Sponsored by the Centre for Computing and Social Reponsibility
Contact: http://www.ccsr.cms.dmu.ac.uk/conf/ccsrorgconf.html
1998 IEEE Symposium on  IEEE Computer Society, Oakland, CA, May 3-6.
Sponsored by IEEE and IACR. Contact:
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and
USACM. http://www.acm.org/usacm/events/policy98/
1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and London
School of Economics. Contact: info@epic.org
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society.  http://www.isoc.org/inet98/
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998.  Sponsored by the Association for Information
Systems Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm
CPSR Annual Conference - Internet Governance.  Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsr@cpsr.org
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.
Thank you for your support.
  ---------------------- END EPIC Alert 5.02 -----------------------

Return to:

Alert Home Page | EPIC Home Page