EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.21                                  November 30, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Senate Judiciary Committee Presses FBI on Carnivore
[2] Court Protects Anonymity of "John Doe" Posters
[3] Council of Europe Releases Revised Cyber-Crime Proposal
[4] Supreme Court Issues Decision on Indiana Police Roadblocks
[5] ICANN Selects Seven New Top-Level Domains
[6] U.S. Courts Seek Comment on Privacy of Court Documents
[7] EPIC Bookstore - The Consumer Law Sourcebook 2000
[8] Upcoming Conferences and Events
[1] Senate Judiciary Committee Presses FBI on Carnivore
Citing an internal FBI document released to EPIC through a Freedom of
Information Act (FOIA) lawsuit, the Senate Judiciary Committee has
asked the Bureau to provide additional information on the capabilities
of the Carnivore Internet surveillance system.  The document, obtained
by EPIC on November 16, reports the results of an FBI test showing
that Carnivore "could reliably capture and archive all unfiltered
traffic" transmitted through an Internet service provider and store
the communications on a hard drive or removable disks.
In a November 21 letter to FBI Director Louis Freeh, Committee
Chairman Orrin Hatch (R-UT) and ranking member Patrick Leahy (D-VT)
ask the Bureau to "explain why Carnivore was tested to determine if it
was capable of intercepting and archiving unfiltered traffic through
an ISP, whether Carnivore in fact has that capability, and under what
circumstances it could ever be legitimately used to draw on that
capability."  They also request "complete and unredacted copies of the
documents produced thus far in response to the FOIA lawsuit together
with any other documents related to Carnivore's capability to
intercept and archive unfiltered traffic."  The FBI's public defense
of Carnivore has centered on the claim that the system only captures
traffic that has been isolated by a software filter that "minimizes"
collection and limits it to the particular information authorized for
seizure in a court order.
Hatch and Leahy told Freeh that "[s]kepticism about Carnivore is based
precisely on concerns about this program's capability and whether this
capability would be exploited to do more than just intercept narrowly
targeted pieces of information."
In other developments, an independent technical review of Carnivore
released on November 21 found that FBI agents operating the system can
inadvertently collect more private communications than permitted by
law, underscoring the potential dangers of the invasive technology.
The reviewers also reported that they "did not find adequate
provisions (e.g. audit trails) for establishing individual
accountability for actions taken during use of Carnivore."  The report
was produced by a review team from the Illinois Institute of
Technology and was sanitized for release by Justice Department
officials.  The Department has set a deadline of December 1 for the
submission of public comments on the technical review.
Selected Carnivore documents released as part of EPIC's FOIA lawsuit
are available at:
The Carnivore review report is available at:
[2] Court Protects Anonymity of "John Doe" Posters
In a significant decision concerning anonymity on the Internet, a New
Jersey state court judge has ruled that a software company is not
entitled to learn the identities of two "John Doe" defendants who
anonymously posted critical comments on a Yahoo message board.  It is
the first known judicial decision denying the identification of such
In a 22-page opinion released on November 28, Judge Kenneth MacKenzie
upheld the anonymity of the two posters but ruled that Dendrite
International can subpoena Yahoo for the identities of two other
posters who did not challenge the subpoenas.  Dendrite had alleged
that some of the messages posted by the four "John Does" contained
proprietary and confidential information, and that some of the
statements were defamatory.  Judge MacKenzie found that the company
failed to provide adequate evidence that two of the posters made
defamatory statements or did anything unlawful.
"The Internet has become a forum for vast discussion reaching many
individuals with diverse backgrounds and opinions," the judge wrote.
"These four individuals were utilizing that forum to voice their
opinions and engage in discussion regarding issues important to them.
They were doing so under the protection of anonymity, which . . .
encourages the free flow of ideas.  Allowing this protection to be
stripped away would stifle that free discussion."  The judge found
that the right of companies to sue for alleged wrongful behavior "must
be balanced against the legitimate and valuable right to participate
in online forums anonymously or pseudonymously."
Paul Levy, who filed a "friend of the court" brief in the case for
Public Citizen, said, "By setting forth strict evidentiary standards
for compelled identification, and then showing that these standards
can produce real protection for anonymity, this decision is a
tremendous victory for free speech."  He predicted that for this
reason, as well as the court's thorough analysis of the constitutional
rights involved, the decision is likely to be especially influential
in future cases.
The court's decision is available at:
[3] Council of Europe Releases Revised Cyber-Crime Proposal
On November 19, the European Committee on Crime Problems and the
Committee of Experts on Crime in Cyberspace released the 24th draft of
the controversial cyber-crime convention.  Although some changes have
been made, the revised treaty still retains provisions on access to
encryption keys, banning the use of security tools and ISP logging of
user activity. It also includes provisions on wiretapping and
interception of traffic data.  When finalized, the treaty will be open
to countries around the world for signature.
Dozens of human rights, civil liberties, free speech and journalists'
groups wrote to the Council of Europe in October expressing opposition
to the proposal.  Industry groups in the United States and Europe have
also expressed concern.
It is expected that the committee of experts will conclude its work by
the end of this year.  Afterward the proposal will be considered by
the Committee of Ministers.  It will then be open for signature by
Member States.  It is likely that the United States will seek to have
non-COE countries (including Canada, Australia, Japan, and the U.S.)
also ratify the treaty.
The Council of Europe has made available contact information for
national representatives participating in the COE Cyber Crime treaty
discussion (see below).  EPIC urges readers to contact their national
representatives and ask them to give careful consideration to the
privacy and human rights concerns expressed by NGOs.
Council of Europe Convention on Cyber-Crime, draft of Nov. 19, 2000:
Global Internet Liberty Campaign Letter on COE Cyber-Crime Convention:
Privacy International Cyber-Crime Page:
Council of Europe National Contacts:
[4] Supreme Court Issues Decision on Indiana Police Roadblocks
In a six-to-three decision authored by Justice O'Connor, the U.S.
Supreme Court on November 28 held that suspicionless vehicle
checkpoints for the discovery and interdiction of illegal narcotics
violate the Fourth Amendment.  In City of Indianapolis v. Edmond (No.
99-1030), officers randomly stopped drivers to detect and arrest drug
offenders.  At the checkpoint, officers examined license and
registration materials, performed an "open-view" examination of
vehicle contents, and led a drug-sniffing dog along the outside of the
vehicle.  The officers had no discretion in choosing which drivers to
stop, and were only supposed to delay a driver for less than five
In holding the Indianapolis procedure invalid, the Court distinguished
prior cases where suspicionless checkpoints were upheld.  The Court
has held that brief, suspicionless seizures at fixed checkpoints are
permissible where the purpose was to detect undocumented citizens or
intoxicated drivers.  The use of checkpoints for these purposes
closely serve interests related to policing borders and ensuring
roadway safety.  Checkpoints for drug interdiction, however, do not
serve purposes closely related to stemming the flow and use of illegal
narcotics.  Allowing checkpoints for ordinary criminal wrongdoing
could result in a system where "the Fourth Amendment would do little
to prevent such intrusions from becoming a routine part of American
Chief Justice Rehnquist and Justices Thomas and Scalia dissented,
reasoning that drug checkpoints serve important state interests, and
that the seizures in question were brief and non-intrusive.
Importantly, a separate dissent authored by Justice Thomas questioned
the practice of suspicionless police searches in general: "I rather
doubt that the Framers of the Fourth Amendment would have considered
'reasonable' a program of indiscriminate stops of individuals not
suspected of wrongdoing."
The decision is available at:
[5] ICANN Selects Seven New Top-Level Domains
At its annual meeting in Los Angeles, the Internet Corporation of
Assigned Names and Numbers (ICANN) completed its first selection of
new global top-level domains (gTLDs).  Only seven gTLDs -- .biz, .pro,
.aero, .museum, .coop, .info, and .name -- were chosen from 44
applications.  One of the new gTLDs, .info, will be an unrestricted
gTLD in which any individual or organization can register a domain
name.  The rest of the gTLDs are restricted insofar as the registry
establishes certain rules over which individuals or organizations can
register in the domain.  For example, the .museum registry will only
allow registration of domain names by museums.
Prior to the formal ICANN meeting, a group of ICANN At-Large members
held a forum to organize future At-Large activities.  Several current
At-Large elected members of the ICANN board, as well as a number of
At-Large nominated candidates, participated in the meeting.  One
outcome of the event was the formation of an Interim Coordinating
Committee (ICC).  The ICC seeks to promote and facilitate the
participation of Internet users around the world in ICANN proceedings.
One of the first projects for the ICC will concern the "Clean Sheet"
study proposed by the ICANN Board in its July 1999 Yokohama meeting.
The "Clean Sheet" study will look at the concept and structure of the
ICANN At-Large membership.  Comments on the ICANN Staff
Recommendations for the At-Large study are due by December 27.
Information about the new gTLDs selected by ICANN is available at:
Background on the Interim Coordinating Committee and information about
the At-Large study:
[6] U.S. Courts Seek Comment on Privacy of Court Documents
The federal judiciary is seeking comment on the privacy and security
implications of providing electronic public access to court case
files.  These files currently contain financial and tax information,
arrest and plea bargain agreements, medical records, employment files,
and other sensitive personal information.
Access to this sensitive information has become more convenient as
courts increasingly accept electronic files and convert their paper
files into electronic documents.  In the past, interested parties had
to inspect records at the courthouse.  In the near future, anyone may
be able to access this information from any location over the
Internet. Accordingly, the federal judiciary seeks comments to
implement a consistent policy that recognizes both the public access
and privacy interests involved in providing access to court case
The request for comments is available at:
[7] EPIC Bookstore - The Consumer Law Sourcebook 2000
The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy, edited by Sarah Andrews
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
The Sourcebook includes the text of many of the major consumer laws
and directives such as the Anticybersquatting Consumer Protection Act,
the Electronic Signatures Act, the Electronic Fund Transfer Act, the
Federal Trade Commission Act, OECD Consumer Protection Guidelines,
European Union Directives on Electronic Commerce, Electronic
Signatures and Distance Contracts, and more.  Also included is a list
of consumer resources with contact information for consumer agencies
and organizations and links to useful publications and reports.
EPIC Publications:
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
National Computer System Security and Privacy Advisory Board Meeting.
Hosted by Microsoft. December 4-6, 2000. Redmond, WA. For more
information: http://csrc.nist.gov/csspab/
Government Secrecy in a New Administration and a New Century.
Information Security Oversight Office and the James Madison Project.
December 5, 2000. Washington, DC. For more information:
Public Workshop: The Mobile Wireless Web, Data Services and Beyond.
Federal Trade Commission (FTC). December 11-12, 2000. Washington, DC.
For more information: http://www.ftc.gov/opa/2000/11/wireless.htm
16th Annual Computer Security Applications Conference (ACSAC).
December 11-15, 2000. New Orleans, Louisiana. For more information:
Call for Content - December 15, 2000. INET 2001: A Net Odyssey.
The 11th Annual Internet Society Conference . For more information:
Network and Distributed System Security Symposium (NDSS '01). Internet
Society. February 7-9, 2001. San Diego, CA. For more information:
Privacy in the New Environments: What the Personal Information
Protection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP
Conseil. March 13-15, 2001. Paris, France. For more information:
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
First International Conference on Human Aspects of the Information
Society. Information Management Research Institute, University of
Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.21 -----------------------