EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 5.20	                                December 17, 1998
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] EPIC Urges FCC to Reject FBI Surveillance Proposal
[2] Free Speech Groups Say "No" to Library Filters
[3] Appeals Court Upholds Drivers Privacy Protection Act
[4] FDIC Proposes New "Spy on Your Customer" Regulations
[5] CDC Issues Guidelines on HIV Tracking
[6] Australia Announces Privacy Law for Businesses
[7] EPIC Bookstore
[8] Upcoming Conferences and Events
[1] EPIC Urges FCC to Reject FBI Surveillance Proposal
EPIC, joined by the Electronic Frontier Foundation and the American
Civil Liberties Union, filed formal comments with the Federal
Communications Commission on December 14 urging the rejection
FBI-proposed technical requirements for wiretapping. The FBI proposals
 would -- among other things -- enable law enforcement to determine the
location of individuals using cellular telephones. Also at issue is the
surveillance of "packet-mode" communications such as those that form
the core of the Internet. The comments were filed as part of the FCC's
proceeding on implementation of the controversial Communications
Assistance for Law Enforcement Act (CALEA).
In a "Further Notice of Proposed Rulemaking" released on November 5,
the Commission expressed its initial opinion that an interim
FBI/industry technical standard (J-STD-025) on cellular phone
"tracking" complies with CALEA.  The FCC withheld judgment on the
packet-mode issue, but sided with the FBI on the so-called "punchlist"
issues of conference call wiretaps, the capture of signaling
information and "post-cut-through digits," and other surveillance
The EPIC/EFF/ACLU comments note that "as advancing technology increases
the ability of government agents to intercept private communications,
the potential threat to individual liberties grows." The groups also
urged the FCC to recognize that advanced telecommunications services
dramatically multiply the number of private encounters that take place
electronically and thus create the potential for pervasive government
surveillance of private activities that were never previously subject
to government monitoring.  The law firm of Covington & Burling is
providing pro bono assistance in this case.
Excerpts from the comments:
     Groups dedicated to the protection of privacy expressed
     grave reservations in 1994 about the potential for CALEA
     to be used improperly by law enforcement to expand the
     scope of electronic surveillance; with the filing of the
     DoJ/FBI Petition, these concerns were realized. Now, with
     the release of the Commission's Further Notice of Proposed
     Rulemaking, the privacy of our Nation's communications is
     seriously at risk. . . . In explaining its tentative
     conclusions, the Commission offers virtually no discussion
     of privacy interests. The Commission fails to explain how
     its tentative conclusions are consistent with the privacy
     protections embodied in CALEA, the Fourth Amendment and
     Title III of the 1968 Wiretap Act.
     Privacy interests had no voice in drafting or adoption of
     the interim standard. Having been excluded from these
     earlier proceedings, it is imperative that privacy interests,
     as directed by Congress, be given full consideration by the
     Commission. Accordingly, the Commission must confront the
     privacy issues raised by the interim standard and the
     "punchlist" items. . . . [T]he Commission should find that
     the industry's interim standard and the DoJ/FBI Petition, if
     granted, would frustrate the privacy interests of federal
     statutes and of the Fourth Amendment. The DoJ/FBI Petition
     seeks surveillance capabilities that far exceed the
     capabilities law enforcement has had in the past and is
     entitled to under the law.
Additional information on CALEA, including the full text of EPIC's
comments, is available at:
[2] Free Speech Groups Say "No" to Library Filters
Members of the Internet Free Expression Alliance (IFEA) submitted a
joint statement to the National Commission on Library and Information
Science (NCLIS) on December 14, urging the Library Commission to oppose
the use of Internet filters in public libraries when it issues its
forthcoming report on "Kids and the Internet."  EPIC joined with nine
other organizations in recommending a "user education" approach to the
issue of objectionable online content, rather than relying on clumsy
and often ineffective filtering systems.
The joint statement cites the recent federal court decision in the
Loudoun County case, which found that placing filters on all library
computers violated the First Amendment rights of adult patrons (see
EPIC Alert 5.18).  The judge in that case (a former librarian) held
that a government body like a library "cannot avoid its constitutional
obligation by contracting out its decisionmaking to a private entity"
such as a software vendor."  The decision was issued two weeks after
NCLIS held a public hearing to discuss the use of Internet filtering
systems in libraries.  The Library Commission has said the purpose of
its November hearing was "to hear firsthand from experts on the
problems and complex issues arising from what NCLIS Vice Chair Martha
Gould described as the 'dark side of the Internet.'"
The NCLIS report on "Kids and the Internet: The Promise and the Perils"
is expected to be released as early as the first week of January.
The full text of the IFEA members' statement is available at:
More information on IFEA is available from:
[3] Appeals Court Upholds Drivers Privacy Protection Act
The Tenth Circuit Court of Appeals ruled on December 3 that the Drivers
Privacy Protection Act of 1994, a law that requires states to limit the
disclosure of motor vehicle records, does not violate the Tenth
The state of Oklahoma had challenged the DPPA as an unconstitutional
infringement on state sovereignty. The state relied on two prior
decisions of the Supreme Court that invalidated federal legislation
which "commandeers" state legislative and administrative processes. The
state also cited a Fourth Circuit decision that held that the DPPA was
unconstitutional because it regulated only the activity of the states
and was not a law of "general application" that also covered private
In an opinion by Judge Bobby R. Baldock, the Tenth Circuit found that,
"the arguments against the DPPA are much less compelling than the
arguments against the statutes at issue" in the two earlier cases. The
court said:
     [T]he DPPA does not commandeer the state legislative process by
     requiring states to enact legislation regulating the
     disclosure of personal information from motor vehicle records.
     Rather, the DPPA directly regulates the disclosure of such
     information and preempts contrary state law. If states do not
     wish to comply with those regulations, they may stop
     disseminating information in their motor vehicle records to
     the public.
 The court further said:
     In enacting the DPPA, Congress obviously curtailed states'
     prerogative to make choices respecting the release of motor
     vehicle information. No one claims that Congress exceeded the
     scope of its power under the Commerce Clause in so doing. Nor
     has the Supreme Court ever suggested that Congress
     impermissibly invades areas reserved to the states under the
     Tenth Amendment because it exercises its preemptive authority
     under the Commerce Clause in a manner that displaces state law
     and policy to some extent. The DPPA simply requires states to
     make a choice, i.e. stop releasing personal information from
     state motor vehicle records to the public, or release such
     information consistent with the dictates of the DPPA.
The split between the Tenth Circuit and the Fourth Circuit now raises
the prospect that the Supreme Court will be asked to decide the
constitutionality of the Drivers Privacy Protection Act.
Oklahoma v. United States, No 97-6389 (CA10, Dec. 3, 1998)
Condon v. Reno, 155 F.3d 453 (CA4 1998)
[4] FDIC Proposes New "Spy on Your Customer" Regulations 
The Federal Deposit Insurance Corporation (FDIC), Federal Reserve
Board, Office of the Comptroller of the Currency, and Office of Thrift
Supervision, issued a proposed rule on December 7 to require banks to
expand monitoring of their customers activities and require banks to
report "suspicious" activities.
The new "Know Your Customer" rules are intended to require banks to
verify the identity of their customers, determine the source of their
funds, determine "normal and expected transactions," and report
suspicious activities.  Banks will require identification from
prospective customers which will include a document containing a
photograph and signature.
The new rules have already generated significant protests. Nearly 3,000
comments from individuals opposing the new rules on privacy grounds
were submitted after the proposed regulation was published.  Many
bankers are also concerned with the proposal: "We think the regulation
is by its very nature, at odds with attempts to protect customer
privacy," said Paul Stock of the North Carolina Bankers Association.
The proposal raises numerous issues: lack of accountability, lack of
recourse for customers -- no provision for customer review and
correction of data; no restrictions on secondary use of the data.
Furthermore, the cost of establishing this program and monitoring
accounts are also likely to be passed on to the customer in new fees.
The FDIC acknowledges that information gathered, if misused, could
"result in an invasion of a customer's privacy."  While suggesting that
the banks should "integrate comprehensive privacy practices" into these
programs, they do not set out any privacy procedures or limitations on
its use.
Comments on the proposed rule are due on March 8, 1998. The FDIC
proposal is available at:
[5] CDC Issues Guidelines on HIV Tracking
The Center for Disease Control and Prevention (CDC) issued new
guidelines on December 10, 1998 recommending that health-care providers
report the names of individuals testing positive for the HIV virus.
The proposed rule recommends that all states begin tracking HIV cases
and submit that information to the CDC. The proposed rule does not
require using the names of individuals with HIV but does strongly
recommend their use over a coded-name system. Many AIDS groups who
support coded systems believe that the CDC will use the federal grants
to encourage name-based systems and that such systems discourage people
from getting tested because of fears over discrimination. The proposed
federal guidelines would still permit anonymous HIV testing at clinics
that do not provide treatment and the CDC "strongly recommends" that
states that do not allow anonymous testing change their policies.
The CDC is also recommending additional security and confidentiality
practices. The CDC requires that information sent to the CDC is
encrypted during transfer, kept in physically secure locations, that
the information is limited and only used for HIV surveillance, that
identifying information is not used for other purposes, that states
audit usage and investigate breaches of confidentiality and punish
violations. CDC is also working with other groups to develop a model
state law on confidentiality.
Comments on the proposed guidelines must be submitted by January 11,
1999. Comments can be submitted electronically to hivmail@cdc.gov
More information on the guidelines can be found at:
[6] Australia Announces Privacy Law for Businesses
The Australian government announced on December 16 that it is planning
to introduce new legislation to protect the privacy of individuals'
information held by companies. The Attorney-General, Daryl Williams,
and the Minister for Communications, Information Technology and the
Arts, Senator Richard Alston, announced that the law will be based on
creating enforceable industry codes.
The new legislation will be based on eight privacy principles developed
by the Privacy Commissioner and roughly modeled after the 1980 OECD
Privacy Guidelines. The principles are Collection, Use and Disclosure,
Data Quality, Data Security, Openness, Access and Correction,
Identifiers, Anonymity, Transborder Data Flows, and Sensitive
Information. Industry will then create codes that will be legally
enforceable. Exceptions for employee records and journalists will be
The announcement marks another turnabout for the Australian government
on privacy policy. In 1996, following the party's campaign promise, the
Attorney General recommended adopting privacy laws for the private
sector but was overruled by the Prime Minister after heavy lobbying by
the banking industry. Since then, consumer and privacy advocates have
been effective in keeping the issue alive and have been successful in
advancing state-level laws on privacy. Groups such as the Australian
Chamber of Commerce and Industry and the Smart Card Forum expressed
support for national legislation because of concerns about the European
Union's privacy directive limiting flows of data and the recent
announcement by the State of Victoria that if the federal government
did not adopt a law covering the private sector, it would enact one
Australia joins a growing number of non-EU countries that have moved
recently to develop comprehensive privacy legislation.
The Privacy Principles are available at:
More information on Australian privacy is available at:
[7] EPIC Bookstore
Browse the cyber shelves of good books on privacy, free speech, and
civil liberties at the Internet's only bookstore devoted to online
freedom. Shipping, discounts, and gift wrapping provided. And there's
still time to purchase a gift for that special someone (or yourself!)
in time for Christmas. Here are some last minute gift ideas from EPIC:
** Books **
Private Matters: In Defense of the Personal Life by Janna Malamud Smith
(Perseus Press, 1997)
"... both a personal rumination and a gorgeously written anecdotal
cultural history of the emergence and the fragile sanctity of the
modern creative self, and of the development of the right to close the
door, pull the shade and shut out the gaze of the community." (The New
York Times Book Review, Richard A. Shweder)
Speech Stories: How Free Can Speech Be? by Randall P. Bezanson (New
York University Press, 232 pages 1998)
This book brings to life seven of the most significant free speech
cases of the past twenty-five years. In each case, the Supreme Court
was asked to consider the appropriate scope of the First Amendment. But
the story behind the story is the story here. And before the footnotes
and headnotes appeared in legal opinions, there were slogans on
jackets, flags on fire, and names missing from pamphlets.
** Videos **
Brazil (DVD VHS)
A wildly imaginative Orwellian comedy about a future society in which a
central bureaucracy regulates everything via endless airducts, tubes
and plumbing. A typographical error plunges an average man into a
Kafkaesque nightmare of bureaucracy and brainwashing. DeNiro plays a
heroic non-union plumber unplugging the stopped-up pipes. Academy Award
Nominations: Best (Original) Screenplay, Best Art Direction-Set
Decoration. (Amazon review)
(United Artists, 1985) R
Gattaca (DVD)
In the 21st century, genetic engineering makes possible the creation of
biologically superior human specimens ("valids"), who then grow to
positions of power and prestige. Would-be astronaut Vincent, born the
old-fashioned way, can only hope for a janitorial position at the elite
Gattaca Corporation--until he buys the blood, urine, and identity of a
perfect but paralyzed athlete. But a murder in the company's ranks
attracts the attention of a detective who threatens to sniff Vincent
out. A slick futuristic thriller. Academy Award Nominations--Best Art
Direction. Stars Ethan Hawke, Uma Thurman.
(Columbia/Tristar Studios, 1997) PG
These and other titles are available for purchase online at the EPIC
[8] Upcoming Conferences and Events
1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact: http://www.rsa.com/conf99/
FC '99  Third Annual Conference on Financial Cryptography. February
22-25, 1999. Anguilla, B.W.I. Contact: http://fc99.ai/
Electronic Commerce and Privacy Legislation -- Building Trust and
Confidence. February 23, 1999.  Ottawa, Canada. Sponsored by Riley
Information Services. http://www.rileyis.com/seminars/Feb99/
Communitarian Summit. February 27-28, 1999. Arlington, Virginia.
Contact: http://www.gwu.edu/~ccps
1999 ASAP Western Regional Training Conference. February 28 - March 3,
1999. Portland, Oregon. Contact: http://www.podi.com/asap/
"CYBERSPACE 1999: Crime, Criminal Justice and the Internet". 29 & 30
March 1999. York, UK. Sponsored by the British and Irish Legal
Education Technology Association (BILETA). http://www.bileta.ac.uk/
Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Call for proposals available. Contact:
1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact: info@epic.org
Cryptography & International Protection of Human Rights  (CIPHR'99).
9-13 August 1999. Lake Balaton, Hungary. Contact:
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information.  EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 5.20 -----------------------

Return to:

Alert Home Page | EPIC Home Page