EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.06                                      April 3, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] New EPIC Crypto Report Finds Progress and Potential Threats
[2] Census Questions Create Privacy Furor
[3] Judge Prohibits Distribution of "Censorware" Decoding Program
[4] SEC Proposal Would Search Web and Invade Privacy
[5] No Agreement on Safe Harbor Proposal
[6] European Parliament Supports Echelon Hearing
[7] EPIC Bookstore -- EPIC Publications
[8] Upcoming Conferences and Events
[1] New EPIC Crypto Report Finds Progress and Potential Threats
The Electronic Privacy Information Center (EPIC) today released
"Cryptography and Liberty 2000: An International Survey of Encryption
Policies."  This is the third annual survey of encryption policy
conducted by EPIC.  The report finds that the movement towards the
relaxation of regulations of encryption technologies has largely
succeeded.  In particular, in the vast majority of countries,
cryptography may be freely used, manufactured, and sold without
"Cryptography and Liberty" notes that export controls remain the most
powerful obstacle to the development and free flow of encryption
products and services.  However, the rise of electronic commerce and
the need to protect privacy and increase the security of the Internet
have resulted in the development of policies that favor the spread of
strong encryption worldwide.
Despite these advances, the battle for secure and private
communications is not yet won.  EPIC's report finds that some
countries are now proposing "lawful access" requirements that would
force users to disclose keys or decrypted files to government
agencies.  Others are considering proposals that give intelligence and
law enforcement agencies new powers to conduct surveillance, break
into buildings or hack computers to obtain encryption keys and obtain
information.  Law enforcement and intelligence agencies are also
demanding and receiving substantial increases in budgets.  These new
powers and budgets raise concerns about the expansion of government
surveillance and the need for public accountability.
Presenting the findings of the report at a press conference today in
Washington, EPIC Senior Fellow Wayne Madsen stressed that "the
majority of countries around the world are not interested in
controlling encryption; however, a few nations are now proposing
surreptitious and covert methods for obtaining private keys and access
to encoded communications."
EPIC Executive Director Marc Rotenberg said that the report will
contribute significantly to the ongoing discussion about the right to
communicate freely and in private in the digital age. "Strong
encryption is critical for the development of networks that will
safeguard personal communications," he said.
An online version of the report is available at:
The printed, book version of "Cryptography and Liberty 2000: An
International Survey of Encryption Policy" (EPIC, 154 pages,
softcover, ISBN: 1893044076, $20) is available at:
[2] Census Questions Create Privacy Furor
The U.S. Census Bureau is quickly learning something that many online
companies have known for awhile: the American public is growing
increasingly concerned about privacy.
Census 2000, the decennial process of counting the U.S. population,
has become mired in a privacy controversy concerning census questions
that many citizens find intrusive.  The questions -- included on the
"long form" that the Census Bureau mailed to one of every six U.S.
households -- seek information concerning physical and mental
disabilities, employment, income, housing specifications, and other
personal details.  In the face of public concern over the questions,
several members of Congress have recently suggested that long form
recipients should refrain from providing information they consider
sensitive.  Sen. Chuck Hagel (R-NE) has reportedly prepared
legislation that would remove the existing criminal penalties for
failing to answer all census questions.
The Census Bureau is defending the long form questionnaire, noting
that it does not seek any more information than has been requested in
earlier census counts and that, in fact, this year's form is shorter
than those issued in previous years.  Census officials also maintain
that there is a legitimate basis for all of the data being sought.
According to Census Director Kenneth Prewitt, the information is
critical for implementation of specific legislation and government
programs.  But he has acknowledged the discomfort the form is causing
many recipients.  "Millions of Americans have expressed an
unprecedented level of concern for their privacy when asked to
complete the long form," Prewitt said.  "While it may be the shortest
long form in history, it has raised more questions than any of its
There are, indeed, early indications that privacy concerns may
seriously hamper the census process.  Three weeks after census forms
were sent out, half of the recipient households have mailed them back.
The response rate for the long form is ten percent below the rate for
the short form, enough of a variance, according to Prewitt, to "make
us somewhat concerned."
Official handling of personal information was also at issue in a
controversial judicial decision issued last week.  In an opinion that
grows out of the FBI "Filegate" litigation, U.S. District Judge Royce
C. Lamberth found that the White House and President Clinton committed
a "criminal violation of the Privacy Act" when they released personal
letters sent to the President by Kathleen Willey.  The White House has
strongly denied the allegation.
An online version of Judge Lamberth's opinion is available at:
[3] Judge Prohibits Distribution of "Censorware" Decoding Program
A federal judge in Boston has issued a permanent injunction against
distribution of a decoding program that unlocks the list of Web sites
blocked by the Cyber Patrol filtering program.  In an opinion issued
on March 28, U.S. District Judge Edward F. Harrington refused to
clarify whether U.S. website operators who posted "mirror" copies of
the program are subject to the injunction.  He also appeared to
suggest that mirror sites could test that question only by risking a
contempt charge that could lead to fines and incarceration.
Prior to the ruling, EPIC joined with the American Civil Liberties
Union in court papers filed on behalf of three U.S. mirror site
operators, arguing that the court lacked jurisdiction over the matter
and that the First Amendment precludes the broad prohibition on
dissemination sought by toy manufacturer Mattel, which markets Cyber
Patrol.  Mattel sought the injunction after the decoding program was
posted on sites in Sweden and Canada by the two programmers who wrote
the code.  The company alleged that the "reverse-engineering" process
employed by the authors violated U.S. copyright laws, despite the fact
that the activity occurred outside of the United States.  At a court
hearing on March 27, Mattel disclosed that it had reached a settlement
with the Swedish and Canadian programmers and had obtained the rights
to the decoding program.  As a result, the real impact on the court's
injunction falls only on the mirror sites.
Underlying the copyright issues raised in the case is the controversy
surrounding "censorware" programs that contain secret lists of blocked
sites.  Filtering critics have long maintained that users of such
products should have a means of reviewing the "block lists" contained
in the programs.  While the right of parents to use the software was
never at issue, Judge Harrington wrote that the case "raises a
profound societal issue, namely, who is to control the educational and
intellectual nourishment of young children -- the parents or the
purveyors of pornography and the merchants of death and violence." But
by allowing the owners of Cyber Patrol to control the dissemination of
the decoding program, the judge's ruling leaves parents in the dark
about the products they are buying to protect their children.
More information on the Cyber Patrol litigation, including links to
relevant court filings, is available at:
More information on the free speech issues surrounding filtering
software is available at the Internet Free Expression Alliance
[4] SEC Proposal Would Search Web and Invade Privacy
Controversy has recently arisen around a Securities and Exchange
Commission (SEC) plan to use webcrawlers to search the Internet for
potential securities fraud.  Many have found the plan to be an
overreaction that invades privacy and could chill free speech.
The SEC's plan would utilize webcrawlers to browse and record
statements made in chat rooms, bulletin boards, and web pages based
on undisclosed keywords.  In the process of storing publicly posted
statements, the webcrawler would also attempt to collect personal
information to identify posters who often attempt to maintain their
anonymity.  While the SEC currently takes these steps manually in
attempts to thwart potential securities fraud, the automation of the
process would potentially extend the reach of the federal agency into
activities that could violate the Privacy Act of 1974.
Many critics have considered the plan a violation of the Privacy Act,
which puts limits on the collection and use of personal information by
federal agencies.  The Act prohibits the collection of personal
information without the data subject's consent, allows the data
subject to review any information in the possession of government
agencies, and forbids the storage of statements that would be
protected by the First Amendment.  While the Privacy Act provides
exceptions in order to protect the integrity of ongoing criminal
investigations, the law restricts what government agencies like the
SEC can do in the normal course of their business.
[5] No Agreement on Safe Harbor Proposal
The Article 31 Committee, the EU body responsible for the
implementation of the EU Data Protection Directive, has failed to
accept the most recent draft of the Safe Harbor arrangement released
by the U.S. Department of Commerce.
The Article 31 Committee, which comprises of representatives from all
EU member states, met on March 30-31 to discuss the draft.  No formal
decision was reached and the Committee is now expected to draft a list
of areas which still have to be improved in the U.S. proposal.
Prominent among these outstanding issues will be the matter of
individual redress for privacy violations.
During its meetings, the Committee referred to comments recently
submitted by the Trans Atlantic Consumer Dialogue (TACD), a coalition
of over sixty American and European consumer groups that includes
EPIC. In its comments, the TACD argued that the latest Safe Harbor
proposal would still provide European citizens with less than
adequate protection with respect to the processing of their personal
data. In particular, the TACD expressed "little confidence" in the
effectiveness of a self-regulatory scheme for protecting privacy and
called for the establishment of stronger principles with a clear
enforcement mechanism.
The next meeting of the Article 31 committee is scheduled for May
The TACD's comments are available at:
The current version of the Safe Harbor Principles and FAQs:
Information and news on the EU Data Protection Directive:
[6] European Parliament Supports Echelon Hearing
On March 28, the Green Party secured the necessary number of
signatures from members of the European Parliament to support the
establishment of a formal commission of enquiry into the Echelon
surveillance system.  The motion to appoint the commission was put
forward by the Green Party in response to a report presented to the
European Parliament on February 23 by British journalist Duncan
Campbell.  The report, "Interception Capabilities 2000," suggested
that Echelon forms part of a global surveillance scheme carried out
by the U.S., the UK and other countries capable of intercepting all
electronic communications.
The Greens have presented the signatures to the President of the
European Parliament, Nicole Fontaine.  In accordance with the rules of
procedure, the Parliament's Conference of Presidents will now decide
whether to make a formal recommendation for an Inquiry Committee.  The
Greens have also asked the European Commission and Council to confirm
whether they are doing enough to protect the privacy of European
citizens' communications.
Echelon has also provoked public debate in the U.S., with recent
allegations that the National Security Agency (NSA) has used its
surveillance powers not only for foreign intelligence purposes but
also to intercept domestic communications.  Campbell is currently
working with EPIC to prepare a new report on this issue.  The report,
scheduled for publication in early May, will serve as a roadmap for
proposed Congressional hearings into NSA activities, expected to be
held later this spring.
See the Green Party press release at:
The European Parliament report, "Interception Capabilities 2000" (in
PDF format) is available at:
[7] EPIC Bookstore -- EPIC Publications
EPIC Publications:
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"The Privacy Law Sourcebook: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as well
as a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"Privacy and Human Rights 1999: An International Survey of Privacy Laws
and Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15. http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws found
in 50 countries around the globe.  This report outlines the
constitutional and legal conditions of privacy protection, and
summarizes important issues and events relating to privacy and
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Call for Papers -- Freedom of Expression in the Information Age.
Stanford Journal of International Law. Deadline April 15, 2000. For
more information: http://www.stanford.edu/group/SJIL/
Regulating the Internet: EU & US Perspectives. April 27-29, 2000.
European Union Center, the School of Communications, and the Center
for Law, Commerce & Technology at the University of Washington.
Seattle, WA. For more information:
Access Act Reform: The Destruction of Records and Proposed Access Act
Amendments. Riley Information Services. May 1, 2000. Westin Hotel.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars/
Entrust SecureSummit 2000. May 1-4, 2000. Hyatt Regency Dallas at
Reunion. Dallas, TX. For more information: http://www.securesummit.com
Call for Papers -- 16th Annual Computer Security Applications
Conference. Deadline May 12, 2000. Sheraton Hotel. New Orleans, LA.
December 11-15, 2000. For more information: http://www.acsac.org/
Electronic Government: New Challenges for Public Administration and
Law. May 18, 2000. Center for Law, Public Administration, and
Informatization of Tilburg University, Netherlands. For more
information: http://schoordijk.kub.nl/crbi/egov/
Shaping the Network: The Future of the Public Sphere in Cyberspace.
Computer Professionals for Social Responsibility (CPSR). May 20-23,
2000. Seattle, WA. For more information:
First Annual Institute on Privacy Law: Strategies for Legal Compliance
in a High Tech and Changing Regulatory Environment. Practicing Law
Institute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the Information
Society. Biennial Conference of the International Telecommunications
Society. July 2-5, 2000. For more information:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
Privacy2000: Information and Security in the Digital Age. November 29,
2000. Adam's Mark Hotel. Columbus, Ohio. For more information:
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.06 -----------------------
Return to:

Alert Home Page | EPIC Home Page