EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.12                                      June 27, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Is NSA Watching Jimmy Carter and Hillary Clinton?
[2] Appeals Court Strikes Another Blow Against Internet Censorship
[3] House Subcommittee Considers "Cyber Security" FOIA Exemption
[4] EPIC, Junkbusters Release Report on P3P
[5] Privacy Advocates Call for Investigation of "Cookiegate"
[6] European Parliament Committee Presents Safe Harbor Resolution
[7] EPIC Bookstore - Democracy in the Digital Age
[8] Upcoming Conferences and Events
[1] Is NSA Watching Jimmy Carter and Hillary Clinton?
As reported by USA Today, recently released National Security Agency
(NSA) documents obtained by EPIC indicate that the agency drafted
policies for handling communications intercepted from or about former
President Jimmy Carter, First Lady Hillary Rodham Clinton and
candidates who ran for national office in 1996.  The memos, which
contain guidance for the writing of reports regarding intercepted
communications, make clear the necessity of keeping the identities of
the individuals confidential.  Currently, the NSA is prohibited by law
from conducting surveillance on American citizens.
The NSA documents were obtained through a Freedom of Information Act
lawsuit brought by EPIC and raise many concerns about privacy and
government accountability.  The lawsuit originally sought to examine
the extent of the NSA's compliance with domestic surveilance laws, and
is also a response to growing concern about the NSA's rumored global
observation network, commonly called Echelon.  However, the NSA
continues to deny any allegations of impropriety, and claims to
operate "in strict accordance with U.S. laws and regulation in
protecting privacy rights".
The NSA and similar agencies have previously spied on U.S. citizens in
the interests of national security and, for many years, operated
almost entirely outside of the public eye.  However, in 1975, growing
concerns about the NSA's role in monitoring the communications and
activities of prominent anti-war activists resulted in greater public
scrutiny of the agency.  Until recently there has been little evidence
to suggest that the NSA still utilized or analyzed information
obtained about American citizens not involved in foreign intelligence.
 However, recent protests by civil libertarians and an investigation
into the NSA's activities by Rep. Bob Barr (R-GA), have brought the
issue of supposed privacy invasions to the forefront.
Scanned images of NSA documents discussing Former President Jimmy
Carter and First Lady Hillary Rodham Clinton are available at:
EPIC's Former Secrets Page containing other documents released under
the Freedom of Information Act:
[2] Appeals Court Strikes Another Blow Against Internet Censorship
Internet free speech advocates scored the latest in a string of legal
victories on June 22, when the U.S. Court of Appeals for the Third
Circuit in Philadelphia upheld a lower court ruling barring
enforcement of the Child Online Protection Act (COPA).  In a
far-reaching opinion, the unanimous three-judge panel expressed its
belief that the 1998 law is fatally flawed.  The ruling, which upholds
a decision issued by U.S. District Judge Lowell Reed in February 1999
(see EPIC Alert 6.02), came in a legal challenge to COPA being
litigated by EPIC, the American Civil Liberties Union and a coalition
of online publishers.
COPA was introduced in Congress after an earlier effort to regulate
children's access to "indecent" material, the Communications Decency
Act (CDA), was held unconstitutional by a unanimous U.S. Supreme Court
in 1997.  To date, every federal judge to consider the legality of
either CDA or COPA has found that the Internet content regulation laws
violate the First Amendment.
COPA makes it a federal crime to "knowingly" communicate "for
commercial purposes" material considered "harmful to minors" to anyone
under the age of 17.  Penalties include fines of up to $50,000 for
each day of violation and up to six months in prison.  Compliance with
the Act would require websites to obtain identification and age
verification from visitors, a feature of the law that EPIC has argued
threatens online privacy and anonymity.
The appellate judges (Leonard I. Garth, Theodore A. McKee and Richard
Lowell Nygaard) directed most of their analysis to the concept of
"community standards" in defining "harmful to minors" and noted the
virtual impossibility of a web site meeting the standards of various
localities at the same time:
     Because no technology currently exists by which Web publishers
     may avoid liability, such publishers would necessarily be
     compelled to abide by the "standards of the community most
     likely to be offended by the message," even if the same
     material would not have been deemed harmful to minors in all
     other communities.  Moreover, by restricting their publications
     to meet the more stringent standards of less liberal communities,
     adults whose constitutional rights permit them to view such
     materials would be unconstitutionally deprived of those rights.
     Thus, this result imposes an overreaching burden and restriction
     on constitutionally protected speech.
Complete information on the COPA litigation, including the text of the
Third Circuit decision, is available at:
[3] House Subcommittee Considers "Cyber Security" FOIA Exemption
Responding to concerns about critical infrastructure security, the
House Committee on Government Reform's Subcommittee on Government
Management, Information and Technology recently heard testimony on
H.R. 4246, the Cyber Security Information Act.
On June 22, witnesses from industry, government agencies, and public
interest groups testified regarding proposed legislation which would
expand the Freedom of Information Act's (FOIA) current exemptions to
include any technical information voluntarily provided by private
companies for the purposes of increasing infrastructure security.  The
legislation was largely a response to government pressure to shore up
critical infrastructure, such as power, sanitation, transportation and
telecommunications, 80 percent of which is controlled by the private
sector and outside of government control. The proposed amendment would
also prevent information obtained by the government for purposes of
critical infrastructure security, such as private sector network
breaches or hacker attacks, from being obtained for civil actions.
In his testimony before the Subcommittee, EPIC General Counsel David
Sobel questioned the necessity of such legislation.  According to
Sobel, existing FOIA exemptions prevent the disclosure of the kind of
information the private sector is most concerned about. Instead of
having to explain why the act shouldn't be passed, Sobel stated "The
burden should be on the people who are saying the current law is
The bill, which is likely to be approved by the subcommittee, is not
expected to reach the House floor before Congress breaks for summer
For background information and testimony submitted for the hearing,
see EPIC's page on Critical Infrastructure Protection:
Testimony of the other witnesses appearing before the Subcommittee:
The text and status of H.R. 4246, the Cyber Security Information Act:
[4] EPIC, Junkbusters Release Report on P3P
On June 21, EPIC and Junkbusters released a report on the Platform for
Privacy Preferences (P3P) developed by the World Wide Web Consortium
(W3C).  "Pretty Poor Privacy: An Assessment of P3P and Internet
Privacy" examines whether P3P is an effective solution to online
privacy protection.
P3P allows consumers to set up privacy preferences regarding their
personal information and automatically compares those settings to Web
sites' stated practices.  P3P proposes the development of an elaborate
range of privacy "choices" that require individual Internet users to
make selections about the collection and use of personal data, even
for online activities that would not normally require the disclosure
of personal information, such as simply visiting a web site.
The report surveys earlier experience with cookie technology and notes
similarities to the situation surrounding P3P.  The report goes on to
argue that P3P fails to comply with Fair Information Practices, the
internationally accepted baseline standard for privacy protection. The
report also concludes that there is little evidence to support the
industry claim that P3P will improve user privacy.  Instead of P3P,
the report concludes with a recommendation for the adoption of privacy
standards built on Fair Information Practices and genuine Privacy
Enhancing Techniques that minimize or eliminate the collection of
personally identifiable information.
"Pretty Poor Privacy: An Assessment of P3P and Internet Privacy" is
available at:
For more information about the W3C's work on P3P:
[5] Privacy Advocates Call for Investigation of "Cookiegate"
On June 22, EPIC and Junkbusters sent a letter to Congressional
leaders asking for an immediate investigation into the White House
Office of National Drug Control Policy's use of cookies on its
website.  The use of cookies on a government website was particularly
alarming since banner advertisements leading to the freevibe.com
website were being served by controversial Internet advertiser
White House officials said that they were not receiving any personally
identifiable information from DoubleClick.  If the government was in
fact doing so, it would have likely done so in violation of the
Privacy Act of 1974 which prohibits wholesale collection of personal
information of citizens.  With regards to information that could have
been collected by DoubleClick, the groups demanded that the company
destroy any information collected from users visiting the site.
The joint letter to Congressional leaders can be found at:
[6] European Parliament Committee Presents Safe Harbor Resolution
The European Parliament Committee on Citizens Freedoms and Rights,
Justice and Home Affairs has adopted a report questioning the
preliminary decision of the European Commission to accept the proposed
Safe Harbor arrangement.  The European Commission adopted the decision
on June 5 following a unanimous vote by the European Union Member
States in favor of the latest version of the U.S. proposal.
In its report, the Citizen's Rights Committee criticizes the American
system of self-regulation and holds that transborder dataflow should
not be authorized until the Safe Harbor principles are revised further
and fully operational.  The Committee is particlarly concerned that an
individual's ultimate redress for violations of the principles lies
with the Federal Trade Commission (FTC) noting that "intervention by
the FTC is purely discretionary and in practice is exercised only
occasionally."  The Committee recommends that the Safe Harbor
principles should include an individual right to appeal and concludes
that the Commission should issue a revised decision.
The report is expected to go before the full European Parliament in
July when it will decide whether the European Commissison exceeded its
implementing powers under the EU Data Protection Directive in issuing
its decision.
The press release on the report from the Citizen's Rights Committee is
available at:
The European Commission draft decision is available at:
The latest U.S. proposed Safe Harbor Principles and FAQ's are available
[7] EPIC Bookstore - Democracy in the Digital Age
Democracy in the Digital Age: Challenges to Political Life in
Cyberspace by Anthony G. Wilhelm
Excerpt from a description by the author:
Much of the writings on the prospects of a digital democracy are only
impassioned pleas from Internet doomsayers or Silicon Valley
faithfuls, sorely lacking a critical eye.
In my book I try to get beyond these claims with well-reasoned
arguments for why we should be concerned about treating the Internet
as a magic bullet in increasing the civic engagement of Americans.
First, I suggest that the digital divide is an enormous problem that
needs to be solved before we can rely on the Internet, say, for online
voting. Second, I look at what it takes to make decisions --
deliberation, respecting and negotiating difference -- and suggest
that the Internet has so far not been the best medium for realizing
these actions. Finally, I canvass several of the background factors
that are necessary to consider that prevent many people from
participating in public life. Americans who have problems with
literacy, for example, are unlikely to engage in civic activity and
will have trouble navigating a text-based medium, such as the
Ultimately, the question is, will the Internet bring people into the
process who have been on the margins of political engagement? I hope
over time we will answer this question in the affirmative. However,
currently there are severe challenges outlined in my book outlines
that we need to wrestle with now.
EPIC Publications:
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"The Privacy Law Sourcebook: United States Law, International Law, and
Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50.
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as well
as a comprehensive listing of privacy resources.
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"Privacy and Human Rights 1999: An International Survey of Privacy Laws
and Developments," David Banisar, Simon Davies, editors, (EPIC 1999).
Price: $15. http://www.epic.org/privacy&humanrights99/
An international survey of the privacy and data protection laws found
in 50 countries around the globe.  This report outlines the
constitutional and legal conditions of privacy protection, and
summarizes important issues and events relating to privacy and
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Telecommunications: The Bridge to Globalization in the Information
Society. Biennial Conference of the International Telecommunications
Society. July 2-5, 2000. For more information:
Successfully Managing the New Data Protection Laws. Privacy Laws &
Business. July 3-5, 2000. Cambridge, England. For more information:
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information: http://www.isoc.org/inet2000
Infomediaries: Leveraging Consumer Profile Data on the Web. Institute
for International Research. July 20-21, 2000. San Francisco, CA. Hyatt
Regency Embarcadero Center.  For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more
information: http://www.surveillance-expo.com
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
One World, One Privacy: 22nd Annual International Conference on
Privacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information: http://www.dataprotection.org/
Privacy: A Social Research Conference. New School University. October
5-7, 2000. New York, NY. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For more
information: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.12 -----------------------