=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.09 June 25, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] EPIC Releases New Report on Online Privacy [2] House Subcommittee Approves Mandatory Filtering Bill [3] Copyright Legislation Vote Delayed [4] House Approves Delay for Digital Wiretap Law [5] Self-Regulation Gets Low Marks at Privacy Summit [6] EPIC/PI Launches New Privacy Page [7] Encryption Update [8] Upcoming Conferences and Events ======================================================================= [1] EPIC Releases New Report on Online Privacy ======================================================================= On June 22, EPIC released its new report, "Surfer Beware II: Notice is Not Enough." The new study shows that the Direct Marketing Association's (DMA) commitment to the protection of consumer privacy has not filtered down to its own members. The report was released in advance of the Commerce Department's privacy conference (see item 5, below). As a staunch supporter of self-regulation, the DMA had announced in October 1997 a promise to require its members to comply with the trade group's privacy guidelines. However, nearly a year later, the EPIC report shows that little, if any, progress has been made. EPIC surveyed the new members of the DMA, since the DMA refuses to release a full list of its members. Of the new members listed on the DMA web site, all 40 that maintained web sites collected personal information. Only eight had any semblance of a privacy notice. Furthermore, only three of those eight sites had adequate policies which satisfied the DMA's own requirements. An earlier University of Massachusetts study, commissioned by the DMA, found that only 38 percent of surveyed DMA members inform consumers that they are collecting information about them, only 33 percent seek permission to use this information, and only 26 percent tell consumers how this information is going to be used. A March 1998 Businessweek/Harris poll found that 53 percent of respondents favor legislation to protect privacy on the Internet. The result is consistent with other polls that show support for privacy legislation. EPIC's report can be found at: http://www2.epic.org/reports/surfer-beware2.html ======================================================================= [2] House Subcommittee Approves Mandatory Filtering Bill ======================================================================= The move toward mandatory Internet filtering continues in Congress. Earlier this week, a House Appropriations subcommittee approved an amendment to the Health and Human Services budget that would require all public libraries and public or private schools that receive federal funds "for the acquisition of any computer that is accessible to minors and that has access to the Internet" to install filters. To comply, schools and libraries would need to use software that is "designed to prevent minors from obtaining access to any obscene information." The adequacy of such software would be determined by the governor of each state. The filtering amendment, introduced by Rep. Ernest Istook (R-OK), has a broader application than the "Internet School Filtering Act" now pending in the Senate. That bill, which the Commerce Committee approved on March 12, would require the use of filtering software as a condition of receiving federal "e-rate" Internet subsidies. The Istook amendment would apply to the recipients of any federal funds used for the acquisition of computers. EPIC is supporting an online campaign to raise Congressional awareness of the implications of Internet filtering, which a current emphasis on the Senate. We are continuing to monitor developments in the House. Faxes can be sent -- free of charge -- to your Senators by visiting the EPIC Free Speech Action page: http://www.epic.org/free_speech/action/ Additional information on Internet filtering is also available at the Internet Free Expression Alliance website: http://www.ifea.net ======================================================================= [3] Copyright Legislation Vote Delayed ======================================================================= The House Commerce Committee vote on copyright legislation scheduled for June 24 has been postponed until mid-July due to remaining controversy over fair use and privacy. The Subcommittee on Telecommunications approved the legislation on June 18. The legislation had previously been approved by the Senate and the House Judiciary Committee without amendments. One of the more controversial provisions is a complete ban on any attempt to circumvent a technological protection measure that protects copyrighted material. During the subcommittee vote, Rep. Ed Markey (D-MA) introduced an amendment that allows for circumvention to protect personal privacy. The subcommittee approved that amendment. Also, an exception was included to allow cryptographers to circumvent so they may continue to pursue research and develop encryption tools. Language that would preserve the right of fair use in the digital age remains controversial. Rep. Thomas Bliley (R-VA), Chair of the Commerce Committee, has urged all parties to find a solution that both protects the rights of authors to protect their work and the rights of users to fair uses of the work. For more information see the USACM Copyright page at: http://www.acm.org/usacm/copyright/ ======================================================================= [4] House Approves Delay for Digital Wiretap Law ======================================================================= The House of Representatives approved an amendment to the Justice Department Authorization bill on June 22 that delays the implement- ation of the controversial Communications Assistance for Law Enforcement Act (CALEA) for two more years. The amendment was introduced by Rep. Zoe Lofgren (D-CA) and garnered bipartisan support. Section 204 of H.R. 3303 delays the deadline by which telecommuni- cations companies must make their equipment compliant under CALEA from October 1998 until October 2000. Several Representatives spoke on the House floor, recognizing that delays in developing the wiretap standards would make it impossible for telecommunications companies to comply with CALEA by the October deadline. The bill also modifies CALEA to allow telecommunications companies to receive reimbursement for modifying existing equipment to be CALEA compliant. Previously, to be eligible for reimbursement, the equipment had to be in place before 1995. The bill moves the deadline forward until 2000. More information on wiretapping and CALEA is available at: http://www.epic.org/privacy/wiretap/ ======================================================================= [5] Self-Regulation Gets Low Marks at Privacy Summit ======================================================================= On June 23 and 24, the U.S. Department of Commerce held a public meeting on Internet Privacy in Washington, D.C. The two day conference was designed to assess the effectiveness of the private sector's implementation of the Clinton Administration's call for self-regulation of privacy on the Internet. Academics, industry representatives, privacy advocates, public interest groups, and Washington policymakers were invited to demonstrate and to debate the efficacy of self-regulation. Over the two days various methods were examined for privacy protection, such as certification programs, technological aids, and public education. In an effort to stave off government regulation, industry groups unveiled their own eleventh-hour privacy plans. On June 22, a coalition of some 50 companies and business associations introduced the Online Privacy Alliance, whereby member companies pledge to adopt privacy policies according to the Alliance's guidelines. On the same day, the Better Business Bureau announced its own plans to launch a privacy certification program that would allow web sites to display the BBB's seal of approval. These groups and others were invited to strut their stuff before a panel of privacy experts, including Marc Rotenberg of EPIC. Under questioning from the panel, it was shown that none of the proposals had any means of effecting compliance, nor any means for redressing consumer grievances. Each of the privacy programs received low grades from the panel for adequate protection of privacy. The most glaring omission of each was lack of enforcement mechanisms or of any method for consumers to access their own data. Many of the solutions offered put the onus of privacy protection upon the consumer and not businesses. Various technological tools were demonstrated that would help the consumer to protect their privacy while browsing, such as P3P, filters and anonymizers. But the technology panel admitted that technology could not be a replacement for privacy policies, but merely an aid for promoting such policies. Self-regulation advocates by and large favored consumer education and the conference was rife with consumer-targeted self-help brochures. What was clear from the conference is that a patchwork of "evolving" self-regulatory programs, with little or no means for enforcement fell short of the Department of Commerce's hopes for an industry based solution. Consumer groups and privacy advocates pointed out that the market fails to provide incentives for online industries to adapt effective privacy policies, and that proposing guidelines alone does not provide the safeguards that legislation would provide. Commerce Secretary William M. Daley expressed his disappointment at the poor showing of effective self-regulation: "Articulating principles isn't adequate. There has to a way to enforce this [self-regulation] that the consumer can trust, or this won't work -- there has to be some meaningful consequences to companies that don't comply with privacy rules." Consumer and privacy groups believe it is clear that industry cannot be relied upon to regulate itself, and that the time has come for the government to step in and protect privacy online. More information on privacy policy is available at: http://www.epic.org/privacy/ ======================================================================= [6] Encryption Update ======================================================================= * The month of June has been busy for encryption policy. Supporters of the SAFE and E-PRIVACY bills are renewing their efforts to pass the measures. However, there are less than 30 working days left in the Congressional session this year, so its appears unlikely that any legislative efforts will succeed. * Nearly three hundred people attended the 1998 EPIC Cryptography and Privacy Conference on June 6. The Conference was keynoted by Senator Conrad Burns (R-MT) and Congressman Bob Goodlatte (R-VA) and included Undersecretary of Commerce for Export Administration William Reinsch and Principal Associate Attorney General Robert Litt. Speakers also included representatives from the governments of Canada, the United Kingdom and Germany. * On June 7, the CEOs of several computer companies sat down with FBI Director Louis Freeh and Attorney General Janet Reno to discuss encryption policy. Following the meeting, the participants declined to discuss what had been said but it appears that no major deals were made. "What has happened is that the ability to keep information private has increased," Microsoft chief Bill Gates said. "Law enforcement has to accept that. Can the genie be put back in the bottle? The answer is no." * Forty-three House Democrats, including House Democratic Leader Richard Gephardt, Democratic Whip David Bonior and Rep. Zoe Lofgren sent a letter on June 24 asking Speaker Newt Gingrich to schedule action on encryption export relief legislation prior to the July 4 recess. Gephardt said, "We ask the Republican leaders to make resolution of this issue a top priority. We are willing to work with all sides for workable export policies that prevent crime, promote exports and national security and secure the future of the information age." * Only two years after describing the Skipjack encryption algorithm as highly classified and stating that its release would pose a serious danger to national security, the National Security Agency has changed course. NSA publicly released the algorithm --the heart of the infamous Clipper Chip and Fortezza Card -- on June 23. More information on encryption policy is available at: http://www.crypto.org/ ======================================================================= [7] EPIC/PI Launch New Privacy Web Site ======================================================================= EPIC and Privacy International have launched The Privacy Page, a completely redesigned online privacy resource located at www.privacy.org. In addition to a regularly updated news archive on privacy issues, the site features links to privacy tools, privacy resources, international privacy sites, consumer information, kids and privacy, and the EPIC privacy bookstore. StraightScoop, another weekly feature, presents an opinionated summary of the main issues in the current online privacy debate. The Privacy Page is available at: http://www.privacy.org ======================================================================= [8] Upcoming Conferences and Events ======================================================================= INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. Contact: http://www.isoc.org/inet98/ Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm Telecommunications Policy Research Conference. October 3-5, 1998 Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/ CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: cpsr@cpsr.org PDC 98 - the Participatory Design Conference, "Broadening Participation" November 12-14, 1998. Seattle, Washington. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. San Jose, California, January 18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ FC '99 Third Annual Conference on Financial Cryptography, Anguilla, B.W.I., February 22-25 1999 (submissions due: September 25, 1998). (Send calendar submissions to alert@epic.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.09 -----------------------
Return to:
Alert Home Page | EPIC Home Page