EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 8.05                                     March 20, 2001
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] EPIC Joins Court Challenge to Library Internet Censorship Law
[2] Privacy Coalition Sends Letter on Medical Privacy Regulations
[3] National FOI Day Activities Include Speaking on Panels, Testimony
[4] ICANN Meets in Australia
[5] International Workshop Examines Consumer Protection Guidelines
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Public Domain
[8] Upcoming Conferences and Events
[1] EPIC Joins Court Challenge to Library Internet Censorship Law
A major legal challenge to a new federal law that forces libraries to
censor constitutionally protected speech on the Internet was filed
today in U.S. District Court in Philadelphia.  EPIC joined the
American Civil Liberties Union in filing the case on behalf of public
libraries, library patrons and website authors nationwide.  The
Children's Internet Protection Act (CIPA) requires libraries that
participate in certain federal programs to install "technology
protection measures" on all of their Internet access terminals,
regardless of whether federal programs paid for the terminals or
Internet connections.  There are more than 16,000 public libraries
nationwide, and 95 percent of them currently provide Internet access
for their patrons.
Congress approved the censorship law last year even after its own
18-member panel established to study ways to protect children online
rejected the idea because of the risk that "protected, harmless, or
innocent speech would be accidentally or inappropriately blocked."
Nonetheless, libraries must now install "blocking technology measures"
to prevent access to material that is "obscene, child pornography," or
"harmful to minors," or forfeit much-needed federal funds.  As today's
lawsuit points out, even the makers of the blocking programs touted by
the law's proponents do not claim to block only the categories of
material that CIPA designates.  Additionally, as documented by EPIC's
"Faulty Filters" report and other studies, the programs routinely and
inexplicably block sites that clearly do not fall under the categories
proscribed by the law.  The installation of such programs in public
libraries therefore has significant free speech implications.
The lawsuit also challenges CIPA on privacy grounds.  The law provides
that library patrons engaged in "bona fide research" may request that
they be given access to material blocked by a filtering system.  But
such a procedure, according to the complaint, forces libraries to
violate "patrons' privacy and anonymity rights contrary to the
longstanding practices and policies of the library community."
The American Library Association today also filed a challenge to CIPA
before the same Philadelphia court.  The cases will likely be
consolidated and heard concurrently.  Under CIPA's judicial review
provisions, a three-judge panel appointed by the Third Circuit Court
of Appeals will hear the case; any appeal of the panel's decision will
go directly to the U.S. Supreme Court, which is required to hear
challenges to the law.  EPIC is serving as co-counsel in the case.
The complaint in Multnomah County Public Library, et al. V. United
States, et al., is available at:
The text of the Children's Internet Protection Act is available at:
[2] Privacy Coalition Sends Letter on Medical Privacy Regulations
In a letter sent to the President and the Secretary of Health and
Human Services Tommy G. Thompson, a nonpartisan coalition of public
interest groups supported recently promulgated medical privacy
regulations while pointing out areas where the regulations could be
improved.  The final Health Insurance Portability and Accountability
Act (HIPAA) medical privacy regulations were released on December
20, 2000 but due to an administrative oversight were reopened for
comments early this year.  Some have seen the reopening of comments as
an opportunity to delay or weaken the privacy regulations (see EPIC
Alert 8.03).  The comment period is open until March 30 and comments
can be submitted electronically through the Department of Health and
Human Services website.
Sent on March 7th, the letter states that the HIPAA regulations offer
the first ever federal standard for the privacy of medical
information, an approach widely supported by the public.  The letter
goes on to point out that the lack of medical privacy regulations has
led patients to be less forthcoming about their medical conditions,
doctors to be more reluctant about recording personal medical
information in files, and to the stigmatization of patients leading to
difficulty in acquiring insurance or employment.  While supporting the
HIPAA regulations, the groups also point out several areas where the
regulations could be improved such as greater patient control over
information to be used for marketing, stronger requirements before law
enforcement access to medical records is granted, and assurances that
health care providers would not be able to coerce patient consent to
privacy policies by withholding medical treatment.
In related privacy news, on March 8th, the U.S. House of
Representatives Subcommittee on Commerce, Trade, and Consumer
Protection held a hearing on the European Union Data Protection
Directive.  The witnesses included: Professor Stefano Rodota, Chairman
of the EU Data Protection Working Party, Mr. David Smith, Assistant
Commissioner at the Office of the UK Information Commissioner,
Ambassador David L. Aaron, formerly of the International Trade
Administration at the U.S. Department of Commerce, Mr. Jonathan Winer,
Counsel at Altson and Bryd LLP, Professor Joel Reidenberg of Fordham
University School of Law, Ms. Barbara Lawler, Customer Privacy Manager
at Hewlett Packard, and Mr. Denise E. Henry of Bell Canada.  In his
written testimony, Professor Reidenberg stated that "United States
interests are ill-served by avoiding the creation of clear legal
privacy rights" and continued "Congress needs to act to establish a
basic set of legal protections for privacy in the United States."
The letter sent from the groups is available at:
Comments on the Department of Health and Human Services Final Privacy
Rule can be submitted at:
Testimony presented before the U.S. House of Representatives hearing
on the EU Data Protection Directive:
[3] National FOI Day Activities Include Speaking on Panels, Testimony
EPIC participated in a number of National Freedom of Information Day
activities on March 16, 2001.  Freedom of Information Day is held in
recognition of the public benefits realized from open government.
This year, its celebration coincided with James Madison's 250th
Executive Director Marc Rotenberg spoke at a panel held at the
National Press Club on privacy rights and cyber crime.  General
Counsel David Sobel spoke on a panel at the Freedom Forum on the
privacy implications associated with providing public access to court
files.  Senior Fellow David Banisar spoke at a Freedom Forum panel as
well on international freedom of information developments.  Staff
Counsel Chris Hoofnagle gave testimony to the Judicial Conference of
the United States on public access to electronic case files.
EPIC created a web page in celebration of National Freedom of
Information Day and open government.  The FOIA Gallery details EPIC's
top requests under Freedom of Information and state open records acts.
EPIC Freedom of Information Act Gallery:
Information about the 2001 National Freedom of Information Day
Conference at the Freedom Forum:
[4] ICANN Meets in Australia
The Internet Corporation for Assigned Names and Numbers (ICANN)
recently held one of its quarterly meetings in Melbourne, Australia on
March 9-13.  Notably, it was the first ICANN meeting in which the five
At Large elected Board of Directors participated.  Also, despite the
short amount of time since the first At Large elections and in which
At Large Directors have had to work, ICANN also took its first steps
towards the formation of an At Large Study Committee that will
re-examine the concept of At Large membership.  ICANN representatives
have previously stated in public and Congressional hearings that the
At Large, and its election of nine members of the Board of Directors,
will be an integral part of ICANN.
The five At Large Directors, as well as the rest of the Board, will
also face their first tough decision over what was certainly the most
controversial topic at the meeting - the renegotiated contracts
between ICANN and Verisign (current owner of Network Solutions, Inc.).
To the surprise of the Internet community, ICANN staff had
renegotiated a new contract that would offer Verisign control over the
.com top level domain for the foreseeable future and which would see
.org relinquished as soon as next year.  In addition to the envisioned
separation of .com, .net and .org, some ICANN personnel have also
said that they would try to return .org to its original purpose as an
area for non-profit organizations rather than for the more general
purposes it has been used for in recent years.
In conjunction with the ICANN meeting, the Civil Society Internet
Forum (CSIF) held a series of meetings on the At Large membership as
well as other cyber-liberties issues.  Sponsored by Electronic
Frontiers Australia (EFA), the meetings examined a range of issues and
brought together Internet activists from around the world (see EPIC
Alert 8.04).  The CSIF first formed during the Yokohama ICANN meeting
that took place in July 2000.
Information about these issues, as well as other general background
on ICANN, is available at:
Minutes of the CSIF meetings as well as other information about the
organization is available at:
[5] International Workshop Examines Consumer Protection Guidelines
On March 13-14, the Organization for Economic Co-operation and
Development (OECD) held a workshop in Berlin examining its e-commerce
consumer protection guidelines released in December 1999.  Due to the
growing number of international business to consumer transactions, the
OECD is attempting to coordinate varying national policies on a range
of consumer issues.  The guidelines address topics such as advertising
and marketing practices, payment mechanisms, dispute resolution,
privacy and consumer education.
At the workshop, OECD staff, national delegates and international
consumer and business organizations discussed business to consumer
(B2C) e-commerce statistics, government and industry implementation of
the OECD consumer protection guidelines, and steps to increase
international cooperation.  After the workshop, the OECD will continue
to solicit public comments on its efforts in e-commerce consumer
For more information about the OECD Consumer Protection guidelines,
the Berlin workshop or to submit comments:
For other information about international consumer protection issues:
[6] EPIC Bill-Track: New Bills in Congress
H.R.90 Know Your Caller Act. A bill to amend the Communications Act of
1934 to prohibit telemarketers from interfering with the caller
identification service of any person to whom a telephone solicitation
is made, and for other purposes. Sponsor: Rep. Frelinghuysen, Rodney P
(R-NJ). Latest Major Action: 3/12/2001 House preparation for floor.
H.R.333 Bankruptcy Abuse Prevention and Consumer Protection Act of
2001. To amend title 11, United States Code, and for other purposes.
Sponsor: Rep Gekas, George W. (R-IA). Latest Major Action: 3/5/2001
Received in the Senate. Read twice. Placed on Senate Legislative
Calendar under General Orders. Calendar No. 17.
H.R.733 Parent-Child Privilege Act of 2001. To amend the Federal Rules
of Evidence to establish a parent-child privilege. Sponsor: Rep
Andrews, Robert E. (D-NJ). Latest Major Action: 2/27/2001 Referred to
House committee: House Judiciary.
H.R.751 Religious Communication Sanctity Act of 2001. To amend title
18, United States Code, to protect the sanctity of religious
communications. Sponsor: Rep King, Peter T. (R-NY). Latest Major
Action: 2/27/2001 Referred to House committee: House Judiciary.
H.R.1017 Anti-Spamming Act of 2001. To prohibit the unsolicited e-mail
known as spam. Sponsor: Rep Goodlatte, Bob (R-VA). Latest Major
Action: 3/14/2001 Referred to House committee: House Judiciary.
S.420 Bankruptcy Reform Act of 2001. An original bill to amend title
II, United States Code, and for other purposes. Sponsor: Sen Grassley,
Charles E. (R-IA). Latest Major Action: 3/15/2001 Passed/agreed to in
S.450 Financial Institution Privacy Protection Act of 2001. A bill to
amend the Gramm-Leach-Bliley Act to provide for enhanced protection of
nonpublic personal information, including health information, and for
other purposes. Sponsor: Sen Nelson, Bill (D-FL). Latest Major Action:
3/1/2001 Referred to Senate committee.
S.451 Social Security Number Protection Act of 2001. A bill to
establish civil and criminal penalties for the sale or purchase of a
social security number. Sponsor: Sen Nelson, Bill (D-FL). Latest Major
Action: 3/1/2001 Referred to Senate committee.
S.536 Freedom From Behavioral Profiling Act of 2000. A bill to amend
the Gramm-Leach-Bliley Act to provide for a limitation on sharing of
marketing and behavioral profiling information, and for other
purposes. Sponsor: Sen Shelby, Richard C. (R-AL). Latest Major Action:
3/14/2001 Referred to Senate committee: Senate Banking, Housing, and
Urban Affairs.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - The Public Domain
The Public Domain: How to Find Copyright-Free Writings, Music, Art and
More by Stephen Fishman
Even though grade-school teachers have told us otherwise for years,
you can copy other people's creative work and get away with it.  How?
By dipping into the public domain, where everything is free for the
The first book of its kind, The Public Domain is the definitive guide
to the creative works that are not protected by copyright and can be
copied freely or otherwise used without paying permission fees.
The book explains step-by-step how to recognize when a work is in the
public domain.  Chapters cover: writings, music, art, architecture,
maps, choreography, photography, film and video, computer software and
The book also lists hundreds of resources, such as websites, libraries
and archives, useful for locating public domain works.
Destined to become a classic reference guide, The Public Domain is
indispensable for anyone who deals with creative works, including
publishers, web developers, writers, musicians and composers, artists,
librarians, photographers and filmmakers.
For other books recommended by EPIC, browse the EPIC Bookshelf at:
EPIC Publications:
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
"Filters and Freedom: Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Privacy. New School University. March 23-24, 2001. Budapest, Hungary.
For more information: http://www.socres.org/budapest/
Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu
Call For Papers - March 31, 2001 (prizes available for graduate
student papers). The 29th Research Conference on Communication,
Information and Internet Policy. October 27-29, 2001. Alexandria, VA.
For more information: http://www.tprc.org
BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer,
Inc. April 4, 2001. Washington, DC. For more information:
First International Conference on Human Aspects of the Information
Society. Information Management Research Institute, University of
Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne,
England. For more information: http://is.northumbria.ac.uk/imri
Corporate Privacy Officers Program 2001: Washington Briefing and Peer
Workshop. Privacy and American Business. April 11-12, 2001.
Washington, DC. For more information: http://www.pandab.org/
National Summit on Electronic Privacy. The National Institute for
Government Innovation. April 23-24, 2001. Washington, DC. For more
information: http://www.nigi.org/
The First Annual Privacy and Data Protection Summit. Privacy Officers
Association. May 2-4, 2001. Arlington, VA. For more information:
The 26th Annual AAAS Colloquium on Science and Technology Policy.
American Association for the Advancement of Science. May 3-4, 2001.
Washington, DC. For more information:
Future of the Internet: Preserving the Internet's Openness, Freedom,
and Diversity. Center for Media Education and Center for Digital
Democracy. May 9, 2001. Washington, DC. For more information:
The Internet and State Security Forum (ISSF). Cambridge Review of
International Affairs. May 19, 2001. Cambridge, England. For more
information: http://www.cria.org.uk/
The Internet Security Conference (TISC) 2001. Core Competence, Inc.
June 4-8, 2001. Los Angeles, CA. For more information:
INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual
Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For
more information: http://www.isoc.org/inet2001/
ETHICOMP 2001: Systems of the Information Society. Telecommunications
and Informatics Technical University of Gdansk, Poland. June 18-20,
2001. Gdansk, Poland. For more information:
Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June
27-29, 2001. Stockholm, Sweden. For more information:
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Study
of Technology in Organizations, Institute for Environment, Philosophy
and Public Policy. December 14-16, 2001. For more information:
Call For Submissions - August 3, 2001. Workshop on Security and
Privacy in Digital Rights Management 2001. Eighth Association for
Computing Machinery (ACM) Conference on Computer and Communications
Security. November 5, 2001. For more information:
ICSC 2001: International Conference on Social Computing. University of
Bremen. October 1-3, 2001. Bremen, Germany. For more information:
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more
information: http://www.privacy2000.org/
Learning for the Future. Business for Social Responsibility's Ninth
Annual Conference. November 7-9, 2001. Seattle, WA. For more
information: http://www.bsr.org/events/2001.asp
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 8.05 -----------------------