============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.12 June 29, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.12.html ======================================================================= Table of Contents ======================================================================= [1] Privacy Rights Now: Take Action on Financial Privacy [2] Report Examines Interactive TV and Privacy [3] EPIC Testifies before Congress on Privacy and Technology [4] Hague Convention Deadlocks, Future Unclear [5] President Calls for Genetic Non-Discrimination Legislation [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - Online Dispute Resolution [8] Upcoming Conferences and Events ======================================================================= [1] Privacy Rights Now: Take Action on Financial Privacy ======================================================================= A coalition of consumer and privacy advocacy groups are urging consumers to take action to protect financial privacy. EPIC, along with other coalition groups, advised consumers to opt-out of financial information sharing and to support comprehensive legislation that will protect individuals' privacy rights effectively. To aid in opting-out and voicing support for effective legislation, the coalition launched a new web site - Privacyrightsnow.org. Under provisions of the Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley), financial and insurance companies must mail a privacy and opt-out notice to consumers by July 1, 2001. The statute enables consumers to opt-out from a limited amount of nonpublic personal information sharing. However, even if individuals opt-out, the statute allows financial and insurance institutions to share information with their affiliates and other entities that are under the same corporate umbrella. Also, loopholes in the statute permit companies to create an affiliation with another institution by simply entering into a joint marketing agreement. The coalition condemned the law as both defective and deceptive. The notices received under the law typically describe information sharing practices only vaguely. In addition, many consumers simply throw away the notices. To aid consumers in exercising their rights, the coalition posted online sample opt-out letters that can be sent to any financial or insurance institution along with a list of addresses of major financial and insurance institutions. The coalition also sought to raise awareness that individuals can still opt-out after the July 1, 2001 deadline. The coalition urged individuals to call on Congress in support of comprehensive privacy protection. Effective legislation would embody Fair Information Practices, including use and collection limitations, individual affirmative consent, and a right to review and correct records. Through the new web site, individuals can download a sample letter to send to Congress in support of comprehensive privacy protection. Privacy Rights Now website: http://www.privacyrightsnow.org/ ======================================================================= [2] Report Examines Interactive TV and Privacy ======================================================================= On June 26, the Center for Digital Democracy (CDD) released "TV That Watches You: The Prying Eyes of Interactive Television," a report examining companies' plans to roll out interactive television and their impacts on privacy. The report found that many of the plans involve "reshaping American television, transforming it into a vast data collection and interactive direct marketing machine." Interactive television (ITV) is the next generation of broadcasting and brings the interactivity of the web to television. ITV will supplement television programs with new features, allowing viewers to access additional information or purchase items related to a particular broadcast. Some ITV systems will also allow web surfing, e-mail and chat to take place through the home television. Many media and cable companies, such as AOL-TW and AT&T, are currently investing money in this new sector. However, plans for the new technology carry over many of the profiling techniques that have been common on the Internet. For example, according to its own promotional material, the Microsoft TV server software "[e]nables faster and better decision-making through an innovative data warehouse that aggregates and stores information on all user activity" and provides "rich personalization and targeting of content and ads to consumers based on their television viewing and Web surfing histories and preferences." The report quotes technical material, SEC filings and company spokesmen to highlight the privacy practices of ITV providers. The last part of the report examines the current level of privacy protection for ITV. The most directly applicable law is the Cable Communications Policy Act of 1984, one of the strongest privacy laws that currently exists. Despite providing the full range of Fair Information Practices, the law only applies to cable television subscribers and thus would not affect ITV broadcast through other means such as satellite or DSL. One of the primary recommendations of the report is to extend the protections contained in the Cable Act to cover all methods of transmission. The report also recommends stronger enforcement over existing law, calls for industry representatives to support strong privacy laws and supports building in privacy-protecting standards into these new technologies. "TV That Watches You: The Prying Eyes of Interactive Television": http://www.democraticmedia.org/ ======================================================================= [3] EPIC Testifies before Congress on Privacy and Technology ======================================================================= On June 21, 2001, the House Subcommittee on Commerce, Trade, and Consumer Protection held a hearing on Information Privacy: Industry Best Practices and Technological Solutions. It was the fifth in a series of hearings on privacy that Subcommittee Chairman Stearns (R-FL) had held. Stearns plans to hold another hearing on privacy in July. The hearing consisted of two panels. The first panel of witnesses represented Internet companies that had created software solutions aimed at securing Internet privacy. These witnesses included SafeWeb Chairman-CEO Stephen Hsu, Reciprocal CEO John Schwartz, Microsoft Product Manager for Internet Explorer Michael Wallent, and Webwasher VP-Business Development and Marketing Frances Schlosstein. All four witnesses agreed that legislation would be needed to ensure "a minimum floor of privacy protection." However, SafeWeb CEO Stephen Hsu advised that now was not the time to enact a privacy law. Both John Schwartz of Reciprocal and Michael Wallent of Microsoft echoed similar sentiments with Schwartz adding, "we don't know enough to pass legislation now." The second panel of witnesses included EPIC Executive Director Marc Rotenberg, DMA Senior VP Jerry Cerasale, Privacy Engage Director Trevor Hughes, BBBOnline Senior VP Steven Cole, and Ernst & Young National Leader of Innovative Assurance Solutions Jerry DeVault. The two witnesses representing online and offline advertising companies, Jerry Cerasale and Trevor Hughes, testified that their companies had successfully implemented industry best practices. Steven Cole of BBBOnline explained that their seal program increased online privacy by ensuring users that commercial websites displaying these seals were meeting BBBOnline standards. Jerry DeVault of Ernst & Young testified that independent verification is needed to safeguard Internet privacy. Marc Rotenberg of EPIC presented a different view concerning the need for privacy legislation. Rotenberg pointed out that, "we have laws to protect the privacy of telephone calls, video rental records, automated health records." However, where the Internet is concerned, Rotenberg added, "privacy is being redefined from a set of basic rights to a series of warning notices." While acknowledging that "technology plays a critical role in safeguarding privacy," he asserted, "we will need good technology and good legislation to safeguard privacy in the years ahead." When asked by Ranking Member Edolphus Towns (D-NY) whether we knew enough to enact legislation, Rotenberg responded: "We know enough. I don't see the benefit of waiting. We need to have a rule that will apply to everybody." Several news reports noted that Chairman Stearns expressed support for EPIC's position. Written testimony from the witnesses and an archived recording of the Subcommittee hearing: http://energycommerce.house.gov/107/hearings/06212001Hearing292/ hearing.htm EPIC Online Guide to Practical Privacy Tools: http://www.epic.org/privacy/tools.html ======================================================================= [4] Hague Convention Deadlocks, Future Unclear ======================================================================= On June 22, the Hague Conference on Private International Law complet- ed its first Diplomatic Conference on the future Hague Convention on Jurisdiction and Enforcement of Foreign Judgments. This convention, which has been under negotiation since 1996, will potentially affect all civil and commercial cross-border lawsuits. Rather than determine specific laws to govern these cases, the proposed convention seeks to harmonize rules of jurisdiction and enforcement among signatory countries. This could essentially require each member country to enforce the laws of every other member country even where those laws differ greatly and involve controversial issues such as free speech, intellectual property and consumer rights. The Treaty has been the subject of much criticism from public interest and business groups alike. Free speech and free software advocates argue that it could have a disastrous effect on freedom and creativity on the Internet if individuals may be sued by "rights holders" in other countries with far more restrictive laws on, for example, breach of copyright or libel. Meanwhile, businesses and consumer groups are engaged in a protracted discussion on how to approach jurisdictional issues in business to consumer transactions. Should, for example, consumers be allowed to sue foreign businesses in their home countries? Or should businesses be free to shield themselves from this kind of liability by including "choice of court" clauses in consumer contacts? Little progress was made on any of these issues during the recent meetings. Although informal negotiations on the Treaty will continue throughout the year, the next Diplomatic Conference will not be held until 2002. For more information on the negotiations see the Consumer Project on Technology's page on the Hague Treaty: http://www.cptech.org/ecom/jurisdiction/hague.html See also the Trans Atlantic Consumer Dialogue's January 2001 Resolution on the Treaty and June 2001 Open Letter to the Hague Conference at: http://www.tacd.org/cgi-bin/db.cgi?page=view&config=admin/ docs.cfg&id=94 http://www.tacd.org/cgi-bin/db.cgi?page=view&config=admin/ docs.cfg&id=102 ======================================================================= [5] President Calls for Genetic Non-Discrimination Legislation ======================================================================= In his June 23 radio address to the nation, President Bush called on Congress to pass legislation to prevent genetic discrimination. In the statement, the President noted that the recently completed mapping of the human genome could allow hiring decisions and provision of insurance coverage to be based on genetic information. He also noted that, in many instances, genetic predispositions may not lead to actual development of disease and "[t]o deny employment or insurance to a healthy person based only on a predisposition violates our country's belief in equal treatment and individual merit." A Clinton Administration Executive Order, EO 13145, prohibits the use of genetic information within the federal government in hiring and promotion decisions. Former President Clinton also supported proposals by Sen. Tom Daschle (D-ND) and Rep. Louise Slaughter (D-NY) to extend similar protections to the private sector (see EPIC Alert 7.03). Those bills and another introduced by Sen. Olympia Snowe (R-ME) are awaiting action in Congress. June 23 Radio Address by the President to the Nation: http://www.whitehouse.gov/news/releases/2001/06/20010623.html Executive Order 13145 - To Prohibit Discrimination in Federal Employment Based on Genetic Information: http://www.nara.gov/fedreg/eo2000.html#13145 ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.2135 Consumer Privacy Protection Act. To protect consumer privacy. Sponsor: Rep Sawyer, Tom (D-OH). Latest Major Action: 6/18/2001 Referred to House subcommittee: House Energy and Commerce. H.R.2136 Confidential Information Protection Act. To protect the confidentiality of information acquired from the public for statistical purposes. Sponsor: Rep Sawyer, Tom (D-OH). Latest Major Action: 6/12/2001 Referred to House committee: House Government Reform. *Senate* S.995 A bill to amend chapter 23 of title 5, United States Code. To clarify the disclosures of information protected from prohibited personnel practices, require a statement in non-disclosure policies, forms, and agreements that such policies, forms and agreements conform with certain disclosure protections, provide certain authority for the Special Counsel, and for other purposes. Sponsor: Sen Akaka, Daniel K. (D-HI). Latest Major Action: 6/7/2001 Referred to Senate committee: Senate Governmental Affairs. S.1055 Privacy Act of 2001 A bill to require the consent of an individual prior to the sale and marketing of such individual's personally identifiable information, and for other purposes. Sponsor: Sen Feinstein, Dianne (D-CA). Latest Major Action: 6/14/2001 Referred to Senate committee: Senate Judiciary. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - Online Dispute Resolution ======================================================================= Online Dispute Resolution: Resolving Conflicts in Cyberspace by Ethan Katsh, Janet Rifkin http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/ search&searchtype=isbn&searchfor=0787956767 An essential tool for dispute resolution professionals as well as for anyone considering using dispute resolution in their lives and work, Online Dispute Resolution explains the many diverse and unique applications of doing conflict resolution online. The expert authors examine the tremendous growth of online dispute resolution - including its use by eBay and other e-commerce companies - and reveal the enormous possibilities to come, along with the many employment opportunities for practitioners in the field. They show how the online environment will affect the role of those who are concerned with dispute resolution just as it has brought changes to those who practice law, sell stocks, or run for office. For those who see the value of technology as a critical building block in the future of dispute resolution, Online Dispute Resolution will be an indispensable resource. ================================ EPIC Publications: "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Privacy & Human Rights 2000: An International Survey of Privacy Laws and Developments," David Banisar, author (EPIC 2000). Price: $20. http://www.epic.org/phr/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2000: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000). Price: $40. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Call for Papers - June 30, 2001. CEPE2001: Computer Ethics, Philosophical Enquiries. Lancaster University (UK). Centre for Study of Technology in Organizations, Institute for Environment, Philosophy and Public Policy. December 14-16, 2001. For more information: http://www.lancs.ac.uk/depts/philosophy/conferences/ Re-shaping the Culture of Research: People, Participation, Partnerships & Practical Tools - Fourth Annual Community Research Network Conference. The Loka Institute. July 6-8, 2001. Austin, TX. For more information: http://www.loka.org/ The Online Privacy Conference: Integrating Security and Privacy for Data Protection. MIS Training Institute. July 17-18, 2001, Optional Workshops July 16, 2001. Chicago, IL. For more information: http://www.misti.com/conference_show.asp?id=MP1 Privacy: The New Management Imperative - Chief Privacy Officer Training Program. Southern Methodist University and Privacy Council. July 17-19 and October 15-17, 2001. Dallas, TX. For more information: http://execdev.cox.smu.edu/ Healthcare Transactions and Code Sets, Privacy, Data Security and HIPAA/GLB Compliance: The Future of Technology, the Internet and EDI in Healthcare. The Health Colloquium at Harvard and the HIPAA Summit Conference Series. August 19-22, 2001. Cambridge, MA. For more information: http://www.ehc-info.com/ Health Information Privacy: Dialogue with the Stakeholders. Riley Information Services, Inc. September 28, 2001. Ottawa, Canada. For more information: http://www.rileyis.com/seminars/ Call For Submissions - August 3, 2001. Workshop on Security and Privacy in Digital Rights Management 2001. Eighth Association for Computing Machinery (ACM) Conference on Computer and Communications Security. November 5, 2001. Philadelphia, PA. For more information: http://www.star-lab.com/sander/spdrm/ ICSC 2001: International Conference on Social Computing. University of Bremen. October 1-3, 2001. Bremen, Germany. For more information: http://icsc2001.informatik.uni-bremen.de/ Privacy2001: Information, Security & Ethics for the New Century. Technology Policy Group. October 3-4, 2001. Cleveland, OH. For more information: http://www.privacy2000.org/ Nurturing the Cybercommons, 1981-2001. Computer Professionals for Social Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001. Ann Arbor, MI. For more information: http://www.cpsr.org/conferences/annmtg01/ The Third National HIPAA Summit: From Theory to Practice - From Planning to Implementation. October 24-26, 2001. Washington, DC. For more information: http://www.hipaasummit.com/ The 29th Research Conference on Communication, Information and Internet Policy. Telecommunications Policy Research Conference. October 27-29, 2001. Alexandria, VA. For more information: http://www.tprc.org Privacy: The New Management Imperative - Chief Privacy Officer Training Program. Cambridge University and Privacy Council. November 5-8, 2001. Cambridge, England. For more information: kturner@privacycouncil.com Learning for the Future. Business for Social Responsibility's Ninth Annual Conference. November 7-9, 2001. Seattle, WA. For more information: http://www.bsr.org/events/2001.asp ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to epic-news@epic.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921 Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.12 ----------------------- .