EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 8.04                                      March 1, 2001
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Federal Court Dismisses Message Board Libel Case
[2] EPIC Testifies at Congressional Hearing on Consumer Privacy
[3] Civil Society and At-Large Meetings at ICANN Melbourne
[4] Update: N2H2 Ends Relationship with Roper Starch
[5] NIST Seeks Comments on Advanced Encryption Standard
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Hacker Ethic
[8] Upcoming Conferences and Events
[1] Federal Court Dismisses Message Board Libel Case
A federal court in California has dismissed a libel suit against two
individuals who criticized a publicly traded company on an Internet
message board.  In an opinion issued on February 23, U.S. District
Judge David O. Carter found that the individuals were exercising their
rights to free speech under the First Amendment and that their
postings contained expressions of opinion and not statements of fact.
The decision is significant because it goes to the heart of the dozens
of so-called "John Doe" lawsuits that have been filed against
anonymous Internet posters.  The majority of the cases, which raise
significant privacy and free speech issues, are filed by companies
claiming that postings contained on online message boards are
defamatory.  The plaintiff companies typically issue subpoenas to the
message board operators, such as Yahoo! and Raging Bull, seeking the
identities of the anonymous posters.  Increasingly, the "John Does"
are fighting back, arguing that the courts should disallow such
subpoenas unless the suing companies can show that their underlying
legal claims are legitimate.  Several courts have recently agreed to
require such showings (see EPIC Alert 7.21).
In the recent decision, Judge Carter found that Global Telemedia
International, Inc. (GTMI) had failed to demonstrate that negative
postings about the company on a Raging Bull message board constituted
actionable defamation and interference with economic prospects.  In
what is believed to be the first ruling of its kind, the court held
that, as a general matter, Internet message boards almost always
consist of protected opinions, which cannot constitute defamation.
Judge Carter determined that the statements at issue were expressions
of opinion under the "totality of the circumstances" test and
considered the statements in their broad context, which includes the
general tenor and format of the entire message board.  He noted that
     [t]he statements were posted anonymously in the general
     cacophony of an internet chat-room which posts around 1,000
     messages a week on GTMI.  The postings at issue were
     anonymous as are all the other postings in the chat-room.
     They were part of an on-going, free-wheeling and highly
     animated exchange about GTMI and its turbulent history. ...
     Importantly, the postings are full of hyperbole, invective,
     short-hand phrases and language not generally found in
     fact-based documents, such as corporate press releases and
     SEC filings.
The case is Global Telemedia International, Inc., et al. v. Doe 1, et
al., No. 00-1155 (C.D. Cal.).
[2] EPIC Testifies at Congressional Hearing on Consumer Privacy
On March 1, the U.S. House of Representatives Subcommittee on
Commerce, Trade and Consumer Protection held a hearing on "Privacy in
the Commercial World," the first House hearing on privacy in the 107th
Congress.  The witnesses at the hearing included: Professor Fred H.
Cate from the Indiana University School of Law-Bloomington, Professor
Eugene Volokh from the UCLA School of Law, Professor Paul H. Rubin
from the Emory University School of Law, Ms. Solveig Singleton from
the Competitive Enterprise Institute, Mr. Marc Rotenberg of the
Electronic Privacy Information Center, and Professor Chai R. Feldblum
of Georgetown University Law Center.
Rather than addressing a specific bill introduced by a member of the
Subcommittee, the hearing aimed to address privacy as a general topic
and thus discuss many of the underlying issues to consider about
privacy legislation.  The Subcommittee, a subset of the House
Committee on Energy and Commerce, is one of the subcommittees that
will likely address future privacy bills in the 107th Congress.  The
witnesses presented wide-ranging views on a variety of topics.
EPIC's testimony discussed the development of privacy law in the
commercial world and the role of technology.  The testimony makes
several points including: the protection of privacy in law is central
to the American legal tradition; privacy law allocates rights and
responsibilities and ensures fairness and transparency in the
collection and use of personal information; privacy laws respond to
new technologies; privacy protection by self-regulation is a recent
development; genuine privacy enhancing technologies (PETs) limit or
eliminate the collection of personally identifiable information; free
expression and privacy protection are complimentary values; federal
privacy legislation typically does not preempt state law; and public
support for privacy protection is a significant consideration in the
legislative process.
EPIC's Testimony on Privacy in the Commercial World is available at:
Information about the Subcommittee on Commerce, Trade and Consumer
Protection hearing:
[3] Civil Society and At-Large Meetings at ICANN Melbourne
At the upcoming Internet Corporation for Assigned Names and Numbers
(ICANN) meeting in Melbourne, Electronic Frontiers Australia will be
hosting a series of public meetings on ICANN and civil liberties
issues.  The meetings are sponsored by the Civil Society Internet
Forum (CSIF) and the Interim Coordinating Committee (ICC).
The first meeting, on "Internet Democracy and the Global At-Large
Membership," will take place on Friday, March 9th.  To be moderated by
Kimberley Heitman, Chairman of Electronic Frontiers Australia (EFA),
the session will discuss a range of topics including: a general
overview of ICANN; the ICANN Marina del Rey meeting; reports from the
At-Large Board of Directors; the Internet Coordinating Committee; the
ICANN At-Large Study; the recent gTLD selection; consensus processes
for the At-Large membership; and CSIF as the Third Force.
The second meeting, on "Civil Liberties," to be chaired by Professor
Toshimaru Ogura of JCA-Net, will take place on Saturday, March 10th.
This second session will cover a number of issues including: privacy,
encryption, wiretapping, free speech, censorship, filtering and
rating, Digital Divide and Global Civil Society.
More information about the meetings is available at:
Information about the ICANN meeting in Melbourne, Australia:
[4] Update: N2H2 Ends Relationship with Roper Starch
Internet filtering company N2H2 announced last week that it will no
longer sell the data it collects on schoolchildren through the use of
its "Bess" Internet filtering software.  N2H2 had sold this data as
part of its "Class Clicks" report, a compilation of statistics
detailing what web sites children visit.  The data from Class Clicks
was sold to Roper Starch Worldwide, a marketing research firm, and to
the U.S. Department of Defense (see EPIC Alert 8.02).
EPIC had filed a series of Freedom of Information Act requests to
determine what information N2H2 was providing to the Department of
Defense.  In addition, Responsible Netizen, Commercial Alert, and the
Center for a Commercial-Free Public Education brought public attention
to schoolhouse profiling and commercialization of public schools.
N2H2's announcement is a welcome one, but the privacy challenges of
online profiling in schools remain.  Although N2H2 will no longer sell
Class Clicks, the company continues to collect information on the
fourteen million children who use the Bess filter.
Legislation has been introduced to stem the commercial profiling of
children in schools.  S. 290, the Student Privacy Protection Act,
would restrict the commercial gathering of information in the
schoolhouse.  The bill requires schools to give notice and gain
parental consent before engaging in any commercial collection of
information from students.
EPIC's Freedom of Information Act request to the Department of
Defense is available at:
S. 290, the Student Privacy Protection Act:
[5] NIST Seeks Comments on Advanced Encryption Standard
On February 28, the National Institute of Standards and Technology
(NIST) announced that it is seeking comments on a draft Federal
Information Processing Standard (FIPS) for the Advanced Encryption
Standard (AES).  NIST earlier selected the algorithm, known as
Rijndael, for the AES in October 2000 (see EPIC Alert 7.18).  The
draft FIPS explains this selection in detail and specifies technology
that can be used to protect confidential electronic information.
AES will replace the Data Encryption Standard (DES), adopted by the
federal government as the official encryption standard since 1977.
The weakness of the DES, which relied on 56-bit encryption keys, was
clearly demonstrated by a series of DES Cracker Projects sponsored by
RSA Laboratories in 1997, 1998 and 1999.
Comments from the public on the security of AES must be received on or
before May 29.  They will be analyzed by NIST and incorporated, as
appropriate, into the draft FIPS before being sent to the Secretary of
Commerce for formal approval.
For more information on how to submit comments, see the Federal
Register Announcement at:
For complete AES-related information, visit the AES home page at:
[6] EPIC Bill-Track: New Bills in Congress
H.R.602 Genetic Nondiscrimination in Health Insurance and Employment
Act. To prohibit discrimination on the basis of genetic information
with respect to health insurance. Sponsor: Rep Slaughter, Louise
McIntosh (D-NY). Latest Major Action: 2/13/2001 Referred to House
committee: House Education and the Workforce; House Energy and
Commerce; House Ways and Means.
H.R.718 Unsolicited Commercial Electronic Mail Act of 2001. To protect
individuals, families, and Internet service providers from unsolicited
and unwanted electronic mail. Sponsor: Rep Wilson, Heather (R-NM).
Latest Major Action: 2/14/2001 Referred to House committee: House
Energy and Commerce; House Judiciary.
S.318 Genetic Nondiscrimination in Health Insurance and Employment
Act. A bill to prohibit discrimination on the basis of genetic
information with respect to health insurance. Sponsor: Sen Daschle,
Thomas A. (D-SD). Latest Major Action: 2/13/2001 Referred to Senate
committee: Senate Health, Education, Labor, and Pensions.
S.324 Social Security Number Privacy Act of 2001. A bill to amend the
Gramm-Leach-Bliley Act, to prohibit the sale and purchase of the
social security number of an individual by financial institutions, to
include social security numbers in the definition of nonpublic
personal information, and for other purposes. Sponsor: Sen Shelby,
Richard C. (R-AL) Latest Major Action: 2/14/2001 Referred to Senate
committee: Senate Banking, Housing, and Urban Affairs.
S.382 Genetic Information Nondiscrimination in Health Insurance Act of
2001. A bill to prohibit discrimination on the basis of genetic
information with respect to health insurance. Sponsor: Sen Snowe,
Olympia J. (R-ME). Latest Major Action: 2/15/2001 Referred to Senate
committee: Senate Health, Education, Labor, and Pensions.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - The Hacker Ethic
The Hacker Ethic & the Spirit of the Information Age by Pekka Himanen,
Linus Torvalds (Prologue), and Manuel Castells (Epilogue)
Nearly a century ago, Max Weber's The Protestant Ethic and the Spirit
of Capitalism articulated the animating spirit of the industrial age,
the Protestant ethic.  Now, Pekka Himanen -- together with Linus
Torvalds and Manuel Castells -- articulates how hackers* represent a
new, opposing ethos for the information age.  Underlying hackers'
technical creations -- such as the Internet and the personal
computers, which have become symbols of our time -- are the hacker
values that produced them and challenge us all.  These values promote
passionate and freely rhythmed work; the belief that individuals can
create great things by joining forces in imaginative ways; and the
need to maintain our existing ethical ideals, such as privacy and
equality, in our new, increasingly technologized society.  The Hacker
Ethic takes us on a journey through fundamental questions about life
in the information age -- a trip of constant surprises, after which
our time and our lives can be seen from unexpected perspectives.
* In the original meaning of the word, hackers are enthusiastic
computer programmers who share their work with others; they are not
computer criminals.
For other books recommended by EPIC, browse the EPIC Bookshelf at:
EPIC Publications:
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"Filters and Freedom: Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
The Second National HIPAA Summit: The Leading Forum on Healthcare
Privacy, Confidentiality, Data Security and HIPAA Compliance. March
1-2, 2001. Washington, DC. For more information:
Wiretapping the Net. Harvard Information Infrastructure Project
Seminar. March 5, 2001. Cambridge, MA. For more information:
None of Your Business: The Politics and Business Implications of
Privacy. New York New Media Association. March 6, 2001. New York, NY.
For more information: http://www.nynma.org/
CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy.
March 6-9, 2001. Cambridge, MA. For more information:
Consumer Assembly 2001: New Issues in a New Political and Economic
Era. Consumer Federation of America. March 8-9, 2001. Washington, DC.
For more information: http://www.consumerfed.org/events.html
Reclaiming the American Commons. The New America Foundation. March 12,
2001. Washington, DC. For more information: http://www.newamerica.net/
Freedom of Expression: New and Existing Challenges. Organization for
Security and Co-operation in Europe, Office for Democratic
Institutions and Human Rights. March 12-13, 2001. Vienna, Austria.
For more information: http://www.osce.org/odihr/meetings.htm
The Information Marketplace: Merging and Exchanging Consumer Data.
Federal Trade Commission. March 13, 2001. Washington, DC. For more
information: http://www.ftc.gov/bcp/workshops/infomktplace/
EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP
Conseil. March 13-15, 2001. Paris, France. For more information:
Privacy. New School University. March 23-24, 2001. Budapest, Hungary.
For more information: http://www.socres.org/budapest/
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
Call For Papers - March 31, 2001 (prizes available for graduate
student papers). The 29th Research Conference on Communication,
Information and Internet Policy. October 27-29, 2001. Alexandria, VA.
For more information: http://www.tprc.org
BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer,
Inc. April 4, 2001. Washington, DC. For more information:
First International Conference on Human Aspects of the Information
Society. Information Management Research Institute, University of
Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
Corporate Privacy Officers Program 2001: Washington Briefing and Peer
Workshop. Privacy and American Business. April 11-12, 2001.
Washington, DC. For more information: http://www.pandab.org/
National Summit on Electronic Privacy. The National Institute for
Government Innovation. April 23-24, 2001. Washington, DC. For more
information: http://www.nigi.org/
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual
Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For
more information: http://www.isoc.org/inet2001/
Call For Submissions - August 3, 2001. Workshop on Security and
Privacy in Digital Rights Management 2001. Eighth Association for
Computing Machinery (ACM) Conference on Computer and Communications
Security. November 5, 2001. For more information:
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more
information: http://www.privacy2000.org/
Learning for the Future. Business for Social Responsibility's Ninth
Annual Conference. November 7-9, 2001. Seattle, WA. For more
information: http://www.bsr.org/events/2001.asp
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 8.04 -----------------------