EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.07	                                     May 27, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
        ***  1998 EPIC Cryptography and Privacy Conference   ***
                              June 8, 1998
Table of Contents
[1] White House Announces Privacy Initiative
[2] Privacy Self-Regulation Not Making the Grade
[3] EPIC Urges Rejection of FBI Wiretap Initiative
[4] Clinton Issues "Cyber Threat" Directive
[5] New Report Finds Identity Theft Increasing
[6] Senate Approves Anti-Spam Bill
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events
[1] White House Announces Privacy Initiative
In a graduation speech at New York University on May 14, Vice President
Gore unveiled a new White House initiative on privacy.  Gore announced
that the administration is pursuing a "new comprehensive action plan
that will give people more control over their personal information."
He told the audience that "we need an electronic bill of rights for
this electronic age."
The initiative consists of four areas:
* An executive order signed by President Clinton ordering federal
agencies to review their records to ensure that they are in compliance
with the Privacy Act of 1974, and to assign an official in each agency
to responsible for examining how new technologies affect privacy.
* A call to Congress to enact a medical privacy bill.  The Vice
President said that the bill should restrict how medical records can be
used, allow for correction, and allow patients to access information
about them.
* A new website sponsored by the Federal Trade Commission (located at
http://www.consumer.gov) that will enable individuals to contact
companies to ask to be removed from marketing lists.  The site will
also provide contact information for state motor vehicle departments.
* A White House summit to be held in June to discuss privacy.  The
summit will "bring privacy and consumer groups together with industry
officials to explore privacy on the Internet as well as children's
The initiative is mainly a re-packaging of previous White House
privacy-related efforts.  The executive order requires agencies to take
steps already required by the Privacy Act of 1974; the 1996
Kennedy-Kassebaum health care bill requires Congress to enact a medical
privacy law by this year.  The White House privacy summit was
previously scheduled for April of this year and has been delayed
several times due to controversies over consumer and privacy groups
representation and the event's focus on promoting self-regulatory
More information on the White House initiative is available at:
[2] Privacy Self-Regulation Not Making the Grade
The federal government's examination of industry privacy practices has
revealed serious shortcomings, according to published reports.
Advertising Age recently reported that the Federal Trade Commission's
review of Web privacy has found that relatively few websites have
adopted comprehensive privacy guidelines.  The FTC is expected to
transmit its findings to Congress next month.
Similarly, Commerce Secretary William Daley told the Chicago Tribune
that, if he had to grade industry self-regulation efforts now, he
likely would fail them.  "It's not going very well," he said.  Daley is
expected to report to the President by July 1 on how well companies
handle consumers' personal information.  "Basically, nothing has
happened," another senior administration official told the Tribune.
"American business is not the most pro-active animal in the world."
The findings are likely to add new pressure for the creation of
effective privacy protections.  A Business Week/Louis Harris opinion
survey conducted in February found that 61 percent of non-Internet
users would be more likely to use the medium if they were assured their
personal information would be kept private.  Significantly, 53 percent
of those surveyed felt lawmakers needed to take immediate action to
control what personal data businesses collect and how it is used.
[3] EPIC Urges Rejection of FBI Wiretap Initiative
In formal comments filed with the Federal Communications Commission on
May 20, EPIC urged the FCC to reject an FBI attempt to gain new
surveillance powers in the digital realm.  The Commission is
considering an FBI petition under the Communications Assistance to Law
Enforcement Act (CALEA), a controversial 1994 law that requires the
telecommunications industry to ensure that new digital technologies do
not hamper traditional law enforcement wiretapping capabilities.
The comments, filed jointly by EPIC, the American Civil Liberties Union
and the Electronic Frontier Foundation, provide a historic overview of
wiretap legislation dating back to 1968.  The submission notes that
Congress has always required that privacy rights be strongly protected
and that police surveillance powers be strictly limited.  The current
FCC proceeding began after negotiations between the FBI and the
telecommunications industry broke down over FBI demands for enhanced
access to private data.  Disputed issues include: whether wireless
service providers must provide location tracking capabilities;
increased abilities to monitor conference calls; proposed access to the
full content of customer communications from carriers using packet
switching; and the scope of "call-identifying information" that must be
provided to law enforcement agencies.
The FCC proceeding is the culmination of a controversy that began in
the early 1990's when the FBI first sought a "digital telephony" law to
address new communications technology.  As the EPIC/ACLU/EFF comments
     Groups dedicated to the protection of privacy expressed
     grave reservations in 1994 about the potential for CALEA
     to be used improperly by law enforcement to expand the
     scope of electronic surveillance; with the filing of the
     FBI Petition, these concerns have been realized.  . . .
     The FBI seeks surveillance capabilities that far exceed
     the capabilities the FBI has had in the past and is
     entitled to under the law.
Additional information on CALEA, including the full text of the EPIC
comments, is available at:
[4] Clinton Issues "Cyber Threat" Directive
President Clinton announced a new government initiative on May 22 to
protect the nation's electronic infrastructure from hostile
"cyberattacks." In a commencement address at the U.S. Naval Academy,
the President outlined the Administration's response to the recent
report of the President's Commission on Critical Infrastructure
Protection (PCCIP).
"As we approach the 21st century, our foes have extended the fields of
battle from physical space to cyberspace," Clinton said.  "These
adversaries may attempt cyberattacks against our critical military
systems and our economic base.  We will launch a comprehensive plan to
detect, deter, and defend against attacks on our critical
infrastructures." Acknowledging concerns that such an initiative could
threaten civil liberties, the President said, "We do not ever undermine
freedom in the name of freedom."  Controversy has emerged over how much
authority the FBI and Justice Department may be given under the new
Under the cyber-threat policy, the PCCIP will become the Critical
Infrastructure Assurance Office (CIAO), which released a white paper on
the President's directive.  The CIAO paper indicates that federal
agencies must have initial procedures in place to protect the nation's
infrastructure by the year 2000, with permanent protections in place
within five years.  The details of the new policy are contained in
Presidential Decision Directive 63, which has not been released to the
The president also established a new office called the National
Coordinator for Security, Infrastructure Protection, and
Counter-Terrorism, which will be responsible for a broad range of
policies and programs.
More information on critical infrastructure protection, including the
text of the CIAO white paper, is available at:
[5] New Report Finds Identity Theft Increasing
The General Accounting Office released a report on May 26 finding that
cases of identity theft are increasing.  The GAO found that no federal
agency has primary jurisdiction over the problem and a lack of a clear
definition is hampering efforts to track it.  Credit bureaus are also
largely ignoring the issue, with only one -- Trans Union -- keeping
track of consumer inquiries. Its representatives told the GAO that
two-thirds of the firm's 522,000 customer inquiries in 1997 involved
identify theft.
One important issue is the use of the Social Security Number.  The SSN
is a common identifier used by many agencies and businesses and is also
frequently used as a password by credit card companies.  Possession of
an SSN makes it possible to steal an identity.  The Social Security
Administration reported that there were 1153 investigations for SSN
misuse in 1997, up from 305 in 1996.  The Justice Department reported
that it prosecuted over 2000 cases of SSN misuse between 1992 and 1997.
In response to concerns about privacy and identity theft,  Rep. Jerry
Kleczka (D-WI) last year introduced H.R. 1813, the Personal Information
Privacy Act of 1997.  The bill would limit the sale of personal
information by credit bureaus, the use of SSNs for commercial purposes,
and the dissemination of SSNs by state motor vehicle departments.  The
Associated Credit Bureaus, a trade association, told the GAO its
members made "tens of millions of dollars annually" selling information
from credit reports to marketers, merchants and others.
The report also discussed the role of encryption in preventing crime.
Representatives of the Secret Service told the GAO that "without
effective encryption measures, Internet-related identity fraud will
[6] Senate Approves Anti-Spam Bill
The Senate unanimously approved a bill restricting unsolicited
commercial email (spam) on May 14.  The bill requires that "a person
who transmits an unsolicited commercial electronic mail message" shall
display their name, physical address, phone number, and information on
how to be removed from the mailing list.  Such senders are also
prohibited from forging any of the message's routing information.  The
Federal Communications Commission can investigate and impose fines of
$15,000.  Spammers who receive requests not to send further email must
comply or face penalties.
The bill as introduced and approved by the Senate Commerce Committee
only prohibited the practice known as "slamming" -- changing telephone
subscribers over to other long distance services without their consent.
On the Senate floor, Sens. Murkowski (R-AK) and Torricelli (D-NJ)
introduced an amendment which incorporated provisions of S. 771, an
anti-spam bill.
Another amendment introduced by Sen. Feinstein (D-CA), prohibiting
health care providers from monitoring telephone calls with patients,
was also approved.  The amendment requires that all parties consent to
the recording of conversations.  It also requires that patients have
the option of requesting that their conversations not be recorded.
More information on spam is available at:
[7] New Congressional Bills and Upcoming Hearings
* New Bills  *
H.R.3900. Consumer Health and Research Technology (CHART) Protection
Act. A bill to establish Federal penalties for prohibited uses and
disclosures of individually identifiable health information, to
establish a right in an individual to inspect and copy their own health
information, and for other purposes.  Allows disclosure to government
without warrant and researchers with little need.  Introduced by  Rep.
Shays (R-CT) on May 19. Referred to the Committee on Commerce, and in
addition to the Committees on Ways and Means, and Government Reform and
S.1987. Child Protection and Sexual Predator Punishment Act of 1998.
Increases penalties for transmitting obscene materials to minors,
contacting minors using net "for the purpose of engaging in any sexual
activity". Introduced by Rep. Dewine (R-OH) on April 24. Referred to
the Committee on the Judiciary.
S. 2022. Crime Identification Technology Act of 1998.  Provides grants
to states to upgrade systems for interstate sharing of records,
fingerprints, background checks, DNA data bases and other information.
Introduced by Rep. Dewine (R-OH) on April 30. Referred to the Committee
on the Judiciary.  Approved by Judiciary Committee on May 21.
S.2052. Intelligence Authorization Act for Fiscal Year 1999.
Intelligence Funding bill.  Allows law enforcement to ask for pen
registers in "national security" cases with very low standard.
Introduced by Sen. Shelby (R-AL) on May 7. Approved by Intelligence
Committee on May 7.  Referred to the Committee on Armed Services.
S.2067. Encryption Protects the Rights of Individuals from Violation
and Abuse in CYberspace (E-PRIVACY) Act.  Relaxes export controls on
crypto, prohibits mandatory key escrow, creates "NET Center" for FBI,
creates new criminal penalties.  Sponsored by Sens. Ashcroft (R-MO) and
Leahy (D-VT) on May 12.  Referred to the Committee on the Judiciary.
S.2103. Personal Privacy Protection Act.  Anti-paparazzi bill.
Introduced by Sen. Feinstein (D-CA) on May 20.  Referred to the
Committee on the Judiciary.
S.2107. Electronic Commerce Enhancement Act.  Creates legal framework
for digital signatures.  Introduced by Sen. Abraham (R-MI).
* Bills Approved  *
H.R.2652. Collections of Information Antipiracy Act.  Creates property
right in databases of information, even if public domain information.
Introduced by Rep. Coble (R-NC).  Approved by House on voice vote on
May 19. Referred to Senate Judiciary Committee.
S.2037. An original bill to amend title 17, United States Code, to
implement the WIPO Copyright Treaty and the WIPO Performances and
Phonograms Treaty, to provide limitations on copyright liability
relating to material online, and for other purposes.  Introduced by
Sen. Hatch (R-UT). Approved by Senate on May 14, 1998 (99-0).
** Hearings **
June 4, 1998. House Commerce Committee. Subcommittee on Finance and
Hazardous Materials hearing on Electronic Commerce: New Methods for
Making Electronic Purchases.  2123 RHOB. 10:00 a.m.
An updated list of the over 100 bills pending in Congress that relate
to privacy and free speech is available at:
[8] Upcoming Conferences and Events
SCRAMBLING FOR SAFETY:   Privacy, security and commercial implications
of the UK and EU crypto policy announcements. 29th May 1998. London,
UK. Sponsored by Cambridge University. contact:
Public Forum on Personal Information Privacy. May 30, 1998. Waukesha,
WI. Sponsored by Rep. Kleczka. Contact: Monette Goodrich (202)
Ethics and Technology. June 5-6. San Jose, CA. Sponsored by Santa Clara
University. Contact: www.scu.edu/ethics/
Hack It 98. June 5-7. Florence, Italy. Contact:
1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and London School
of Economics. Contact: http://www.epic.org/events/crypto98/
Net Censorship In Europe.  June 9, 1998. Washington, DC. Sponsored by
the Freedom Forum. Contact: apowell@freedomforum.org
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society. Contact: http://www.isoc.org/inet98/
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998.  Sponsored by the Association for Information Systems
Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm
Telecommunications Policy Research Conference. October 3-5, 1998
Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/
CPSR Annual Conference - Internet Governance.  Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsr@cpsr.org
PDC 98 - the Participatory Design Conference, "Broadening
Participation" November 12-14, 1998. Seattle, Washington.  Sponsored by
Computer Professionals for Social Responsibility in cooperation with
ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December
1998 London, UK. Sponsored by by ACMSIGCAS and London School of
Economics. http://is.lse.ac.uk/lucas/cepe98.htm
1999 RSA Data Security Conference.  San Jose, California, January
18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.
Thank you for your support.
  ---------------------- END EPIC Alert 5.07 -----------------------

Return to:

Alert Home Page | EPIC Home Page