============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 6.01 January 20, 1999 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] Internet Censorship Goes on Trial (Again) [2] Crypto Update: US Issues New Export Rules, French Drop Restrictions [3] Supreme Court Rules on Anonymity [4] EU Releases Report on Privacy Adequacy [5] GAO Finds IRS Security Lacking [6] EPIC Bookstore [7] EPIC Bill-Track: New Bills in Congress [8] Upcoming Conferences and Events ======================================================================= [1] Internet Censorship Goes on Trial (Again) ======================================================================= In the second challenge to a federal Internet censorship law, a three-day hearing began today in United States District Court in Philadelphia. At issue is the constitutionality of the Child Online Protection Act (COPA), the statutory successor to the Communications Decency Act (CDA), which the Supreme Court struck down in June 1997. The lawsuit was filed by the American Civil Liberties Union, the Electronic Privacy Information Center and the Electronic Frontier Foundation as co-counsel on behalf of 17 individuals and organizations. During the hearing, the plaintiffs will present the testimony of seven witnesses, including Vanderbilt University Prof. Donna Hoffman; Dan Farmer, network security director for Earthlink online service; CNET Vice President Christopher Barr (representing the Internet Content Coalition); and Los Angeles Times columnist Larry Magid. On November 19, a U.S. District Judge Lowell A. Reed issued a temporary restraining order (TRO) against enforcement of COPA, which imposes criminal penalties against any "commercial" website that makes material that is "harmful to minors" available to anyone under 17 years of age. The TRO remains in effect until February 1, by which time the court will decide whether to issue a preliminary injunction against the law. The COPA lawsuit -- ACLU v. Reno II -- is the latest legal challenge to Internet censorship laws. In June 1996, the same federal court in Philadelphia struck down the CDA, a decision unanimously upheld by the U.S. Supreme Court. In enacting COPA, Congressional supporters claimed that the new law corrected the constitutional defects of the CDA. Several federal courts have also found state laws seeking to regulate online content unconstitutional. Complete information on the legal challenge, including daily updates from the courthouse in Philadelphia, will be available at: http://www.epic.org/free_speech/copa/ ======================================================================= [2] Crypto Update: US Issues New Export Rules, French Drop Restrictions ======================================================================= * US Revises Export Controls * The US Department of Commerce issued new interim regulations on on encryption export controls on December 31, 1998. The new regulations, which were announced in September, are targeted towards large corporations. Restrictions on the exports of strong encryption used for private, non-commerical reasons is still strictly limited. The new rules: Allow export of software-based 56-bits encryption programs including DES. On January 19, a cracking contest sponsored by RSA broke DES in 21 hours. Allow exports of products of any key length to insurance companies, medical end-users, and online merchants (only for buying and selling goods) under the current exception available for banks. Allows export to US subsidiaries for "internal company proprietary use" and provides for favorable rules for exporting to partners of American companies. Removes some of the licensing requirements on export of key escrow/key recovery systems. Comments on the rules are due March 1, 1998. An copy of the rules is available at: http://www.epic.org/crypto/export_controls/bxa-regs-1298.html * France Announces Major Crypto Liberalization * French Prime Minister Lionel Jospin announced on January 19 that the French government is relaxing its current restrictive policy on encryption. Under the new policy, a key escrow system of "Trusted Third Parties" will no longer be required for domestic use. The 1996 law requiring TTPs will not be implemented. Users will be able to use up to 128-bit encryption without restrictions until a new law which eliminates all restrictions is enacted. However, technical capabilities for investigations will be expanded. The announcement is available in French at: http://www.premier-ministre.gouv.fr/PM/D190199.HTM ======================================================================= [3] Supreme Court Rules on Anonymity ======================================================================= On January 12, 1999 the Supreme Court held that Colorado's ballot access regulations unjustifiably inhibited the circulation of ballot-initiative petitions. Of particular interest to those following privacy issues, the Supreme Court upheld the ruling of the Tenth Circuit that the requirement of petition circulators to display their names on a badge violated the First Amendment. A lower court had found that compelling circulators to wear identification badges inhibited participation in the petition process. The Supreme Court agreed. Writing for the majority, Justice Ginsburg said "The injury to speech is heightened for the petition circulator because the badge requirement compels personal identification at the precise moment when the circulators interest in anonymity is greatest." The Supreme Court said that the availability of a signed affidavit satisfied the state's interest in enabling the public to identify and the state to apprehend petition circulators who engage in misconduct. The Court's opinion in Buckley v. American Constitutional Law Foundation follows the 1995 decision in McIntyre v. Ohio Election Commission in which the Supreme Court held that the state of Ohio could not ban the distribution of anonymous campaign literature. Justice Ginsburg delivered the opinion of the Court. Justice Thomas concurred in the judgement. Justice O'Connor, joined by Justice Breyer, concurred in part and dissented in part. Justice Rehnquist dissented. BUCKLEY v. AMERICAN CONSTITUTIONAL LAW FOUNDATION, INC. (97-930) Web-accessible at: http://supct.law.cornell.edu/supct/html/97-930.ZS.html ======================================================================= [4] EU Releases Report on Privacy Adequacy ======================================================================= The European Union has released a new report on transborder data flows of personal information and the adequacy of protections in non-EU countries. The report "Application of a methodology designed to assess the adequacy of the level of protection of individuals with regard to processing personal data: test of the method of several categories of transfer" was written by four international experts in privacy law: Charles Raab, Colin Bennett, Robert Gellman, and Nigel Waters. It reviews the flow of information relating to human resources, airline reservation systems, medical and epidemiological data, electronic commerce and sub-contracted data processing in six countries - Australia, Canada, Hong Kong, Japan, New Zealand and the United States. The report found that the US companies in most of those industries do not meet fair information practices. There is almost no applicable laws in the US that govern privacy protections in those areas. What few protections are generally available are based on internal practices of companies or industry guidelines based on self-regulation which may not be fully applied. Enforcement is also a major problem, because the US lacks any official body which can provide oversight. The report highlights the problems US residents continue to have in protecting their privacy. While the US Department of Commerce continues to lobby the EU not to enforce its Privacy Directive requirements, privacy protection in the US languishes. The EU is likely to take this is consideration in its talks with the US. The full report in PDF format (218 pages) is available at: http://europa.eu.int/comm/dg15/en/media/dataprot/studies/adequat.htm ======================================================================= [5] GAO Finds IRS Security Lacking ======================================================================= The General Accounting Office (GAO) issued a report on January 14 finding that the IRS has made progress but has not yet fully implemented effective security controls on its systems that contain sensitive taxpayer information. The GAO report on IRS Systems Security was sent on December 14 1998 to Senator Fred Thompson, chairman of the Senate Government Affairs Committee. The watchdog congressional agency concluded that security weaknesses at the "expose taxpayers to an increased risk of loss and damages due to identity theft and other financial crimes resulting from the unauthorized disclosure and use of information they provide to IRS." The GAO audit of the IRS was prompted by revelations that the tax collection agency failed to protect sensitive personal tax information from the prying eyes of private investigators, unscrupulous IRS employees, and plain curiosity seekers. The GAO cited cases in which unauthorized IRS employees could change, alter, or delete taxpayer data. Also, tapes and diskettes containing sensitive taxpayer information were not overwritten prior to reuse or disposal and several hundred are missing. This weakness could allow unauthorized access to information remaining on the magnetic media. The GAO also hit IRS for failing to encrypt links transmitting sensitive taxpayer information. This has been a common problem for tax payers wishing to electronically file tax data with the IRS but have been stymied by government attempts to mandate the use of unpopular key escrow/recovery programs within civilian agencies like the IRS. The full report "IRS System Security: Although Significant Improvements Made, Tax Processing Operations and Data Still at Serious Risk" is available at: http://www.epic.org/privacy/govt/irs/gao-irs-security-1298.pdf ======================================================================= [6] EPIC Bookstore ======================================================================= In light of the COPA hearing in Philadelphia this week, in this Alert, the EPIC Bookstore focuses on free speech. Browse our cyber shelves for the titles below, and many other great books on free speech, privacy, and civil liberties at the Internet's only bookstore devoted to online freedom. Shipping, discounts, and gift-wrapping provided. ** Books ** The Irony of Free Speech by Owen M. Fiss While lawmakers, both liberal and conservative, argue that the state's attempts to limit everything from hate speech to indecency on the Internet and contributions to political campaigns confines individual freedom, Owen M. Fiss, a Sterling Professor at Yale Law School believes that censorship, to some degree, enhances freedom by broadening "the terms of public discussion." Victims of hate speech and pornography, he contends, are often silenced out of fear or low self-worth, inhibiting their full participation not only in deliberation but also in life. Silencing the voices of some in order to hear the voices of others, he maintains, is often the only way to reinforce public debate. Fighting Words: Individuals, Communities, and Liberties of Speech by Kent Greenawalt Should "hate speech" be made a criminal offense, or does the First Amendment oblige Americans to permit the use of epithets directed against a person's race, religion, ethnic origin, gender, or sexual preference? Does a campus speech code enhance or degrade democratic values? When the American flag is burned in protest, what rights of free speech are involved? In a lucid and balanced analysis of contemporary court cases dealing with these problems, as well as those of obscenity and workplace harassment, acclaimed First Amendment scholar Kent Greenawalt now addresses a broad general audience of readers interested in the most current free speech issues. These and other titles are available for purchase online at the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [7] EPIC Bill-Track: New Bills in Congress ======================================================================= H.R.10. Financial Services Act of 1999. Major bank, securities etc. merger bill. Requires FTC to issue interim reports on consumer privacy. Sponsor: Leach (R-IO). Referred to the Committee on Banking and Financial Services, and in addition to the Committee on Commerce. H.R.30. Financial Information Privacy Act of 1999. To protect consumers and financial institutions by preventing personal financial information from being obtained from financial institutions under false pretenses. Sponsor: Leach (R-IO). Referred to the Committee on Banking and Financial Services. H.R.97. Personal Privacy Protection Act. Stalkerazzi bill. Prohibits physical intrusion into privacy for commercial purposes (aka press). Exempts law enforcement. Sponsor: Rep Conyers, John, Jr. (D-MI) (introduced 01/06/99). Referred to the Committee on the Judiciary. H.R.180. Integrity in Voter Registration Act of 1999. A bill to amend the National Voter Registration Act of 1993 to require each individual registering to vote in elections for Federal office to provide the individual's Social Security number. Sponsor: Rep McCollum, Bill . (R-FL). Referred to the Committee on House Administration H.R.191. Creates tamperproof Social Security Card (aka National ID Card) used for employment verification. Sponsor: Rep McCollum, Bill . (R-FL). Referred to the Committee on the Judiciary, and in addition to the Committee on Ways and Means. H.R.279. Federal Employment Applicant Drug Testing Act. Requires drug testing of all applicants for federal jobs. Sponsor: Rep Sweeney, John E. Referred to the Committee on Government Reform. H.R.306. Genetic Information Nondiscrimination in Health Insurance Act of 1999. A bill to prohibit discrimination against individuals and their family members on the basis of genetic information or a request for genetic services. Referred to the Committee on Commerce, and in addition to the Committees on Ways and Means, and Education and the Workforce. H.R.307. A bill to amend section 552a of title 5, United States Code, to provide for the maintenance of certain health information in cases where a health care facility has closed or a health benefit plan sponsor has ceases to do business. Sponsor: Rep Towns, Edolphus. Referred to the Committee on Government Reform. H.R.313. Consumer Internet Privacy Protection Act of 1999. A bill to regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services. Sponsor: Rep Vento, Bruce F. (D-MN). Referred to the Committee on Commerce. H.R.318. Drug-Free Ports Act. A bill to provide for access by State and local authorities to information of the Department of Justice for the purpose of conducting criminal background checks on port employees and prospective employees. Sponsor: Rep Shaw, E. Clay, Jr. Referred to the Committee on the Judiciary. More information is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Encryption Controls Workshop. February 8, 1998. San Jose, CA. Sponsored by the US Dept of Commerce. Contact: (202) 482-6031 FC '99 Third Annual Conference on Financial Cryptography. February 22-25, 1999. Anguilla, B.W.I. Contact: http://fc99.ai/ Electronic Commerce and Privacy Legislation -- Building Trust and Confidence. February 23, 1999. Ottawa, Canada. Sponsored by Riley Information Services. http://www.rileyis.com/seminars/Feb99/ Communitarian Summit. February 27-28, 1999. Arlington, Virginia. Contact: http://www.gwu.edu/~ccps 1999 ASAP Western Regional Training Conference. February 28 - March 3, 1999. Portland, Oregon. Contact: http://www.podi.com/asap/ "CYBERSPACE 1999: Crime, Criminal Justice and the Internet". 29 & 30 March 1999. York, UK. Sponsored by the British and Irish Legal Education Technology Association (BILETA). http://www.bileta.ac.uk/ Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington, DC. Sponsored by ACM. Call for proposals available. Contact: http://www.cfp99.org/ Encryption Controls Workshop. May 13, 1998. Raleigh, NC. Sponsored by the US Dept of Commerce. Contact: (202) 482-6031 1999 EPIC Cryptography and Privacy Conference. June 14, 1999. Washington, DC. Sponsored by EPIC. Contact: info@epic.org Cryptography & International Protection of Human Rights (CIPHR'99). 9-13 August 1999. Lake Balaton, Hungary. Contact: http://www.cryptorights.org/ ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax- deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 6.01 -----------------------
Return to:
Alert Home Page | EPIC Home Page