EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.05	                                  April 23, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
         ***  1998 EPIC Cryptography and Privacy Conference  ***
Table of Contents
[1] Daley Criticizes Crypto Policy, Doubts Self-Regulation
[2] Court Finds AOL Immune From Libel Suit
[3] Library Internet Filters Held to High Free Speech Test
[4] New Report Finds E-FOIA Efforts Lacking
[5] Court Rules Infrared Scanner Violates Fourth Amendment
[6] IRS Audit Finds Lax Privacy Protections
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events
[1] Daley Criticizes Crypto Policy, Doubts Self-Regulation
On April 15, Secretary of Commerce William Daley delivered a major
speech on "The Emerging Digital Economy."  Daley made a number of
comments about privacy and encryption, and their roles in the emerging
information economy.  He described privacy as a "make or break issue"
for electronic commerce and said that the White House was pursuing a
policy of self-regulation, but that "industry has been slow to put
protections in place."  Daley asked industry to "move quickly to
establish an overarching, self-regulatory effort that includes
consumer representation."
On the encryption issue, the Secretary was surprisingly candid. He
described the effort to implement the current policy as a "failure,"
and warned that "our own paralysis has made it difficult to persuade
other nations to pursue policies similar to our own."  His comments
contrasted sharply with other officials who have claimed that there is
support for the U.S. key escrow/ key recovery initiative.  Still,
Daley said that the administration remains committed to finding a
"compromise" between the interests of law enforcement and business and
privacy groups.
A group of privacy experts, advocates and scholars wrote to Secretary
Daley in late February about privacy issues.  The group urged him to
look more closely at the adequacy of self-regulation as a means to
protect privacy, and recommended that more attention be paid to the
important role of encryption and related techniques in on-line
The Department of Commerce has scheduled a conference on privacy
issues that will take place on May 13-14 in Washington, DC.
Information should soon be available at the Department of Commerce
web site.
Secretary Daley's recent address is available at:
The "Letter Regarding a Proposed White House Conference on Privacy"
is available at:
[2] Court Finds AOL Immune From Libel Suit
A federal judge in Washington has ruled that America Online cannot be
sued for posting an allegedly defamatory item by gossip columnist
Matt Drudge. The ruling came in a lawsuit filed by White House
official Sidney Blumenthal after Drudge reported that Blumenthal had
"a spousal abuse past that has been effectively covered up."  The
suit named as defendants both Drudge and AOL, which carried "The
Drudge Report" under a license agreement with the columnist.
In an opinion issued on April 22, U.S. District Judge Paul L.
Friedman held that AOL enjoys broad immunity from suit under a
surviving provision of the Communications Decency Act (most of which
was struck down by the Supreme Court last summer).  That provision,
which was intended to encourage online providers to "self-police"
their systems for "offensive" content, states:
     No provider or user of an interactive computer
     service shall be treated as the publisher or speaker
     of any information provided by another information
     content provider.
The judge noted that, under the terms of its agreement with Drudge,
AOL retained "certain editorial rights ... including the right to
require changes in content and to remove it."  While finding that the
CDA provision relieves the online service of any potential liability,
Judge Friedman noted an anomaly in the result:
     Because it has the right to exercise editorial control
     over those with whom it contracts and whose words it
     disseminates, it would seem only fair to hold AOL to
     the liability standards applied to a publisher or, at
     least, like a book store owner or library, to the
     liability standards applied to a distributor.  But
     Congress has made a different policy choice by
     providing immunity even where the interactive service
     provider has an active, even aggressive role in making
     available content prepared by others.
The suit against Drudge will proceed, and attorneys for Blumenthal
have indicated that they will appeal the dismissal of AOL as a
[3] Library Internet Filters Held to High Free Speech Test
In the first court ruling on the use of Internet filtering software
in libraries, a federal judge on April 7 rejected a motion to dismiss
a lawsuit challenging the use of filters in public libraries in
Loudoun County, Virginia.
In a 36-page decision, U.S. District Judge Leonie M. Brinkema held
that "the Library Board may not adopt and enforce content-based
restrictions on access to protected Internet speech" unless it meets
the highest level of constitutional scrutiny.  Noting that public
libraries are places of "freewheeling and independent inquiry," the
court quoted extensively from Reno v. ACLU, the landmark Supreme
Court decision on Internet free speech, and emphasized that the Court
"analogized the Internet to a 'vast library including millions of
readily available and indexed publications,' the content of which 'is
as diverse as human thought.'"
The Loudoun County decision comes as Congress is considering the
Internet School Filtering Act, a bill that would require all public
libraries and schools that receive federal funds for Internet access
to install filtering and blocking software.  The bill (S. 1619) has
been approved by the Senate Commerce Committee and could reach the
Senate floor as early as mid-May. Efforts are underway to revise the
bill to provide for Internet education programs and acceptable use
policies as more effective (and constitutional) alternatives to
mandatory filtering.
Information on Internet filtering, including the text of the Loudoun
County decision, is available at the Internet Free Expression
Alliance website:
[4] New Report Finds E-FOIA Efforts Lacking
A new report released on April 20 finds that a majority of federal
agencies have failed to meet the requirements of the Electronic
Freedom of Information Act (EFOIA).  EFOIA was enacted in 1996 and
went into effect in October 1997.  It was designed to make access to
electronic government records easier.
The study, produced by OMB Watch, found that of the 56 agencies
responding to a survey, 23 percent "have no EFOIA presence," 73
percent have "varying degrees of compliance with the requirements,"
and as of January 31, 1998, "no agency had complied fully with EFOIA."
OMB Watch found that the Office of Management and Budget, which is
required to provide guidance under the law, has not provided adequate
guidance or assistance to agencies during the implementation process.
It also faulted Congress for failing to provide adequate funding to
implement the Act.
The report recommends that OMB provide better guidance and support,
that agencies better organize their online records, and that an
enforcement mechanism be created to identify and penalize agencies
that are not complying with the Act.
More information on EFOIA is available at:
[5] Court Rules Infrared Scanner Violates Fourth Amendment
The U.S. Court of Appeals for the 9th Circuit ruled on April 9 that
the use of thermal imaging devices to examine homes in criminal
investigations is a violation of the Fourth Amendment.  The court
ruled in U.S. v. Kyllo that police must obtain a court order based on
probable cause before a thermal imager can be used.
The court found that the information gleaned from the infrared scanner
is "sufficiently intimate to give rise to a Fourth Amendment
violation."  The court noted that
     with a basic understanding of the layout of a home, a thermal
     imager could identify a variety of daily activities conducted in
     homes across America: use of showers and bathtubs, ovens,
     washers and dryers, and any other household appliance that emits
     heat.  Even the routine and trivial activities conducted in our
     homes are sufficiently "intimate" as to give rise to Fourth
     Amendment violation if observed by law enforcement without a
     warrant.  We therefore conclude that the use of a thermal imager
     to observe heat emitted from various objects within the home
     infringes upon an expectation of privacy that society clearly
     deems reasonable.
The court rejected prosecution arguments that the scanner was merely
recording "waste heat" and cited the 10th Circuit Court of Appeals
in finding that the interpretation of the heat information yields
information on the activities inside the house:
     [o]ur fellow circuits have, we think, misapprehended
     the most pernicious of the device's capabilities.  The
     machine intrudes upon the privacy of the home not
     because it records white spots on a dark background
     but rather because the interpretation of that data
     allows the government to monitor those domestic
     activities that generate a significant amount of heat.
     Thus, while the imager cannot reproduce images or
     sounds, it nonetheless strips the sanctuary of the
     home of one vital dimension of its security: "the
     right to be let alone" from the arbitrary and discre-
     tionary monitoring of our actions by government
The text of the opinion is available at:
[6] IRS Audit Finds Lax Privacy Protections
An IRS audit publicly released in early April found that IRS employees
disclosed personal tax information over the telephone to undercover
auditors posing as taxpayers who only provided names, addresses and
Social Security Numbers.
According to the report, which was written in September 1997,
"Auditors were able to secure tax and income information over the
phone using names, addresses and SSNs obtained from sources available
to the public."  IRS workers only asked for a person's name, address
and Social Security Number 32 percent of the time.  Agency workers
asked for more detailed information 27 percent of the time.
Auditors made 109 phone calls and received information from the IRS on
the taxpayers' income, withholdings, or refunds in 96 cases.  The
information was provided over the phone, faxed, or sent to addresses
other than the address on file with the agency.
The report recommended that more information be required before
sensitive tax information is released.  The IRS now says that it will
require more information before personal records are disclosed.
[7] New Congressional Bills and Upcoming Hearings
--- NEW BILLS ---
H.R. 3601.  Identity Theft and Assumption Deterrence Act of 1998.
Criminalizes identify theft. Introduced by Shadegg (R-AZ) on March 30.
Referred to the Committee on the Judiciary, and in addition to the
Committee on Transportation and Infrastructure.
H.R. 3605.  Patients' Bill of Rights Act of 1998.  Requires insurers
to protect records and provide access to patients.  Introduced by
Dingell (D-MI) on March 30.  Referred to the Committee on Commerce,
and in addition to the Committees on Ways and Means, and Education and
the Workforce.
S. 1921.  Health Care PIN Act.  Comprehensive "medical privacy" bill.
Requires patients to give up medical privacy before receiving health
care.  Introduced by Jeffords (R-VT) on April 2.  Referred to the
Committee on Labor and Human Resources
[8] Upcoming Conferences and Events
Encryption Intrigue on the International Stage. Washington, DC. April
30, 1998. Sponsored by the Cato Institute. Contact:
1998 IEEE Symposium on Security. IEEE Computer Society, Oakland, CA,
May 3-6. Sponsored by IEEE and IACR. Contact:
As Technology Moves Forward, Do Worker Rights Move Backwards? --
Privacy in The Workplace. Chicago, Illinois. May 6 and 13, 1998.
Sponsored by: The Crossroads Center for Faith and Work &The Institute
for Business & Professional Ethics, DePaul University.
ACM Policy98. May 10-12, 1998. Washington, DC. Sponsored by ACM and
USACM. http://www.acm.org/usacm/events/policy98/
Department of Commerce Conference on Privacy.  March 13-14.
Washington, DC. Contact: Becky Burr <bburr@ntia.doc.gov>
The Threats to Democracy Conference. May 15-18. Washington D.C.
Sponsored by People For the American Way. Contact: balcomgrp@aol.com
1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and London
School of Economics. Contact: http://www.epic.org/events/crypto98/
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society. Contact: http://www.isoc.org/inet98/
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998.  Sponsored by the Association for Information
Systems Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm
CPSR Annual Conference - Internet Governance.  Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsr@cpsr.org
1999 RSA Data Security Conference.  San Jose, California, January
18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.
Thank you for your support.
  ---------------------- END EPIC Alert 5.05 -----------------------

Return to:

Alert Home Page | EPIC Home Page