EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.13                                      July 12, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] FBI's Carnivore Gobbles Lots of E-Mail
[2] FTC Attempts to Block Sale of Toysmart Customer Lists
[3] New Internet Democracy Project To Focus on ICANN
[4] European Parliament Adopts Resolution on Safe Harbor
[5] Supreme Court to Review Constitutionality of Wiretap Laws
[6] Survey Conducted on the State of First Amendment
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events
[1] FBI's Carnivore Gobbles Lots of E-Mail
Recent press reports confirm the roll-out of a new Federal Bureau of
Investigation (FBI) system called Carnivore, which is designed to
covertly search electronic mail messages to and from targeted criminal
suspects, but could also compromise the privacy of millions of
Internet users.  The system, which is installed directly into an
Internet service provider's network, reportedly can scan millions of
messages each second.  The FBI recently demonstrated the Carnivore
system to telecommunications industry representatives, many of whom
are disturbed by the prospect of having the invasive technology
installed on their internal systems and administered by federal
Public details concerning Carnivore's capabilities are sketchy.  The
existence of the system was first revealed by attorney Robert
Corn-Revere in Congressional testimony in April.  He described a case
in which government agents sought to install Carnivore on the system
of an ISP he represented.  Published reports suggest that the system
could give the government the ability to intercept the communications
of all of an ISP's customers, not just those of a targeted criminal
suspect.  Even when programmed to obtain only the communications of a
suspect, Carnivore would enable government agents to intercept the
actual content of e-mail messages without first making a showing of
probable cause as required by the Fourth Amendment and federal wiretap
statutes.  Armed just with a pen register or trap and trace order,
which authorizes only the collection of information identifying the
senders and recipients of e-mail messages, Carnivore would enable
agents to receive the entire communication.
The deployment of Carnivore is just the latest indication that legal
protections have failed to keep pace with advancing surveillance
technology.  The existing wiretap statutes, which were drafted with
telephones in mind and amended in 1986 to apply to electronic
communications, do not adequately address many of the realities of the
Internet.  For that reason, it is likely that Congress will review the
use of Carnivore and consider the need for updating the relevant
federal laws.  House Majority Leader Dick Armey today called on
Attorney General Janet Reno and FBI Director Louis Freeh to address
the privacy concerns raised by the Carnivore system.
There is also a need for public disclosure of the capabilities of
Carnivore and other intrusive new technologies being used by law
enforcement investigators.  EPIC has submitted a Freedom of
Information Act request to the FBI seeking the release of information
on Carnivore and related technologies.
Robert Corn-Revere's testimony on Carnivore is available at:
[2] FTC Attempts to Block Sale of Toysmart Customer Lists
On July 10, the Federal Trade Commission (FTC) unanimously decided to
file a complaint against Toysmart.com, a failed online retailer trying
to sell its customer lists.
Earlier this year, Toysmart, the 24th most popular Web site last
December, ran out of money and began selling its assets.  In early
June, the company advertised in the Wall Street Journal that it was
selling its property -- including its customer lists.  Toysmart's
privacy policy, licensed by TRUSTe, stated that "Personal information,
voluntarily submitted by visitors to our site, such as name, address,
billing information and shopping preferences, is never shared with a
third party."  TRUSTe learned of Toysmart's attempt to sell its
customer lists and asked the FTC to investigate.
The Federal Trade Commission's complaint argues that Toysmart has
violated the FTC Act by deceptively claiming that its customers'
personal data would never be disclosed to a third party and by
subsequently attempting to sell those databases.  The lists may also
contain information about children's names and birthdates, in addition
to the names and mailing addresses of customers.
The Federal Trade Commission's complaint against Toysmart is available
[3] New Internet Democracy Project To Focus on ICANN
On July 6, EPIC, the ACLU and Computer Professionals for Social
Responsibility (CPSR) launched the Internet Democracy Project.
One of the Project's first events will be a Forum on Civil Society and
ICANN that will take place on July 13, prior to the July 13-17 ICANN
meetings in Yokohama, Japan.  The Forum will present the perspective
of civil society and present issues concerning the upcoming ICANN
At-Large elections.  A statement of guiding values for ICANN, already
signed by representatives of organizations around the world, will be
circulated and discussed.  The Forum will be co-hosted by the
Non-Commercial Domain Name Holders Constituency (NCDNHC) of the ICANN
Domain Name Supporting Organization.  The Internet Democracy Project
is also encouraging Internet users to register for the first ICANN
At-Large elections in October.  Registration for the elections will
close at the end of July.
While encouragement of public involvement in ICANN will be the first
goal for the Internet Democracy Project, the Project will focus on
other entities and issues that may affect the future development of
the Internet.
The homepage of the Internet Democracy Project, with information about
the Yokohama Forum on Civil Society and ICANN, is available at:
Information about the Internet Corporation for Assigned Names and
Numbers and registration for the upcoming At-Large elections is
available at:
[4] European Parliament Adopts Resolution on Safe Harbor
On July 5, the European Parliament adopted a resolution criticizing
the preliminary decision of the European Commission to accept the
latest Safe Harbor proposal.  The report, drafted by the European
Parliament Committee on Citizens' Freedoms and Rights, Justice and
Home Affairs, argues that the agreement needs to be re-negotiated to
provide better protection for the personal information of European
citizens when processed by U.S. companies.
The resolution stresses in particular the need for an individual right
of appeal to an independent public body, a right to compensation for
privacy infringements, clear guidelines for redress, and a review of
the system within six months of its implementation.  It also notes
that Safe Harbor will only protect personal data from EU citizens,
will only apply to companies overseen by the Federal Trade Commission
and Department of Transportation (excluding the financial and
telecommunications sectors) and carves out exceptions for public
records information protected by EU law.
Under EU law, the European Commission is not bound by the decision of
the European Parliament.  However, it may be subject to sanctions by
the Parliament if it fails to re-negotiate the agreement in accordance
with the resolution.
The European Parliament resolution is available at:
EPIC's Testimony before the European Parliament on Privacy and Data
Protection (February 2000):
[5] Supreme Court to Review Constitutionality of Wiretap Laws
On June 26, the Supreme Court decided to review a federal appellate
decision which held that portions of the federal wiretap law are
unconstitutional.  In Bartnicki v. Vopper, the U.S. Third Circuit
Court of Appeals concluded that an individual can lawfully distribute
information that he or she knew, or had reason to know, was obtained
through the illegal interception of a telephone call.  The Court
reasoned that provisions of the wiretap law that prohibit the
disclosure of illegally obtained information violate the First
Amendment and have a chilling effect on free speech.
In an almost identical case, the D.C. Circuit Court of Appeals reached
the opposite conclusion.  In Boehner v. McDermott, the D.C. Circuit
held that punishing the disclosure of an illegally intercepted
conversation does not conflict with the Constitution.  In a
provocative analysis, the court noted the importance of preserving the
privacy of cellular communications by finding that the wiretap laws do
not restrict, but rather promote, free speech by removing the fear of
unlawful eavesdropping.
In light of these conflicting opinions, the Supreme Court decided to
review the Third Circuit's decision in Bartnicki v. Vopper.  The
outcome of this case is likely to have a significant impact on the
boundaries of free speech and the development of privacy rights in the
digital age.
In other litigation activity, EPIC recently filed an amicus brief with
the Second Circuit in a telephone privacy case (Conboy v. AT&T),
arguing that the lower court erred in concluding that consumers did
not suffer any compensable damages when their unlisted phone number,
billing address and billing information were disclosed without their
Background information about Bartnicki v. Vopper is available at:
EPIC's amicus brief in Conboy v. AT&T is available at:
[6] Survey Conducted on the State of First Amendment
According to the 2000 State of the First Amendment survey, many
Americans, while theoretically in support of the First Amendment and
its protections, are willing to temper some of those fundamental
rights when confronted with offensive or controversial speech.
In the survey of 1015 adults, sixty-three percent of the respondents
were willing to place restrictions on racially offensive speech in
public and fifty-three would support similar restrictions on
religiously offensive speech.  However, only thirty-six percent would
support passing a law that actually forbade such speech.
Opinions about freedom of the press were also surveyed, with only
sixty-seven percent supporting the right of the press to report or
publish what they thought was appropriate.  In addition, forty percent
of respondents replied that they believed the press had too much
Respondents' views on Internet speech were mixed.  While seventy-four
percent theoretically supported treating online and offline speech the
same, fifty-eight percent would agree to restricting sexually explicit
materials on the Internet, and forty-two percent would support
restricting racially offensive speech, even though such speech is
protected in books and magazines.  Additionally, while fifty-three
percent of people surveyed would support blocking access to offensive
Internet sites on public computers accessible to children, thirty-four
percent of people surveyed would also be in favor of blocking all
library access to offensive sites, regardless of a user's age.
State of the First Amendment 2000 is available from the Freedom Forum:
[7] EPIC Bill-Track: New Bills in Congress
H.R.3770. Secure Online Communication Enforcement Act of 2000. Seeks
to establish opt-in for all personal information collected online.
Sponsor: Rep Jackson, Jesse L., Jr. (D-IL). Referred to the
Subcommittee on Crime.
H.R.4049. Privacy Commission Act. Would establish the Commission for
the Comprehensive Study of Privacy Protection. Sponsor: Rep
Hutchinson, Asa (R-AR). Referred to Committee on Government Reform.
H.R.4059. Online Privacy and Disclosure Act. Creates voluntary system
by which companies would agree to abide by privacy principles and
display a seal overseen by the Federal Trade Commission. Sponsor: Rep
Campbell, Tom (R-CA). Referred to the Subcommittee on
Telecommunications, Trade, and Consumer Protection.
H.R.4469. Child Support Distribution Act of 2000. Allows largely
unregulated private child support enforcement agencies to have access
to State Directory of New Hires database and other information
normally available only to public agencies. Sponsor: Rep Johnson,
Nancy L. (R-CT). Referred to House Education and the Workforce.
H.R.4585. Medical Financial Privacy Protection Act. Amends the
Gramm-Leach-Bliley Act (S.900, Financial Services Modernization Act of
1999) to include provisions governing the use of health information by
financial institutions. Sponsor: Rep Leach, James A. (R-IA). Referred
to House Commerce Committee.
H.R.4611. Social Security Number Protection Act of 2000. Seeks to
limit the sale and purchase of the social security number (also see
S.2699). Sponsor: Rep Markey, Edward J. (D-MA). Referred to House Ways
and Means.
S.2063. Secure Online Communication Enforcement Act of 2000. Seeks to
establish opt-in for all personal information collected online.
Sponsor: Sen Torricelli, Robert (D-NJ). Referred to the Committee on
the Judiciary.
S.2606. Consumer Privacy Protection Act. Broad privacy bill that would
establish legal standards for privacy on the Internet and would
increase protections for book and music purchase records. Sponsor: Sen
Hollings, Ernest (D-SC). Referred to the Committee on Commerce,
Science, and Transportation.
S.2699. Social Security Number Protection Act of 2000. Seeks to limit
the sale and purchase of the social security number (also see
H.R.4611). Sponsor: Sen Feinstein, Dianne (D-CA). Read twice and
referred to the Committee on Finance.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 106th Congress, is available at:
[8] Upcoming Conferences and Events
Yokohama Forum on Civil Society and ICANN Elections. Internet
Democracy Project. July 13, 2000. Yokohama, Japan. For more
information: http://www.internetdemocracyproject.org/
Internet Corporation for Assigned Names and Numbers (ICANN) Meetings
in Yokohama. July 13-17, 2000. Yokohama, Japan. For more information:
State of the First Amendment. First Amendment Center. July 13, 2000.
Arlington, VA. For more information:
INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000.
Yokohama, Japan. For more information: http://www.isoc.org/inet2000
Infomediaries: Leveraging Consumer Profile Data on the Web. Institute
for International Research. July 20-21, 2000. San Francisco, CA. Hyatt
Regency Embarcadero Center.  For more information:
First International Hackers Forum. The Green Planet. August 18-20,
2000. Zaporozhye, Ukraine. For more information:
Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more
information: http://www.surveillance-expo.com
KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and
UNESCO. September 26-29, 2000. Vienna, Austria. For more information:
One World, One Privacy: 22nd Annual International Conference on
Privacy and Personal Data Protection. September 28-30, 2000. Venice,
Italy. For more information: http://www.dataprotection.org/
Privacy: A Social Research Conference. New School University. October
5-7, 2000. New York, NY. For more information:
Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For more
information: http://www.privacy2000.org
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info@epic.org, http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
  ---------------------- END EPIC Alert 7.13 -----------------------