EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.11                                      June 14, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Gore Offers Protections for Social Security Numbers, Genetic Data
[2] EPIC Renews Call for Baseline Privacy Standards Legislation
[3] EPIC Urges Rejection of Online Age Verification Systems
[4] Terrorism Commission Recommendations Could Threaten Privacy
[5] Commerce Committee Hears from FTC on Internet Privacy
[6] EPIC Event Addresses Privacy and the Free Software Movement
[7] EPIC Bookstore - New Publications on Privacy
[8] Upcoming Conferences and Events
[1] Gore Offers Protections for Social Security Numbers, Genetic Data
Responding to widespread public support for privacy protection, Vice
President Al Gore recently presented two proposals governing the use
of Social Security numbers and genetic data.  The policy initiatives
suggest that privacy could emerge as a major issue in this fall's
presidential campaign.
Last week, the Vice President introduced his proposal to protect
Social Security numbers (SSNs), the Social Security Protection Act of
2000.  Gore's proposal is sponsored by Sen. Dianne Feinstein (D-CA)
and Rep.  Ed Markey (D-MA).  The proposal would limit the sale or
purchase of SSNs to instances in which an individual has voluntarily
and affirmatively given his or her consent to that disclosure. 
Currently, SSNs -- often an important identifier for financial, credit
and health records -- can simply be bought from "lookup services"
without an individual's permission.  The proposal would require the
Federal Trade Commission and state attorneys general to jointly
enforce the protections.
The proposal is an important first step in responding to the growing
problems with the misuse of the Social Security number.  However,
other issues could be addressed as the proposal goes forward.  For
example, outlawing the sale and purchase of the Social Security number
has been previously proposed in studies of SSNs.  In addition,
consumers should be assured that they would not lose the opportunity
to receive a benefit or conduct business if a private company unjustly
requires a SSN.  Many individuals can be compelled to provide a SSN
that they might otherwise not want to disclose.  Also, while consent
is a key step before dislosing a SSN, it is preferable that the data
collector specify and limit future uses of that data.  Lastly, the
proposal could include provisions so that the individual would have an
independent ability to pursue what he or she thinks are infractions of
the law and seek the appropriate remedies.
As reported in the press, the Vice President is also formulating
restrictions on the use of genetic data.  Following up on President
Clinton's executive order barring government agencies from using
genetic data in hiring and promotion decisions (see EPIC Alert 7.03),
Vice President Gore would seek to extend such protections to workers
in the private sector.  The issue at hand in both proposals is the
possibility of discrimination against employees who may have genetic
predispositions for cancer or other diseases.
For more information about Social Security numbers is available at:
EPIC's recent testimony on the "Use and Misuse of the Social Security
Number" before the House Committee on Ways and Means:
[2] EPIC Renews Call for Baseline Privacy Standards Legislation
EPIC director Marc Rotenberg testified before the Senate Commerce
Committee on June 13, arguing that there is a current need for
legislation to establish baseline privacy standards for electronic
commerce.  The committee hearing focused on online data collection
practices and profiling by third party advertising companies such as
DoubleClick. EPIC renewed the warning that self-regulation would fail
to protect privacy, citing pending litigation and a Federal Trade
Commission (FTC) inquiry growing out of DoubleClick's practices. 
Rotenberg told the committee, "We think the lesson is clear that
legislation is necessary.  Even good models for online advertising can
quickly change without baseline privacy rules."
Richard Smith, an Internet consultant who examines privacy issues,
told the committee that "The data collection systems that the Internet
ad companies are currently running are getting personal and sensitive
information that almost everyone will agree is none of the business of
these companies."  He said that, "It's almost like they have put
hidden microphones in our homes and our offices and they are listening
to what we do all day long."
The New York Times reported that all six senators who participated in
the hearing hearing said legislation is needed to ensure that
Americans are protected from unwittingly disclosing private
information. "Absent legislation, meaningful enforcement and airtight
coverage, online profiling will eviscerate personal privacy," said
Commerce Committee Chairman John McCain (R-AZ).  Privacy advocates
have long maintained that industry "self-regulation" is inadequate to
prevent invasions of privacy, especially in the online advertising
The FTC recently released a report on the results of its latest survey
of website privacy policies.  The survey documented that only 20
percent of a random sample of websites addressed basic elements of
Fair Information Practices.  Based on the findings of the survey, a
majority of the FTC Commissioners have recommended that legislation is
needed to protect privacy on the Internet (see item 5 below).
The text of EPIC's testimony is available at:
The FTC report on Fair Information Practices on Electronic Commerce is
available at:
[3] EPIC Urges Rejection of Online Age Verification Systems
In testimony before the Commission on Child Online Protection on June
9, EPIC General Counsel David Sobel urged the rejection of age
verification requirements as a condition of access to Internet
content, noting that the privacy implications of such requirements are
inseparable from the free speech implications. He told the Commission
that rather than focusing on approaches that seek to block access to
information and compromise privacy, it should emphasis and support
educational initiatives that will help young people learn to
responsibly and safely navigate the Internet.
The Commission is seeking to "identify technological or other methods
that . . . will help reduce access by minors to material that is
harmful to minors on the Internet," including the deployment of "age
verification" systems.  Given the inherent subjectivity of terms such
as "harmful to minors" or "indecent," Sobel first told the Commission
that EPIC believes efforts to mandate restrictions on access to such
material are prohibited by the First Amendment, particularly in a
medium like the Internet, which makes content available in every
community in the nation.  He noted that First Amendment
considerations, as well as privacy issues, are an important aspect of
the Commission's inquiry, because "any requirement that Internet users
identify themselves in some way as a condition of access to online
content necessarily chills free speech."
Sobel said that a new regime for the collection of personal data in
the name of "child online protection" would impose yet another burden
on the privacy of Internet users.  The American people, when they go
online, are already acutely aware of the fact that they are being
over-monitored and over-profiled.  For that reason, he said, such
requirements would introduce a troubling new component into the
Internets architecture, one that would hasten the demise of both
personal privacy and freedom of expression.
The Commission on Child Online Protection was established by Congress
in the Child Online Protection Act (COPA).  The criminal provisions of
COPA have been enjoined by a federal judge in a constitutional
challenge brought by EPIC and the ACLU.  A decision on the
government's appeal of that ruling is pending from the U.S. Court of
Appeals for the Third Circuit.
EPIC's testimony on Internet age verification is available at:
Information on Internet content controls is available at the Internet
Free Expression Alliance website:
[4] Terrorism Commission Recommendations Could Threaten Privacy
The National Commission on Terrorism recently released its report,
"Countering the Changing Threat of International Terrorism."  The
Commission was established shortly after U.S. embassies were attacked
in 1998.  The report puts forth several proposals that could threaten
the legal rights and privacy of Americans.
One of the more troubling proposals would be the streamlining of
procedures required before law enforcement agencies can begin
surveillance as set by the Foreign Intelligence Surveillance Act
(FISA).  Despite claims that "under ordinary circumstances, the FISA
process can be slow and burdensome," USA Today recently reported that
the number of wiretaps used in spying and terrorism investigations
last year hit an all-time of 880.  The process for authorizing this
category of wiretap requests proceeds through a secret court with
little public accountability.
Many of the other proposals in the report may also impact personal
privacy.  The Commission recommended the formation of a joint task
force composed of representatives from all government agencies
possessing information or authority relevant to possible fundraising
for terrorist groups.  The list of agencies that would fall under this
broad recommendation include the National Security Agency, Central
Intelligence Agency, Federal Bureau of Investigation, Financial Crimes
Enforcement Network, Department of State, U.S. Customs Service, Office
of Foreign Assets Control and Internal Revenue Service.  Other
recommendations include closer monitoring of foreign students studying
in the United States, new laws and international agreements to prevent
"cyber crime" and the development of new sensors and detection devices
to be used at entry points into the country.
The National Commission on Terrorism's report is available online at:
More information on FISA and wiretaps is available at:
[5] Commerce Committee Hears from FTC on Internet Privacy
The Senate Commerce Committee convened on May 25 to hear testimony
regarding the Federal Trade Commission's report on Internet privacy
(see EPIC Alert 7.10). According to the Commission's surveys,
approximately 42 percent of the busiest Web sites and only 20 percent
of the random sample have privacy policies which address Fair
Information Practices.  The report, approved by a 3-2 vote from the
Commissioners, also recommended legislation in order to protect
consumer privacy on the Internet.
At the Commerce Committee hearing, all five FTC Commissioners
presented testimony and spoke about the recent report.  Also speaking
were Jason Catlett, President of Junkbusters; Christine Varney, Senior
Partner at Hogan and Hartson; Jerry Berman, Executive Director of the
Center for Democracy and Technology; Jill Lesser, Vice-President of
Domestic Public Policy at America Online; Daniel Weitzner, Technology
and Society Domain Leader of the World Wide Web Consortium.
The full hearing is available over the web for the next few weeks at:
The testimony of the FTC Commissioners is available at:
The testimony of Jason Catlett, President of Junkbusters is available
[6] EPIC Event Addresses Privacy and the Free Software Movement
On June 5, EPIC held a symposium at the National Press Club on the
future of the Internet, and in particular the state of privacy
protection and the rise of the free software movement.
Exploring the future of privacy were Deborah Hurley, Executive
Director, Harvard Information Infrastructure Project, Kennedy School
of Government; Professor Anita Allen-Castellito, University of
Pennsylvania Law School; Professor David Flaherty, former Information
and Privacy Commissioner, British Columbia; Professor Gary Marx,
Massachusetts Institute of Technology; Professor Jeffrey Rosen, George
Washington University Law School, author "The Unwanted Gaze: The
Destruction of Privacy in America"; and Robert Ellis Smith, publisher,
Privacy Journal, author "Ben Franklin's Web Site: Privacy and
Curiousity from Plymouth Rock to the Internet".
Speaking about the rise of the free software movement were Professor
James Boyle, American University Law School; Professor Julie Cohen,
Georgetown University Law Center; Whitfield Diffie, Distinguished
Engineer, Sun Microsystems; Austin Hill, President, Zero Knowledge
Systems; Barbara Simons, President, Association for Computing
Machinery; and Peter Wayner, author "Free For All: How Linux and the
Software Movement Undercut the High-Tech Titans".
Video coverage of the symposium is archived at:
More information about the three new books highlighted at the event
and EPIC publications is available at:
[7] EPIC Bookstore - New Publications on Privacy
The Unwanted Gaze : The Destruction of Privacy in America by Jeffrey
As thinking, writing, and gossip increasingly take place in
cyberspace, the part of our life that can be monitored and searched
has vastly expanded.  E-mail, even after it is deleted, becomes a
permanent record that can be resurrected by employers or prosecutors
at any point in the future.  On the Internet, every website we visit,
every store we browse in, every magazine we skim--and the amount of
time we skim it--create electronic footprints that can be traced back
to us, revealing detailed patterns about our tastes, preferences, and
intimate thoughts.  In this pathbreaking book, Jeffrey Rosen explores
the legal, technological, and cultural changes that have undermined
our ability to control how much personal information about ourselves
is communicated to others, and he proposes ways of reconstructing some
of the zones of privacy that law and technology have been allowed to
Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to
the Internet by Robert Ellis Smith
This new book explores the hidden niches of American history to
discover the tug between Americans' yearning for privacy and their
insatiable curiosity.  The book describes Puritan monitoring in
Colonial New England, then shows how the attitudes of the founders
placed the concept of privacy in the Constitution.  This panoramic
view continues with the coming of tabloid journalism in the Nineteenth
Century, and the reaction to it in the form of a new right - the right
to privacy.  The book includes histories of wiretapping, of credit
reporting, of sexual practices, of Social Security numbers and ID
cards, of modern principles of privacy protection, and of the coming
of the Internet and the new challenges to personal privacy it brings.
"Robert Ellis Smith's expose of privacy invasion will be one of the
sleeper best-selling books in the year 2000," wrote columnist William
Safire in The New York Times, December 1999.  "His numerous books are
required reading for anyone concerned about the ongoing threats," said
Simson Garfinkel in Database Nation.
EPIC Publications:
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"The Privacy Law Sourcebook: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as well
as a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"Privacy and Human Rights 1999: An International Survey of Privacy
Laws and Developments," David Banisar, Simon Davies, editors, (EPIC
1999). Price: $15. http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws found
in 50 countries around the globe.  This report outlines the
constitutional and legal conditions of privacy protection, and
summarizes important issues and events relating to privacy and
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
First Annual Institute on Privacy Law: Strategies for Legal Compliance
in a High Tech and Changing Regulatory Environment. Practicing Law
Institute. June 22-23, 2000. New York, NY. PLI Conference Center.
For more information: http://www.pli.edu
Telecommunications: The Bridge to Globalization in the Information
Society. Biennial Conference of the International Telecommunications
Society. July 2-5, 2000. For more information:
Successfully Managing the New Data Protection Laws. Privacy Laws &
Business. July 3-5, 2000. Cambridge, England. For more information:
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information: http://www.isoc.org/inet2000
Infomediaries: Leveraging Consumer Profile Data on the Web. Institute
for International Research. July 20-21, 2000. San Francisco, CA. Hyatt
Regency Embarcadero Center.  For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more
information: http://www.surveillance-expo.com
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
One World, One Privacy: 22nd Annual International Conference on
Privacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information: http://www.dataprotection.org/
Privacy: A Social Research Conference. New School University. October
5-7, 2000. New York, NY. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For more
information: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.11 -----------------------