EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.08                                        May 2, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Administration Financial Privacy Proposal Released
[2] Privacy Coalition Seeks Review of Phone Records Privacy Case
[3] Intel Drops Processor Serial Numbers
[4] Pending Bills Would Impact Online Speech
[5] Council of Europe Releases Draft Cyber-Crime Treaty
[6] Electronic Surveillance Up Again in 1999
[7] EPIC Bookstore - Censored 2000
[8] Upcoming Conferences and Events
[1] Administration Financial Privacy Proposal Released
On April 30, during an address at Eastern Michigan University,
President Clinton unveiled a new Administration initiative protecting
financial privacy.  The proposal had been long expected, as the
President had remarked on the need for greater privacy protection soon
after signing the Financial Services Modernization Act into law and
again in his last State of the Union address.
The Financial Services Modernization Act, otherwise known as Gramm-
Leach-Bliley, eliminated many of the barriers preventing mergers
between securities firms, insurance companies, and other financial
institutions and simultaneously threw open the doors for more sharing
of personal financial information.  Some of those problems are
addressed in the new Clinton-Gore proposal, but other matters are
still left unresolved.
Perhaps the most significant loophole to be potentially closed by the
proposal is the unfettered transfer of personal information from
financial institutions to marketers.  Under current proposed rules,
consumers would not be given even an opt-out before such information
was shared through joint marketing agreements.  The other components
of the proposal include the ability to opt-out from sharing of
financial information between affiliates of a single institution;
opt-in for the sharing of medical billing or payment information and
consumer spending habits; a right to access and correct financial
records; increased authority for the Federal Trade Commission (FTC)
to assess monetary damages; increased cooperation between the FTC and
State Attorney Generals in prosecuting deceptive business practices;
requirements that banks provide privacy policies at the beginning of
a customer relationship; and a study on public bankruptcy records that
often contain a great deal of personal information.
Many groups, including EPIC, have recognized that Gramm-Leach-Bliley
does not offer an adequate level of privacy protection and would
prefer an opt-in for personal financial information to be shared with
affiliates and third parties.  The full text of the proposal is still
unavailable, but should be made public later this week.  Whether or
not the proposal succeeds in gaining the approval of Congress, the
standards in Gramm-Leach-Bliley are set to go into effect later this
A summary of the proposal is available at:
[2] Privacy Coalition Seeks Review of Phone Records Privacy Case
On May 1, EPIC was joined by 14 consumer organizations and 19 law
professors in a "friend of the court" brief filed with the U.S.
Supreme Court urging review of a lower court decision in U.S. West
v. FCC.  The case, decided last year by the Tenth Circuit Court of
Appeals, struck down a Federal Communications Commission (FCC)
regulation that sought to protect the privacy of an individual's
telephone records.  The appellate court held that the regulation,
which prohibited telephone companies from disclosing their customers'
sensitive Consumer Proprietary Network Information (CPNI) records
without first receiving opt-in permission, constituted an undue
restriction on free speech in violation of the First Amendment.
In their brief, EPIC and the other parties argue that the opt-in
permission the regulation requires is necessary to protect an
individual's right to privacy; that it is in accordance with the
intention of Congress; and that it does not violate the First
Amendment.  Furthermore, the brief argues that the appellate opinion
conflicts with the recent decision in Reno v. Condon, where the
Supreme Court ruled that Congress can prohibit the disclosure of
personal information by state motor vehicle departments without the
individual driver's express consent.
Privacy advocates and scholars regard U.S. West as an important
precedent-setting case.  They contend that, if allowed to stand, the
lower court decision could establish a dangerous principle regarding
the disclosure of personal information and the right to communications
The EPIC brief is available at:
[3] Intel Drops Processor Serial Numbers
In a major victory for Internet anonymity, the world's dominant chip
maker has decided to discontinue the use of Processor Serial Numbers
(PSNs) in its next generation of products. The PSN, which was embedded
in Intel Pentium III and Celeron chips, was extremely controversial
and led to a consumer boycott led by EPIC and other privacy groups.
Citing privacy concerns, Intel recently announced that its new
processors, code-named Willamette and scheduled for release later this
year, will no longer contain the identifiers.  Since the inception of
the PSN last January, privacy groups have maintained that computer
users are opposed to the placement of permanent identifiers in their
machines.  EPIC and other organizations asked the Federal Trade
Commission to investigate the practice (to date, the federal agency
has not publicly commented on the matter).
According to Intel VP Patrick Gelsinger, the PSN was to be used to
identify users who accessed Internet web sites or chat rooms.  Intel
also initially stated that the technology would be used for
authentication in e-commerce, which would attach the PSN to a user's
real-world identity.  Those objectives have apparently been abandoned.
While the death of the PSN is good news for privacy and anonymity,
other troubling initiatives are on the horizon.  The Wall Street
Journal has reported that Microsoft plans to include in future
versions of the Windows operating system software that uses
"biometric" devices such as fingerprint or eye scanners to
authenticate users.  And on the profiling front, software start-up
Predictive Networks has released a product that precisely tracks
online behavior and use the collected information to send targeted
advertisements to individual Web surfers.
More information on the Intel PSN is available at:
[4] Pending Bills Would Impact Online Speech
Congress is considering several bills that would regulate material
on the Internet, two of which have attracted particular attention.
The Unsolicited Electronic Mail Act (H.R. 3113) aims to curb the
distribution of "spam," yet could also impede free speech and
anonymity online.  The bill would require unsolicited e-mail to
include a subject-line label such as "ADV" (for advertisement) to
"permit automatic blocking or filtering of identified messages by a
recipient."  The legislation would also require senders to provide
valid e-mail addresses and accurate routing information so that
recipients could opt-out of future mailings.  Individuals who
continued to receive unsolicited e-mail after requesting to be removed
from a distribution list could seek damages of up to $500 per e-mail.
The Unsolicited Electronic Mail Act combines the provisions of three
separate anti-spam bills sponsored by Reps. Gene Gree (D-TX), Gary
Mill (R-CA), and Heather Wilson (R-NM).
A measure that would make it illegal to link to a page advertising
drug paraphernalia with the "intent to facilitate or promote" its
business is gaining ground in Congress.  The Methamphetamine
Anti-Proliferation Act of 1999 makes it a felony "to teach or
demonstrate the manufacture of a controlled substance, or to
distribute by any means information pertaining to, in whole or in
part, the manufacture or use of a controlled substance" if the
information is used in a crime.  Advertising any information that
could facilitate the sale of drug paraphernalia would also be a
federal violation.  Sens. Dianne Feinstein (D-CA) and Orrin Hatch
(R-UT) introduced the Methamphetamine Anti-Proliferation Act of 1999
in the Senate.
[5] Council of Europe Releases Draft Cyber-Crime Treaty
A secretive international group of law enforcement officials has
released a draft treaty on computer crime that would require adoption
of extensive new law enforcement powers.  The Committee of Experts on
Crime in Cyberspace of the Council of Europe released its "Draft
Convention on Cyber-crime" on April 27, following more than three
years of discussions.  The draft treaty would require that all
participating countries adopt new laws requiring government access to
encrypted information, expanding copyrights and criminalizing the
possession of common security tools.  It also would alter wiretapping
laws in all of the countries.
The treaty would also facilitate the collection of information by
requiring companies that provide Internet services to collect and
maintain information in case it is needed by law enforcement agencies.
It would permit international access to such information by
governmental authorities in different jurisdictions.
Two key sections on the interception of communications are left blank
in the draft.  These are likely to be the most controversial sections
as the drafting process continues.  The current draft also contains
controversial provisions mandating that every country enact laws that
would require an individual to release encryption keys and unencrypted
data when requested by government officials.  Most countries have
rejected adopting these powers over concerns about violating
individuals' rights against self-incrimination.  EPIC's recent
"Cryptography and Liberty 2000" report found that only Malaysia and
Singapore have existing laws mandating such "lawful access."
The draft has been under development since 1997, but had never been
publicly seen until last week.  According to sources, the U.S.
Department of Justice has played a significant role in the drafting
process.  The final draft is expected to be completed by December and
will then be opened for signature.  The COE is an international
governmental organization made up of 41 countries in Europe, but the
treaty will also be open to signature by other countries that
contributed to the drafting process, including the United States,
Canada, Hong Kong and Australia.
The text of the draft treaty is available at:
[6] Electronic Surveillance Up Again in 1999
The number of court-authorized wiretaps for criminal investigations
rose again in 1999, continuing a 20-year trend of increased
surveillance.  According to a report released today by the
Administrative Office of the U.S. Courts, court authorized
surveillance orders were up two percent from 1998, to 1,350 in 1999.
Federal wiretaps were up again by six percent in 1999, while state
wiretaps declined slightly.  Since the Clinton Administration came
into office in 1993, federal wiretapping has increased by 33 percent.
Since 1980, the total number of wiretaps has increased by 230 percent.
In 1999, not a single request for a wiretap was declined by any judge
in the United States.
The new report also shows law enforcement's increased focus on the
interception of cellular telephones and other new means of
communications.  Nearly half of all applications were for
interceptions of electronic communications.  However, prosecutors only
reported seven requests for interception of e-mail and computer
communications.  Of the remaining interceptions, 31 percent were
traditional wiretaps, and microphones only accounted for 4.5 percent
of all installed surveillance.  Ninety-four of the requests were for
roving wiretaps; 50 percent of those were in New York State.
The vast majority of the wiretap orders were issued in investigations
of drug offenses.  More than 72 percent were listed for narcotics
cases while ten percent were for racketeering and 4.5 percent for
homicide and assault.
The number of days that wiretaps were in place jumped by 18 percent in
1999.  Wiretaps recorded over 63,000 days of conversations of nearly
250,000 people.  According to prosecutors, only 20 percent of the
calls that they intercepted were actually "relevant" to a criminal
The 1999 report is available at:
More information on wiretapping, including previous reports and
analysis is available at:
[7] EPIC Bookstore -- Censored 2000: The Years Top 25 Censored Stories
Censored 2000: The Years Top 25 Censored Stories by Peter Phillips
In stark contrast to the reports on the nightly news and in the daily
papers, Censored 2000 reveals what is being kept from the public by a
lower quality of reporting, the downsizing of newsrooms, and the media
conglomerates. Ralph Nader calls it a book "that should be affixed to
the bulletin boards in every newsroom across the country," and the
American Journalism Review has hailed the series as "a distant early
warning system for society's problems." Along with the top 25 stories,
Censored 2000 focuses on the struggle to bring untold news to light,
including an introduction by imprisoned journalist Mumia Abu-Jamal.
EPIC Publications:
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"The Privacy Law Sourcebook: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as well
as a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"Privacy and Human Rights 1999: An International Survey of Privacy Laws
and Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15. http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws found
in 50 countries around the globe.  This report outlines the
constitutional and legal conditions of privacy protection, and
summarizes important issues and events relating to privacy and
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Entrust SecureSummit 2000. May 1-4, 2000. Hyatt Regency Dallas at
Reunion. Dallas, TX. For more information: http://www.securesummit.com
Online Privacy in the Global Economy. The Law & Internet Forum.
University of Chicago Law School. May 3, 2000. Chicago, IL. For more
information: http://home.uchicago.edu/orgs/law-internet/index.htm
Call for Papers -- 16th Annual Computer Security Applications
Conference. Deadline May 12, 2000. Sheraton Hotel. New Orleans, LA.
December 11-15, 2000. For more information: http://www.acsac.org/
Electronic Government: New Challenges for Public Administration and
Law. May 18, 2000. Center for Law, Public Administration, and
Informatization of Tilburg University, Netherlands. For more
information: http://schoordijk.kub.nl/crbi/egov/
Shaping the Network: The Future of the Public Sphere in Cyberspace.
Computer Professionals for Social Responsibility (CPSR). May 20-23,
2000. Seattle, WA. For more information:
New Millennium, New Horizons: Marketing and Public Policy Conference
2000. American Marketing Association. June 1-3, 2000. Marriott Metro
Center. Washington, DC. For more information:
First Annual Institute on Privacy Law: Strategies for Legal Compliance
in a High Tech and Changing Regulatory Environment. Practicing Law
Institute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the Information
Society. Biennial Conference of the International Telecommunications
Society. July 2-5, 2000. For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more
information: http://www.privacy2000.org
Privacy: A Social Research Conference. New School University. October
5-7, 2000. New York, NY. For more information:
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.08 -----------------------
Return to:

Alert Home Page | EPIC Home Page