EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.09                                       May 15, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] FTC Completes Internet Privacy Sweep and Advisory Committee Report
[2] Anonymous Message Board Poster Sues Yahoo! for Disclosures
[3] Court to Hear Challenge to Proposed FBI Wiretap Standards
[4] Privacy Groups Oppose Financial Privacy Delay
[5] EPIC Testifies on Use of Social Security Numbers
[6] New Survey Details Experiences of Identity Theft Victims 
[7] Press Freedom Survey Finds Extensive Censorship
[8] Upcoming Conferences and Events
[1] FTC Completes Internet Privacy Sweep and Advisory Committee Report
As reported in the Wall Street Journal on May 11, the Federal Trade
Commission's sweep of Internet privacy policies found that the
overwhelming majority of websites fail to meet standards for privacy
protection.  According to the coverage, the Federal Trade Commission
(FTC) found that while almost 90 percent of websites surveyed had
privacy policies, only roughly 20 percent satisfied the FTC's version
of Fair Information Practices -- notice, consent, access, and
security.  The report also includes a staff recommendation that the
FTC ask Congress for the authority to issue rules over Internet
The results of the FTC's sweep are not surprising considering other
recent surveys.  EPIC's last survey conducted in December 1999,
"Surfer Beware 3: Privacy Policies Without Privacy Protection," found
that none of the top 100 e-commerce sites met the standard set out by
a more robust set of Fair Information Practices.  An industry-funded
survey conducted by Georgetown University in January 1999 found that
less than 10 percent of websites visited met the FTC's standards.
Tommorrow, the FTC Advisory Committee on Online Access and Security
will release its final report.  The report brought together
representatives from industry, academia and privacy groups to
recommend implementation options for access and security.  The report
discusses access, the ability of the consumer to view and edit their
personal information, and security, the prevention of unauthorized
access or use of data.  The final version of the report contains a
consensus recommendation for security and four options for access.
EPIC Policy Analyst Andrew Shen was a member of the Advisory
The security recommendation is that Web sites maintain a security
program detailing their procedures and should be evaluated on the
basis of whether or not it is "appropriate under the circumstances."
The access implementation options are "total access" in which a
consumer to access all their personal information; "default to
consumer access" in which access would be provided in accordance with
the "ordinary course of business"; "case-by-case" in which the
provision of access is not presumed but depends on the types of
information and costs; "access for correction" in which a limited
scope of information would be subject to access and available only for
minor editing.
The final report of the FTC Advisory Committee, transcripts of public
meetings, and public comments are available at:
"Surfer Beware 3: Privacy Policies Without Privacy Protection" is
available at:
[2] Anonymous Message Board Poster Sues Yahoo! for Disclosures
A federal lawsuit filed in California on May 11 could establish
important protections for Internet privacy, anonymity and free
expression.  The suit, filed against Yahoo! by a user of the service's
popular financial message boards, challenges the company's practice of
disclosing a user's personal information to third parties without
prior notice to the user.  It accuses the online portal of violating
the "constitutional and contractual rights to privacy" of the user,
who lost his job after posting remarks about his employer on a Yahoo!
message board.
Over the past year, Yahoo! has been inundated with subpoenas issued by
companies seeking the identities of individuals anonymously posting
information critical of the firms and their executives.  Without
notifying the targeted users, and without assessing the validity of
the legal claims underlying the subpoenas, Yahoo! has systematically
disclosed identifying information such as users' names, e-mail
addresses and Internet protocol addresses.  Yahoo! has been unique
among major online companies in its refusal to notify its users of
such subpoenas and provide them with an opportunity to challenge the
information requests.  (Since the filing of the lawsuit, Yahoo! has
claimed that it changed its policy in April and does now notify users.
However, that change is not yet reflected at the Yahoo! website.)
Privacy and free speech advocates, including EPIC, have criticized
Yahoo!'s policy on the ground that Internet users have a right to
communicate anonymously and usually do so for valid reasons. 
According to David L. Sobel, EPIC's General Counsel, "online anonymity
plays a critical role in fostering free expression on the Internet,
and has clearly contributed to the popularity of the medium."  He
said, "The U.S. Supreme Court has ruled that anonymity is a
constitutional right, but the failure to inform users when subpoenas
are issued may make that right illusory online."
The lawsuit was filed in United States District Court in Los Angeles
by "Aquacool_2000," a pseudonymous Yahoo! user whose personal
information was disclosed to AnswerThink Consulting Group, Inc., a
publicly held company.  A copy of the lawsuit (in PDF) is available
[3] Court to Hear Challenge to Proposed FBI Wiretap Standards
This week, EPIC and other Internet privacy advocacy groups will ask a
federal appeals court to block new rules that would enable the FBI to
dictate the design of the nation's communication infrastructure.  The
challenged rules would, among other capabilities, enable the Bureau to
track the physical locations of cellular phone users and potentially
monitor Internet traffic.
In an oral argument to be heard by the U.S. Court of Appeals for the
District of Columbia Circuit on May 17, EPIC, the American Civil
Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF)
will argue that the rules -- contained in a Federal Communications
Commission (FCC) decision issued last August -- could result in a
significant increase in government interception of digital
communications.  Also arguing against the proposed technical standards
will be another group of challengers, comprised of telecommunications
industry trade associations and the Center for Democracy and
The court challenge involves the Communications Assistance for Law
Enforcement Act (CALEA), a controversial law enacted by Congress in
1994, which requires the telecommunications industry to design its
systems in compliance with FBI technical requirements to facilitate
electronic surveillance.  In negotiations over the last few years, the
FBI and industry representatives were unable to agree upon those
standards, resulting in last year's FCC ruling.  EPIC, ACLU and EFF
participated as parties in the FCC proceeding and argued that the
privacy rights of Americans must be protected.
The groups' court briefs asserted that the FCC ruling exceeds the
requirements of CALEA and frustrates the privacy interests protected
by federal statutes and the Fourth Amendment.  Among other things, the
Commission order would require telecommunications providers to
determine the physical locations of cellular phone users and deliver
"packet-mode communications" -- such as those that carry Internet
traffic -- to law enforcement agencies.
Proposed architectural changes to communications networks are also
being considered this week in Paris, where a Group of Eight (G-8)
conference is considering "cybercrime" issues.  The process, which
began several years ago at the behest of the United States, may be
moving toward concrete proposals that could impact online anonymity.
During the G-8 ministerial conference in Moscow last October, the
countries committed their experts to organize a dialogue between
industry and governments about "identifying and locating
cybercriminals."  During the scheduled Okinawa summit in July, the
results of the discussion will be considered by the Heads of State of
the G-8.
Background materials on CALEA, including the briefs filed by EPIC,
ACLU and EFF, are available at EPIC's website:
Information on the G-8 conference is available at:
[4] Privacy Groups Oppose Financial Privacy Delay
Despite widespread public support for the protection of personal
financial information, government agencies have decided to delay the
effective date of financial privacy protections until July 2001.
Upon rumors that the agencies in charge of issuing rules protecting
financial privacy were planning to delay their effective date, a
coalition of privacy groups issued a joint letter on May 9 insisting
that the rules goes into effect as planned.  The open letter to the
agencies stated that while the privacy guidelines provided by the
Gramm-Leach-Bliley Act were inadequate, they still offered more than
the current lack of protections.  Despite these concerns, on May 11,
the Federal Reserve, the Federal Deposit Insurance Corporation, the
Office of the Comptroller of the Currency, and the Office of Thrift
Supervision issued their final financial privacy rules but delayed the
effective date until July 1 of next year.  In a separate announcement
released today, the Federal Trade Commission also issued its final
rules with the same delayed effective date.
Public support for financial privacy continues to grow despite the
slow response from the federal government.  A recent poll published by
the National Journal found that 14 percent of registered voters cited
the protection of financial records as their top priority for Congress
this year.  In comparison, 16 percent of those polled picked tougher
gun restrictions and seven percent selected the passage of a patients'
bill of rights as high priority issues.
The letter opposing the delay of financial privacy protections:
Press release announcing the delay of the effective date for financial
privacy rules:
Separate press release from the Federal Trade Commission also delaying
the implementation of financial privacy protections:
[5] EPIC Testifies on Use of Social Security Numbers
On May 11, EPIC Executive Director Marc Rotenberg testified before the
House Subcommittee on Social Security on the "Use and Misuse of Social
Security Numbers."  The subcommittee convened the hearing to examine
the need for legislation to curb the growing misuse of Social Security
Numbers (SSNs) such as in cases of identity theft.
EPIC's testimony argues that legislation to limit the collection and
use of the SSN is appropriate, necessary and fully consistent with
U.S. law.  The history of the SSN demonstrates that it was never
intended to be used widely as a unique identifier and that there is
clear judicial and legislative support for further legal restrictions
on its use.  The testimony concluded that strong privacy laws and
other safeguards are necessary to ensure that the problems associated
with misuse of the SSN, such as profiling and identity theft, do not
increase in the future.
Also testifying on the panel were several members of Congress
proposing legislation to curb the use of SSNs, the Consumer Program
Director of U.S. PIRG, and representatives of industries and
government agencies that regularly use Social Security Numbers in the
course of their work.
EPIC's testimony is available at:
The testimony of other panel members is also online at:
[6] New Survey Details Experiences of Identity Theft Victims 
On May 1, the California Public Interest Research Group (CALPIRG) and
the Privacy Rights Clearinghouse (PRC), released a new report
highlighting the difficulties that victims of identity theft face in
clearing their names.  The report, entitled "Nowhere to Turn: Victims
Speak out on Identity Theft", surveys the experiences of identity
theft victims.  The survey found that the victims had spent between
two and four years removing an average of $18,000 in fraudulent
The report argues that law enforcement, government and credit industry
procedures fail to address the growing problem of identity theft and
make it difficult for victims to resolve their cases.  The report
acknowledges that the 1998 law passed by Congress to criminalize
identity theft is an important "first step" in combating identity
theft but argues that much more needs to be done.  It recommends the
introduction of state and federal laws to protect consumers and
forcing bodies such as banks, department stores and credit bureaus to
take a more responsible approach to the growing problem of identity
"Nowhere to Turn: Victims Speak out on Identity Theft" is at:
[7] Press Freedom Survey Finds Extensive Censorship
In its 22nd annual survey of international press freedom, Freedom
House recently found that nearly two-thirds of the 186 countries
reviewed restrict the content of print and electronic news media. 
According to the report, sixty-nine countries (37 percent) have a free
press, while 51 have a partly free news media and 66 do not provide
press freedom.  Those governments that restrict press freedom often
claim to do so in the interest of preserving public morality and
protecting national security.
Governments employ various tactics to limit Internet access, such as
mandating special licensing and regulation of Internet use, channeling
traffic through filtered government servers, and banning access to
particular Web pages.  For example, the official Internet Service
Provider (ISP) in China restricts access to particular news reports
generated abroad.  The Chinese government also monitors Web sites to
ensure that no sensitive government information is disclosed and has
imprisoned dissidents who have posted such material.  In Russia, one
of the successors to the KGB has required ISPs to install surveillance
devices that allow direct monitoring of Internet activity.
The Freedom House survey is available at:
[8] Upcoming Conferences and Events
Electronic Government: New Challenges for Public Administration and
Law. May 18, 2000. Center for Law, Public Administration, and
Informatization of Tilburg University, Netherlands. For more
information: http://schoordijk.kub.nl/crbi/egov/
Securing Linux or BSD Novice Users' Personal Computers. GNU/Linux 
Beginners SIG. May 19, 2000. New School Computer Instruction Center.
New York, NY. For more information: drs@cloud9.net
Shaping the Network: The Future of the Public Sphere in Cyberspace.
Computer Professionals for Social Responsibility (CPSR). May 20-23,
2000. Seattle, WA. For more information:
New Millennium, New Horizons: Marketing and Public Policy Conference
2000. American Marketing Association. June 1-3, 2000. Marriott Metro
Center. Washington, DC. For more information:
Data Sharing: Initiatives and Challenges Among Benefit and Loan 
Programs. United States General Accounting Office. June 7-8, 2000.
Library of Congress, Jefferson Building. Washington, DC. For more
information: morehousec.hehs@gao.gov
First Annual Institute on Privacy Law: Strategies for Legal Compliance
in a High Tech and Changing Regulatory Environment. Practicing Law
Institute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the Information
Society. Biennial Conference of the International Telecommunications
Society. July 2-5, 2000. For more information:
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information: http://www.isoc.org/inet2000
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more
information: http://www.surveillance-expo.com
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
Privacy: A Social Research Conference. New School University. October
5-7, 2000. New York, NY. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more 
information: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.09 -----------------------
Return to:

Alert Home Page | EPIC Home Page