EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 8.01                                   January 17, 2001
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Attorney General Nominee and Electronic Privacy
[2] Justice Department Releases New Manual on Computer Crime
[3] EPIC and Privacy International Launch PRIVACY.ORG
[4] New Canadian Privacy Law Goes Into Effect
[5] Internet NGOs Hold Meeting on Emerging Market Economies
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Crypto: How the Code Rebels Beat the Government
[8] Upcoming Conferences and Events
[1] Attorney General Nominee and Electronic Privacy
The Department of Justice has long been at the center of some of the
most contentious debates over electronic privacy, including
implementation of the Communications Assistance for Law Enforcement
Act (CALEA), critical infrastructure protection, the FBI's Carnivore
system and the proposed Council of Europe cyber-crime treaty.  If
confirmed as Attorney General, former Senator John Ashcroft will have
a great deal of influence over such matters, so it's interesting to
look back at his remarks on the privacy implications of law
enforcement surveillance initiatives.  Appearing before the Computer
and Communications Industry Association on October 8, 1997, in the
midst of the debate on encryption controls, Sen. Ashcroft made these
     To date, we have heard a great deal about the needs of law
     enforcement and not enough about the privacy needs of the
     rest of us.  Without the protection of privacy, the Internet
     is doomed to the status of an international party line or an
     international broadcast device and will never become a
     useful means of commerce, communication, and entertainment.
     . . .
     While we need to revise our laws to reflect the digital age,
     one thing that does not need revision is the Fourth
     Amendment.  The Founding Fathers crafted the Constitution to
     protect our most basic liberties.  Those protections have
     kept Big Brother from intruding into our private lives for
     over 200 years.  Removal of these protections is now being
     advocated, which would leave citizens open to the invasion
     of their privacy, for the sake of security. . . .
     The outrages against privacy committed by federal law
     enforcement agencies means one thing: Now, more than ever,
     we must protect citizens' privacy from the excesses of an
     arrogant, overly powerful government.
     Law enforcement is using advances in digital technology as
     an excuse to insist on intrusions into privacy that were
     never allowed in the pre-digital era.
Information on the FBI's Carnivore system is available at:
Information on the proposed Council of Europe cyber-crime treaty is
available at:
[2] Justice Department Releases New Manual on Computer Crime
The Justice Department's Computer Crime and Intellectual Property
Section has released a new investigative manual entitled "Searching
and Seizing Computers and Obtaining Electronic Evidence in Criminal
According to the Computer Crime Section, the manual "provides a
comprehensive guide to the legal issues that arise when federal law
enforcement agents search and seize computers and obtain electronic
evidence in criminal investigations.  The topics covered include the
application of the Fourth Amendment to computers and the Internet, the
Electronic Communications Privacy Act, workplace privacy, the law of
electronic surveillance, and evidentiary issues."  The publication
supersedes the "Federal Guidelines for Searching and Seizing
Computers," which was produced in 1994.  While the earlier manual was
made public only after EPIC obtained its release under the Freedom of
Information Act, the new document has been made available online.
The new DOJ publication discusses the Department's interpretation of
the legal standards governing law enforcement access to packet-mode
communications, but does not address the Carnivore system, which the
FBI uses to collect such data.
"Searching and Seizing Computers and Obtaining Electronic Evidence in
Criminal Investigations" is available at:
[3] EPIC and Privacy International Launch PRIVACY.ORG
EPIC and Privacy International have launched Privacy.org, the site for
news, information, and action.  The website contains brief summaries
and links to news items appearing both in the domestic and the
international press.  Its database of news stories is searchable by
text, and it extends back two years.  Privacy.org also features the
EPIC-Digest, a weekly e-mail digest of news, information, and action
In related privacy news, a coalition of 17 public interest groups has
issued a letter urging greater action from the incoming Presidential
administration, members of Congress, and state officials on privacy
issues.  As a basis for future initiatives, the letter points to the
traditional role that privacy has played in America and the current
high level of public support for greater privacy protection.  In
moving forward, the coalition of groups calls for the adoption of a
comprehensive framework of privacy protection that will protect
consumers and citizens.
For the latest information and news visit:
To read the privacy coalition letter:
[4] New Canadian Privacy Law Goes Into Effect
On January 1, 2001, the Canadian Personal Information Protection and
Electronic Documents Act went into effect.  The new law establishes
rules that govern the collection, use, and disclosure of personal
information by private sector entities.
The law establishes Fair Information Practices, based on the Canadian
Standards Association (CSA) International Privacy Code, for personal
data collected by federally regulated private sector organizations.
Federally regulated sectors include telecommunications, finance, and
transportation.  In three years, the provisions of the Act will also
apply to provincially regulated industries unless provinces enact laws
providing a similar level of protection.  Data transfers are handled
through the use of contracts that guarantee third parties operate
under the same privacy guidelines as the original recipient.  The act
is enforced by the Office of the Privacy Commissioner of Canada.
More information about the Canadian Personal Information Protection
and Electronic Documents Act is available at:
For background on other privacy laws and developments around the
world, see Privacy & Human Rights 2000:
[5] Internet NGOs Hold Meeting on Emerging Market Economies
On January 15, NGO representatives gathered from around the world to
discuss data protection, Internet access, and consumer protection
issues in emerging market economies.  The Public Voice meeting was
held in Dubai, United Arab Emirates in conjunction with the
Organization for Economic Co-operation and Development (OECD) Emerging
Market Economy Forum.
The Emerging Market Economies meeting is the latest in a series of
Public Voice events.  Previous Public Voice meetings have taken place
in Venice, Paris, and Ottawa.  The Public Voice program seeks to
promote NGO participation in decisions affecting the future of the
Internet on issues ranging from encryption policy and privacy to
consumer protection and Internet governance.
Information about the January 15th Public Voice in Emerging Market
Economies meeting is available at:
Background on previous Public Voice events is available at:
[6] EPIC Bill-Track: New Bills in Congress
H.R.89. Online Privacy Protection Act of 2001.  To require the Federal
Trade Commission to prescribe regulations to protect the privacy of
personal information collected from and about individuals who are not
covered by the Children's Online Privacy Protection Act of 1998 on the
Internet, to provide greater individual control over the collection
and use of that information, and for other purposes. Sponsor: Rep.
Frelinghuysen, Rodney P. (R-NJ). Latest Major Action: 1/3/2001 Referred
to House committee: House Energy and Commerce.
H.R.90. Know Your Caller Act. A bill to amend the Communications Act
of 1934 to prohibit telemarketers from interfering with the caller
identification service of any person to whom a telephone solicitation
is made, and for other purposes. Sponsor: Rep. Frelinghuysen, Rodney P.
(R-NJ). Latest Major Action: Referred to House Committee: Committee on
Energy and Commerce.
H.R.91. Social Security On-line Privacy Protection Act. To regulate
the use by interactive computer services of Social Security account
numbers and related personally identifiable information. Sponsor: Rep.
Frelinghuysen, Rodney P. (R-NJ). Latest Major Action: 1/3/2001 Referred
to House committee: House Energy and Commerce.
H.R.112. Electronic Privacy Protection Act. To prohibit the making,
importation, exportation, distribution, sale, offer for sale,
installation, or use of an information collection device without
proper labeling or notice and consent. Sponsor: Rep. Holt, Rush D.
(D-NJ). Latest Major Action: 1/3/2001 Referred to House committee:
House Energy and Commerce.
H.R.113. Wireless Telephone Spam Protection Act. To amend section 227
of the Communications Act of 1934 to prohibit the use of the text,
graphic, or image messaging systems of wireless telephone systems to
transmit unsolicited commercial messages. Sponsor: Rep. Holt, Rush D.
(D-NJ) (introduced 1/3/2001). Latest Major Action: 1/3/2001 Referred
to House committee.
H.R.220. Identity Theft Protection Act of 2001. To amend title II of
the Social Security Act and the Internal Revenue Code of 1986 to
protect the integrity and confidentiality of Social Security account
numbers issued under such title, to prohibit the establishment in the
Federal Government of any uniform national identifying number, and to
prohibit Federal agencies from imposing standards for identification
of individuals on other agencies or persons. Sponsor: Rep. Paul, Ron
(R-TX). Latest Major Action: 1/3/2001 Referred to House committee:
House Ways and Means and House Government Reform.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - Crypto: How the Code Rebels Beat the Government
Crypto: How the Code Rebels Beat the Government - Saving Privacy in
the Digital Age, by Steven Levy.
"Crypto" is about privacy in the information age and about the nerds
and visionaries who, nearly twenty years ago, predicted that the
Internet's greatest virtue -- free access to information -- was also
its most perilous drawback: a possible end to privacy.
Levy explores what turned out to be a decisive development in the
crypto wars: the unlikely alliance between the computer geeks and big
business as they fought the government's stranglehold on the keys to
information in a networked world.
In the course of writing the book, the author relied in part on
documents obtained by EPIC under the Freedom of Information Act.
For "Crypto," as well as other books recommended by EPIC, browse the
EPIC Bookshelf at:
EPIC Publications:
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"Filters and Freedom: Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto can be ordered through the EPIC
Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Are You Covered?: Navigating the New Federal Health Privacy
Regulations. Health Privacy Project. February 5, 2001. Washington, DC.
For more information: http://www.healthprivacy.org/
Network and Distributed System Security Symposium (NDSS '01). Internet
Society. February 7-9, 2001. San Diego, CA. For more information:
Privacy in the New Environments: What the Personal Information
Protection and Electronic Documents Act Means to Your Organization.
Riley Information Services. February 19, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP
Conseil. March 13-15, 2001. Paris, France. For more information:
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
First International Conference on Human Aspects of the Information
Society. Information Management Research Institute, University of
Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
National Summit on Electronic Privacy. The National Institute for
Government Innovation. April 23-24, 2001. Washington, DC. For more
information: http://www.nigi.org/
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual
Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For
more information: http://www.isoc.org/inet2001/
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 8.01 -----------------------