EPIC Alert 5.09 (6/25/98)

   ===============================================================
 
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
 
   ==============================================================
   Volume 5.09	                                    June 25, 1998
   --------------------------------------------------------------
 
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
 
                          http://www.epic.org
 
=======================================================================
Table of Contents
=======================================================================
 
[1] EPIC Releases New Report on Online Privacy
[2] House Subcommittee Approves Mandatory Filtering Bill
[3] Copyright Legislation Vote Delayed
[4] House Approves Delay for Digital Wiretap Law
[5] Self-Regulation Gets Low Marks at Privacy Summit
[6] EPIC/PI Launches New Privacy Page
[7] Encryption Update
[8] Upcoming Conferences and Events
 
=======================================================================
[1] EPIC Releases New Report on Online Privacy
=======================================================================
 
On June 22, EPIC released its new report, "Surfer Beware II: Notice
is Not Enough."  The new study shows that the Direct Marketing
Association's (DMA) commitment to the protection of consumer privacy
has not filtered down to its own members.  The report was released in
advance of the Commerce Department's privacy conference (see item 5,
below).
 
As a staunch supporter of self-regulation, the DMA had announced in
October 1997 a promise to require its members to comply with the trade
group's privacy guidelines.  However, nearly a year later, the EPIC
report shows that little, if any, progress has been made.  EPIC
surveyed the new members of the DMA, since the DMA refuses to release
a full list of its members.  Of the new members listed on the DMA web
site, all 40 that maintained web sites collected personal information.
Only eight had any semblance of a privacy notice.  Furthermore, only
three of those eight sites had adequate policies which satisfied the
DMA's own requirements.
 
An earlier University of Massachusetts study, commissioned by the DMA,
found that only 38 percent of surveyed DMA members inform consumers
that they are collecting information about them, only 33 percent seek
permission to use this information, and only 26 percent tell consumers
how this information is going to be used.
 
A March 1998 Businessweek/Harris poll found that 53 percent of
respondents favor legislation to protect privacy on the Internet.  The
result is consistent with other polls that show support for privacy
legislation.
 
EPIC's report can be found at:
 
     http://www2.epic.org/reports/surfer-beware2.html
 
=======================================================================
[2] House Subcommittee Approves Mandatory Filtering Bill
=======================================================================
 
The move toward mandatory Internet filtering continues in Congress.
Earlier this week, a House Appropriations subcommittee approved an
amendment to the Health and Human Services budget that would require
all public libraries and public or private schools that receive
federal funds "for the acquisition of any computer that is accessible
to minors and that has access to the Internet" to install filters.  To
comply, schools and libraries would need to use software that is
"designed to prevent minors from obtaining access to any obscene
information."  The adequacy of such software would be determined by
the governor of each state.
 
The filtering amendment, introduced by Rep. Ernest Istook (R-OK), has
a broader application than the "Internet School Filtering Act" now
pending in the Senate.  That bill, which the Commerce Committee
approved on March 12, would require the use of filtering software as a
condition of receiving federal "e-rate" Internet subsidies.  The
Istook amendment would apply to the recipients of any federal funds
used for the acquisition of computers.
 
EPIC is supporting an online campaign to raise Congressional awareness
of the implications of Internet filtering, which a current emphasis on
the Senate.  We are continuing to monitor developments in the House.
Faxes can be sent -- free of charge -- to your Senators by visiting
the EPIC Free Speech Action page:
 
     http://www.epic.org/free_speech/action/
 
Additional information on Internet filtering is also available at the
Internet Free Expression Alliance website:
 
     http://www.ifea.net
 
=======================================================================
[3] Copyright Legislation Vote Delayed
=======================================================================
 
The House Commerce Committee vote on copyright legislation scheduled
for June 24 has been postponed until mid-July due to remaining
controversy over fair use and privacy.  The Subcommittee on
Telecommunications approved the legislation on June 18.  The
legislation had previously been approved by the Senate and the House
Judiciary Committee without amendments.
 
One of the more controversial provisions is a complete ban on any
attempt to circumvent a technological protection measure that protects
copyrighted material.  During the subcommittee vote, Rep. Ed Markey
(D-MA) introduced an amendment that allows for circumvention to
protect personal privacy.  The subcommittee approved that amendment.
Also, an exception was included to allow cryptographers to circumvent
so they may continue to pursue research and develop encryption tools.
 
Language that would preserve the right of fair use in the digital age
remains controversial.  Rep. Thomas Bliley (R-VA), Chair of the
Commerce Committee, has urged all parties to find a solution that both
protects the rights of authors to protect their work and the rights of
users to fair uses of the work.
 
For more information see the USACM Copyright page at:
 
     http://www.acm.org/usacm/copyright/
 
=======================================================================
[4] House Approves Delay for Digital Wiretap Law
=======================================================================
 
The House of Representatives approved an amendment to the Justice
Department Authorization bill on June 22 that delays the implement-
ation of the controversial Communications Assistance for Law
Enforcement Act (CALEA) for two more years.  The amendment was
introduced by Rep. Zoe Lofgren (D-CA) and garnered bipartisan support.
 
Section 204 of H.R. 3303 delays the deadline by which telecommuni-
cations companies must make their equipment compliant under CALEA from
October 1998 until October 2000.  Several Representatives spoke on the
House floor, recognizing that delays in developing the wiretap
standards would make it impossible for telecommunications companies to
comply with CALEA by the October deadline.
 
The bill also modifies CALEA to allow telecommunications companies to
receive reimbursement for modifying existing equipment to be CALEA
compliant.  Previously, to be eligible for reimbursement, the
equipment had to be in place before 1995.  The bill moves the deadline
forward until 2000.
 
More information on wiretapping and CALEA is available at:
 
     http://www.epic.org/privacy/wiretap/
 
=======================================================================
[5] Self-Regulation Gets Low Marks at Privacy Summit
=======================================================================
 
On June 23 and 24, the U.S. Department of Commerce held a public
meeting on Internet Privacy in Washington, D.C.  The two day
conference was designed to assess the effectiveness of the private
sector's implementation of the Clinton Administration's call for
self-regulation of privacy on the Internet.  Academics, industry
representatives, privacy advocates, public interest groups, and
Washington policymakers were invited to demonstrate and to debate the
efficacy of self-regulation.  Over the two days various methods were
examined for privacy protection, such as certification programs,
technological aids, and public education.
 
In an effort to stave off government regulation, industry groups
unveiled their own eleventh-hour privacy plans.  On June 22, a
coalition of some 50 companies and business associations introduced
the Online Privacy Alliance, whereby member companies pledge to adopt
privacy policies according to the Alliance's guidelines.  On the same
day, the Better Business Bureau announced its own plans to launch a
privacy certification program that would allow web sites to display
the BBB's seal of approval.  These groups and others were invited to
strut their stuff before a panel of privacy experts, including Marc
Rotenberg of EPIC.  Under questioning from the panel, it was shown
that none of the proposals had any means of effecting compliance, nor
any means for redressing consumer grievances.  Each of the privacy
programs received low grades from the panel for adequate protection of
privacy.  The most glaring omission of each was lack of enforcement
mechanisms or of any method for consumers to access their own data.
 
Many of the solutions offered put the onus of privacy protection upon
the consumer and not businesses.  Various technological tools were
demonstrated that would help the consumer to protect their privacy
while browsing, such as P3P, filters and anonymizers.  But the
technology panel admitted that technology could not be a replacement
for privacy policies, but merely an aid for promoting such policies.
Self-regulation advocates by and large favored consumer education and
the conference was rife with consumer-targeted self-help brochures.
 
What was clear from the conference is that a patchwork of "evolving"
self-regulatory programs, with little or no means for enforcement fell
short of the Department of Commerce's hopes for an industry based
solution.  Consumer groups and privacy advocates pointed out that the
market fails to provide incentives for online industries to adapt
effective privacy policies, and that proposing guidelines alone does
not provide the safeguards that legislation would provide.  Commerce
Secretary William M. Daley expressed his disappointment at the poor
showing of effective self-regulation: "Articulating principles isn't
adequate.  There has to a way to enforce this [self-regulation] that
the consumer can trust, or this won't work -- there has to be some
meaningful consequences to companies that don't comply with privacy
rules."  Consumer and privacy groups believe it is clear that industry
cannot be relied upon to regulate itself, and that the time has come
for the government to step in and protect privacy online.
 
More information on privacy policy is available at:
 
     http://www.epic.org/privacy/
 
=======================================================================
[6] Encryption Update
=======================================================================
 
* The month of June has been busy for encryption policy.  Supporters
of the SAFE and E-PRIVACY bills are renewing their efforts to pass the
measures.  However, there are less than 30 working days left in the
Congressional session this year, so its appears unlikely that any
legislative efforts will succeed.
 
* Nearly three hundred people attended the 1998 EPIC Cryptography and
Privacy  Conference on June 6.  The Conference was keynoted by Senator
Conrad Burns (R-MT) and Congressman Bob Goodlatte (R-VA) and included
Undersecretary of Commerce for Export Administration William Reinsch
and Principal Associate Attorney General Robert Litt.  Speakers also
included representatives from the governments of Canada, the United
Kingdom and Germany.
 
* On June 7, the CEOs of several computer companies sat down with FBI
Director Louis Freeh and Attorney General Janet Reno to discuss
encryption policy.  Following the meeting, the participants declined
to discuss what had been said but it appears that no major deals were
made.  "What has happened is that the ability to keep information
private has increased," Microsoft chief Bill Gates said. "Law
enforcement has to accept that.  Can the genie be put back in the
bottle? The answer is no."
 
* Forty-three House Democrats, including House Democratic Leader
Richard Gephardt, Democratic Whip David Bonior and Rep. Zoe Lofgren
sent a letter on June 24 asking Speaker Newt Gingrich to schedule
action on encryption export relief legislation prior to the July 4
recess.  Gephardt said, "We ask the Republican leaders to make
resolution of this issue a top priority.  We are willing to work with
all sides for workable export policies that prevent crime, promote
exports and national security and secure the future of the information
age."
 
* Only two years after describing the Skipjack encryption algorithm as
highly classified and stating that its release would pose a serious
danger to national security, the National Security Agency has changed
course.  NSA publicly released the algorithm --the heart of the
infamous Clipper Chip and Fortezza Card -- on June 23.
 
More information on encryption policy is available at:
 
     http://www.crypto.org/
 
=======================================================================
[7] EPIC/PI Launch New Privacy Web Site
=======================================================================
 
EPIC and Privacy International have launched The Privacy Page, a
completely redesigned online privacy resource located at
www.privacy.org.  In addition to a regularly updated news archive on
privacy issues, the site features links to privacy tools, privacy
resources, international privacy sites, consumer information, kids and
privacy, and the EPIC privacy bookstore.  StraightScoop, another
weekly feature, presents an opinionated summary of the main issues in
the current online privacy debate.
 
The Privacy Page is available at:
 
     http://www.privacy.org
 
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
 
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet
Society. Contact: http://www.isoc.org/inet98/
 
Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998.  Sponsored by the Association for Information
Systems Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm
 
Telecommunications Policy Research Conference. October 3-5, 1998
Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/
 
CPSR Annual Conference - Internet Governance.  Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact: cpsr@cpsr.org
 
PDC 98 - the Participatory Design Conference, "Broadening
Participation" November 12-14, 1998. Seattle, Washington.  Sponsored
by Computer Professionals for Social Responsibility in cooperation
with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
 
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December
1998 London, UK. Sponsored by ACMSIGCAS and London School of
Economics. http://is.lse.ac.uk/lucas/cepe98.htm
 
1999 RSA Data Security Conference.  San Jose, California, January
18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
 
FC '99  Third Annual Conference on Financial Cryptography, Anguilla,
B.W.I., February 22-25 1999 (submissions due: September 25, 1998).
 
 
          (Send calendar submissions to alert@epic.org)
 
=======================================================================
Subscription Information
=======================================================================
 
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
 
     http://www.epic.org/alert/subscribe.html
 
Back issues are available at:
 
     http://www.epic.org/alert/
 
=======================================================================
About EPIC
=======================================================================
 
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
 
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
 
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.
 
Thank you for your support.
 
  ---------------------- END EPIC Alert 5.09 -----------------------
Return to:
Alert Home Page | EPIC Home Page
 