EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 8.12                                      June 29, 2001
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Privacy Rights Now: Take Action on Financial Privacy
[2] Report Examines Interactive TV and Privacy
[3] EPIC Testifies before Congress on Privacy and Technology
[4] Hague Convention Deadlocks, Future Unclear
[5] President Calls for Genetic Non-Discrimination Legislation
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Online Dispute Resolution
[8] Upcoming Conferences and Events
[1] Privacy Rights Now: Take Action on Financial Privacy
A coalition of consumer and privacy advocacy groups are urging
consumers to take action to protect financial privacy.  EPIC, along
with other coalition groups, advised consumers to opt-out of financial
information sharing and to support comprehensive legislation that will
protect individuals' privacy rights effectively.  To aid in opting-out
and voicing support for effective legislation, the coalition launched
a new web site - Privacyrightsnow.org.
Under provisions of the Financial Services Modernization Act of 1999
(Gramm-Leach-Bliley), financial and insurance companies must mail a
privacy and opt-out notice to consumers by July 1, 2001.  The statute
enables consumers to opt-out from a limited amount of nonpublic
personal information sharing.  However, even if individuals opt-out,
the statute allows financial and insurance institutions to share
information with their affiliates and other entities that are under
the same corporate umbrella.  Also, loopholes in the statute permit
companies to create an affiliation with another institution by simply
entering into a joint marketing agreement.
The coalition condemned the law as both defective and deceptive.  The
notices received under the law typically describe information sharing
practices only vaguely.  In addition, many consumers simply throw away
the notices.  To aid consumers in exercising their rights, the
coalition posted online sample opt-out letters that can be sent to any
financial or insurance institution along with a list of addresses of
major financial and insurance institutions.  The coalition also sought
to raise awareness that individuals can still opt-out after the July
1, 2001 deadline.
The coalition urged individuals to call on Congress in support of
comprehensive privacy protection.  Effective legislation would embody
Fair Information Practices, including use and collection limitations,
individual affirmative consent, and a right to review and correct
records.  Through the new web site, individuals can download a sample
letter to send to Congress in support of comprehensive privacy
Privacy Rights Now website:
[2] Report Examines Interactive TV and Privacy
On June 26, the Center for Digital Democracy (CDD) released "TV That
Watches You: The Prying Eyes of Interactive Television," a report
examining companies' plans to roll out interactive television and
their impacts on privacy.  The report found that many of the plans
involve "reshaping American television, transforming it into a vast
data collection and interactive direct marketing machine."
Interactive television (ITV) is the next generation of broadcasting
and brings the interactivity of the web to television.  ITV will
supplement television programs with new features, allowing viewers to
access additional information or purchase items related to a
particular broadcast.  Some ITV systems will also allow web surfing,
e-mail and chat to take place through the home television.  Many media
and cable companies, such as AOL-TW and AT&T, are currently investing
money in this new sector.
However, plans for the new technology carry over many of the profiling
techniques that have been common on the Internet.  For example,
according to its own promotional material, the Microsoft TV server
software "[e]nables faster and better decision-making through an
innovative data warehouse that aggregates and stores information on
all user activity" and provides "rich personalization and targeting of
content and ads to consumers based on their television viewing and Web
surfing histories and preferences."  The report quotes technical
material, SEC filings and company spokesmen to highlight the privacy
practices of ITV providers.
The last part of the report examines the current level of privacy
protection for ITV.  The most directly applicable law is the Cable
Communications Policy Act of 1984, one of the strongest privacy laws
that currently exists.  Despite providing the full range of Fair
Information Practices, the law only applies to cable television
subscribers and thus would not affect ITV broadcast through other
means such as satellite or DSL.  One of the primary recommendations
of the report is to extend the protections contained in the Cable Act
to cover all methods of transmission.  The report also recommends
stronger enforcement over existing law, calls for industry
representatives to support strong privacy laws and supports building
in privacy-protecting standards into these new technologies.
"TV That Watches You: The Prying Eyes of Interactive Television":
[3] EPIC Testifies before Congress on Privacy and Technology
On June 21, 2001, the House Subcommittee on Commerce, Trade, and
Consumer Protection held a hearing on Information Privacy: Industry
Best Practices and Technological Solutions.  It was the fifth in a
series of hearings on privacy that Subcommittee Chairman Stearns
(R-FL) had held.  Stearns plans to hold another hearing on privacy in
The hearing consisted of two panels.  The first panel of witnesses
represented Internet companies that had created software solutions
aimed at securing Internet privacy.  These witnesses included SafeWeb
Chairman-CEO Stephen Hsu, Reciprocal CEO John Schwartz, Microsoft
Product Manager for Internet Explorer Michael Wallent, and Webwasher
VP-Business Development and Marketing Frances Schlosstein.  All four
witnesses agreed that legislation would be needed to ensure "a minimum
floor of privacy protection."  However, SafeWeb CEO Stephen Hsu
advised that now was not the time to enact a privacy law.  Both John
Schwartz of Reciprocal and Michael Wallent of Microsoft echoed similar
sentiments with Schwartz adding, "we don't know enough to pass
legislation now."
The second panel of witnesses included EPIC Executive Director Marc
Rotenberg, DMA Senior VP Jerry Cerasale, Privacy Engage Director
Trevor Hughes, BBBOnline Senior VP Steven Cole, and Ernst & Young
National Leader of Innovative Assurance Solutions Jerry DeVault.  The
two witnesses representing online and offline advertising companies,
Jerry Cerasale and Trevor Hughes, testified that their companies had
successfully implemented industry best practices.  Steven Cole of
BBBOnline explained that their seal program increased online privacy
by ensuring users that commercial websites displaying these seals were
meeting BBBOnline standards.  Jerry DeVault of Ernst & Young testified
that independent verification is needed to safeguard Internet privacy.
Marc Rotenberg of EPIC presented a different view concerning the need
for privacy legislation.  Rotenberg pointed out that, "we have laws
to protect the privacy of telephone calls, video rental records,
automated health records."  However, where the Internet is concerned,
Rotenberg added, "privacy is being redefined from a set of basic
rights to a series of warning notices."  While acknowledging that
"technology plays a critical role in safeguarding privacy," he
asserted, "we will need good technology and good legislation to
safeguard privacy in the years ahead."  When asked by Ranking Member
Edolphus Towns (D-NY) whether we knew enough to enact legislation,
Rotenberg responded: "We know enough.  I don't see the benefit of
waiting.  We need to have a rule that will apply to everybody."
Several news reports noted that Chairman Stearns expressed support for
EPIC's position.
Written testimony from the witnesses and an archived recording of the
Subcommittee hearing:
EPIC Online Guide to Practical Privacy Tools:
[4] Hague Convention Deadlocks, Future Unclear
On June 22, the Hague Conference on Private International Law complet-
ed its first Diplomatic Conference on the future Hague Convention on
Jurisdiction and Enforcement of Foreign Judgments.  This convention,
which has been under negotiation since 1996, will potentially affect
all civil and commercial cross-border lawsuits.  Rather than determine
specific laws to govern these cases, the proposed convention seeks to
harmonize rules of jurisdiction and enforcement among signatory
countries.  This could essentially require each member country to
enforce the laws of every other member country even where those laws
differ greatly and involve controversial issues such as free speech,
intellectual property and consumer rights.
The Treaty has been the subject of much criticism from public interest
and business groups alike.  Free speech and free software advocates
argue that it could have a disastrous effect on freedom and creativity
on the Internet if individuals may be sued by "rights holders" in
other countries with far more restrictive laws on, for example, breach
of copyright or libel.  Meanwhile, businesses and consumer groups are
engaged in a protracted discussion on how to approach jurisdictional
issues in business to consumer transactions.  Should, for example,
consumers be allowed to sue foreign businesses in their home
countries?  Or should businesses be free to shield themselves from
this kind of liability by including "choice of court" clauses in
consumer contacts?  Little progress was made on any of these issues
during the recent meetings.  Although informal negotiations on the
Treaty will continue throughout the year, the next Diplomatic
Conference will not be held until 2002.
For more information on the negotiations see the Consumer Project on
Technology's page on the Hague Treaty:
See also the Trans Atlantic Consumer Dialogue's January 2001
Resolution on the Treaty and June 2001 Open Letter to the Hague
Conference at:
[5] President Calls for Genetic Non-Discrimination Legislation
In his June 23 radio address to the nation, President Bush called on
Congress to pass legislation to prevent genetic discrimination.  In
the statement, the President noted that the recently completed mapping
of the human genome could allow hiring decisions and provision of
insurance coverage to be based on genetic information.  He also noted
that, in many instances, genetic predispositions may not lead to
actual development of disease and "[t]o deny employment or insurance
to a healthy person based only on a predisposition violates our
country's belief in equal treatment and individual merit."
A Clinton Administration Executive Order, EO 13145, prohibits the use
of genetic information within the federal government in hiring and
promotion decisions.  Former President Clinton also supported
proposals by Sen. Tom Daschle (D-ND) and Rep. Louise Slaughter (D-NY)
to extend similar protections to the private sector (see EPIC Alert
7.03).  Those bills and another introduced by Sen. Olympia Snowe
(R-ME) are awaiting action in Congress.
June 23 Radio Address by the President to the Nation:
Executive Order 13145 - To Prohibit Discrimination in Federal
Employment Based on Genetic Information:
[6] EPIC Bill-Track: New Bills in Congress
H.R.2135 Consumer Privacy Protection Act. To protect consumer privacy.
Sponsor: Rep Sawyer, Tom (D-OH). Latest Major Action: 6/18/2001
Referred to House subcommittee: House Energy and Commerce.
H.R.2136 Confidential Information Protection Act. To protect the
confidentiality of information acquired from the public for
statistical purposes. Sponsor: Rep Sawyer, Tom (D-OH). Latest Major
Action: 6/12/2001 Referred to House committee: House Government
S.995 A bill to amend chapter 23 of title 5, United States Code.
To clarify the disclosures of information protected from prohibited
personnel practices, require a statement in non-disclosure policies,
forms, and agreements that such policies, forms and agreements conform
with certain disclosure protections, provide certain authority for the
Special Counsel, and for other purposes. Sponsor: Sen Akaka, Daniel K.
(D-HI). Latest Major Action: 6/7/2001 Referred to Senate committee:
Senate Governmental Affairs.
S.1055 Privacy Act of 2001 A bill to require the consent of an
individual prior to the sale and marketing of such individual's
personally identifiable information, and for other purposes. Sponsor:
Sen Feinstein, Dianne (D-CA). Latest Major Action: 6/14/2001 Referred
to Senate committee: Senate Judiciary.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - Online Dispute Resolution
Online Dispute Resolution: Resolving Conflicts in Cyberspace by Ethan
Katsh, Janet Rifkin
An essential tool for dispute resolution professionals as well as for
anyone considering using dispute resolution in their lives and work,
Online Dispute Resolution explains the many diverse and unique
applications of doing conflict resolution online.  The expert authors
examine the tremendous growth of online dispute resolution - including
its use by eBay and other e-commerce companies - and reveal the
enormous possibilities to come, along with the many employment
opportunities for practitioners in the field.  They show how the
online environment will affect the role of those who are concerned
with dispute resolution just as it has brought changes to those who
practice law, sell stocks, or run for office.  For those who see the
value of technology as a critical building block in the future of
dispute resolution, Online Dispute Resolution will be an indispensable
EPIC Publications:
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls," (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
Call for Papers - June 30, 2001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Study
of Technology in Organizations, Institute for Environment, Philosophy
and Public Policy. December 14-16, 2001. For more information:
Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community Research
Network Conference. The Loka Institute. July 6-8, 2001. Austin, TX.
For more information: http://www.loka.org/
The Online Privacy Conference: Integrating Security and Privacy for
Data Protection. MIS Training Institute. July 17-18, 2001, Optional
Workshops July 16, 2001. Chicago, IL.  For more information:
Privacy: The New Management Imperative - Chief Privacy Officer
Training Program. Southern Methodist University and Privacy Council.
July 17-19 and October 15-17, 2001. Dallas, TX. For more information:
Healthcare Transactions and Code Sets, Privacy, Data Security and
HIPAA/GLB Compliance: The Future of Technology, the Internet and EDI
in Healthcare. The Health Colloquium at Harvard and the HIPAA Summit
Conference Series. August 19-22, 2001. Cambridge, MA. For more
information: http://www.ehc-info.com/
Health Information Privacy: Dialogue with the Stakeholders. Riley
Information Services, Inc. September 28, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
Call For Submissions - August 3, 2001. Workshop on Security and
Privacy in Digital Rights Management 2001. Eighth Association for
Computing Machinery (ACM) Conference on Computer and Communications
Security. November 5, 2001. Philadelphia, PA. For more information:
ICSC 2001: International Conference on Social Computing. University of
Bremen. October 1-3, 2001. Bremen, Germany. For more information:
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, OH. For more
information: http://www.privacy2000.org/
Nurturing the Cybercommons, 1981-2001. Computer Professionals for
Social Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:
The Third National HIPAA Summit: From Theory to Practice - From
Planning to Implementation. October 24-26, 2001. Washington, DC. For
more information: http://www.hipaasummit.com/
The 29th Research Conference on Communication, Information and
Internet Policy. Telecommunications Policy Research Conference.
October 27-29, 2001. Alexandria, VA. For more information:
Privacy: The New Management Imperative - Chief Privacy Officer
Training Program. Cambridge University and Privacy Council.
November 5-8, 2001. Cambridge, England. For more information:
Learning for the Future. Business for Social Responsibility's Ninth
Annual Conference. November 7-9, 2001. Seattle, WA. For more
information: http://www.bsr.org/events/2001.asp
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 8.12 -----------------------