EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 6.12                                      July 28, 1999
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] FBI Monitoring Plan Threatens Civil Liberties
[2] EPIC Calls for Privacy Protections Now
[3] New Report on Assesses State of Kids Privacy
[4] House Committees Gut SAFE Crypto Bill
[5] Survey Finds Lukewarm Public Support for Free Speech
[6] Panel Considers DNA Testing for All Arrestees
[7] New in the EPIC Bookstore
[8] Upcoming Conferences and Events
[1] FBI Monitoring Plan Threatens Civil Liberties
The Electronic Privacy Information Center (EPIC) today reiterated its
concerns that governmental efforts to protect the "critical
infrastructure" pose serious threats to the privacy and civil liberties
of American citizens.  EPIC repeated its warning in the wake of new
indications that the Federal Bureau of Investigation (FBI) is about to
embark upon a comprehensive program of monitoring non-military
Government computer networks and communications networks used by
crucial industries like banking, telecommunications and transportation.
The National Plan for Information Systems Protection reveals that the
FBI and National Security Agency are planning to establish a massive
domestic and international Internet monitoring system.  One of the
plan's proposals calls for the creation of a Federal Intrusion
Detection Network (FIDNET) to monitor all network activity involving
civilian government departments and agencies.  FIDNET is to be linked
to a similar system in the Defense Department known as the Joint Task
Force-Computer Network Defense (JTF-CND) that monitors all Defense
Department networks.  FIDNET and JTF-CND are to be linked to private
sector Information Sharing and Assessment Centers (ISACs) networks.
ISACs will monitor network activity in the telecommunications, banking,
transportation, and other sectors.
The plan is an outgrowth of recommendations made in the October 1997
report of the President's Commission on Critical Infrastructure
Protection (PCCIP) and in Presidential Decision Directive 63 (PDD 63)
on Critical Infrastructure Protection issued in May 1998.
In its report "Critical Infrastructure Protection and the Endangerment
of Civil Liberties," released in October 1998, EPIC noted that the
PCCIP had proposed
     the development of a large-scale monitoring strategy
     for communications networks. Borrowing techniques that
     have been applied to hostile governments and foreign
     agents, the PCCIP brings the Cold War home with an
     open-ended proposal to conduct ongoing surveillance on
     the communications of American citizens.
EPIC noted in its report that "these proposals are more of a threat to
our system of ordered liberty than any single attack on our
infrastructure could ever be."  Earlier this year, EPIC filed a series
of Freedom of Information Act requests seeking the details of these
"Critical Infrastructure Protection and the Endangerment of Civil
Liberties" is available at:
Excerpts from the National Plan for Information Systems Protection are
available at:
[2] EPIC Calls for Privacy Protections Now
EPIC director Marc Rotenberg testified before the Senate Commerce
Subcommittee on Communications on July 27, arguing that there is a
current need for legislation to protect Internet users' privacy.  A
recent Federal Trade Commission report suggested that self-regulation
would suffice until lawmakers had a better idea of the status of
Internet privacy protection (see EPIC Alert 6.11).
Subcommittee chairman Conrad Burns (R-MT), along with Senator Ron Wyden
(D-OR), are the sponsors of S. 809, the Online Privacy Protection Act.
The legislation would assure that websites post privacy policies and
allow users to control the disclosure of their private information.
Rotenberg, describing S. 809 as "a good starting point for real privacy
protection on the Internet," was critical of the FTC report, which
concluded that privacy legislation may be premature.  Describing it as
"one of the oddest reports on privacy" ever produced by a government
agency, Rotenberg told the committee that the report "doesn't actually
discuss any of the specific threats to privacy and it doesn't evaluate
any of the recommendations put forward."  He concluded that "privacy
policy is not the same as privacy protection."
Also testifying were FTC Chairman Robert Pitofsky and FTC Commissioners
Sheila Anthony, Orson Swindle and Mozelle Thompson.  Anthony, who
dissented from the FTC's opinion that legislation was not immediately
necessary, indicated that only ten percent of the 7500 "well-traveled
sites" cited in the FTC report met all of the Commission's suggested
criteria, and that the number would not increase significantly without
Other witnesses were Center for Democracy and Technology staff counsel
Deirdre Mulligan, AOL's Congressional Liaison Jill Lesser, and
Christine Varney, senior partner at Hogan and Hartson.
The text of EPIC's testimony is available at:
The FTC report on Internet privacy is available at:
[3] New Report on Assesses State of Kids Privacy
Privacy, consumer and children's advocacy organizations have released a
new report that warns that many commercial web sites continue to
collect information on young children without parental permission.  The
Center for Media Education, the Consumer Federation of America and
Junkbusters urged the Federal Trade Commission to adopt clear and
effective safeguards for children's online privacy.
The Center for Media Education (CME) conducted two separate analyses
over two weeks: one a random sample of children's Web sites; the other
an examination of the 80 most popular sites for children.  The survey
showed that while 95 percent of sites in the random sample collect
personally-identifiable information from children, nearly
three-quarters of those that collect personal information (73 percent)
post no privacy policies.  Less than six percent attempt to get any
permission from parents at all; less than three percent use methods for
obtaining verifiable, prior parental consent that are consistent with
the Children's Online Privacy Protection Act (COPPA).
An analysis of the 80 most popular children's commercial Web sites
revealed that while 88 percent of them collect personal information
from kids, more than a quarter of the sites that collect information
post no privacy policies.  Less than 26 percent attempt to get any kind
of parental permission; not quite 13 percent use methods for obtaining
verifiable, prior parental consent.
"These findings underscore the urgent need for clear and effective
rules to protect children's privacy online," said Kathryn Montgomery,
Ph.D., President of the Center for Media Education.
More information on the report is available at:
     Center for Media Education
[4] House Committees Gut SAFE Crypto Bill
Two House Committees have completely overhauled the Security and
Freedom Through Encryption (SAFE) bill, which would relax export
controls on encryption.  The House Armed Services Committee and the
House Intelligence Committee approved revisions that gut the original
bill to the House Rules Committee on July 23.  The panels emphasized
their belief that encryption reform would have "devastating" effects on
law enforcement capabilities.  Five House committees have now completed
work on the SAFE bill.  The various committee versions of the bill will
now go to the Rules Committee, which will decide which language will be
presented to the full House.  Final consideration on SAFE is expected
in September.
In its report on the legislation, the Armed Services Committee cited
increased terrorism and drug smuggling as effects of relaxed export
restrictions.  Additionally, the Committee wrote that "much of the U.S.
military's battlefield advantage relies on information dominance and
the ability to decipher the communications of the enemy.  Capabilities
that make it more difficult for the United States to detect the plans
and activities of hostile military forces could significantly degrade
the technological advantage presently held by U.S. combat forces."
In a related development, further conflict has erupted over the liberal
export policies of some European countries.  The United States is
urging Germany to make changes to its crypto policies at the next round
of Wassenaar negotiations, scheduled for late 2000.  In late May, Janet
Reno wrote to German Federal Secretary of Justice Herta Daubler-Gmelin,
asking him to control the burgeoning distribution of encryption
software over the Internet.  Arguing that the current pace of online
distribution of coding products "will render Wassenaar's controls
immaterial," Reno is apparently seeking to influence all thirty-three
Wassenaar member states before the talks resume.  The text of Reno's
letter is available at:
The texts of the reports issued by the House Armed Services Committee
and the House Intelligence Committee are available at:
[5] Survey Finds Lukewarm Public Support for Free Speech
Earlier this month, the First Amendment Center released "State of the
First Amendment: 1999," the second in a series of reports on the
attitudes of American adults regarding First Amendment liberties.  The
timing of the poll was interesting, as the opening remarks note: "The
sampling was conducted after 13 months of the Monica Lewinsky scandal,
but before the shooting tragedy in Littleton, Colorado."  The results
of the survey were less than encouraging, especially on issues of press
freedom, Internet speech, and flag-burning.
Although most Americans believe that "news organizations should be
allowed to report or publish what they think is appropriate," public
support for source confidentiality and reporting of government secrets
has waned since the Center's 1997 survey.  Furthermore, 53 percent of
respondents said the press has too much freedom, up from 38 percent in
the earlier survey.  The report warns that the data "indicate that the
news media is in deep trouble with the American public."
The responses to Internet-related questions suggest a lingering unease
with the openness of the digital medium.  Although 64 percent of
respondents agreed that Internet speech should enjoy the same
protection as printed speech (a rise from 56 percent in 1997), that
support withered in the face of specific policy proposals.  Only 24
percent thought that sexually explicit material should be allowed on
the Internet.  Furthermore, 58 percent said that public libraries
should block access to certain Internet sites that might offend people.
 Finally, 58 percent also agreed that the government should have a role
in developing a rating system for online content.
The vast majority of Americans disagreed that people should be allowed
to burn or deface the American flag as a political statement.  Half of
those polled supported a constitutional amendment specifically
prohibiting such behavior.  The Supreme Court has twice ruled that flag
burning is constitutionally protected.
The report also addresses a number of other First Amendment issues,
including curfew laws, advertising restrictions, and school prayer.
The full report is available at:
[6] Panel Considers DNA Testing for All Arrestees
A committee of the National Commission on the Future of DNA Evidence
has concluded that conducting DNA tests on everyone arrested and
charged with a crime probably is permitted under the Constitution.  If
the finding is adopted by the full Commission, it will be forwarded to
Attorney General Janet Reno, who has said she will rely on the groups
recommendations to set Justice Department policy and provide suggested
guidelines to state law enforcement officials.
State agencies are already are dealing with a backlog of DNA samples
collected from 1.4 million individuals who have been convicted of
serious crimes.  Those samples will eventually be added to a federal
DNA database. Testing all people arrested -- more than 15 million
people a year according to FBI estimates -- would greatly increase that
existing backlog.
Privacy advocates have long maintained that testing arrestees would
violate constitutional protections against unreasonable searches and
would give law enforcement and other government agencies access to
personal genetic information.
[7] New in the EPIC Bookstore
The End of Money
And the Struggle for Financial Privacy
Richard W. Rahn
Jostens Graphics, North Carolina, 1999
What will be the future of financial institutions when "digital
dollars" become the norm?  Richard W. Rahn envisions a future where
money is issued privately and digitally rather than through
governments, and large amounts of money may be moved either with a
record or anonymously.
Advocating legal financial privacy and a change in tax, trade and
financial laws, Rahn calls for an abandonment of government regulation
on financial transactions. Rahn writes that this overhaul of our
financial infrastructure will "reduce transaction costs and monetary
instability, thus leading to greater economic efficiency and higher
standards of living."
Hardcover; U.S. $25.00
Critical Infrastructure Protection and the Endangerment of Civil
Liberties: an assessment of the President's Commission on Critical
Infrastructure Protection [PCCIP].
Report published by EPIC, October 1998.
An article in today's New York Times revisits a good deal of the
analysis provided in this comprehensive report on the PCCIP effort.
This proposal to extend the reach of law enforcement, to limit the
means of government accountability, and to transfer more authority
to the world of classification and secrecy would sacrifice network
security to ensure greater surveillance capability.
These and many more timely titles are available from the EPIC
Bookstore at:
[8] Upcoming Conferences and Events
ABA Annual Conference, Section of International Law and Practice.
"Privacy Issues in Electronic Commerce." August 9, 1999. Atlanta,
Georgia. Contact http://www.abanet.org/annual/99/home.html
The 21st International Conference on Privacy and Personal Data
Protection.  Hong Kong, September 13-14, 1999.  A distinguished group
of over 50 speakers/panelists from overseas and Hong Kong will explore
the theme of  "Privacy of Personal Data, Information Technology &
Global Business in the Next Millennium."" Sponsored by the Office of
the Privacy Commissioner for Personal Data in Hong Kong.  Contact:
"A Privacy Agenda for the 21st Century." September 15, 1999. Hong Kong
Convention and Exhibition Centre, Hong Kong PRC. Contact:
"Certified Wide Area Road Use Monitoring." September 21-23, 1999.
Albuquerque, New Mexico.  Sponsored by the New Mexico State Highway
and Transportation Department Research Bureau in cooperation with the
University of New Mexico Alliance for Transportation Research
Institute An intensive 2 1/2 day educational and developmental
symposium on a single rapidly evolving concept in Intelligent
Transportation Systems (ITS).  For more information:
Information Security Solutions Europe 1999. October 4-6, 1999. Maritim
proArte Hotel, Berlin, Germany. contact http://www.eema.org/isse/
RSA 2000. The ninth annual RSA Data Security Conference and Expo. San
Jose McEnery Convention Center. San Jose, CA.  January 16-20, 2000,
Contact: http://www.rsa.com/rsa2000/
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. A Web-based form is available for subscribing or
unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information.  EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 6.12 -----------------------

Return to:

Alert Home Page | EPIC Home Page