EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 7.22                                  December 19, 2000
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
                         **  HAPPY HOLIDAYS  **
Table of Contents
[1] Congress Approves Mandatory Internet Filtering Bill
[2] Social Security Number Provision Removed from Spending Bill
[3] FTC Holds Public Workshop on Wireless Privacy
[4] Global Coalition Maintains Opposition to Cyber-Crime Treaty
[5] Library Association Seeks Nominations for James Madison Award
[6] Consumer Groups Release Online Holiday Shopping Tips
[7] EPIC Bookstore - EPIC 2000 Publications
[8] Upcoming Conferences and Events
[1] Congress Approves Mandatory Internet Filtering Bill
On December 15, Congress passed the Children's Internet Protection Act
(CIPA), legislation requiring schools and libraries receiving federal
funds for Internet access or computers to install filtering and
blocking software.  The measure is contained in an omnibus
appropriations bill that is expected to be signed by the President.
While the legislation has been characterized as providing protection
for children, the final approved version mandates that schools and
libraries also block adults from accessing child pornography or any
material that meets the legal definition of obscenity.  Institutions
must also block access to material that is "harmful to minors" when a
computer is used by any person under the age of 17.
The measure, which evolved from a bill originally introduced by Sen.
John McCain (R-AZ), applies to "any picture, image, graphic image
file, or other visual depiction" that falls into one of the prohibited
categories, but does not apply to text material.  Schools and
libraries that do not certify compliance with the filtering
requirements will lose their Internet and computer funding.
EPIC has long opposed the adoption of filtering systems, as have the
American Civil Liberties Union and other free speech organizations.
The harmful impact of such systems has been documented in a number of
studies and highlighted in EPIC's publication, "Filters & Freedom:
Free Speech Perspectives on Internet Content Controls" (see EPIC
Bookstore).  Advocates of free expression have encouraged the
development of Internet education initiatives as the best approach to
children's use of online resources.  Many communities have adopted
such programs, but will now be compelled to install flawed filtering
programs on their computer systems.
The federal filtering mandate is likely to be tested in the courts.
The ACLU has announced its intention to challenge the law, and
Congress appears to have anticipated litigation: the bill provides for
expedited judicial review, with any challenge first heard by a special
three-judge panel, and direct review by the U.S. Supreme Court.
Earlier challenges to the Communications Decency Act and the Child
Online Protection Act, in which EPIC participated, resulted in those
laws being declared unconstitutional.
The text of the Children's Internet Protection Act is available at:
[2] Social Security Number Provision Removed from Spending Bill
In last-minute budget negotiations, the controversial Amy Boyer's Law
was removed from the Commerce-Justice-State appropriations bill (part
of the Omnibus Consolidated Appropriations Act).  The proposed law
addresses the availability of Social Security numbers to the public
and has been targeted by privacy groups as a loophole-riddled law.
The spending bill, likely the last act of the 106th Congress, is
expected to be signed by President Clinton.
Tragically, late last year, 21-year-old Amy Boyer was located by a
stalker assisted by information -- including her Social Security
number -- he purchased over the Internet.  Sen. Judd Gregg (R-NH)
later introduced legislation, entitled "Amy Boyer's Law," that seemed
to require consent before Social Security numbers were displayed to
the public.  Consumer and privacy groups opposed the proposal noting
the statute's significant exceptions for commercial use of SSNs and
public records.  The groups also criticized earlier versions of the
proposal that pre-empted states' ability to pass laws offering greater
protections.  Tim Remsburg, Amy Boyer's stepfather, was also
reportedly disappointed with the latest version of the law because it
did not go far enough to protect personal privacy.
The Clinton Administration had fought against the bill as well,
issuing a veto threat letter against the appropriations bill on
October 26 that cited the lackluster protections of the Amy Boyer
provisions (see EPIC Alert 7.20).  Many privacy groups hope that
Congress will return to the issue of Social Security numbers in a
more aggressive manner next year.
In related privacy news, Sen. Patrick Leahy (D-VT) recently presented
a "Report Card of the 106th Congress on Privacy" on the Senate floor.
In his short speech, Sen. Leahy noted that "our laws have not kept
pace with sweeping technological changes, putting at risk some of our
most sensitive, private matters."  Emphasizing the need for greater
action, he added that "Congress has spent too long defining the
problem [of privacy] instead of fixing it."  The remarks are available
through the Congressional Record for the Senate on December 14th, at
page S11777.
Information on Amy Boyer's Law is available through U.S. PIRG at:
[3] FTC Holds Public Workshop on Wireless Privacy
On December 11-12, industry representatives and privacy advocates met
at the Federal Trade Commission to discuss the privacy, security, and
consumer protection issues raised by the development and use of new
wireless technologies and services.
Location privacy was a principal issue among the panelists and
attendees in light of the Federal Communications Commission's "E911"
rules.  Those rules require wireless service carriers to provide the
location of a caller to emergency centers when he or she dials 911.
To enhance safety for 911 callers, this information must be accurate
to within 50-100 meters of the caller's actual location.  Privacy
advocates have voiced concerns about potential law enforcement and
commercial uses of such location data.  Location information may be
used to track users' movements outside of an emergency setting, to
aggregate data regarding personal preferences and activities, and to
deliver targeted advertising based on wireless users' location.
Panelists also discussed the consumer protection aspects of wireless
technologies.  Consumers and businesses may have difficulty in
communicating disclosures and other terms of service using current
wireless devices, as most devices have small screens and limited
storage capacity.  In a workshop presentation, EPIC General Counsel
David Sobel encouraged the development of a legal framework to ensure
the privacy rights of wireless users.  He told participants that "pure
self-regulation has not worked well with respect to Internet privacy,"
and that wireless technologies present both new challenges and new
opportunities for privacy protection.
Information on the FTC's wireless workshop is available at:
[4] International Coalition Maintains Opposition to Cyber-Crime Treaty
The Global Internet Liberty Campaign (GILC), an international
coalition of cyber-liberties groups, has again warned the Council of
Europe (CoE) that a draft cybercrime treaty poses threats to privacy
and human rights.  According to the coalition's December 12 letter,
provisions of the proposed cybercrime treaty would allow governments
to engage in disproportionately invasive investigative techniques.
In addition, the convention would encourage government collection of
Internet transmissions with systems similar to the FBI's Carnivore.
The GILC letter also cites provisions on law enforcement access to
decryption keys similar to the UK's Regulation of Investigatory Powers
(RIP) Act.
Recognizing that interception of communication is a tool often used
against dissidents and human rights workers, GILC recommended that the
CoE redraft the treaty so that these invasive techniques could only be
used to address serious crimes.  GILC has called for judicial review
to ensure protection for individuals' right to privacy and a
recognition of the right against self-incrimination before invasive
techniques are employed.
GILC has also objected to the closed, secretive nature in which the
cybercrime treaty has been drafted.  The coalition has offered to
assist the CoE by providing experts dedicated to stemming the problem
of cybercrime while accommodating the human rights issues involved.
The GILC letter is available at:
[5] Library Association Seeks Nominations for James Madison Award
The American Library Association (ALA) is currently seeking
nominations for the organization's 12th annual James Madison Award.
The Award is presented to individuals and groups that have preserved
and protected the public's right to know.  The ALA is seeking
nominations until January 10, 2001.  The award will be presented on
March 16, 2001 in conjunction with Freedom of Information Day, an
event jointly organized with the Freedom Forum.
Mail nominations to Peter Kaplan at the ALA Washington Office at 1301
Pennsylvania Avenue NW, Suite 403, Washington, DC 20004 or fax to
(202) 628-8419.  Nominations should include a statement of why the
nominee is should receive the award.
For more information, visit the ALA Washington Office homepage:
[6] Consumer Groups Release Online Holiday Shopping Tips
The Trans-Atlantic Consumer Dialogue (TACD), a coalition of U.S. and
EU consumer groups, has released its "12-point checklist for online
shopping."  The shopping checklist is based on the Organization for
Economic Co-operation and Development (OECD) E-Commerce guidelines.
The checklist presents basic matters that should be considered before
purchasing items online: contact information, cost, payment methods,
shipping charges and times, return policies, availability of customer
service, privacy and security, and how to handle possible disputes.
The TACD Online Shopping Checklist is available at:
OECD Guidelines for Consumer Protection in the Context of Electronic
Commerce are available at:
[7] EPIC Bookstore - EPIC 2000 Publications
Planning any last minute shopping?  Visit the EPIC Bookstore for our
selection of books on privacy, free speech and computer security.
And make sure to take a look at this year's EPIC publications.
Browse the EPIC Bookstore at http://www.epic.org/bookstore/
EPIC Publications:
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000).
Price: $40. http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"Filters and Freedom: Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Call for Proposals - January 5, 2001. CFP 2001: The Eleventh
Conference on Computers, Freedom, and Privacy. For more information:
Call for Content - January 10, 2001. INET 2001: The Internet Global
Summit. The 11th Annual Internet Society Conference. For more
information: http://www.isoc.org/inet2001/cfc.shtml
Network and Distributed System Security Symposium (NDSS '01). Internet
Society. February 7-9, 2001. San Diego, CA. For more information:
Privacy in the New Environments: What the Personal Information
Protection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP
Conseil. March 13-15, 2001. Paris, France. For more information:
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
First International Conference on Human Aspects of the Information
Society. Information Management Research Institute, University of
Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
National Summit on Electronic Privacy. The National Institute for
Government Innovation. April 23-24, 2001. Washington, DC. For more
information: http://www.nigi.org/
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
INET 2001: The Internet Global Summit. The 11th Annual Internet
Society Conference. June 5-8, 2001. Stockholm, Sweden. For more
information: http://www.isoc.org/inet2001/
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 7.22 -----------------------