============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.10 May 30, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.10.html ======================================================================= Table of Contents ======================================================================= [1] EU Echelon Committee Calls for Increased Use of Encryption [2] CoE Cybercrime Treaty Still Lacks Balance [3] FTC Refuses to Pursue Amazon's Privacy Policy Changes [4] Supreme Court Ruling Implicates Free Speech and Privacy [5] EPIC Testifies before Congress on SSN Privacy [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - Not in Front of the Children [8] Upcoming Conferences and Events ======================================================================= [1] EU Echelon Committee Calls for Increased Use of Encryption ======================================================================= A new European Parliament report calls for expanded development and use of encryption technology within Europe to protect communications against the U.S.-led surveillance network known as Echelon. The report, issued by the Parliament's Temporary Committee on the Echelon Interception System after seven months of research, concludes that the worldwide spy network does exist, despite official U.S. denials. The committee notes allegations that U.S. intelligence agencies have passed on intercepted European trade secrets to give U.S. businesses a competitive advantage, but finds that "no such case has been substantiated." According to the committee, the Echelon system (reportedly run by the United States in cooperation with Britain, Canada, Australia and New Zealand) was set up at the beginning of the Cold War for intelligence gathering and has developed into a network of intercept stations around the world. Its primary purpose, according to the report, is to intercept private and commercial communications, not military intelligence. The committee concludes that "the existence of a global system for intercepting communications . . . is no longer in doubt." The report recommends "self-protection" by EU citizens and companies, and urges the European Commission and Member States "to devise appropriate measures to promote, develop and manufacture European encryption technology and software and above all to support projects aimed at developing user-friendly open-source encryption software." It also calls upon EU institutions "systematically to encrypt e-mails, so that ultimately encryption becomes the norm." U.S. officials have refused to confirm the existence of an Echelon-like surveillance system, and have denied that American agencies engage in commercial espionage. The EU committee traveled to Washington earlier this month to meet with relevant U.S. officials and agencies, several of which (including the National Security Agency) refused to meet them. The committee did meet with EPIC, the American Civil Liberties Union and several members of Congress. The report of the Temporary Committee on the Echelon Interception System is available at: http://www.europarl.eu.int/tempcom/echelon/pdf/prechelon_en.pdf ======================================================================= [2] CoE Cybercrime Treaty Still Lacks Balance ======================================================================= Following strong criticism from privacy, human rights and industry groups, the final text of the controversial Council of Europe (CoE) Cybercrime Treaty acknowledges the potential privacy impact of international efforts to investigate online activity. The newly-released text (version 27) includes language that would require investigative agencies to take some procedural steps to protect privacy and human rights when accessing transactional data and intercepting communications. The text does not, however, require police agencies to reimburse service providers for the cost of complying with law enforcement data demands, a requirement that would create a financial disincentive to overly broad and invasive requests. Even with the most recent changes, the proposed treaty would still grant government investigators broad powers to track the online activities of suspects. While those powers are spelled out with great specificity, the procedural protections are relatively vague; Article 15 provides that signatories must ensure that their national laws respect the privacy provisions of CoE, United Nations and other international human rights documents and be subject to "judicial or other independent supervision." The text still requires service providers to store potentially incriminating data for at least 60 days after police request it, a requirement the EU Data Protection Working Party in March called a "considerable burden on business" because of the amount of electronic storage space needed (see EPIC Alert 8.06). The proposed CoE convention would be the first treaty to specify how police in one country can request their counterparts abroad to collect data traffic on a system intruder, have him arrested and extradited to serve a prison sentence. It also provides for international cooperation to fight against distributors of child pornography, copyright violators and other online offenders. The draft treaty is scheduled to be submitted to the Council of Europe's Committee of Ministers for adoption in September and then ratified by member states and observers over the next year or two. The United States has played an active part in the drafting of the treaty as an observer. The text of Version 27 of the proposed cybercrime treaty is available at: http://conventions.coe.int/treaty/EN/projets/cybercrime27.htm ======================================================================= [3] FTC Refuses to Pursue Amazon's Privacy Policy Changes ======================================================================= The Federal Trade Commission (FTC) has decided that Amazon.com did not deceive its customers when it unilaterally changed the terms of its privacy policy last fall. In a letter dated May 24, sent to EPIC and Junkbusters, the FTC stated that Amazon.com did not, under its revised policy, change its practices with respect to its customers' personal information in a way that was unfair and deceptive. Relying on further information provided by Amazon, the FTC stated that the revised privacy policy did not "materially conflict" with earlier representations regarding privacy. In its previous privacy policy, Amazon stated that it did not sell, rent, trade, or otherwise disclose customers' personal information to third parties and that customers could guarantee that this would not occur in the future by sending an email to never@amazon.com. On August 31, 2000, however, Amazon revised its policy to state that in certain circumstances (for example, in the case of a merger or acquisition) it would treat customer information as one of its business assets and transfer it accordingly. The FTC began investigating this issue in response to a joint petition submitted by EPIC and Junkbusters in December. The petition alleged that Amazon's contradictory privacy statements violated Section 5 of the FTC Act and urged the FTC to grant specific remedies to consumers, including the right to delete or prohibit the future disclosures of personal information collected under the previous policy. In a separate investigation, the FTC also announced that despite finding that "certain of Amazon.com's and Alexa Internet's practices likely were deceptive in violation of Section 5 of the FTC Act," the Commission staff is not recommending any enforcement action. At issue in the investigation was whether Alexa's zBubbles service was correlating personally identifiable information (PII) with anonymous data. Alexa is a subsidiary of Amazon.com. EPIC also asked the Federal Trade Commission and the National Association of Attorneys General on May 25 to investigate the purchase of assets of eTour.com by search engine website Ask Jeeves. The sale included the transfer of eTour.com registration information. The EPIC letter alleges that eTour.com's actions deceived its customers due to that company's numerous statements that it would never share personal information with any third party. The closing letter sent by the FTC to EPIC and Junkbusters regarding the changes to Amazon.com's privacy policy: http://www.ftc.gov/os/closings/staff/amazonletter.htm The FTC closing letter on Alexa: http://www.ftc.gov/os/closings/staff/amazonalexa.pdf EPIC's letter to the FTC and the National Association of Attorneys General (NAAG) about eTour.com: http://www.epic.org/privacy/internet/etour.html ======================================================================= [4] Supreme Court Ruling Implicates Free Speech and Privacy ======================================================================= In a 6-3 ruling, the Supreme Court held in Bartnicki v. Vopper that the First Amendment rights of the media outweigh a federal wiretapping statute designed to prevent interception of private conversations. The May 21 ruling, which upheld the Third Circuit's dismissal of the case on First Amendment grounds, involved the dissemination of an illegal tape recording of a cell phone conversation between Gloria Bartnicki, the chief negotiator for a teacher's union in Wyoming Valley West School District in Pennsylvania, and Anthony Kane, the union's president. The tape included Bartnicki's complaints about the school board's reluctance to approve a proposal for a three percent pay raise, and a discussion about blowing up the front porches of uncooperative school board members. An unknown person gave a copy of the tape to Jack Yocum, leader of the group opposed to the union's wage proposals. Yocum passed a copy of the tape to Frederick Vopper, a radio talk show host, who played it repeatedly on his show. Justice Stevens, writing for the majority, held that although the privacy of communications and the minimization of harm to those whose communications were illegally intercepted represented strong government interests, these interests did not outweigh the First Amendment right to publish matters of public concern. The Court accepted that the defendants had played no part in the illegal intercept, and therefore posed the legal issue as whether the government may punish the dissemination of lawfully obtained information where the publisher's source obtained the information unlawfully. Although they signed on to the majority's holding, Justices Breyer and O'Connor concurred separately in a narrower opinion stating that in this situation, the publication was protected by the First Amendment because the recording was of public interest and the speakers were public figures. Furthermore, Breyer and O'Connor were swayed by the fact that the federal statutes were more broad than necessary to deter the relevant bad conduct, and that the publications concerned a potential threat to public safety, decreasing the speakers' legitimate interest in maintaining the privacy of the communication. Therefore, rather than creating a "public interest" exception, the publication was protected because the privacy expectations of the speakers were particularly low and were balanced against an unusually high interest in publication. Chief Justice Rehnquist and Justices Scalia and Thomas dissented, citing concern for privacy in electronic communications such as cordless and cellular telephone conversations and e-mail records. Bartnicki et al. v. Vopper, aka Williams, et al., Certiorari to the United States Court of Appeals for the Third Circuit, No. 99-1687: http://www.supremecourtus.gov/opinions/00pdf/99-1687.pdf ======================================================================= [5] EPIC Testifies before Congress on SSN Privacy ======================================================================= On May 22, EPIC Executive Director Marc Rotenberg testified before the U.S. House of Representatives Subcommittee on Social Security on "Protecting Privacy and Preventing Misuse of Social Security Numbers." Also testifying before the Subcommittee were several victims of identity theft, representatives of the Social Security Administration, financial industry lobbyists and other privacy advocates. EPIC's testimony before the Subcommittee argued that legislation limiting the collection and use of Social Security numbers (SSNs) is "appropriate, necessary, and fully consistent with U.S. law." Some of the earliest studies of SSNs noted the risks associated with the creation of a unique identifier and the possibility of profiling individuals if they became widely used. Based on these recommenda- tions, Congress included limitations on the SSN in the Privacy Act of 1974. The testimony concluded with five recommendations: limiting the use of the SSN in the private sector unless explicitly authorized by law; prohibiting the sale and limiting the display of the SSN by government agencies; preventing companies from compelling the disclosure of SSNs as a condition of conducting business; penalizing the fraudulent use of the SSN only when the number corresponds to an actual individual; and encouraging the development of alternative identifiers. In related SSN privacy news, Rep. Clay Shaw (R-FL), Chairman of the Social Security Subcommittee, introduced a bill on May 25 that seeks to provide greater privacy protections for individuals and to prevent fraudulent use of the SSN. EPIC's written testimony before the Subcommittee: http://www.epic.org/privacy/ssn/testimony_0501.html Written testimony of other witnesses at the hearing: http://waysandmeans.house.gov/socsec/107cong/ss-4wit.htm ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.1846 Who Is E-Mailing Our Kids Act. To amend section 254 of the Communications Act of 1934 to require schools and libraries receiving universal service assistance to block access to Internet services that enable users to access the World Wide Web and transfer electronic mail in an anonymous manner. Sponsor: Rep Grucci, Felix J., Jr. (R-NY). Latest Major Action: 5/22/2001 Referred to House subcommittee: House Energy and Commerce. H.R.1847 Hands Off Our Kids Act of 2001. To require the Attorney General to identify organizations that recruit juveniles to participate in violent and illegal activities related to the environment or to animal rights; and to amend the Juvenile Justice and Delinquency Prevention Act of 1974 to provide assistance to States to carry out activities to prevent the participation of juveniles in such activities. Sponsor: Rep Grucci, Felix J., Jr. (R-NY). Latest Major Action: 5/15/2001 Referred to House committee: House Education and the Workforce; House Judiciary. H.R.1854 Parental Freedom of Information Act. To amend the General Education Act to allow parents access to certain information about their children. Sponsor: Rep Tiahrt, Todd (R-KS). Latest Major Action: 5/15/2001 Referred to House committee: House Education and the Workforce. H.R.1869 Amy Robinson Memorial Act. To amend the Fair Labor Standards Act of 1938 to require an employer to notify the parent or guardian of an employee who is under the age of 18 or handicapped and who works at the same facility as an individual who has a criminal record that includes a conviction for a crime of violence. Sponsor: Rep Frost, Martin (D-TX). Latest Major Action: 5/16/2001 Referred to House committee: House Education and the Workforce. H.R.1877 Child Sex Crimes Wiretapping Act of 2001. To amend title 18, United States Code, to provide that certain sexual crimes against children are predicate crimes for the interception of communications, and for other purposes. Sponsor: Rep Johnson, Nancy L.(R-CT). Latest Major Action: 5/16/2001 Referred to House committee: House Judiciary. *Senate* S.906 Instant Check Gun Tax Repeal and Gun Owner Privacy Act of 2001. A bill to provide for protection of gun owner privacy and ownership rights, and for other purposes. Sponsor: Sen Enzi, Michael B. (R-WY). Latest Major Action: 5/17/2001 Referred to Senate committee: Senate Judiciary. S.915. A bill to amend the Internal Revenue Code of 1986 to allow the Secretary of the Treasury to disclose taxpayer identity information through mass communications to notify persons entitled to tax refunds. Sponsor: Sen Schumer, Charles E. (D-NY). Latest Major Action: 5/21/2001 Referred to Senate committee: Senate Finance. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - Not in Front of the Children ======================================================================= Not in Front of the Children: Indecency, Censorship, and the Innocence of Youth, by Marjorie Heins http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/ search&searchtype=isbn&searchfor=0374175454 From Huckleberry Finn to Harry Potter, from Internet filters to the v-chip, censorship exercised on behalf of children and adolescents is often based on the assumption that they must be protected from "indecent" information that might harm their development - whether in art, in literature, or on a website. But where does this assumption come from, and is it true? In Not in Front of the Children, Marjorie Heins explores the fascinating history of "indecency" laws and other restrictions aimed at protecting youth. From Plato's argument for rigid censorship, through Victorian laws aimed at repressing libidinous thoughts, to contemporary battles over sex education in public schools and violence in the media, Heins guides us through what became, and remains, an ideological minefield. With fascinating examples drawn from around the globe, she suggests that the "harm to minors" argument rests on shaky foundations. There is an urgent need for informed, dispassionate debate about the perceived conflict between the free-expression rights of young people and the widespread urge to shield them from expression that is considered harmful. Not in Front of the Children will spur this long-needed conversation. For other books recommended by EPIC, browse the EPIC Bookshelf at: http://www.powells.com/features/epic/epic.html ================================ EPIC Publications: "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Privacy & Human Rights 2000: An International Survey of Privacy Laws and Developments," David Banisar, author (EPIC 2000). Price: $20. http://www.epic.org/phr/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2000: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000). Price: $40. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Call for Papers - June 1, 2001. Summer 2001 Issue on Cybermedicine. John Marshall Journal of Computer and Information Law. For more information: 5simondo@stu.jmls.edu The Internet Security Conference (TISC) 2001. Core Competence, Inc. June 4-8, 2001. Los Angeles, CA. For more information: http://www.tisc2001.com/ INET 2001: A Net Odyssey, Mobility and the Internet. The 11th Annual Internet Society Conference. June 5-8, 2001. Stockholm, Sweden. For more information: http://www.isoc.org/inet2001/ ETHICOMP 2001: Systems of the Information Society. Telecommunications and Informatics Technical University of Gdansk, Poland. June 18-20, 2001. Gdansk, Poland. For more information: http://www.ccsr.cse.dmu.ac.uk/conferences/ccsrconf/ethicomp2001/ ACS/IEEE International Conference on Computer Systems and Applications 2001: Taking Stock of Existing Technology, Charting Future Trends. Lebanese American University. June 25-29, 2001. Beirut, Lebanon. For more information: http://www.lau.edu.lb/news-events/conferences/aiccsa2001.html Democracy Forum 2001: Democracy and the Information Revolution. International Institute for Democracy and Electoral Assistance. June 27-29, 2001. Stockholm, Sweden. For more information: http://www.idea.int/frontpage_forum2001.htm Call for Papers - June 30, 20001. CEPE2001: Computer Ethics, Philosophical Enquiries. Lancaster University (UK). Centre for Study of Technology in Organizations, Institute for Environment, Philosophy and Public Policy. December 14-16, 2001. For more information: http://www.lancs.ac.uk/depts/philosophy/conferences/ Re-shaping the Culture of Research: People, Participation, Partnerships & Practical Tools - Fourth Annual Community Research Network Conference. The Loka Institute. July 6-8, 2001. Austin, TX. For more information: http://www.loka.org/ The Online Privacy Conference: Integrating Security and Privacy for Data Protection. MIS Training Institute. July 17-18, 2001, Optional Workshops July 16, 2001. Chicago, IL. For more information: http://www.misti.com/conference_show.asp?id=MP1 Call For Submissions - August 3, 2001. Workshop on Security and Privacy in Digital Rights Management 2001. Eighth Association for Computing Machinery (ACM) Conference on Computer and Communications Security. November 5, 2001. For more information: http://www.star-lab.com/sander/spdrm/ ICSC 2001: International Conference on Social Computing. University of Bremen. October 1-3, 2001. Bremen, Germany. For more information: http://icsc2001.informatik.uni-bremen.de/ Privacy2001: Information, Security & Ethics for the New Century. Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more information: http://www.privacy2000.org/ Nurturing the Cybercommons, 1981-2001. Computer Professionals for Social Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001. Ann Arbor, MI. For more information: http://www.cpsr.org/conferences/annmtg01/ Learning for the Future. Business for Social Responsibility's Ninth Annual Conference. November 7-9, 2001. Seattle, WA. For more information: http://www.bsr.org/events/2001.asp ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921 Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.10 ----------------------- .