=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.07 May 27, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org *** 1998 EPIC Cryptography and Privacy Conference *** June 8, 1998 http://www.epic.org/events/crypto98/ ======================================================================= Table of Contents ======================================================================= [1] White House Announces Privacy Initiative [2] Privacy Self-Regulation Not Making the Grade [3] EPIC Urges Rejection of FBI Wiretap Initiative [4] Clinton Issues "Cyber Threat" Directive [5] New Report Finds Identity Theft Increasing [6] Senate Approves Anti-Spam Bill [7] New Congressional Bills and Upcoming Hearings [8] Upcoming Conferences and Events ======================================================================= [1] White House Announces Privacy Initiative ======================================================================= In a graduation speech at New York University on May 14, Vice President Gore unveiled a new White House initiative on privacy. Gore announced that the administration is pursuing a "new comprehensive action plan that will give people more control over their personal information." He told the audience that "we need an electronic bill of rights for this electronic age." The initiative consists of four areas: * An executive order signed by President Clinton ordering federal agencies to review their records to ensure that they are in compliance with the Privacy Act of 1974, and to assign an official in each agency to responsible for examining how new technologies affect privacy. * A call to Congress to enact a medical privacy bill. The Vice President said that the bill should restrict how medical records can be used, allow for correction, and allow patients to access information about them. * A new website sponsored by the Federal Trade Commission (located at http://www.consumer.gov) that will enable individuals to contact companies to ask to be removed from marketing lists. The site will also provide contact information for state motor vehicle departments. * A White House summit to be held in June to discuss privacy. The summit will "bring privacy and consumer groups together with industry officials to explore privacy on the Internet as well as children's privacy." The initiative is mainly a re-packaging of previous White House privacy-related efforts. The executive order requires agencies to take steps already required by the Privacy Act of 1974; the 1996 Kennedy-Kassebaum health care bill requires Congress to enact a medical privacy law by this year. The White House privacy summit was previously scheduled for April of this year and has been delayed several times due to controversies over consumer and privacy groups representation and the event's focus on promoting self-regulatory approaches. More information on the White House initiative is available at: http://www.epic.org/privacy/ ======================================================================= [2] Privacy Self-Regulation Not Making the Grade ======================================================================= The federal government's examination of industry privacy practices has revealed serious shortcomings, according to published reports. Advertising Age recently reported that the Federal Trade Commission's review of Web privacy has found that relatively few websites have adopted comprehensive privacy guidelines. The FTC is expected to transmit its findings to Congress next month. Similarly, Commerce Secretary William Daley told the Chicago Tribune that, if he had to grade industry self-regulation efforts now, he likely would fail them. "It's not going very well," he said. Daley is expected to report to the President by July 1 on how well companies handle consumers' personal information. "Basically, nothing has happened," another senior administration official told the Tribune. "American business is not the most pro-active animal in the world." The findings are likely to add new pressure for the creation of effective privacy protections. A Business Week/Louis Harris opinion survey conducted in February found that 61 percent of non-Internet users would be more likely to use the medium if they were assured their personal information would be kept private. Significantly, 53 percent of those surveyed felt lawmakers needed to take immediate action to control what personal data businesses collect and how it is used. ======================================================================= [3] EPIC Urges Rejection of FBI Wiretap Initiative ======================================================================= In formal comments filed with the Federal Communications Commission on May 20, EPIC urged the FCC to reject an FBI attempt to gain new surveillance powers in the digital realm. The Commission is considering an FBI petition under the Communications Assistance to Law Enforcement Act (CALEA), a controversial 1994 law that requires the telecommunications industry to ensure that new digital technologies do not hamper traditional law enforcement wiretapping capabilities. The comments, filed jointly by EPIC, the American Civil Liberties Union and the Electronic Frontier Foundation, provide a historic overview of wiretap legislation dating back to 1968. The submission notes that Congress has always required that privacy rights be strongly protected and that police surveillance powers be strictly limited. The current FCC proceeding began after negotiations between the FBI and the telecommunications industry broke down over FBI demands for enhanced access to private data. Disputed issues include: whether wireless service providers must provide location tracking capabilities; increased abilities to monitor conference calls; proposed access to the full content of customer communications from carriers using packet switching; and the scope of "call-identifying information" that must be provided to law enforcement agencies. The FCC proceeding is the culmination of a controversy that began in the early 1990's when the FBI first sought a "digital telephony" law to address new communications technology. As the EPIC/ACLU/EFF comments note, Groups dedicated to the protection of privacy expressed grave reservations in 1994 about the potential for CALEA to be used improperly by law enforcement to expand the scope of electronic surveillance; with the filing of the FBI Petition, these concerns have been realized. . . . The FBI seeks surveillance capabilities that far exceed the capabilities the FBI has had in the past and is entitled to under the law. Additional information on CALEA, including the full text of the EPIC comments, is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [4] Clinton Issues "Cyber Threat" Directive ======================================================================= President Clinton announced a new government initiative on May 22 to protect the nation's electronic infrastructure from hostile "cyberattacks." In a commencement address at the U.S. Naval Academy, the President outlined the Administration's response to the recent report of the President's Commission on Critical Infrastructure Protection (PCCIP). "As we approach the 21st century, our foes have extended the fields of battle from physical space to cyberspace," Clinton said. "These adversaries may attempt cyberattacks against our critical military systems and our economic base. We will launch a comprehensive plan to detect, deter, and defend against attacks on our critical infrastructures." Acknowledging concerns that such an initiative could threaten civil liberties, the President said, "We do not ever undermine freedom in the name of freedom." Controversy has emerged over how much authority the FBI and Justice Department may be given under the new initiative. Under the cyber-threat policy, the PCCIP will become the Critical Infrastructure Assurance Office (CIAO), which released a white paper on the President's directive. The CIAO paper indicates that federal agencies must have initial procedures in place to protect the nation's infrastructure by the year 2000, with permanent protections in place within five years. The details of the new policy are contained in Presidential Decision Directive 63, which has not been released to the public. The president also established a new office called the National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism, which will be responsible for a broad range of policies and programs. More information on critical infrastructure protection, including the text of the CIAO white paper, is available at: http://www.epic.org/security/#infowar ======================================================================= [5] New Report Finds Identity Theft Increasing ======================================================================= The General Accounting Office released a report on May 26 finding that cases of identity theft are increasing. The GAO found that no federal agency has primary jurisdiction over the problem and a lack of a clear definition is hampering efforts to track it. Credit bureaus are also largely ignoring the issue, with only one -- Trans Union -- keeping track of consumer inquiries. Its representatives told the GAO that two-thirds of the firm's 522,000 customer inquiries in 1997 involved identify theft. One important issue is the use of the Social Security Number. The SSN is a common identifier used by many agencies and businesses and is also frequently used as a password by credit card companies. Possession of an SSN makes it possible to steal an identity. The Social Security Administration reported that there were 1153 investigations for SSN misuse in 1997, up from 305 in 1996. The Justice Department reported that it prosecuted over 2000 cases of SSN misuse between 1992 and 1997. In response to concerns about privacy and identity theft, Rep. Jerry Kleczka (D-WI) last year introduced H.R. 1813, the Personal Information Privacy Act of 1997. The bill would limit the sale of personal information by credit bureaus, the use of SSNs for commercial purposes, and the dissemination of SSNs by state motor vehicle departments. The Associated Credit Bureaus, a trade association, told the GAO its members made "tens of millions of dollars annually" selling information from credit reports to marketers, merchants and others. The report also discussed the role of encryption in preventing crime. Representatives of the Secret Service told the GAO that "without effective encryption measures, Internet-related identity fraud will increase." ======================================================================= [6] Senate Approves Anti-Spam Bill ======================================================================= The Senate unanimously approved a bill restricting unsolicited commercial email (spam) on May 14. The bill requires that "a person who transmits an unsolicited commercial electronic mail message" shall display their name, physical address, phone number, and information on how to be removed from the mailing list. Such senders are also prohibited from forging any of the message's routing information. The Federal Communications Commission can investigate and impose fines of $15,000. Spammers who receive requests not to send further email must comply or face penalties. The bill as introduced and approved by the Senate Commerce Committee only prohibited the practice known as "slamming" -- changing telephone subscribers over to other long distance services without their consent. On the Senate floor, Sens. Murkowski (R-AK) and Torricelli (D-NJ) introduced an amendment which incorporated provisions of S. 771, an anti-spam bill. Another amendment introduced by Sen. Feinstein (D-CA), prohibiting health care providers from monitoring telephone calls with patients, was also approved. The amendment requires that all parties consent to the recording of conversations. It also requires that patients have the option of requesting that their conversations not be recorded. More information on spam is available at: http://www.epic.org/privacy/internet/spam/ ======================================================================= [7] New Congressional Bills and Upcoming Hearings ======================================================================= * New Bills * H.R.3900. Consumer Health and Research Technology (CHART) Protection Act. A bill to establish Federal penalties for prohibited uses and disclosures of individually identifiable health information, to establish a right in an individual to inspect and copy their own health information, and for other purposes. Allows disclosure to government without warrant and researchers with little need. Introduced by Rep. Shays (R-CT) on May 19. Referred to the Committee on Commerce, and in addition to the Committees on Ways and Means, and Government Reform and Oversight. S.1987. Child Protection and Sexual Predator Punishment Act of 1998. Increases penalties for transmitting obscene materials to minors, contacting minors using net "for the purpose of engaging in any sexual activity". Introduced by Rep. Dewine (R-OH) on April 24. Referred to the Committee on the Judiciary. S. 2022. Crime Identification Technology Act of 1998. Provides grants to states to upgrade systems for interstate sharing of records, fingerprints, background checks, DNA data bases and other information. Introduced by Rep. Dewine (R-OH) on April 30. Referred to the Committee on the Judiciary. Approved by Judiciary Committee on May 21. S.2052. Intelligence Authorization Act for Fiscal Year 1999. Intelligence Funding bill. Allows law enforcement to ask for pen registers in "national security" cases with very low standard. Introduced by Sen. Shelby (R-AL) on May 7. Approved by Intelligence Committee on May 7. Referred to the Committee on Armed Services. S.2067. Encryption Protects the Rights of Individuals from Violation and Abuse in CYberspace (E-PRIVACY) Act. Relaxes export controls on crypto, prohibits mandatory key escrow, creates "NET Center" for FBI, creates new criminal penalties. Sponsored by Sens. Ashcroft (R-MO) and Leahy (D-VT) on May 12. Referred to the Committee on the Judiciary. S.2103. Personal Privacy Protection Act. Anti-paparazzi bill. Introduced by Sen. Feinstein (D-CA) on May 20. Referred to the Committee on the Judiciary. S.2107. Electronic Commerce Enhancement Act. Creates legal framework for digital signatures. Introduced by Sen. Abraham (R-MI). * Bills Approved * H.R.2652. Collections of Information Antipiracy Act. Creates property right in databases of information, even if public domain information. Introduced by Rep. Coble (R-NC). Approved by House on voice vote on May 19. Referred to Senate Judiciary Committee. S.2037. An original bill to amend title 17, United States Code, to implement the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty, to provide limitations on copyright liability relating to material online, and for other purposes. Introduced by Sen. Hatch (R-UT). Approved by Senate on May 14, 1998 (99-0). ** Hearings ** June 4, 1998. House Commerce Committee. Subcommittee on Finance and Hazardous Materials hearing on Electronic Commerce: New Methods for Making Electronic Purchases. 2123 RHOB. 10:00 a.m. An updated list of the over 100 bills pending in Congress that relate to privacy and free speech is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= SCRAMBLING FOR SAFETY: Privacy, security and commercial implications of the UK and EU crypto policy announcements. 29th May 1998. London, UK. Sponsored by Cambridge University. contact: http://www.cl.cam.ac.uk/users/rja14/sfs98.html Public Forum on Personal Information Privacy. May 30, 1998. Waukesha, WI. Sponsored by Rep. Kleczka. Contact: Monette Goodrich (202) 225-4572. Ethics and Technology. June 5-6. San Jose, CA. Sponsored by Santa Clara University. Contact: www.scu.edu/ethics/ Hack It 98. June 5-7. Florence, Italy. Contact: http://www.ecn.org/hackit98 1998 EPIC Cryptography and Privacy Conference. June 8, 1998. Washington, DC. Sponsored by EPIC, Harvard University and London School of Economics. Contact: http://www.epic.org/events/crypto98/ Net Censorship In Europe. June 9, 1998. Washington, DC. Sponsored by the Freedom Forum. Contact: apowell@freedomforum.org INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. Contact: http://www.isoc.org/inet98/ Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm Telecommunications Policy Research Conference. October 3-5, 1998 Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/ CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: cpsr@cpsr.org PDC 98 - the Participatory Design Conference, "Broadening Participation" November 12-14, 1998. Seattle, Washington. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998 London, UK. Sponsored by by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. San Jose, California, January 18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.07 -----------------------
Return to:
Alert Home Page | EPIC Home Page