============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.01 January 17, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.01.html ======================================================================= Table of Contents ======================================================================= [1] Attorney General Nominee and Electronic Privacy [2] Justice Department Releases New Manual on Computer Crime [3] EPIC and Privacy International Launch PRIVACY.ORG [4] New Canadian Privacy Law Goes Into Effect [5] Internet NGOs Hold Meeting on Emerging Market Economies [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - Crypto: How the Code Rebels Beat the Government [8] Upcoming Conferences and Events ======================================================================= [1] Attorney General Nominee and Electronic Privacy ======================================================================= The Department of Justice has long been at the center of some of the most contentious debates over electronic privacy, including implementation of the Communications Assistance for Law Enforcement Act (CALEA), critical infrastructure protection, the FBI's Carnivore system and the proposed Council of Europe cyber-crime treaty. If confirmed as Attorney General, former Senator John Ashcroft will have a great deal of influence over such matters, so it's interesting to look back at his remarks on the privacy implications of law enforcement surveillance initiatives. Appearing before the Computer and Communications Industry Association on October 8, 1997, in the midst of the debate on encryption controls, Sen. Ashcroft made these comments: To date, we have heard a great deal about the needs of law enforcement and not enough about the privacy needs of the rest of us. Without the protection of privacy, the Internet is doomed to the status of an international party line or an international broadcast device and will never become a useful means of commerce, communication, and entertainment. . . . While we need to revise our laws to reflect the digital age, one thing that does not need revision is the Fourth Amendment. The Founding Fathers crafted the Constitution to protect our most basic liberties. Those protections have kept Big Brother from intruding into our private lives for over 200 years. Removal of these protections is now being advocated, which would leave citizens open to the invasion of their privacy, for the sake of security. . . . The outrages against privacy committed by federal law enforcement agencies means one thing: Now, more than ever, we must protect citizens' privacy from the excesses of an arrogant, overly powerful government. Law enforcement is using advances in digital technology as an excuse to insist on intrusions into privacy that were never allowed in the pre-digital era. Information on the FBI's Carnivore system is available at: http://www.epic.org/privacy/carnivore/ Information on the proposed Council of Europe cyber-crime treaty is available at: http://www.privacyinternational.org/issues/cybercrime/ ======================================================================= [2] Justice Department Releases New Manual on Computer Crime ======================================================================= The Justice Department's Computer Crime and Intellectual Property Section has released a new investigative manual entitled "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations." According to the Computer Crime Section, the manual "provides a comprehensive guide to the legal issues that arise when federal law enforcement agents search and seize computers and obtain electronic evidence in criminal investigations. The topics covered include the application of the Fourth Amendment to computers and the Internet, the Electronic Communications Privacy Act, workplace privacy, the law of electronic surveillance, and evidentiary issues." The publication supersedes the "Federal Guidelines for Searching and Seizing Computers," which was produced in 1994. While the earlier manual was made public only after EPIC obtained its release under the Freedom of Information Act, the new document has been made available online. The new DOJ publication discusses the Department's interpretation of the legal standards governing law enforcement access to packet-mode communications, but does not address the Carnivore system, which the FBI uses to collect such data. "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" is available at: http://www.cybercrime.gov/searching.html ======================================================================= [3] EPIC and Privacy International Launch PRIVACY.ORG ======================================================================= EPIC and Privacy International have launched Privacy.org, the site for news, information, and action. The website contains brief summaries and links to news items appearing both in the domestic and the international press. Its database of news stories is searchable by text, and it extends back two years. Privacy.org also features the EPIC-Digest, a weekly e-mail digest of news, information, and action items. In related privacy news, a coalition of 17 public interest groups has issued a letter urging greater action from the incoming Presidential administration, members of Congress, and state officials on privacy issues. As a basis for future initiatives, the letter points to the traditional role that privacy has played in America and the current high level of public support for greater privacy protection. In moving forward, the coalition of groups calls for the adoption of a comprehensive framework of privacy protection that will protect consumers and citizens. For the latest information and news visit: http://www.privacy.org/ To read the privacy coalition letter: http://www.epic.org/privacy/coalition_letter_0101.html ======================================================================= [4] New Canadian Privacy Law Goes Into Effect ======================================================================= On January 1, 2001, the Canadian Personal Information Protection and Electronic Documents Act went into effect. The new law establishes rules that govern the collection, use, and disclosure of personal information by private sector entities. The law establishes Fair Information Practices, based on the Canadian Standards Association (CSA) International Privacy Code, for personal data collected by federally regulated private sector organizations. Federally regulated sectors include telecommunications, finance, and transportation. In three years, the provisions of the Act will also apply to provincially regulated industries unless provinces enact laws providing a similar level of protection. Data transfers are handled through the use of contracts that guarantee third parties operate under the same privacy guidelines as the original recipient. The act is enforced by the Office of the Privacy Commissioner of Canada. More information about the Canadian Personal Information Protection and Electronic Documents Act is available at: http://www.privcom.gc.ca/english/02_06_e.htm For background on other privacy laws and developments around the world, see Privacy & Human Rights 2000: http://www.privacyinternational.org/survey/ ======================================================================= [5] Internet NGOs Hold Meeting on Emerging Market Economies ======================================================================= On January 15, NGO representatives gathered from around the world to discuss data protection, Internet access, and consumer protection issues in emerging market economies. The Public Voice meeting was held in Dubai, United Arab Emirates in conjunction with the Organization for Economic Co-operation and Development (OECD) Emerging Market Economy Forum. The Emerging Market Economies meeting is the latest in a series of Public Voice events. Previous Public Voice meetings have taken place in Venice, Paris, and Ottawa. The Public Voice program seeks to promote NGO participation in decisions affecting the future of the Internet on issues ranging from encryption policy and privacy to consumer protection and Internet governance. Information about the January 15th Public Voice in Emerging Market Economies meeting is available at: http://www.thepublicvoice.org/events/dubai01/ Background on previous Public Voice events is available at: http://www.thepublicvoice.org/ ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.89. Online Privacy Protection Act of 2001. To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes. Sponsor: Rep. Frelinghuysen, Rodney P. (R-NJ). Latest Major Action: 1/3/2001 Referred to House committee: House Energy and Commerce. H.R.90. Know Your Caller Act. A bill to amend the Communications Act of 1934 to prohibit telemarketers from interfering with the caller identification service of any person to whom a telephone solicitation is made, and for other purposes. Sponsor: Rep. Frelinghuysen, Rodney P. (R-NJ). Latest Major Action: Referred to House Committee: Committee on Energy and Commerce. H.R.91. Social Security On-line Privacy Protection Act. To regulate the use by interactive computer services of Social Security account numbers and related personally identifiable information. Sponsor: Rep. Frelinghuysen, Rodney P. (R-NJ). Latest Major Action: 1/3/2001 Referred to House committee: House Energy and Commerce. H.R.112. Electronic Privacy Protection Act. To prohibit the making, importation, exportation, distribution, sale, offer for sale, installation, or use of an information collection device without proper labeling or notice and consent. Sponsor: Rep. Holt, Rush D. (D-NJ). Latest Major Action: 1/3/2001 Referred to House committee: House Energy and Commerce. H.R.113. Wireless Telephone Spam Protection Act. To amend section 227 of the Communications Act of 1934 to prohibit the use of the text, graphic, or image messaging systems of wireless telephone systems to transmit unsolicited commercial messages. Sponsor: Rep. Holt, Rush D. (D-NJ) (introduced 1/3/2001). Latest Major Action: 1/3/2001 Referred to House committee. H.R.220. Identity Theft Protection Act of 2001. To amend title II of the Social Security Act and the Internal Revenue Code of 1986 to protect the integrity and confidentiality of Social Security account numbers issued under such title, to prohibit the establishment in the Federal Government of any uniform national identifying number, and to prohibit Federal agencies from imposing standards for identification of individuals on other agencies or persons. Sponsor: Rep. Paul, Ron (R-TX). Latest Major Action: 1/3/2001 Referred to House committee: House Ways and Means and House Government Reform. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - Crypto: How the Code Rebels Beat the Government ======================================================================= Crypto: How the Code Rebels Beat the Government - Saving Privacy in the Digital Age, by Steven Levy. "Crypto" is about privacy in the information age and about the nerds and visionaries who, nearly twenty years ago, predicted that the Internet's greatest virtue -- free access to information -- was also its most perilous drawback: a possible end to privacy. Levy explores what turned out to be a decisive development in the crypto wars: the unlikely alliance between the computer geeks and big business as they fought the government's stranglehold on the keys to information in a networked world. In the course of writing the book, the author relied in part on documents obtained by EPIC under the Freedom of Information Act. For "Crypto," as well as other books recommended by EPIC, browse the EPIC Bookshelf at: http://www.powells.com/features/epic/epic.html ================================ EPIC Publications: "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Privacy & Human Rights 2000: An International Survey of Privacy Laws and Developments," David Banisar, author (EPIC 2000). Price: $20. http://www.epic.org/phr/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2000: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000). Price: $40. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, editors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "Filters and Freedom: Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Are You Covered?: Navigating the New Federal Health Privacy Regulations. Health Privacy Project. February 5, 2001. Washington, DC. For more information: http://www.healthprivacy.org/ Network and Distributed System Security Symposium (NDSS '01). Internet Society. February 7-9, 2001. San Diego, CA. For more information: http://www.isoc.org/ndss01/ Privacy in the New Environments: What the Personal Information Protection and Electronic Documents Act Means to Your Organization. Riley Information Services. February 19, 2001. Ottawa, Canada. For more information: http://www.rileyis.com/seminars/ CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy. March 6-9, 2001. Cambridge, MA. For more information: http://www.cfp2001.org/ EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP Conseil. March 13-15, 2001. Paris, France. For more information: http://www.xpconseil.com/eurosec2001/ Online, Offshore and Cross-Border: Regulating Global E-Commerce. Washington College of Law, American University. March 30, 2001. Washington, DC. For more information: http://www.wcl.american.edu First International Conference on Human Aspects of the Information Society. Information Management Research Institute, University of Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne, England. For more information: http://is.northumbria.ac.uk/imri National Summit on Electronic Privacy. The National Institute for Government Innovation. April 23-24, 2001. Washington, DC. For more information: http://www.nigi.org/ The 26th Annual AAAS Colloquium on Science and Technology Policy. American Association for the Advancement of Science. May 3-4, 2001. Washington, DC. For more information: http://www.aaas.org/spp/dspp/rd/colloqu.htm The Internet Security Conference (TISC) 2001. Core Competence, Inc. June 4-8, 2001. Los Angeles, CA. For more information: http://www.tisc2001.com/ INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For more information: http://www.isoc.org/inet2001/ ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921 Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.01 ----------------------- .