EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.08	                                    June 17, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Subcommittee to Vote on Copyright Bill
[2] Senate May Soon Consider Internet Censorship Bills
[3] Commerce Department Announces Net Privacy Summit
[4] FTC Releases Report on Online Privacy
[5] House Approves Child Protection Bill
[6] EPIC Testifies on Copyright and Privacy
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events
[1] Subcommittee to Vote on Copyright Bill
The House Commerce Subcommittee on Telecommunications, Trade and
Consumer Protection will vote today on controversial legislation to
implement the World Intellectual Property Organization Treaty on
Copyright.  The "WIPO Implementation Act" (H.R. 2281) will
over-regulate emerging technologies, eliminate privacy protections,
outlaw reverse engineering and encryption research, and weaken fair
use privileges.  The bill has already been approved by the Senate and
the House Judiciary Committee.
Computer professionals and consumers are urged to contact their
Representatives and the members of the Commerce Committee and say that
they oppose the bill as currently drafted and that they support
amendments that will correct the problems described below:
Section 1201: Makes the use, manufacture or sale of any technology
that can be used to circumvent copyright protections illegal. This
section will criminalize the manufacture, import, or use of tools
necessary to perform research in cryptography; impede the ability of
system operators to find and correct weaknesses in their systems;
prevent computer users from protecting their privacy online by
removing cookies from their computer.  Additionally, if cookies are
used as a copyright protection system it would be unlawful to
manufacture a device that removes the cookie from the system.
Section 1202: Allows for the collection of personally identifiable
information as part of the Copyright Management System.  This section
will allow content owners to collect personally-identifiable
information about users who access their copyrighted works.  This will
eliminate anonymous reading and allow content owners to track not only
which online magazines you access but also which articles you read and
which pictures you look at.
[See item 6, below, for details of EPIC's testimony on the bill.]
More information is available from the EPIC/EFF/CPT alert at:
[2] Senate May Soon Consider Internet Censorship Bills
The Senate may soon vote on two Internet censorship bills.  Sen. John
McCain's "Internet School Filtering Act" (S. 1619) would require
schools and libraries receiving federal Internet subsidies to install
filtering software designed to prevent children from accessing
"inappropriate" material.  Sen. Dan Coats' bill (S. 1482) would
criminalize the "commercial" distribution on websites of material that
is "harmful to minors."  The Coats bill, in adopting a criminalization
approach to online content, is similar to the Communications Decency
Act (CDA) struck down last year by the U.S. Supreme Court.  The bill
has been dubbed "CDA II."
The Senate Commerce Committee approved both measures on March 12.  The
bills were initially scheduled for consideration during the Senate's
"Tech Week" last month, when "non-controversial" technology
legislation were brought to the Senate floor.  Growing controversy
surrounding the bills apparently led to their removal from the agenda.
It is likely that supporters of the legislation will again attempt to
bring the bills to the floor, possibly as amendments to less
controversial Internet-related measures.  EPIC is joining with the
ACLU and EFF in sponsoring an online campaign to raise Congressional
awareness of the implications of these Internet censorship bills.
Faxes can be sent -- free of charge -- to your Senators by visiting
the EPIC Free Speech Action page:
If you sent faxes to the Senate last month, you helped keep these
bills off the floor.  Please reiterate your concerns once again and
let your Senators know that these measures remain controversial.
Additional information on Internet censorship is also available at the
Internet Free Expression Alliance website:
[3] Commerce Department to Hold Privacy Summit
The Commerce Department has announced that its long-awaited public
meeting on privacy will be held on June 23 and 24 in Washington, D.C.
The topics discussed will include:
    * Lack of privacy in online transactions, Internet browsing
      and email;
    * Privacy issues specific to children in the online environment;
    * The problems with industry self regulation;
    * A proposed methodology to further delay reform of privacy
    * Need for legislation to protect privacy on the Internet;
    * Technologies based on anonymity currently available on the
      Internet to protect consumer privacy
    + Importance of strong encryption for electronic commerce and
      consumer privacy
The meeting was originally scheduled for April but it has been delayed
several times due to controversy over who would organize it and what
topics would be discussed.  Over 70 advocates, professionals and
academics wrote Commerce Secretary Daley in February expressing
concern over the agenda, which was heavily biased towards industry
self-regulation and had little representation from consumer and
privacy advocates.
More information on the meeting is available at:
Letter Regarding a Proposed White House Conference on Privacy:
[4] FTC Releases Privacy Report
Earlier this month, the Federal Trade Commission released its Privacy
Online Report to Congress.  The report is based on a comprehensive
online survey of information practices of commercial Web sites
conducted in March 1998. Surveying over 1,400 Web sites, the
Commission reported that upwards of 85 percent of Web sites collect
personal information, while only 14 percent provide any notice about
their information practice.
The Commission also performed a separate study concerning the
collection of information at children's sites.  It found that 89
percent of those sites collect personal information from children.
While 54 percent of children's sites do provide some sort of
disclosure about their information practices, only 23 percent tell the
children to seek parental permission before providing personal
information. Furthermore, only seven percent of the sites indicate
that they will notify parents of their information practices and less
than 10 percent provide for parental control over the collection
and/or use of information obtained from children.
It is evident from these findings that self-regulation has been so far
unsuccessful.  As the Commission concludes, "substantially greater
incentives are needed to spur self-regulation."  It will recommend an
appropriate response to protect online consumer privacy later this
summer.  However, in response to its findings on children's privacy,
the Commission already recommends that Congress develop legislation
placing parents in control of the online collection and use of
personal information from children 12 and under.  In addition, the FTC
has released a staff opinion letter stating that the collection of
certain personal information from children online and its transfer to
third parties without obtaining prior parental consent may be an
unfair practice in violation of Section 5 of the Federal Trade
Commission Act.
The findings of the FTC report confirms EPIC's own 1997 online privacy
report -- "Surfer Beware" -- which reviewed 100 of the most frequently
visited web sites on the Internet.  However, despite its findings, the
FTC still seems to be leaning towards an industry self-regulation
approach.  According to the report, "the question is what additional
incentives are required in order to encourage effective
self-regulatory efforts by industry."  The Commission's focus on
notice as "the most fundamental fair information practice" also seems
misled.  Fair information practices need to further articulate the
responsibilities of the data collectors and rights of the data
The FTC report is available at:
EPIC's "Surfer Beware" report is available at:
[5] House Approves Child Protection Bill
The House of Representatives approved a bill on June 9 that would
weaken legal protections on the privacy of electronic mail and records
and threaten online privacy.  The House unanimously approved H.R.
3494, the Child  Protection and Sexual Predator Punishment Act of
1998. The bill requires Internet service providers who become aware of
child pornography to report it to the Justice Department.  The bill
requires that ISPs who "obtain knowledge of facts or circumstances
from which a violation of [laws on] child pornography is apparent
shall make a report to a [federal] agency."  The bill amends the
Electronic Communications Privacy Act by removing the requirement that
law enforcement obtain a court order before the ISP can disclose
private email when the presence of child pornography is suspected.
ISPs that do not report can be fined $100,000.
The bill also criminalizes transmitting personally identifiable
information about persons under 18 by computer for the purpose of
"facilitating, encouraging, offering, or soliciting any person to
engage in sexual activity."  It requires the Attorney General to
"begin a study of computer-based technologies and other approaches to
the problem of the availability of pornographic materials to children
on the Internet, in order to develop possible amendments to Federal
criminal law and other law enforcement techniques to respond to this
problem."  The study would look at filtering technologies and their
limitations, criminal law options for promoting the development, and
applicable constitutional limitations. The report would be due in two
[6] EPIC Testifies on Copyright and Privacy
On June 5, EPIC Director Marc Rotenberg testified before the
Subcommittee on Telecommunications, Trade, and Consumer Protection of
the House Commerce Committee.  His testimony focused on the privacy
issues concerning H.R. 2281, a bill currently being considered in the
House of Representatives.  Known as the WIPO Copyright Treaties
Implementation Act, H.R. 2281 intends to implement the World
Intellectual Property Organization (WIPO) Copyright Treaty to protect
copyrighted material in the digital age.  However, as Rotenberg
testified, "H.R. 2281, as currently drafted, threatens to obliterate
existing privacy safeguards."
Specifically, privacy concerns must be addressed in Section 1202 of
the bill which seeks to preserve the integrity of copyright management
information.  Copyright management information is information which
may be collected in the course of establishing a copyright system.
However, as defined in the bill, "copyright management information" is
too broad.  While the bill defines what copyright management
information can be, it does not define what cannot be.  That is, the
definition of copyright management information does not preclude the
collection of personally identifiable information.  It is important
that developers of copyright management systems are aware that
personal identifiable information should not be incorporated in such
The testimony also discussed the privacy concerns in Section
1201(a)(1) which simply states that "No person shall circumvent a
technological protection measure that effectively controls access."
Because technology such as Internet cookies could arguably be used
"control access" to copyrighted works on a Web site, Rotenberg argued
that such language was too broad and would inadvertently make it
illegal for individuals from removing cookies from their own hard
The EPIC testimony also addressed additional issues concerning the
Online Service Provider liability, encryption research, and law
enforcement exceptions in the bill.  Ultimately, Rotenberg called for
the Subcommittee to "consider a new provision that would explicitly
guarantee the right of individual to receive information without
disclosure of identity -- a right of anonymity."
The EPIC testimony is available at:
[7] New Congressional Bills and Upcoming Hearings
* New Bills  *
H.R. 3975.  Drug-Free Ports Act.  Allows greater access to information
held by U.S. Justice Department for background checks.  Introduced by
Shaw (R-FL) on May 22. Referred to the Committee on the
An updated list of the over 100 bills pending in Congress that
relate to privacy and free speech is available at:
[8] Upcoming Conferences and Events
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society. Contact: http://www.isoc.org/inet98/
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998.  Sponsored by the Association for Information Systems
Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm
Telecommunications Policy Research Conference. October 3-5, 1998
Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/
CPSR Annual Conference - Internet Governance.  Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsr@cpsr.org
PDC 98 - the Participatory Design Conference, "Broadening
Participation" November 12-14, 1998. Seattle, Washington.  Sponsored by
Computer Professionals for Social Responsibility in cooperation with
ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December
1998 London, UK. Sponsored by ACMSIGCAS and London School of
Economics. http://is.lse.ac.uk/lucas/cepe98.htm
1999 RSA Data Security Conference.  San Jose, California, January
18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research. For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Individuals with First Virtual accounts can donate at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and funding of the digital wiretap law.
Thank you for your support.
  ---------------------- END EPIC Alert 5.08 -----------------------

Return to:

Alert Home Page | EPIC Home Page