============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.05 March 20, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.05.html ======================================================================= Table of Contents ======================================================================= [1] EPIC Joins Court Challenge to Library Internet Censorship Law [2] Privacy Coalition Sends Letter on Medical Privacy Regulations [3] National FOI Day Activities Include Speaking on Panels, Testimony [4] ICANN Meets in Australia [5] International Workshop Examines Consumer Protection Guidelines [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - The Public Domain [8] Upcoming Conferences and Events ======================================================================= [1] EPIC Joins Court Challenge to Library Internet Censorship Law ======================================================================= A major legal challenge to a new federal law that forces libraries to censor constitutionally protected speech on the Internet was filed today in U.S. District Court in Philadelphia. EPIC joined the American Civil Liberties Union in filing the case on behalf of public libraries, library patrons and website authors nationwide. The Children's Internet Protection Act (CIPA) requires libraries that participate in certain federal programs to install "technology protection measures" on all of their Internet access terminals, regardless of whether federal programs paid for the terminals or Internet connections. There are more than 16,000 public libraries nationwide, and 95 percent of them currently provide Internet access for their patrons. Congress approved the censorship law last year even after its own 18-member panel established to study ways to protect children online rejected the idea because of the risk that "protected, harmless, or innocent speech would be accidentally or inappropriately blocked." Nonetheless, libraries must now install "blocking technology measures" to prevent access to material that is "obscene, child pornography," or "harmful to minors," or forfeit much-needed federal funds. As today's lawsuit points out, even the makers of the blocking programs touted by the law's proponents do not claim to block only the categories of material that CIPA designates. Additionally, as documented by EPIC's "Faulty Filters" report and other studies, the programs routinely and inexplicably block sites that clearly do not fall under the categories proscribed by the law. The installation of such programs in public libraries therefore has significant free speech implications. The lawsuit also challenges CIPA on privacy grounds. The law provides that library patrons engaged in "bona fide research" may request that they be given access to material blocked by a filtering system. But such a procedure, according to the complaint, forces libraries to violate "patrons' privacy and anonymity rights contrary to the longstanding practices and policies of the library community." The American Library Association today also filed a challenge to CIPA before the same Philadelphia court. The cases will likely be consolidated and heard concurrently. Under CIPA's judicial review provisions, a three-judge panel appointed by the Third Circuit Court of Appeals will hear the case; any appeal of the panel's decision will go directly to the U.S. Supreme Court, which is required to hear challenges to the law. EPIC is serving as co-counsel in the case. The complaint in Multnomah County Public Library, et al. V. United States, et al., is available at: http://www.epic.org/free_speech/CIPA/complaint.pdf The text of the Children's Internet Protection Act is available at: http://www.ifea.net/cipa.html ======================================================================= [2] Privacy Coalition Sends Letter on Medical Privacy Regulations ======================================================================= In a letter sent to the President and the Secretary of Health and Human Services Tommy G. Thompson, a nonpartisan coalition of public interest groups supported recently promulgated medical privacy regulations while pointing out areas where the regulations could be improved. The final Health Insurance Portability and Accountability Act (HIPAA) medical privacy regulations were released on December 20, 2000 but due to an administrative oversight were reopened for comments early this year. Some have seen the reopening of comments as an opportunity to delay or weaken the privacy regulations (see EPIC Alert 8.03). The comment period is open until March 30 and comments can be submitted electronically through the Department of Health and Human Services website. Sent on March 7th, the letter states that the HIPAA regulations offer the first ever federal standard for the privacy of medical information, an approach widely supported by the public. The letter goes on to point out that the lack of medical privacy regulations has led patients to be less forthcoming about their medical conditions, doctors to be more reluctant about recording personal medical information in files, and to the stigmatization of patients leading to difficulty in acquiring insurance or employment. While supporting the HIPAA regulations, the groups also point out several areas where the regulations could be improved such as greater patient control over information to be used for marketing, stronger requirements before law enforcement access to medical records is granted, and assurances that health care providers would not be able to coerce patient consent to privacy policies by withholding medical treatment. In related privacy news, on March 8th, the U.S. House of Representatives Subcommittee on Commerce, Trade, and Consumer Protection held a hearing on the European Union Data Protection Directive. The witnesses included: Professor Stefano Rodota, Chairman of the EU Data Protection Working Party, Mr. David Smith, Assistant Commissioner at the Office of the UK Information Commissioner, Ambassador David L. Aaron, formerly of the International Trade Administration at the U.S. Department of Commerce, Mr. Jonathan Winer, Counsel at Altson and Bryd LLP, Professor Joel Reidenberg of Fordham University School of Law, Ms. Barbara Lawler, Customer Privacy Manager at Hewlett Packard, and Mr. Denise E. Henry of Bell Canada. In his written testimony, Professor Reidenberg stated that "United States interests are ill-served by avoiding the creation of clear legal privacy rights" and continued "Congress needs to act to establish a basic set of legal protections for privacy in the United States." The letter sent from the groups is available at: http://www.privacypledge.org/hipaa.html Comments on the Department of Health and Human Services Final Privacy Rule can be submitted at: http://aspe.hhs.gov/admnsimp/ Testimony presented before the U.S. House of Representatives hearing on the EU Data Protection Directive: http://www.house.gov/commerce/hearings/03082001-49/08082001.htm ======================================================================= [3] National FOI Day Activities Include Speaking on Panels, Testimony ======================================================================= EPIC participated in a number of National Freedom of Information Day activities on March 16, 2001. Freedom of Information Day is held in recognition of the public benefits realized from open government. This year, its celebration coincided with James Madison's 250th birthday. Executive Director Marc Rotenberg spoke at a panel held at the National Press Club on privacy rights and cyber crime. General Counsel David Sobel spoke on a panel at the Freedom Forum on the privacy implications associated with providing public access to court files. Senior Fellow David Banisar spoke at a Freedom Forum panel as well on international freedom of information developments. Staff Counsel Chris Hoofnagle gave testimony to the Judicial Conference of the United States on public access to electronic case files. EPIC created a web page in celebration of National Freedom of Information Day and open government. The FOIA Gallery details EPIC's top requests under Freedom of Information and state open records acts. EPIC Freedom of Information Act Gallery: http://www.epic.org/open_gov/foiagallery.html Information about the 2001 National Freedom of Information Day Conference at the Freedom Forum: http://www.freedomforum.org/templates/document.asp?documentID=13193 ======================================================================= [4] ICANN Meets in Australia ======================================================================= The Internet Corporation for Assigned Names and Numbers (ICANN) recently held one of its quarterly meetings in Melbourne, Australia on March 9-13. Notably, it was the first ICANN meeting in which the five At Large elected Board of Directors participated. Also, despite the short amount of time since the first At Large elections and in which At Large Directors have had to work, ICANN also took its first steps towards the formation of an At Large Study Committee that will re-examine the concept of At Large membership. ICANN representatives have previously stated in public and Congressional hearings that the At Large, and its election of nine members of the Board of Directors, will be an integral part of ICANN. The five At Large Directors, as well as the rest of the Board, will also face their first tough decision over what was certainly the most controversial topic at the meeting - the renegotiated contracts between ICANN and Verisign (current owner of Network Solutions, Inc.). To the surprise of the Internet community, ICANN staff had renegotiated a new contract that would offer Verisign control over the .com top level domain for the foreseeable future and which would see .org relinquished as soon as next year. In addition to the envisioned separation of .com, .net and .org, some ICANN personnel have also said that they would try to return .org to its original purpose as an area for non-profit organizations rather than for the more general purposes it has been used for in recent years. In conjunction with the ICANN meeting, the Civil Society Internet Forum (CSIF) held a series of meetings on the At Large membership as well as other cyber-liberties issues. Sponsored by Electronic Frontiers Australia (EFA), the meetings examined a range of issues and brought together Internet activists from around the world (see EPIC Alert 8.04). The CSIF first formed during the Yokohama ICANN meeting that took place in July 2000. Information about these issues, as well as other general background on ICANN, is available at: http://www.internetdemocracyproject.org/ Minutes of the CSIF meetings as well as other information about the organization is available at: http://www.csif.net/ ======================================================================= [5] International Workshop Examines Consumer Protection Guidelines ======================================================================= On March 13-14, the Organization for Economic Co-operation and Development (OECD) held a workshop in Berlin examining its e-commerce consumer protection guidelines released in December 1999. Due to the growing number of international business to consumer transactions, the OECD is attempting to coordinate varying national policies on a range of consumer issues. The guidelines address topics such as advertising and marketing practices, payment mechanisms, dispute resolution, privacy and consumer education. At the workshop, OECD staff, national delegates and international consumer and business organizations discussed business to consumer (B2C) e-commerce statistics, government and industry implementation of the OECD consumer protection guidelines, and steps to increase international cooperation. After the workshop, the OECD will continue to solicit public comments on its efforts in e-commerce consumer protection. For more information about the OECD Consumer Protection guidelines, the Berlin workshop or to submit comments: http://www.oecd.org/dsti/sti/it/secur/act/Berlin/Berlin_workshop.htm For other information about international consumer protection issues: http://www.tacd.org/ ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.90 Know Your Caller Act. A bill to amend the Communications Act of 1934 to prohibit telemarketers from interfering with the caller identification service of any person to whom a telephone solicitation is made, and for other purposes. Sponsor: Rep. Frelinghuysen, Rodney P (R-NJ). Latest Major Action: 3/12/2001 House preparation for floor. H.R.333 Bankruptcy Abuse Prevention and Consumer Protection Act of 2001. To amend title 11, United States Code, and for other purposes. Sponsor: Rep Gekas, George W. (R-IA). Latest Major Action: 3/5/2001 Received in the Senate. Read twice. Placed on Senate Legislative Calendar under General Orders. Calendar No. 17. H.R.733 Parent-Child Privilege Act of 2001. To amend the Federal Rules of Evidence to establish a parent-child privilege. Sponsor: Rep Andrews, Robert E. (D-NJ). Latest Major Action: 2/27/2001 Referred to House committee: House Judiciary. H.R.751 Religious Communication Sanctity Act of 2001. To amend title 18, United States Code, to protect the sanctity of religious communications. Sponsor: Rep King, Peter T. (R-NY). Latest Major Action: 2/27/2001 Referred to House committee: House Judiciary. H.R.1017 Anti-Spamming Act of 2001. To prohibit the unsolicited e-mail known as spam. Sponsor: Rep Goodlatte, Bob (R-VA). Latest Major Action: 3/14/2001 Referred to House committee: House Judiciary. *Senate* S.420 Bankruptcy Reform Act of 2001. An original bill to amend title II, United States Code, and for other purposes. Sponsor: Sen Grassley, Charles E. (R-IA). Latest Major Action: 3/15/2001 Passed/agreed to in Senate. S.450 Financial Institution Privacy Protection Act of 2001. A bill to amend the Gramm-Leach-Bliley Act to provide for enhanced protection of nonpublic personal information, including health information, and for other purposes. Sponsor: Sen Nelson, Bill (D-FL). Latest Major Action: 3/1/2001 Referred to Senate committee. S.451 Social Security Number Protection Act of 2001. A bill to establish civil and criminal penalties for the sale or purchase of a social security number. Sponsor: Sen Nelson, Bill (D-FL). Latest Major Action: 3/1/2001 Referred to Senate committee. S.536 Freedom From Behavioral Profiling Act of 2000. A bill to amend the Gramm-Leach-Bliley Act to provide for a limitation on sharing of marketing and behavioral profiling information, and for other purposes. Sponsor: Sen Shelby, Richard C. (R-AL). Latest Major Action: 3/14/2001 Referred to Senate committee: Senate Banking, Housing, and Urban Affairs. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - The Public Domain ======================================================================= The Public Domain: How to Find Copyright-Free Writings, Music, Art and More by Stephen Fishman http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/ search&searchtype=isbn&searchfor=0873374339 Even though grade-school teachers have told us otherwise for years, you can copy other people's creative work and get away with it. How? By dipping into the public domain, where everything is free for the taking. The first book of its kind, The Public Domain is the definitive guide to the creative works that are not protected by copyright and can be copied freely or otherwise used without paying permission fees. The book explains step-by-step how to recognize when a work is in the public domain. Chapters cover: writings, music, art, architecture, maps, choreography, photography, film and video, computer software and databases. The book also lists hundreds of resources, such as websites, libraries and archives, useful for locating public domain works. Destined to become a classic reference guide, The Public Domain is indispensable for anyone who deals with creative works, including publishers, web developers, writers, musicians and composers, artists, librarians, photographers and filmmakers. For other books recommended by EPIC, browse the EPIC Bookshelf at: http://www.powells.com/features/epic/epic.html ================================ EPIC Publications: "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Privacy & Human Rights 2000: An International Survey of Privacy Laws and Developments," David Banisar, author (EPIC 2000). Price: $20. http://www.epic.org/phr/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2000: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000). Price: $40. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "Filters and Freedom: Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Privacy. New School University. March 23-24, 2001. Budapest, Hungary. For more information: http://www.socres.org/budapest/ Online, Offshore and Cross-Border: Regulating Global E-Commerce. Washington College of Law, American University. March 30, 2001. Washington, DC. For more information: http://www.wcl.american.edu Call For Papers - March 31, 2001 (prizes available for graduate student papers). The 29th Research Conference on Communication, Information and Internet Policy. October 27-29, 2001. Alexandria, VA. For more information: http://www.tprc.org BNA Public Policy Forum: Cybersecurity and Privacy. Pike and Fischer, Inc. April 4, 2001. Washington, DC. For more information: http://www.pf.com/ First International Conference on Human Aspects of the Information Society. Information Management Research Institute, University of Northumbria at Newcastle. April 9-11, 2001. Newcastle upon Tyne, England. For more information: http://is.northumbria.ac.uk/imri Corporate Privacy Officers Program 2001: Washington Briefing and Peer Workshop. Privacy and American Business. April 11-12, 2001. Washington, DC. For more information: http://www.pandab.org/ National Summit on Electronic Privacy. The National Institute for Government Innovation. April 23-24, 2001. Washington, DC. For more information: http://www.nigi.org/ The First Annual Privacy and Data Protection Summit. Privacy Officers Association. May 2-4, 2001. Arlington, VA. For more information: http://www.privacyassociation.org The 26th Annual AAAS Colloquium on Science and Technology Policy. American Association for the Advancement of Science. May 3-4, 2001. Washington, DC. For more information: http://www.aaas.org/spp/dspp/rd/colloqu.htm Future of the Internet: Preserving the Internet's Openness, Freedom, and Diversity. Center for Media Education and Center for Digital Democracy. May 9, 2001. Washington, DC. For more information: agoldman@cme.org The Internet and State Security Forum (ISSF). Cambridge Review of International Affairs. May 19, 2001. Cambridge, England. For more information: http://www.cria.org.uk/ The Internet Security Conference (TISC) 2001. Core Competence, Inc. June 4-8, 2001. Los Angeles, CA. For more information: http://www.tisc2001.com/ INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For more information: http://www.isoc.org/inet2001/ ETHICOMP 2001: Systems of the Information Society. Telecommunications and Informatics Technical University of Gdansk, Poland. June 18-20, 2001. Gdansk, Poland. For more information: http://www.ccsr.cse.dmu.ac.uk/conferences/ccsrconf/ethicomp2001/ Democracy Forum 2001: Democracy and the Information Revolution. International Institute for Democracy and Electoral Assistance. June 27-29, 2001. Stockholm, Sweden. For more information: http://www.idea.int/frontpage_forum2001.htm Call for Papers - June 30, 20001. CEPE2001: Computer Ethics, Philosophical Enquiries. Lancaster University (UK). Centre for Study of Technology in Organizations, Institute for Environment, Philosophy and Public Policy. December 14-16, 2001. For more information: http://www.lancs.ac.uk/depts/philosophy/conferences/ Call For Submissions - August 3, 2001. Workshop on Security and Privacy in Digital Rights Management 2001. Eighth Association for Computing Machinery (ACM) Conference on Computer and Communications Security. November 5, 2001. For more information: http://www.star-lab.com/sander/spdrm/ ICSC 2001: International Conference on Social Computing. University of Bremen. October 1-3, 2001. Bremen, Germany. For more information: http://icsc2001.informatik.uni-bremen.de/ Privacy2001: Information, Security & Ethics for the New Century. Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more information: http://www.privacy2000.org/ Learning for the Future. Business for Social Responsibility's Ninth Annual Conference. November 7-9, 2001. Seattle, WA. For more information: http://www.bsr.org/events/2001.asp ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921 Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.05 ----------------------- .