EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.10                                       May 24, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] FTC Calls for Privacy Legislation to Protect Internet Users
[2] Requirement for Cable Scrambling Violates First Amendment
[3] International Law Enforcement and Industry Discuss Cyber-Crime
[4] EU Holds Off on Removing Barriers to Export of Crypto
[5] New Financial Privacy Rules Protect Credit Header Info
[6] Annenberg Research Reveals Teens Will Share Family Info
[7] EPIC Bookstore - From Gutenberg to the GII
[8] Upcoming Conferences and Events
[1] FTC Calls for Privacy Legislation to Protect Internet Users
On May 22, the Federal Trade Commission (FTC) released its third
report on the state of online privacy protection.  In a major shift
in policy, a majority of the FTC Commissioners concurred with the
report's finding that legislation is necessary to adequately protect
consumer privacy online.  On May 25, all five Commissioners will
present the report and their conclusions to the Senate Commerce
Committee.  Also speaking at the hearing will be representatives
from the privacy community and industry groups.
The report, "Privacy Online: Fair Information Practices in the
Electronic Marketplace", was the FTC's first in-house survey of how
well privacy policies are addressing Fair Information Practices.  The
survey found that in a random sample of over 300 websites that collect
personal information, only 20 percent discussed all four elements of
the FTC's version of Fair Information Practices - notice, consent,
access and security.  In a sample of more popular websites, only 42
percent covered all four elements of privacy protection.  In
comparison to the FTC report, EPIC's last survey of privacy policies,
"Surfer Beware 3: Privacy Policies without Privacy Protection", found
that none of the top 100 e-commerce websites adequately provided all
elements of Fair Information Practices.
Based on these results and those of past studies, three of the five
Commissioners agreed with the conclusion of the report that
self-regulation alone would not provide adequate privacy protection.
The report finds that legislation would also be needed, and the
Commission is expected to present a proposal at the upcoming Commerce
Committee hearing.
The day after the FTC report was made public, Sen. Ernest Hollings
(D-SC) introduced his bill protecting online privacy, the Consumer
Privacy Protection Act.  The bill has already garnered the support of
other Democratic members of Congress and is expected to cover many of
the legislative recommendations of the FTC.  In addition, many surveys
and reports continue to show strong public support for online privacy
legislation.  For example, the March 20 issue of BusinessWeek included
a poll in which 57 percent of people surveyed supported laws governing
the collection and use of personal information online while only 15
percent supported letting industry groups develop voluntary standards.
The FTC's report, appendices and individual statements issued by the
Commissioners are available at:
"Surfer Beware 3: Privacy Policies without Privacy Protection":
The BusinessWeek Harris Interactive poll on the public's attitudes on
online privacy is available at:
[2] Requirement for Cable Scrambling Violates First Amendment
On May 21, the U.S. Supreme Court ruled in United States v. Playboy
Entertainment Inc. that a federal requirement for cable operators
transmitting sexually-explicit channels was an unconstitutional
content-based restriction on free speech.  The law in question,
enacted as part of the Communications Decency Act in 1996, required
all cable operators providing channels "primarily dedicated to
sexually-oriented programming" to either fully scramble those channels
or to restrict their transmission to the hours when children would be
unlikely to watch television.  Due to high costs associated with
scrambling technology, most cable operators chose to comply with the
statute by limiting transmission of the programming to late night
The scrambling requirement was intended to protect children from
hearing or seeing portions of scrambled cable programs resulting from
"signal bleed" to non-subscribers.  While the Supreme Court agreed
that exposure to harmful and indecent materials was a legitimate
problem for Congress to address, it concluded that it could have done
so by less restrictive means.  It continued that an alternative
procedure set out in another section of the Act, by which subscribers
could request a cable operator to fully scramble or otherwise fully
block any channel they did not wish to receive, provided adequate
content-neutral protection for subscribers without violating the First
Delivering the majority 5-4 opinion, Justice Anthony Kennedy stated
that the "the objective of shielding children does not suffice to
support a blanket ban if the protection can be accomplished by a less
restrictive alternative".  He expressed continued support for free
speech concluding that "it is through speech that our personalities
are formed and expressed" and that all citizens are entitled "to seek
out or reject certain ideas or influences without Government
interference or control".
Supreme Court's opinion in U.S. v. Playboy Entertainment Group (PDF)
is available at:
[3] International Law Enforcement and Industry Discuss Cyber-Crime
Top law enforcement and industry officials from major industrialized
countries met in Paris last week to discuss responses to cyber-crime.
The meeting is a lead-up to a meeting of the Presidents and Prime
Ministers of the countries in Okinawa, Japan this July.
One of the primary controversies discussed at the event was a proposal
that Internet Service Providers (ISPs) be required to keep logs of all
of their users' activities online.  Under proposals suggested at the
meeting, ISPs would be required to maintain user logs for up to one
year.  Many industry participants were critical of this suggestion,
noting the costs of maintaining the logs and the difficulty in keeping
the logs secure and tamperproof for law enforcement purposes.  The
Council of Europe (COE) "Draft Convention on Cyber-crime"  (See EPIC
Alert 7.08) was also discussed.  At the meeting, the French Government
recommended allowing non-COE countries to sign the Convention but
opposed the creation of an international cyber-force to fight
This conference was the first meeting held by the G-8 on the issue
that included participants from outside the governments.  However,
only one representative from a consumer group was invited and no
members of privacy or cyber-rights groups were invited.  The G-8 is
made up of senior government officials from France, Germany, Japan,
United Kingdom, United States, Italy, Canada and Russia.  A subgroup
on High Tech Crime chaired by the U.S. Department of Justice has been
meeting since 1997.
In the end, only a weak resolution calling for more discussion and
cooperation was issued.  A second closed meeting of government experts
was held in Tokyo this week to work on the text of a resolution that
will be issued by the heads of state of the G-8 at their July meeting.
More information on the G-8 and COE is available at:
[4] EU Holds Off on Removing Barriers to Export of Crypto
In a surprising turn of events, European Union officials decided not
to vote on a measure which would have removed all controls on the
export of cryptographic technologies from European countries.  The
European Ministers of Foreign Affairs, meeting on May 22, withdrew the
proposal from their agenda at the last minute despite widespread
reports in the media that the decision to decontrol had been made and
that the vote was a mere formality.
If passed, the measure would have removed cryptographic technologies
from the current export regime set out in the Dual Use Regulation of
1994.  Under this regulation, most encryption products can only be
exported to countries outside the EU upon the issuance of a special
license from national authorities.  European industry has always been
strongly critical of this procedure, saying that it restricts their
access to the global market for encryption products.  There is also
widespread consensus that consumers need a wider array of encryption
products because of concerns that U.S. technologies may be weakened
during the "technical review" stage of the current export regime, a
process largely overseen by the U.S. National Security Agency.
No reason for this change of heart by European ministers was given.
French and British authorities expressed early reservations about the
measure and officials have confirmed that the U.S. also pressured the
European Union to block the decision.  However, no official statement
has been made.
For more information about the availability of cryptography worldwide,
"Cryptography & Liberty 2000: An International Survey of Encryption
[5] New Financial Privacy Rules Protect Credit Header Info
Two recent actions by the Federal Trade Commission (FTC) will provide
greater protections for personal information contained in credit
In a recent decision concerning credit reporting agency Trans Union,
the FTC found that the company was violating the Fair Credit Reporting
Act (FCRA) by using personal information to construct targeted mailing
lists.  As part of that decision, the FTC also concluded that dates of
birth -- often used as an element in determining credit-worthiness --
should also be considered as information which can be used only as
specifically set out in FCRA.
More recently, the FTC's portion of the new federal financial privacy
rules will increase protections over credit header information.
Currently, the data in the credit header (including name, mailing
address, telephone number, Social Security number, and age) can be
sold freely by credit reporting agencies to individual reference
services and direct marketers.  Under the rules, credit reporting
agencies would only be able to distribute that information if the
financial institution that transfers data to the agency has provided
the customer with notice and the opportunity to opt-out.
The FTC's opinion in Trans Union (PDF):
The FTC's final financial privacy rules (PDF):
[6] Annenberg Research Reveals Teens Will Share Family Info
Children are more likely than their parents to reveal personal family
information online, according to a study by the Annenberg Public
Policy Center of the University of Pennsylvania.
While 89 percent of parents believe that the Internet is beneficial
to their kids' schoolwork and 85 percent say that children find
fascinating and useful information on the Internet, 74 percent of
parents surveyed cited concerns about their children divulging
personal information on the Web.  The report showed that children
could be enticed into providing information in exchange for a free
gift.  For example, 65 percent of the children said they would reveal
the name of their favorite stores and 54 percent said they would
provide the name of their parents' favorite stores in order to receive
a free gift.  Forty-one percent of parents and 36 percent of children
said they have had tension in the home over children's release of
personal information.
The study also found that older kids (ages 13-17) are more likely than
younger kids (ages 10-12) and boys are more likely than girls to
provide sensitive family information.  For example, 53 percent of boys
and 37 percent of girls said it would be fine to disclose the type of
car their family owns.  Forty-five percent of older kids and 27
percent of younger kids responded that it would be acceptable to
reveal how much allowance they receive.  Thirty-nine percent of 13-17
year-old children said they have provided personal family information,
and 16 percent of children ages 10-12 said they have done so.
The researchers surveyed 1001 parents and 304 children between the
ages of 10 and 17 during January and February 2000.
The Annenberg report is available (in PDF) at:
[7] EPIC Bookstore - From Gutenberg to the GII
From Gutenberg to the Global Information Infrastructure: Access to
Information in the Networked World by Christine L. Borgman
Will the emerging global information infrastructure (GII) create a
revolution in communication equivalent to that wrought by Gutenberg,
or will the result be simply the evolutionary adaptation of existing
behavior and institutions to new media?  Will the GII improve access
to information for all?  Will it replace libraries and publishers?
How can computers and information systems be made easier to use?
What are the trade-offs between tailoring information systems to user
communities and standardizing them to interconnect with systems
designed for other communities, cultures, and languages?
This book takes a close look at these and other questions of
technology, behavior, and policy surrounding the GII.  Topics covered
include the design and use of digital libraries; behavioral and
institutional aspects of electronic publishing; the evolving role of
libraries; the life cycle of creating, using, and seeking information;
and the adoption and adaptation of information technologies.  The book
takes a human-centered perspective, focusing on how well the GII fits
into the daily lives of the people it is supposed to benefit.
Taking a unique holistic approach to information access, the book
draws on research and practice in computer science, communications,
library and information science, information policy, business,
economics, law, political science, sociology, history, education, and
archival and museum studies.  It explores both domestic and
international issues.  The author's own empirical research is
complemented by extensive literature reviews and analyses.
EPIC Publications:
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"The Privacy Law Sourcebook: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as well
as a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"Privacy and Human Rights 1999: An International Survey of Privacy Laws
and Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15. http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws found
in 50 countries around the globe.  This report outlines the
constitutional and legal conditions of privacy protection, and
summarizes important issues and events relating to privacy and
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
EPIC Event at the National Press Club. Panels on Privacy and the Free
Software Movement featuring new publications by Jeffrey Rosen, Robert
Ellis Smith and Peter Wayner. June 5, 2000. Washington, DC.
New Millennium, New Horizons: Marketing and Public Policy Conference
2000. American Marketing Association. June 1-3, 2000. Marriott Metro
Center. Washington, DC. For more information:
Chief Privacy Officer 2000. Privacy & American Business. June 5, 2000.
Doyle Hotel. Washington, DC. For more information:
A New Intelligence System for a New Era: The Case for Reform. The Fund
for Constitutional Government and the Center for International Policy.
June 7, 2000. Dirksen Senate Office Building, Rm 628. Washington, DC.
For more information: kturney@ciponline.org
Data Sharing: Initiatives and Challenges Among Benefit and Loan
Programs. United States General Accounting Office. June 7-8, 2000.
Library of Congress, Jefferson Building. Washington, DC. For more
information: morehousec.hehs@gao.gov
First Annual Institute on Privacy Law: Strategies for Legal Compliance
in a High Tech and Changing Regulatory Environment. Practicing Law
Institute. June 22-23, 2000. PLI Conference Center. New York, NY.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the Information
Society. Biennial Conference of the International Telecommunications
Society. July 2-5, 2000. For more information:
Successfully Managing the New Data Protection Laws. Privacy Laws &
Business. July 3-5, 2000. Cambridge, England. For more information:
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information: http://www.isoc.org/inet2000
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more
information: http://www.surveillance-expo.com
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
Privacy: A Social Research Conference. New School University. October
5-7, 2000. New York, NY. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Adam's Mark Hotel. Columbus, Ohio. For more
information: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.10 -----------------------
Return to:

Alert Home Page | EPIC Home Page