EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.12	                             September 16, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] House Committee Holds Ironic Censorship Hearing
[2] Global Groups Urge Removal of Crypto Controls;
    More Minor Changes in U.S. Policy Announced
[3] FCC Extends Deadline for Wiretap Law Compliance
[4] Federal Trade Commission Acts on Privacy
[5] Global Conference on Internet Policy - Ottawa, October 7
[6] EPIC Publishes Privacy Law Sourcebook
[7] New Bills and Action in Congress
[8] Upcoming Conferences and Events
[1] House Committee Holds Ironic Censorship Hearing
A House subcommittee held a hearing on September 11 to consider
"legislative proposals to protect children from inappropriate materials
on the Internet."  The timing of the hearing proved to be ironic;
several lawmakers and witnesses noted that the House of Representatives
would, within hours, post on its website Independent Counsel Kenneth
Starr's sexually explicit report on President Clinton's relationship
with Monica Lewinsky.  The coincidence underscores the fact that
distinguishing between "inappropriate" material and that which deserves
wide distribution requires difficult -- and subjective -- judgments.
Before the subcommittee are a half dozen bills intended to limit
children's access to online materials.  The "Safe Schools Internet Act"
(H.R. 3177) would require that all public libraries and schools that
receive federal funds for Internet access install blocking software to
restrict minors' access to "inappropriate" material.  The "E-Rate
Policy and Child Protection Act" (H.R. 3442) would require schools and
libraries to adopt policies "with respect to access to material that is
inappropriate for children."  The "Child Online Protection Act" (H.R.
3783) would punish commercial online distributors of material deemed
"harmful to minors" with up to six months in jail and a $50,000 fine.
Three pending bills (H.R. 774, H.R. 1180 and H.R. 1964) would require
Internet access providers to offer customers "screening" software
designed to block access to material that might be "unsuitable" or
"inappropriate" for children.  The Senate has already approved its own
versions of H.R. 3177 and H.R. 3783 and a requirement that ISPs make
screening software available.
In a joint statement submitted at the hearing, 24 organizations urged
Congress "to oppose any measure that would dilute the potential" of the
Internet. The groups expressed their view that "community-based
educational approaches, as opposed to federally-mandated filtering
requirements and new criminal laws, are the best ways to address the
issue of how our children use the Internet."  The statement was
coordinated by the Internet Free Expression Alliance (IFEA).
The House Subcommittee on Telecommunications, Trade and Consumer
Protection has scheduled a markup of H.R. 3783, the Child Online
Protection Act, for September 17.
Additional information on pending Internet censorship legislation,
including the full text of the joint statement, is available at the
IFEA website:
[2] Global Groups Urge Removal of Crypto Controls:
    More Minor Changes in U.S. Policy Announced
Members of the Global Internet Liberty Campaign (GILC) -- a coalition
of nearly 50 non-governmental human rights, civil liberties, consumer,
and computer user groups from around the world -- issued an open
statement on September 14 calling for the removal of cryptography
controls from the Wassenaar Arrangement, an international agreement
that governs the proliferation of offensive military technology.  The
statement was sent to the technical expert representatives of the 33
nations who are signatories to the Wassenaar Arrangement and who are
due to begin a review of the arrangement this Fall.
The statement argues that continued efforts to impose controls on the
use of encryption based on outdated Cold War policies run contrary to
the growing trend among national government to promote the availability
of strong encryption to encourage electronic commerce and protect
personal privacy.  Earlier this year, GILC released a report that found
that few countries impose controls on the use, manufacture, or
distribution of encryption products.  The report cited the
disproportionate influence of state security agencies in the United
States to explain that country's efforts to expand law enforcement
authority in the development of encryption policy.
EPIC serves as the U.S. coordinator of the international campaign to
remove encryption from the Wassenaar Arrangement.
The GILC member statement, which was signed by 25 non-governmental
organizations from around the world, can be found at:
The White House announced on September 16 more changes to U.S. export
control laws on cryptography. The announcement reflects minor changes
in existing controls and the bulk of controls on strong encryption
still remain, especially for end users who are not major corporations.
Under the new changes, strong crypto would be available to a limited
number of non-us companies  - insurance, health care and online
merchants in the 45 countries with money laundering laws. US Companies
would be able to export to their subsidiaries in nearly all countries.
Following the announcement by the Electronic Frontier Foundation of the
creation of a DES-cracker, restrictions on 56-bit products would be
relaxed to most countries.
Regulations on export of key recover products would be reduced and
export of products such as Cisco Systems' "Private Doorbell" would be
exportable with minimum review.
A "Technology Support Center" would be created to assist law
enforcement agencies with encryption problems. The White House is
calling on Congress to fund the center and the private sector will work
in partnership with the effort.
Additional information on the new U.S. encryption control policy will
soon be available at:
[3] FCC Extends Deadline for Wiretap Law Compliance
In an order issued on September 11, the Federal Communications
Commission extended until June 30, 2000, the deadline for industry
compliance with the Communications Assistance for Law Enforcement Act
(CALEA).  At issue is the feasibility of implementing the controversial
1994 law, which requires the telecommunications industry to ensure that
new digital technologies do not hamper traditional law enforcement
wiretapping capabilities.  Had the Commission not acted, compliance
would have been required by October 25 of this year.
The current FCC proceedings on CALEA began after negotiations between
the FBI and the telecommunications industry broke down over FBI demands
for enhanced access to the communications network.  Disputed issues
include: whether wireless service providers must provide location
tracking capabilities; increased abilities to monitor conference calls;
proposed access to the full content of customer communications from
carriers using packet switching; and the scope of "call-identifying
information" that must be provided to law enforcement agencies.   The
FCC proceeding is the culmination of a controversy that began in the
early 1990's when the FBI first sought a "digital telephony" law to
address new communications technology.
The Commission expressly rejected "the FBI's assertion that an
extension of the compliance date would interfere with law enforcement's
ability to protect the public from criminal activity," noting that "All
carriers currently provide technical assistance to law enforcement to
conduct lawfully authorized wiretaps, and nothing in this Order should
be construed as relieving carriers of their pre-CALEA responsibilities
to assist law enforcement authorities in conducting authorized
The Senate Judiciary Committee is scheduled to debate and approve H.R.
3303, the Justice Department authorization bill already approved by the
House, on September 17.  The bill includes a two-year delay in CALEA
implementation and a change in the law extending the deadlines for
telephone companies to be reimbursed for equipment required under the
Additional information on CALEA is available at:
[4] Federal Trade Commission Acts on Privacy
An FTC Administrative Law Judge ruled on July 31 that Trans Union, one
of the nation's largest credit agencies, violated the Fair Credit
Reporting Act by selling information from individuals' credit records
to direct marketing firms.  The Judge ordered the company to stop the
practice, finding that "Trans Union invades consumers' privacy when it
sells consumers' credit histories to third-party marketers without
consumers' knowledge or consent."  The judge was also critical of
opt-out approaches, citing evidence that most consumers are unaware of
their ability to be removed from marketing lists.  He found that "there
is no direct credible evidence of the success rate of the opt-out
actually stopping direct mail and telemarketing calls."
On August 13, the FTC agreed to a settlement with GeoCities, a major
Internet site.  GeoCities was charged with collecting personal
information from users and disclosing it to other companies and
deceptively collecting information from children.  Under the
settlement, GeoCities agreed to post on its site a privacy notice
telling consumers what information is being collected and for what
purpose; to whom it will be disclosed; and how consumers can access and
remove the information.  To ensure parental control, GeoCities also
will need to obtain parental consent before collecting information from
children 12 and under.  However, the agreement is limited because the
settlement does not set standards for GeoCities's privacy policy and
there will be compensation for people affected by the deceptive
More information on the FTC is available at:
[5] Global Internet Policy Conference in Ottawa, October 7
The Global Liberty Internet Campaign (GILC) will sponsor "The Public
Voice in the Development of Internet Policy" in Ottawa, Canada on
Wednesday, October 7, 1998.  The meeting is scheduled to coincide with
the Ministerial meeting of the Organization for Economic Cooperation
and Development that begins in Ottawa on October 8.
The Public Voice conference is a public meeting on the role of the
citizen in the development of the information society.  The meeting
will hear from consumer groups, human rights organizations and civil
liberties advocates on such issues as privacy, access, consumer
protection and human rights in the 21st century.
The featured speakers include M. David Johnston, the former chairman of
the Canadian Information Highway Advisory Council (IHAC) and Stephen
Lau, the Privacy Commissioner for Personal Data in Hong Kong.
The GILC meeting is being organized by EPIC in cooperation with
Federation Nationale des Associations de Consommateurs du Quebec
(Montreal), the Public Interest Advocacy Center (Ottawa), and
Electronic Frontiers Canada.
More information about the GILC Public Voice conference, including
registration information, is available at:
[6] EPIC Publishes Privacy Law Sourcebook
New from EPIC:  "The Privacy Law Sourcebook: United States Law,
International Law, and Recent Developments" by EPIC's Director Marc
Rotenberg, is the most-current single-volume collection of major
privacy laws from around the globe.  This essential resource contains
all of the major U.S. privacy laws, including the Privacy Act of 1974,
the Electronic Communications Privacy Act of 1986 and the Telephone
Consumer Protection Act of 1991, as well as the text of the OECD
Cryptography Guidelines and the European Union Data Directive, which
goes into force in the fall of 1998.
The Sourcebook also includes the complete text of the 1980 OECD Privacy
Guidelines, the international privacy framework that is the basis for
many privacy laws around the globe.  Recent working papers from the
European Commission on the critical issue of determining "adequacy" of
data protection in third party countries are also covered.
The detailed Table of Contents makes it easy to find and identify the
statutory provisions that you are looking for, while a Privacy
Resources page provides you with the online addresses to several
excellent sites dealing with privacy laws and policies.
Total length of the soft cover book is approximately 435 pages.  To
order, send a check or money order along with your delivery address to:
EPIC Publications, 666 Pennsylvania Avenue S.E., Suite 301, Washington,
D.C. 20003.  Within the U.S., cost is $54 per copy, $29 for law
students, non-government organizations and non-profits.  Outside of the
U.S., the Sourcebook is $60 per copy, $35 for law students,
non-government organizations and non-profits.  All prices include
shipping and handling and are in U.S. funds.
For many other great titles on privacy, free speech and encryption,
visit the EPIC Bookstore at:
[7] New Bills and Action in Congress
H.R. 4281. Patient Privacy Act of 1998. Repeals requirement for
national patient ID number. Introduced by Paul (R-TX) on July 21.
Referred to the Committee on Ways and Means.
H.R. 4312. Medical Privacy Protection Act of 1998. Repeals national ID
number for patients. Introduced by Barr (R-GA) on July 22. Referred to
the Committee on Ways and Means, and in addition to the Committee on
Government Reform and Oversight.
H.R. 4321. Financial Information Privacy Act of 1998. To protect
consumers and financial institutions by preventing personal financial
information from being obtained from financial institutions under false
pretenses. Introduced by Leach (R-IA) on July 23. Referred to the
Committee on Banking and Financial Services.  Approved by House
Committee on Banking and Financial Service on August 21.  Referred
sequentially to the House Committee on the Judiciary and House
Committee on Commerce until Sept 25.
H.R. 4388. Consumer Financial Privacy Protection Act of 1998. Amends
the Consumer Credit Protection Act to require consumer privacy
protections. Introduced by LaFalce (D-NY) on August 4. Referred to the
Committee on Banking and Financial Services.
H.R. 4395. Real Estate Transaction Privacy Promotion Act. Prohibit a
lender from requiring a borrower in a residential mortgage transaction
to provide the lender with unlimited access to the borrower's tax
return information. Introduced by Rivers (D-MI) on August 4. Referred
to the Committee on Banking and Financial Services.
H.R. 4425. Personal Privacy Protection Act. Anti-Paparazzi bill.
Introduced by Conyers (D-MI) on August 6. Referred to the Committee on
the Judiciary.
H.R. 4431.  HIV Partner Protection Act. AIDS partner notification bill.
Introduced by Ackerman (D-NY). Referred to the Committee on Commerce.
H.R. 4470. Personal Data Privacy Act of 1998.  To prohibit Federal,
State, and local agencies and private entities from transferring,
selling, or disclosing personal data with respect to an individual to
other agencies or entities without the express consent of the
individual except in limited circumstances, and to require such
agencies and entities to provide individuals with personal data
maintained with respect to such individuals. Introduced by Hinchey
(D-NY) on August 6. Referred to the Committee on Government Reform and
H.R. 4478. Depository Institution Customers Financial Privacy
Enhancement Act of 1998.  To require insured depository institutions,
depository institution holding companies, and insured credit unions to
protect the confidentiality of financial information obtained
concerning their customers, and for other purposes. Introduced by
Markey (D-MA) on August 6. Referred to the Committee on Banking and
Financial Services.
H.R. 4479.  Securities Investors Privacy Enhancement Act of 1998.  To
require brokers, dealers, investment companies, and investment advisers
to protect the confidentiality of financial information obtained
concerning their customers, and for other purposes.  Introduced by
Markey (D-MA) on August 6. Referred to the Committee on Committee on
S. 2433. To protect consumers and financial institutions by preventing
personal financial information from being obtained from financial
institutions under false pretenses.  Introduced on September 2 by
D'Amato (R-NY).
[8] Upcoming Conferences and Events
Telecommunications Policy Research Conference. October 3-5, 1998
Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/
The Public Voice in the Development of Internet Policy. Ottawa, Canada.
October 7, 1998. Sponsored by GILC. Contact:
One Planet, One Net: Governing the Internet Symposium.  Boston, Mass,
Oct. 10-11. Sponsored by CPSR. Contact:
PDC 98 - the Participatory Design Conference, "Broadening
Participation" November 12-14, 1998. Seattle, Washington.  Sponsored by
Computer Professionals for Social Responsibility in cooperation with
ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December
1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. January 18-21, 1999. San Jose,
California. Sponsored by RSA. Contact: http://www.rsa.com/conf99/
FC '99  Third Annual Conference on Financial Cryptography. February
22-25 1999 Anguilla, B.W.I.,  (submissions due: September 25, 1998).
Computers, Freedom and Privacy (CFP) '99. April 6-8. Washington, DC.
Sponsored by ACM. Contact: info@cfp99.org.
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully tax-
deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.
Thank you for your support.
  ---------------------- END EPIC Alert 5.12 -----------------------

Return to:

Alert Home Page | EPIC Home Page