===========================================================@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 6.17 October 25, 1999 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents ======================================================================= [1] EPIC Joins Amicus on FCC Petition for Rehearing [2] FTC Issues Rules on Child Online Privacy Protection [3] EPIC Submits Comments for Online Profiling Workshop [4] State of First Amendment -- First Amendment Center Survey [5] Model State Public Health Privacy Act Now Available [6] Privacy International's Big Brother Awards [7] EPIC Bookstore - Compilation of State and Federal Privacy Laws [8] Upcoming Conferences and Events ======================================================================= [1] EPIC Joins Amicus on FCC Petition for Rehearing ======================================================================= Today, EPIC joined an amicus, "friend of the court", brief -- along with more than a dozen consumer and privacy organizations and twenty legal scholars -- defending the privacy of telephone records against telephone companies who want to distribute information about customers' calling habits to marketing companies. The amicus brief was filed in support of a petition from the Federal Communications Commission (FCC). The "friend of the court" brief asks the Tenth Circuit Court of Appeals, based in Denver, Colorado, to uphold a privacy provision that was enacted by Congress in 1996 and implemented by the FCC. In US West v. FCC, the federal appeals court said that the "opt-in" privacy safeguard recommended by the FCC violated the First Amendment rights of the telephone company to market products and services. In the brief, the organizations and scholars said that the case is of great importance to telephone consumers across the United States. The information that would be disclosed "consists of customer calling records that would not exist but for the private activities of telephone customers. These records, which are not publicly available, include such sensitive and personal information as who an individual calls, when, for how long, and how often." They described the alternative opt-out approach as burdensome and said it "would have required telephone customers to contact their carrier to prevent the disclosure of their personal calling records." They concluded that an "opt-in approach is consistent with the First Amendment and is the most reasonable fit with the Congress's intent to protect the privacy of telephone subscribers' personal information." A wide range of privacy and consumer organizations joined the brief, including EPIC, the ACLU, the Consumer Federation of America, and the US Public Interest Research Group. The brief was also endorsed by many leading legal scholars. The Washington law firm of Covington & Burling filed the brief on behalf of the coalition. Information about US West v. FCC: http://www.epic.org/privacy/litigation/uswest/ Brief of Amicus Curiae in Support of Respondent's Petition for Rehearing: http://www.epic.org/privacy/litigation/USWest/amicus_brief_SRPR.html ======================================================================= [2] FTC Issues Rules on Child Online Privacy Protection ======================================================================= Last Wednesday, the Federal Trade Commission released new standards to protect childrens' online privacy. The rules, scheduled to take effect in April, require Web sites to gain parental consent for their child's disclosure of personal information and specify procedures for the posting of privacy policies. The standards were written in compliance with the Children's Online Privacy Protection Act (COPPA), passed by Congress last year. The FTC voted 4-0 in favor of the new regulations, which apply to children under the age of thirteen. The FTC's rules will set the methods used by Web site operators obtain parental permission based on a "sliding scale" -- varying according to the type of information collected and how it is used. Before children can participate in chat rooms or provide information that will be disclosed to third parties, Web sites will have to gain permission through more secure means, such as postal mail, fax, credit card or digital signatures. If the Web site will use the information only internally, the company can receive consent via e-mail, provided that the company takes further steps to confirm the parent's identity, such as a follow-up telephone call or e-mail. The FTC plans to allow the sliding scale standard to expire after two years in exchange for more reliable electronic forms of consent. The new rules will also require Web sites to post a conspicuous link to a notice of their information collection practices on their home page, as well as every other page where information is collected. The notice must reveal the name and contact information of the Web site operators, the type of information that is collected, how it is used, and whether it is provided to third parties. In addition, the notice must declare that children will not be excluded from particular activities if they do not provide certain information. The notice must also explain that parents have a right to review and delete their child's information as well as prohibit additional collection of information about their child. Congress passed COPPA after an FTC survey released in March 1998 revealed that 89% of Web sites collected personal information about children, yet only 24% posted privacy policies and merely 1% requested that children receive parental consent before disclosing their information. The FTC's press release about its children online privacy regulations is available at: http://www.ftc.gov/opa/1999/9910/childfinal.htm The FTC's rules (PDF) governing children online privacy are available at: http://www.ftc.gov/os/1999/9910/childrensprivacy.pdf ======================================================================= [3] EPIC Submits Comments for Online Profiling Workshop ======================================================================= EPIC has submitted comments and a formal request for participation to the Federal Trade Commission (FTC) and the U.S. Department of Commerce National Telecommunications and Information Administration (NTIA) for an upcoming public workshop on "online profiling". On November 8, the FTC and NTIA will hold a public workshop on online profiling -- "the practice of aggregating information about consumers' preferences and interests, gathered primarily by tracking their movements online, and using the resulting consumer profiles to create targeted advertising on Web sites." The workshop will consist of three panels encompassing: (1) the development of technology that facilitates online profiling, (2) the implications of online profiling for consumer privacy, and (3) the consequences of industry self-regulation on protection of data obtained through online profiling. The workshop is open to the public although the NTIA does encourage voluntary registration. Over the past couple of weeks, the FTC and NTIA have also been accepting and posting public comment on these issues. EPIC has requested participation in the third panel -- industry self-regulation and its impact on privacy concerns about online profiling. In the comments, EPIC argues that online profiling gives companies an unprecedented ability to record and track consumer behavior at a detailed and personal level. Furthermore, online profiling is an industry practice that occurs without the knowledge or consent of most consumers. Considering the invasive quality of the information collected, the secrecy under which the practice operates, and the lack of adequate legal protection of personal data in the hands of private businesses -- self-regulation will ultimately give companies valuable personal information with no ability on the part of individuals to control the ultimate use of that data. For more information about the online profiling workshop and to view comments, including those submitted by EPIC: http://www.ntia.doc.gov/ntiahome/privacy/index.html or http://www.ftc.gov/bcp/profiling/index.htm EPIC's comments (PDF) are also available at: http://www.epic.org/privacy/internet/Online_Profiling_Workshop.PDF ======================================================================= [4] State of First Amendment -- First Amendment Center Survey ======================================================================= A survey released by the First Amendment Center reveals that support for Internet free speech has increased over the past two years, although a majority of Americans favor restrictions on online content. The findings are part of an annual survey sponsored by the First Amendment Center at Vanderbilt University that measures public attitudes toward freedom of speech, press and religion, and the rights of assembly and petition. Sixty-four percent of survey respondents said that the Internet should enjoy the same protection as printed speech, a rise in 8 percentage points from the 56% who answered similarly in the 1997 survey. Overall, public attitude still remains uncomfortable about free speech online. Only 24% of respondents agreed that sexually explicit material should be permitted on the Internet. Fifty-eight percent of respondents responded that libraries should restrict access to certain Internet sites that might offend some people. Fifty-eight percent also said that the government should play a role in developing a system to rate online content. In general, survey respondents expressed support for freedom of speech. The percentage who declared that Americans have too little free speech rose from 18% in 1997 to 26% in 1999. Exactly half of the respondents said they believe speech freedom is the most important freedom -- the same result was obtained in the 1997 survey. The Center for Survey Research and Analysis at the University of Connecticut conducted the survey through telephone interviews of 1,001 adults, ages 18 or older, between February 26 and March 24, 1999. The margin of error is plus or minus 3 percentage points. Additional information about the survey is available at: http://www.freedomforum.org/first/sofa/1999/welcome.asp ======================================================================= [5] Model State Public Health Privacy Act Now Available ======================================================================= The Model State Public Health Privacy Project (MSPHPP) has completed a final draft of its model state law for the protection of public health information. The MSPHPP brought together the Center for Disease Control (CDC), the Council of State and Territorial Epidemiologists (CSTE), the Association of State and Territorial Health Officials (ASTHO), the National Conference of State Legislatures (NCSL), and the Georgetown University Law Center (GULC) for the purpose of developing a model state law addressing privacy and confidentiality issues arising from the collection, use, and dissemination of health information by public health departments with special attention paid to records about HIV/AIDS status. The protection of records about HIV/AIDS status are particularly important given that all states require reporting of AIDS status and thirty-one require some reporting about HIV status. Now that the model state law has been completed, the MSPHPP seeks to circulate it among legislators and public health agencies at the local, state, and federal levels. State medical privacy laws play an increasingly important role given recent inability of the federal government to draft federal protection for health records. By missing the self-imposed deadline of August 21 to draft a medical privacy law, Congress triggered a previously passed mandate requiring the Department of Health and Human Services to start work on federal regulations -- which do not have the same legal weight as legislation. More information about MSPHPP and the draft of the model state law are available at: http://www.critpath.org/msphpa/privacy.htm EPIC's archive on medical privacy can be viewed at: http://www.epic.org/privacy/medical ======================================================================= [6] Privacy International's Big Brother Awards ======================================================================= The Second Annual Big Brother Awards were presented in London on October 18. The awards, annually distributed by the UK-based Privacy International, are given to those individuals or parties that "have done the most to destroy personal privacy in Britain." The "winners" of the Big Brother Award receive a trophy in the shape of a boot stamping on a human head. On the same night, the ceremony gives out "Winstons," in honor of Winston Smith -- hero of George Orwell's 1984, to those have done the most to protect privacy. The winners of the Big Brother Awards include the Home Office for the "Lifetime Menace Award", Jack Straw as the "Worst Public Servant", Experian for "Most Invasive Company", the Borders Police as the "Most Heinous Goverment Organisation", and RACAL for the "Most Appalling Project." Recipients of the Winston include Duncan Campbell, Tony Bunyan, Clive Norris and Gary Armstrong, David Burke, and Fleur Fisher. For more information about the awards see: http://www.bigbrotherawards.org/ Also, for more information about Privacy International: http://www.privacyinternational.org/ ======================================================================= [7] EPIC Bookstore - Compilation of State and Federal Privacy Laws ======================================================================= Compilation of State and Federal Privacy Laws by Robert Ellis Smith. http://www.amazon.com/exec/obidos/ISBN=0930072111/electronicprivacA The COMPILATION OF STATE AND FEDERAL PRIVACY LAWS (136 pages, 1999, $31) is an indispensable reference book describing and citing more than 600 laws affecting confidentiality, grouped by state in several categories, including credit, medical, financial, electronic surveillance, telephones, Social Security numbers, and much more. Canada's federal and provincial laws are also described. INCLUDES CURRENT 1999 SUPPLEMENT. The full texts of major U.S. laws - including laws on telephone solicitation, electronic surveillance, and credit bureaus - are reprinted in full in the appendix. "Recommended for all public libraries," says LIBRARY JOURNAL EPIC Publications: "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of US and International privacy law, as well as a comprehensive listing of privacy resources. "Filters and Freedom - Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. "Cryptography and Liberty: An International Survey of Cryptography Policy" Wayne Madsen and David Banisar, editors, (EPIC 1999). Price: $15. http://www.epic.org/cryptobook99/ An international survey of encryption policies around the world. Survey results show that in the vast majority of countries, cryptography may be freely used, manufactured, and sold without restriction, with the U.S. being a notable exception. "Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments" David Banisar, Simon Davies, editors, (EPIC 1999). Price: $15. http://www.epic.org/privacy&humanrights99/ An international survey of the privacy and data protection laws found in 50 countries around the globe. This report outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Network for People Conference. Department of Commerce Telecommunications and Information Infrastructure Assistance Program (TIIAP). November 1-2, 1999. Key Bridge Marriott Hotel. Arlington, VA. For more information: http://www.ntia.doc.gov/otiahome/tiiap Washington, D.C., USA Internet Engineering Task Force (IETF) Meeting. November 7-12, 1999. Omni Shoreham Hotel. Washington, D.C. For more information: http://www.ietf.org/meetings/IETF-46.html Public Workshop on "Online Profiling" -- November 8, 1999. National Telecommunications and Information Administration, Commerce and Federal Trade Commission. For more information: http://www.ftc.gov/bcp/profiling/index.htm Consumer Privacy in the Next Decade: New Trends, Forces and Directions and The All New Practitioner's Privacy Policy Workshop. Privacy & American Business' Sixth Annual National Conference. November 8-10, 1999. Hyatt Regency Hotel. Arlington, VA. For more information: ctrslr@aol.com The Government's Role in Computer Surveillance and the Federal Intrusion Detection Network (FIDNet). Association for Computing Machinery and Stanford University. November 9, 1999. Kresge Auditorium, Stanford University. For more information: http://www.acm.org The 1999 BNA Public Policy Forum: E-Commerce and Internet Regulation. November 15, 1999. Mayflower Hotel. Washington, D.C. For more information: http://internetconference.pf.com/ Call for Papers -- Impacts of Economic Liberalization on IT Production and Use. The Information Society. Manuscripts due November 15, 1999. For more information: http://www.slis.indiana.edu/TIS Annual Computer Security Applications Conference: Practical Solutions to Real Security Problems. December 6-10, 1999. Radisson Resort Scottsdale. Phoenix, Arizona. For more information: http://www.acsac.org/ Integrating Government with New Technologies '99 Policy vs Technology: Service Integration in the New Environments - A two-day Seminar and Training Session. December 13-14, 1999. Government Conference Center. Ottawa, Canada. For more information: http://www.rileyis.com/seminars Surveillance Expo '99. December 13-15, 1999. Doubletree Hotel. Crystal City, Virginia. For more information: http://www.rosseng.com PEN/Newman's Own Eighth Annual First Amendment Award. Nominations due December 31, 1999. For more information: http://www.pen.org RSA 2000. The ninth annual RSA Data Security Conference and Expo. January 16-20, 2000. San Jose McEnery Convention Center. San Jose, CA. For more information: http://www.rsa.com/rsa2000/ ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 6.17 ----------------------- .