============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.04 March 1, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.04.html ======================================================================= Table of Contents ======================================================================= [1] Federal Court Dismisses Message Board Libel Case [2] EPIC Testifies at Congressional Hearing on Consumer Privacy [3] Civil Society and At-Large Meetings at ICANN Melbourne [4] Update: N2H2 Ends Relationship with Roper Starch [5] NIST Seeks Comments on Advanced Encryption Standard [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - The Hacker Ethic [8] Upcoming Conferences and Events ======================================================================= [1] Federal Court Dismisses Message Board Libel Case ======================================================================= A federal court in California has dismissed a libel suit against two individuals who criticized a publicly traded company on an Internet message board. In an opinion issued on February 23, U.S. District Judge David O. Carter found that the individuals were exercising their rights to free speech under the First Amendment and that their postings contained expressions of opinion and not statements of fact. The decision is significant because it goes to the heart of the dozens of so-called "John Doe" lawsuits that have been filed against anonymous Internet posters. The majority of the cases, which raise significant privacy and free speech issues, are filed by companies claiming that postings contained on online message boards are defamatory. The plaintiff companies typically issue subpoenas to the message board operators, such as Yahoo! and Raging Bull, seeking the identities of the anonymous posters. Increasingly, the "John Does" are fighting back, arguing that the courts should disallow such subpoenas unless the suing companies can show that their underlying legal claims are legitimate. Several courts have recently agreed to require such showings (see EPIC Alert 7.21). In the recent decision, Judge Carter found that Global Telemedia International, Inc. (GTMI) had failed to demonstrate that negative postings about the company on a Raging Bull message board constituted actionable defamation and interference with economic prospects. In what is believed to be the first ruling of its kind, the court held that, as a general matter, Internet message boards almost always consist of protected opinions, which cannot constitute defamation. Judge Carter determined that the statements at issue were expressions of opinion under the "totality of the circumstances" test and considered the statements in their broad context, which includes the general tenor and format of the entire message board. He noted that [t]he statements were posted anonymously in the general cacophony of an internet chat-room which posts around 1,000 messages a week on GTMI. The postings at issue were anonymous as are all the other postings in the chat-room. They were part of an on-going, free-wheeling and highly animated exchange about GTMI and its turbulent history. ... Importantly, the postings are full of hyperbole, invective, short-hand phrases and language not generally found in fact-based documents, such as corporate press releases and SEC filings. The case is Global Telemedia International, Inc., et al. v. Doe 1, et al., No. 00-1155 (C.D. Cal.). ======================================================================= [2] EPIC Testifies at Congressional Hearing on Consumer Privacy ======================================================================= On March 1, the U.S. House of Representatives Subcommittee on Commerce, Trade and Consumer Protection held a hearing on "Privacy in the Commercial World," the first House hearing on privacy in the 107th Congress. The witnesses at the hearing included: Professor Fred H. Cate from the Indiana University School of Law-Bloomington, Professor Eugene Volokh from the UCLA School of Law, Professor Paul H. Rubin from the Emory University School of Law, Ms. Solveig Singleton from the Competitive Enterprise Institute, Mr. Marc Rotenberg of the Electronic Privacy Information Center, and Professor Chai R. Feldblum of Georgetown University Law Center. Rather than addressing a specific bill introduced by a member of the Subcommittee, the hearing aimed to address privacy as a general topic and thus discuss many of the underlying issues to consider about privacy legislation. The Subcommittee, a subset of the House Committee on Energy and Commerce, is one of the subcommittees that will likely address future privacy bills in the 107th Congress. The witnesses presented wide-ranging views on a variety of topics. EPIC's testimony discussed the development of privacy law in the commercial world and the role of technology. The testimony makes several points including: the protection of privacy in law is central to the American legal tradition; privacy law allocates rights and responsibilities and ensures fairness and transparency in the collection and use of personal information; privacy laws respond to new technologies; privacy protection by self-regulation is a recent development; genuine privacy enhancing technologies (PETs) limit or eliminate the collection of personally identifiable information; free expression and privacy protection are complimentary values; federal privacy legislation typically does not preempt state law; and public support for privacy protection is a significant consideration in the legislative process. EPIC's Testimony on Privacy in the Commercial World is available at: http://www.epic.org/privacy/testimony_0301.html Information about the Subcommittee on Commerce, Trade and Consumer Protection hearing: http://www.house.gov/commerce/hearings/0301200143/03012001.htm ======================================================================= [3] Civil Society and At-Large Meetings at ICANN Melbourne ======================================================================= At the upcoming Internet Corporation for Assigned Names and Numbers (ICANN) meeting in Melbourne, Electronic Frontiers Australia will be hosting a series of public meetings on ICANN and civil liberties issues. The meetings are sponsored by the Civil Society Internet Forum (CSIF) and the Interim Coordinating Committee (ICC). The first meeting, on "Internet Democracy and the Global At-Large Membership," will take place on Friday, March 9th. To be moderated by Kimberley Heitman, Chairman of Electronic Frontiers Australia (EFA), the session will discuss a range of topics including: a general overview of ICANN; the ICANN Marina del Rey meeting; reports from the At-Large Board of Directors; the Internet Coordinating Committee; the ICANN At-Large Study; the recent gTLD selection; consensus processes for the At-Large membership; and CSIF as the Third Force. The second meeting, on "Civil Liberties," to be chaired by Professor Toshimaru Ogura of JCA-Net, will take place on Saturday, March 10th. This second session will cover a number of issues including: privacy, encryption, wiretapping, free speech, censorship, filtering and rating, Digital Divide and Global Civil Society. More information about the meetings is available at: http://www.efa.org.au/Publish/icanninmelb.html Information about the ICANN meeting in Melbourne, Australia: http://www.icannmelb.maddocks.com.au/ ======================================================================= [4] Update: N2H2 Ends Relationship with Roper Starch ======================================================================= Internet filtering company N2H2 announced last week that it will no longer sell the data it collects on schoolchildren through the use of its "Bess" Internet filtering software. N2H2 had sold this data as part of its "Class Clicks" report, a compilation of statistics detailing what web sites children visit. The data from Class Clicks was sold to Roper Starch Worldwide, a marketing research firm, and to the U.S. Department of Defense (see EPIC Alert 8.02). EPIC had filed a series of Freedom of Information Act requests to determine what information N2H2 was providing to the Department of Defense. In addition, Responsible Netizen, Commercial Alert, and the Center for a Commercial-Free Public Education brought public attention to schoolhouse profiling and commercialization of public schools. N2H2's announcement is a welcome one, but the privacy challenges of online profiling in schools remain. Although N2H2 will no longer sell Class Clicks, the company continues to collect information on the fourteen million children who use the Bess filter. Legislation has been introduced to stem the commercial profiling of children in schools. S. 290, the Student Privacy Protection Act, would restrict the commercial gathering of information in the schoolhouse. The bill requires schools to give notice and gain parental consent before engaging in any commercial collection of information from students. EPIC's Freedom of Information Act request to the Department of Defense is available at: http://www.epic.org/open_gov/dodfoian2h2.html S. 290, the Student Privacy Protection Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.00290: ======================================================================= [5] NIST Seeks Comments on Advanced Encryption Standard ======================================================================= On February 28, the National Institute of Standards and Technology (NIST) announced that it is seeking comments on a draft Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard (AES). NIST earlier selected the algorithm, known as Rijndael, for the AES in October 2000 (see EPIC Alert 7.18). The draft FIPS explains this selection in detail and specifies technology that can be used to protect confidential electronic information. AES will replace the Data Encryption Standard (DES), adopted by the federal government as the official encryption standard since 1977. The weakness of the DES, which relied on 56-bit encryption keys, was clearly demonstrated by a series of DES Cracker Projects sponsored by RSA Laboratories in 1997, 1998 and 1999. Comments from the public on the security of AES must be received on or before May 29. They will be analyzed by NIST and incorporated, as appropriate, into the draft FIPS before being sent to the Secretary of Commerce for formal approval. For more information on how to submit comments, see the Federal Register Announcement at: http://csrc.nist.gov/encryption/aes/fr-AES-200102.html For complete AES-related information, visit the AES home page at: http://www.nist.gov/aes ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.602 Genetic Nondiscrimination in Health Insurance and Employment Act. To prohibit discrimination on the basis of genetic information with respect to health insurance. Sponsor: Rep Slaughter, Louise McIntosh (D-NY). Latest Major Action: 2/13/2001 Referred to House committee: House Education and the Workforce; House Energy and Commerce; House Ways and Means. H.R.718 Unsolicited Commercial Electronic Mail Act of 2001. To protect individuals, families, and Internet service providers from unsolicited and unwanted electronic mail. Sponsor: Rep Wilson, Heather (R-NM). Latest Major Action: 2/14/2001 Referred to House committee: House Energy and Commerce; House Judiciary. *Senate* S.318 Genetic Nondiscrimination in Health Insurance and Employment Act. A bill to prohibit discrimination on the basis of genetic information with respect to health insurance. Sponsor: Sen Daschle, Thomas A. (D-SD). Latest Major Action: 2/13/2001 Referred to Senate committee: Senate Health, Education, Labor, and Pensions. S.324 Social Security Number Privacy Act of 2001. A bill to amend the Gramm-Leach-Bliley Act, to prohibit the sale and purchase of the social security number of an individual by financial institutions, to include social security numbers in the definition of nonpublic personal information, and for other purposes. Sponsor: Sen Shelby, Richard C. (R-AL) Latest Major Action: 2/14/2001 Referred to Senate committee: Senate Banking, Housing, and Urban Affairs. S.382 Genetic Information Nondiscrimination in Health Insurance Act of 2001. A bill to prohibit discrimination on the basis of genetic information with respect to health insurance. Sponsor: Sen Snowe, Olympia J. (R-ME). Latest Major Action: 2/15/2001 Referred to Senate committee: Senate Health, Education, Labor, and Pensions. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - The Hacker Ethic ======================================================================= The Hacker Ethic & the Spirit of the Information Age by Pekka Himanen, Linus Torvalds (Prologue), and Manuel Castells (Epilogue) http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/ search&searchtype=isbn&searchfor=0375505660 Nearly a century ago, Max Weber's The Protestant Ethic and the Spirit of Capitalism articulated the animating spirit of the industrial age, the Protestant ethic. Now, Pekka Himanen -- together with Linus Torvalds and Manuel Castells -- articulates how hackers* represent a new, opposing ethos for the information age. Underlying hackers' technical creations -- such as the Internet and the personal computers, which have become symbols of our time -- are the hacker values that produced them and challenge us all. These values promote passionate and freely rhythmed work; the belief that individuals can create great things by joining forces in imaginative ways; and the need to maintain our existing ethical ideals, such as privacy and equality, in our new, increasingly technologized society. The Hacker Ethic takes us on a journey through fundamental questions about life in the information age -- a trip of constant surprises, after which our time and our lives can be seen from unexpected perspectives. * In the original meaning of the word, hackers are enthusiastic computer programmers who share their work with others; they are not computer criminals. For other books recommended by EPIC, browse the EPIC Bookshelf at: http://www.powells.com/features/epic/epic.html ================================ EPIC Publications: "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Privacy & Human Rights 2000: An International Survey of Privacy Laws and Developments," David Banisar, author (EPIC 2000). Price: $20. http://www.epic.org/phr/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2000: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000). Price: $40. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "Filters and Freedom: Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= The Second National HIPAA Summit: The Leading Forum on Healthcare Privacy, Confidentiality, Data Security and HIPAA Compliance. March 1-2, 2001. Washington, DC. For more information: http://www.hipaasummit.com/ Wiretapping the Net. Harvard Information Infrastructure Project Seminar. March 5, 2001. Cambridge, MA. For more information: http://www.ksg.harvard.edu/iip/HIIP-Seminar.html None of Your Business: The Politics and Business Implications of Privacy. New York New Media Association. March 6, 2001. New York, NY. For more information: http://www.nynma.org/ CFP 2001: the Eleventh Conference on Computers, Freedom and Privacy. March 6-9, 2001. Cambridge, MA. For more information: http://www.cfp2001.org/ Consumer Assembly 2001: New Issues in a New Political and Economic Era. Consumer Federation of America. March 8-9, 2001. Washington, DC. For more information: http://www.consumerfed.org/events.html Reclaiming the American Commons. The New America Foundation. March 12, 2001. Washington, DC. For more information: http://www.newamerica.net/ Freedom of Expression: New and Existing Challenges. Organization for Security and Co-operation in Europe, Office for Democratic Institutions and Human Rights. March 12-13, 2001. Vienna, Austria. For more information: http://www.osce.org/odihr/meetings.htm The Information Marketplace: Merging and Exchanging Consumer Data. Federal Trade Commission. March 13, 2001. Washington, DC. For more information: http://www.ftc.gov/bcp/workshops/infomktplace/ EUROSEC 2001: Forum sur la Sécurité des Systèmes d'Information. XP Conseil. March 13-15, 2001. Paris, France. For more information: http://www.xpconseil.com/eurosec2001/ Privacy. New School University. March 23-24, 2001. Budapest, Hungary. For more information: http://www.socres.org/budapest/ Online, Offshore and Cross-Border: Regulating Global E-Commerce. Washington College of Law, American University. March 30, 2001. Washington, DC. For more information: http://www.wcl.american.edu Call For Papers - March 31, 2001 (prizes available for graduate student papers). The 29th Research Conference on Communication, Information and Internet Policy. October 27-29, 2001. Alexandria, VA. For more information: http://www.tprc.org BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer, Inc. April 4, 2001. Washington, DC. For more information: http://www.pf.com/ First International Conference on Human Aspects of the Information Society. Information Management Research Institute, University of Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne, England. For more information: http://is.northumbria.ac.uk/imri Corporate Privacy Officers Program 2001: Washington Briefing and Peer Workshop. Privacy and American Business. April 11-12, 2001. Washington, DC. For more information: http://www.pandab.org/ National Summit on Electronic Privacy. The National Institute for Government Innovation. April 23-24, 2001. Washington, DC. For more information: http://www.nigi.org/ The 26th Annual AAAS Colloquium on Science and Technology Policy. American Association for the Advancement of Science. May 3-4, 2001. Washington, DC. For more information: http://www.aaas.org/spp/dspp/rd/colloqu.htm The Internet Security Conference (TISC) 2001. Core Competence, Inc. June 4-8, 2001. Los Angeles, CA. For more information: http://www.tisc2001.com/ INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For more information: http://www.isoc.org/inet2001/ Call For Submissions - August 3, 2001. Workshop on Security and Privacy in Digital Rights Management 2001. Eighth Association for Computing Machinery (ACM) Conference on Computer and Communications Security. November 5, 2001. For more information: http://www.star-lab.com/sander/spdrm/ Privacy2001: Information, Security & Ethics for the New Century. Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more information: http://www.privacy2000.org/ Learning for the Future. Business for Social Responsibility's Ninth Annual Conference. November 7-9, 2001. Seattle, WA. For more information: http://www.bsr.org/events/2001.asp ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921 Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.04 ----------------------- .