EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.13	                                  October 5, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] GILC Publishes Global Survey of Privacy and Human Rights
[2] Global Internet Policy Conference Set to Begin in Ottawa
[3] Senate May Soon Consider "CDA2" Censorship Bill
[4] Canada Introduces Privacy Bill and New Crypto Policy
[5] UNESCO Congress Explores Cyberspace
[6] Senate Committee Approves Kids' Privacy Bill
[7] New Bills in Congress
[8] Upcoming Conferences and Events
[1] GILC Publishes Global Survey of Privacy and Human Rights
A new comprehensive report, "Privacy and Human Rights: An International
Survey of Privacy Laws and Practice," has been produced by EPIC and
Privacy International on behalf of the Global Internet Liberty Campaign
(GILC). The report details the state of privacy in 50 countries around
the world, outlining the constitutional and legal conditions of privacy
protection, and summarizing important issues and events relating to
privacy and surveillance.  Among the report's key findings:
- Privacy is a fundamental human right recognized in all major
international treaties and agreements on human rights.  Nearly every
country in the world recognizes privacy as a fundamental right in their
constitution, either explicitly or implicitly.  Most recently drafted
constitutions include specific rights to access and control one's
personal information.
- New technologies are increasingly eroding privacy rights.  These
include video surveillance cameras, identity cards and genetic
- There is a growing trend towards the enactment of comprehensive
privacy and data protection acts around the world.  Currently over 40
countries and jurisdictions have or are in the process of enacting such
laws. Countries are adopting these laws in many cases to address past
governmental abuses (such as in former East Bloc countries), to promote
electronic commerce, or to ensure compatibility with international
standards developed by the European Union, the Council of Europe, and
the Organization for Economic Cooperation and Development.
- Surveillance authority is regularly abused, even in many of the most
democratic countries.  The main targets are political opposition,
journalists, and human rights activists.  The U.S. government is
leading efforts to further relax legal and technical barriers to
electronic surveillance.  The Internet is coming under increased
Preparation of the report was supported by a grant provided by the Open
Society Institute.  It will be formally released and distributed at
GILC's "Public Voice in the Development of Internet Policy" conference
later this week in Ottawa (see below).
The text of the report is available at:
[2] Global Internet Policy Conference Set to Begin in Ottawa
The Global Liberty Internet Campaign (GILC) will sponsor "The Public
Voice in the Development of Internet Policy" in Ottawa, Canada on
Wednesday, October 7.  The meeting is scheduled to coincide with the
Ministerial meeting of the Organization for Economic Cooperation and
Development (OECD) that begins in Ottawa on October 8.
The Public Voice conference is a public meeting on the role of the
citizen in the development of the information society.  The meeting
will hear from consumer groups, human rights organizations and civil
liberties advocates on such issues as privacy, access, consumer
protection and human rights in the 21st century.
John Manley, the Canadian Minister of Industry will be the opening
speaker. Mr. Manley will be followed by David Johnston, the former
Chair of the Canadian Information Highway Advisory Council and former
Provost of McGill University.  Stephen Lau, the Privacy Commissioner
for Personal Data in Hong Kong, will address the group in the
afternoon.  Experts from Belgium, Canada, Norway, Britain, Germany,
Austria, Australia, and the United States will discuss a range of
important issues affecting consumers and citizens in the on-line world.
The GILC meeting is being organized by EPIC in cooperation with
Federation Nationale des Associations de Consommateurs du Quebec
(Montreal), the Public Interest Advocacy Center (Ottawa), and
Electronic Frontiers Canada.
More information about the GILC Public Voice conference, including
registration information, is available at:
[3] Senate May Soon Consider "CDA2" Censorship Bill
As Congress rushes to complete its work before a scheduled October 9
adjournment, Senate supporters of Internet censorship legislation are
attempting to attach their re-write of the Communications Decency Act
(CDA) to the pending (and relatively non-controversial) Internet Tax
Freedom Act. The Supreme Court struck down the original CDA last year.
The Senate has already passed Sen. Dan Coats' (R-IN) bill (dubbed
"CDA2") that would make it a crime for commercial web sites to display
to anyone under the age of 17 material deemed "harmful to minors."  It
passed as part of a comprehensive appropriations bill that is now
pending before a House-Senate conference committee.
The Internet Tax Freedom Act may provide an easier route for enacting
the Coats bill into law.  The House Commerce Committee recently
approved a similar proposal, the "Child Online Protection Act" (H.R.
3783), and that measure could come up for a vote on the House floor at
any time.
EPIC is supporting an online campaign to raise Congressional awareness
of the implications of Internet censorship laws.  Faxes can be sent --
free of charge -- to your Representative and Senators by visiting the
EPIC Free Speech Action page:
[4] Canada Introduces Privacy Bill and New Crypto Policy
Canadian Industry Minister John Manley announced two major proposals on
October 1 on privacy and electronic commerce.  One concerns a new bill
on privacy which will require companies holding personal information to
follow privacy rules.  The other major announcement was the
introduction of a new Canadian encryption policy which eschews
restrictions on domestic use and relaxes export controls.  Both
represent major setbacks for the U.S. government, which has placed
pressure on its allies to oppose privacy laws and place restrictions on
The "Personal Information Protect and Electronic Documents Act" imposes
new privacy rules on all companies engaged in federally regulated
businesses (including banking, telecommunications and transportation)
based on principles developed by the Canadian Standards Association.
Three years after coming into force, the provisions will apply to all
personal information collected, used or disclosed in the course of
commercial activities, except in provinces such as Quebec, which
already have privacy laws covering companies.  The bill is expected to
go into effect in 2000.
The standards impose "Fair Information Practices" on the use of
personal information by companies.  Under the bill, personal
information can not be used or disclosed for purposes other than those
for which it was collected, except with the consent of the individual
or as required by the law.  The collection of personal information is
limited to that which is necessary for the purposes identified by the
organization  and can only be kept as long as necessary for fulfillment
of those purposes.  Individuals can ask companies about the existence,
use and disclosure of their personal information and be given access to
the information. An individual would be able to challenge the accuracy
and completeness of the information and have it amended as appropriate.
More information on the bill is available at:
The Canadian Government also announced its new encryption policy on
October 1.  The policy represents a setback for U.S. officials such as
former "crypto czar" David Aaron, who had traveled to Canada to urge
the government to further restrict encryption.  Highlights of the
policy include:
- No domestic restrictions on encryption development and use.
Canadians are free to develop, import and use whatever cryptography
products they wish.  The Government will not implement mandatory key
recovery requirements or licensing regimes.
- The Government encourages industry to establish responsible
practices, such as key recovery techniques for stored data.  The
Government will act as a model user of cryptography through the
practices of the Government of Canada Public Key Infrastructure (GOC
PKI). The Government encourages and supports industry-led accreditation
of private sector certification authorities.
- Some relaxation on restrictions on export of encryption products.
Canada will continue to implement cryptography export controls in
keeping with the framework of the international Wassenaar Arrangement.
However, Canada will take into consideration the export practices of
other countries and the availability of comparable products when
rendering export permit decisions. The export permit application
process will be streamlined.
- New laws on criminalization.  The Government proposes amendments to
the Criminal Code and other statutes as necessary to criminalize the
wrongful disclosure of keys, deter the use of encryption in the
commission of a crime, deter the use of cryptography to conceal
evidence, and apply existing interception, search and seizure and
assistance procedures to cryptographic situations and circumstances.
More information on the policy is available at:
[5] UNESCO Congress Explores Cyberspace
Delegates from around the world engaged in lively round-table debates
at the 3-day INFOethics'98 Congress on the legal and societal
challenges of cyberspace, organised by UNESCO in co-operation with the
Principality of Monaco and the Institut national de l'audiovisuel,
(INA, France) and chaired by Peter Canisius, President of the German
National Commission to UNESCO.
The conference brought together governmental, university and
private-sector specialists from some 65 countries.  In his welcoming
address, Mr. Canisius urged participants to "form a common ground for
co-operation based on human rights, solidarity and justice in
"If we meet criminals on the information highways, we have to fight the
criminals -- not the highways," declared Henrikas Yushkiavitshus,
UNESCO Assistant Director-General for Communication, Information and
Informatics at the opening of the congress.  Mr. Yushkiavitshus
reminded participants of UNESCO's mandate to promote world-wide
implementation of articles enshrined in the 1948 Universal Declaration
of Human Rights, highlighting that the Internet offers "almost
unlimited opportunities for the practical implementation of Article
19," which upholds the "freedom to hold opinions without interference
and to seek, receive and impart information and ideas through any media
and regardless of frontiers."
Marc Rotenberg, executive director of EPIC and a Legal Expert to
UNESCO, called on UNESCO to assert the applicability of legal rights
across national borders.  "Article 12 of the Universal Declaration of
Human Rights establishes the fundamental right of privacy and should be
respected in all nations."
Rohan Samarajiva, Director-General of Telecommunications at the
Telecommunications Regulatory Commission of Sri Lanka, warned
participants that international co-operation may not help developing
countries and regions gain an equal voice in shaping cyberspace norms
and values.  "The fact is that cyberspace is populated primarily by
actors located in rich countries and they are the people who will set
the ground rules," suggested Mr. Samarajiva.  "Those (countries) who
join later and in smaller numbers will not have their cultural mores
and values reflected in these developing ethical and legal frameworks."
Kazem Motamed-Nejad, Professor of Communication Science at the
University of Allameh Tabatabai in Teheran (Iran), outlined efforts in
the field of communication policy by the Economic Cooperation for
Development (ECO), a regional body founded in 1990 grouping 10 Central
Asian and Arab states with a total population of over 300 million.  He
expressed hope that "ECO Member States may, at the regional level,
adopt legal instruments guaranteeing freedom of speech and information
while recognizing the limits of this freedom, of which the protection
of privacy is a part."
The participants at the Congress adopted a statement at the conclusion
of the conference reaffirming support for Article 19 of the Universal
Declaration on freedom of expression and Article 12 on the right to
privacy.  The group recommended that UNESCO in cooperation with other
international organizations pursue several efforts, including measures
to overcome barriers between information rich and information poor; the
promotion of learning, education and training to achieve media
competence; and an interdisciplinary debate on all ethical implications
of new communication technologies.
INFOethics '98 attracted scholars and policy-makers from every world
region to debate the ethical, legal and societal challenges of
cyberspace. Among the distinguished speakers were Alexander Yakolev, a
key figure from Russia's Glasnost movement now at the head of the
International Democracy Foundation; Vigdis Finnbogadottir, former
President of Iceland and current chairperson of UNESCO's World
Commission on the Ethics of Scientific Knowledge and Technology; Aidan
White, General Secretary of the Internet Federation of Journalists; and
Richard Stallman, founder of the Free Software Foundation and the
GNU/Linux "Copyleft" movement.
Additional information is available at:
     UNESCO Infoethics '98 Conference
     UNESCO Virtual Forum on INFOethics
     UNESCO Infoethics '98 Press Releases
     http://www.unesco.org/opi/eng/unescopress/  (English)
     http://www.unesco.org/opi/fre/unescopresse/  (French)
[6] Senate Committee Approves Kids' Privacy Bill
The Senate Commerce Committee passed an amended version of the
"Children's Online Privacy Protection Act" (S. 2326) by unanimous voice
vote on October 1.  The bill, sponsored by Sen. Richard Bryan (D-NV),
would prohibit websites and online services oriented toward children
from collecting information from children under 13 years of age without
obtaining parental consent. Procedures for obtaining such consent are
nor specified; the Federal Trade Commission (FTC) would be granted
authority to promulgate regulations specifying methods of compliance.
At a recent committee hearing on children's privacy, FTC Chairman
Robert Pitofsky testified in favor of the bill.  In a report issued
earlier this year, the FTC recommended legislation to limit the
collection of personal data from children.  A witness from the Direct
Marketing Association also acknowledged that some governmental action
to protect children's privacy is necessary; indeed, the only consensus
that exists on Internet privacy issues is that sites targeting children
deserve special attention.
The bill must still be passed by the full Senate prior to the scheduled
adjournment on October 9.  It must also be approved by the House
Commerce Committee and the full House.
[7] New Bills in Congress
H.R. 4632.  Practice What You Preach Privacy Protection Promotion Act.
To require Federal regulation of online privacy protections to apply to
all Federal agencies. Indroduced by Franks (R-NJ) on September 25.
Referred to the Committee on Commerce, and in addition to the Committee
on Government Reform and Oversight.
S.2484.  Safe Schools, Safe Streets, and Secure Borders Act of 1998.
Eases access to pager information, gives location information on
cellular phones with a warrant. Introduced by Leahy (D-VT) on September
16. Referred to the Committee on the Judiciary.
S.2491.  Protection of Children From Sexual Predators Act of 1998.
Requires Internet Service Providers to pass information onto police
without warrants in cases of suspected child abuse. Introduced by Hatch
(R-UT) and Leahy (D-VT) on September 17. Referred to the Committee on
the Judiciary. Approved by Judiciary Committee on September 17.
[8] Upcoming Conferences and Events
The Public Voice in the Development of Internet Policy. Ottawa, Canada.
October 7. Sponsored by GILC. Contact:
One Planet, One Net: Governing the Internet Symposium.  Boston, MA,
October 10-11. Sponsored by CPSR. Contact:
Symposium on Infowar and Civil Liberties. October 26. National Press Club,
Washington, D.C. Sponsored by EPIC and FCG. Contact: info@epic.org.
Encryption Controls Workshop. Bedford, MA, October 29. Sponsored by U.S.
Department of Commerce. Contact: (202) 482-6031.
PDC 98 - the Participatory Design Conference, "Broadening Participation"
November 12-14. Seattle, WA.  Sponsored by Computer Professionals for
Social Responsibility in cooperation with ACM and CSCW 98. Contact:
Data Privacy in the Global Age.  November 13.  Milwaukee, WI. Contact:
Carole Doeppers <acluwicmd@aol.com>. Sponsored by: ACLU of Wisconsin Data
Privacy Project.
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15.
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact: http://www.rsa.com/conf99/
FC '99  Third Annual Conference on Financial Cryptography. February 22-25,
1999 Anguilla, B.W.I. Contact: http://fc99.ai.
Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington, DC.
Sponsored by ACM. Contact: info@cfp99.org.
          (Send calendar submissions to alert@epic.org)
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully tax-
deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.
Thank you for your support.
  ---------------------- END EPIC Alert 5.13 -----------------------

Return to:

Alert Home Page | EPIC Home Page