============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.22 November 13, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.22.html ======================================================================= Table of Contents ======================================================================= [1] International Coalition Urges EU to Safeguard Privacy [2] Groups File Comments at FCC to Protect Telephone Privacy [3] Consumer Privacy Figures Prominently at House Hearing [4] Face Recognition Technology Under Scrutiny [5] Feinstein Introduces Legislation, Will Hold Hearings on Biometrics [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - The Future of Ideas [8] Upcoming Conferences and Events ======================================================================= [1] International Coalition Urges EU to Safeguard Privacy ======================================================================= An international coalition of consumer and privacy organizations, organized by EPIC, wrote yesterday to Guy Verhofstadt, President of the European Union Council of Ministers, expressing their concerns about President Bush's recent letter requesting that the proposed EU Directive on the protection of privacy in the electronic communi- cations sector be altered to allow for data retention of telephone calls and Internet messages. EU lawmakers were scheduled to vote today on the issue. Bush's letter contains a list of measures that he wants the EU to implement to fight terrorism. One of them asks that EU law enforcement authorities "permit the retention of critical data for a reasonable period." The proposed EU directive currently allows telecommunications companies and Internet service providers to retain data from phone calls and Internet communications for for billing purposes, for a period of time no longer than necessary. Bush's request is aimed at giving EU law enforcement authorities blanket retention powers on all communications data for hypothetical criminal investigations. The coalition's letter emphasizes that many members of the European Parliament, EU Privacy commissioners, and the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs, had all condemned routine data retention as violating the fundamental rights to privacy and data protection, freedom of expression, and presumption of innocence. It further notes that such a proposal would be inconsistent with international conventions on human rights. The letter also argues that Bush's request is a threat to the privacy of Americans, since nothing would prevent U.S. law enforcement authorities from obtaining data held in Europe that it could not legally obtain domestically. Current U.S. regulations do not require data retention, even after the recent enactment of the sweeping anti-terrorism legislation known as the USA PATRIOT Act. EPIC has filed requests under the Freedom of Information Act seeking the text of President Bush's letter, as well as other information concerning U.S. efforts to erode privacy protections in Europe. The coalition's letter is available at: http://www.gilc.org/verhofstadt_letter.html http://www.gilc.org/verhofstadt_french.html (version française) Information on EU lawmaker's vote (choose Strasbourg, "November 13"): http://www3.europarl.eu.int/omk/omnsapir.so/calendar?APP=CRE&LANGUE=EN New York Times coverage of the issue is available at: http://www.nytimes.com/2001/11/13/technology/13NET.html ======================================================================= [2] Groups File Comments at FCC to Protect Telephone Privacy ======================================================================= On November 1, EPIC and seventeen other civil liberties and consumer protection groups filed comments with the Federal Communications Commission (FCC) urging it to protect the privacy of telephone customers by adopting an opt-in policy towards use of customer information by telecommunications carriers. The FCC's request for public comments relates to the use by telecom- munications carriers of "customer proprietary network information" (CPNI), which includes the name, telephone number, call information and services subscribed to by a telephone customer. In 1998, the FCC promulgated its initial rule regarding CPNI, which required telecom- munication carriers to obtain explicit customer approval (opt-in) before using such information in any manner inconsistent with provision of services (for example, building detailed profiles based on personal information obtained through private telephone calls). An alternative approach is opt-out, which enables the carrier to use CPNI until a customer informs it otherwise. The FCC rejected an opt-out approach as insufficiently protective of customer privacy, because opting-out places the burden on the customer, many of whom are wholly unaware of their right to opt-out. In U.S. West v. FCC, the U.S. Court of Appeals for the 10th Circuit ruled that the FCC's opt-in approach did not pass First Amendment scrutiny because the decision to require "opt-in" was not adequately considered or supported by existing facts. In response to this 1999 court decision, the FCC in October 2001 issued a request for public comments, seeking advice on, among other things, whether an opt-in approach inherently violates the First Amendment. EPIC's position, articulated in its comments, is that an opt-in approach is the only method to adequately protect customers' legitimate and constitutionally protected interest in privacy. Opt-out methods do not protect privacy because they place the burden on the customer to understand and reply to confusing notices. EPIC's comments note that 86 percent of consumers favor opt-in for communications services. EPIC's comments are available at: http://www.epic.org/fcc%20cpni/CPNI_CMN.pdf For a history of the CPNI debate, see: http://www.fcc.gov/ccb/ppp/aRemove/Cpni/welcome.html ======================================================================= [3] Consumer Privacy Figures Prominently at House Hearing ======================================================================= Federal Trade Commission Chairman Timothy Muris was the sole witness at a hearing before the House Energy & Commerce Subcommittee on Commerce, Trade, and Consumer Protection on November 7. The hearing, the first for the new chairman, provided an opportunity for the subcommittee members to question Muris on the Commission's agenda, and to voice their concern for particular issues they would like to see addressed. Consumer privacy -- both online and offline -- resoundingly emerged as the leading bipartisan concern. Muris informed the subcommittee that his agency is working hard to implement the major themes of the privacy agenda he announced last month, including a national do-not-call telemarketing list, a crackdown on identity theft and increasing enforcement efforts against privacy violators. A number of members expressed their disappointment with Muris' decision not to advance new privacy legislation to protect consumer privacy online. Rep. Anna Eshoo (D-CA) was particularly critical, as was Rep. Billy Tauzin (R-LA), chairman of the Committee, who expressed concern that in the absence of federal legislation a patchwork of state laws on privacy might emerge that would make for a difficult business environment. Few comments dealt with specific issues in Muris' privacy agenda, despite EPIC's efforts to direct members' attention to Microsoft's Passport system and its threat to consumer privacy. The hearing instead appeared to be more of an opportunity to air concerns and future plans. In a related matter, EPIC Executive Director Marc Rotenberg testified at a joint Congressional hearing on Social Security Numbers (SSNs) and identity theft. EPIC's testimony stressed the importance of limiting the use of the SSN, rather than expanding its use and collection; discussed problems with universal unique identifiers such as the SSN; and called for legislation to limit the collection and use of the SSN, arguing that if Congress fails to act, consumers will likely face many more problems in the years to come. Testimony from the hearing on challenges facing the Federal Trade Commission is available at: http://energycommerce.house.gov/107/hearings/11072001Hearing403/hearing.htm EPIC's Letter to Congress regarding Microsoft Passport is available at: http://www.epic.org/privacy/consumer/microsoft/subcomltr11.5.01.html EPIC's testimony on SSNs and identity theft is available at: http://www.epic.org/privacy/ssn/testimony_11_08_2001.html ======================================================================= [4] Face Recognition Technology Under Scrutiny ======================================================================= In light of September's terrorist attacks on the United States, there has been much discussion about the possibility of using biometric applications, such as face recognition technology, as a means of security, especially in airports. While some public officials and companies that develop this technology claim that installing face recognition software in cameras at airports is an effective means of catching terrorists, civil liberties groups and members of the public tend to disagree. The ACLU released a statement on November 1 arguing that face recognition technology is not effective as a security measure because "the technology doesn't work." The statement further stated: Facial recognition technology carries the danger that its use will evolve into a widespread tool for spying on American citizens as they move about in public places. If the technology promised a significant increase in protection against terrorism, it would be important to evaluate its dangers and benefits in depth. But that conversation is beside the point when face recognition has been shown to be so unreliable as to be useless for important security applications. . . . Face-recognition at the airport offers us neither order nor liberty. Despite this opposition, officials plan to install face recognition software in cameras at Boston's Logan Airport and at Oakland International Airport in California. The Senate Judiciary Committee will hold a hearing on biometric technologies tomorrow, entitled "Biometric Identifiers and the Modern Face of Terror: New Technologies in the Global War on Terrorism," where privacy issues relating to biometric technologies will be addressed. To voice their opposition against face recognition software, the New York Surveillance Camera Players (SCP) will be cutting into the sight lines of a public web camera -- an Internet surveillance device -- operated by a privacy-insensitive company on Saturday, November 17, to protest against face recognition software. The performance will start at exactly 4:30 P.M. Eastern Standard Time, will last about 10 minutes, and will be repeated twice if possible. To view the protest (for browsers with Java): http://www.earthcam.com/usa/newyork/timessquare/cam6.html (for browsers without Java - click "Reload" every 15 seconds or so): http://www.earthcam.com/usa/newyork/timessquare/cam6_nojava.html "ACLU Opposes Use of Face Recognition Software in Airports Due to Ineffectiveness and Privacy": http://www.aclu.org/features/f110101a.html EPIC's Face Recognition Page: http://www.epic.org/privacy/facerecognition/ ======================================================================= [5] Feinstein Introduces Legislation, Will Hold Hearings on Biometrics ======================================================================= In response to the September 11 attacks, Senator Dianne Feinstein (D-CA) has introduced the "Visa Entry Reform Act of 2001" and has scheduled hearings on biometric identifiers. The bill would require the issuance of a "SmartVisa" to all non-citizens entering the country. The Attorney General and Secretary of State would develop the SmartVisa to be machine-readable and to include a biometric identifier. In order for other countries to gain visa waiver status (that is, the ability for its citizens to travel to the U.S. without being issued a SmartVisa) the foreign country must implement its own identification system with machine-readable cards and biometric identifiers. The legislation does not specify what specific biometric identifier would be used for SmartVisas. Sen. Feinstein's legislation would create a central "lookout" database that would provide information on non-citizens to law enforcement, INS authorities, and others agencies as determined by the Attorney General. The lookout database would be a joint project of FBI, the Office of Homeland Security, CIA, the Foreign Terrorist Tracking Task Force, and private industry. Non-immigrant students would also be closely tracked under the Feinstein proposal. Educational institutions would be required to issue quarterly reports on students' course of study, the addresses of parents, friends, and siblings, and work experience. This information would be included in the lookout database. The text of S. 1627, the Visa Entry Reform Act of 2001, is available at: http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.1627: EPIC's National ID Page: http://www.epic.org/privacy/id_cards/ ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.3162 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001. To deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes. Sponsor: Rep Sensenbrenner, F. James, Jr. (R-WI). Latest Major Action: 10/26/2001 Signed by President. Committees: House Judiciary; House Select Committee on Intelligence; House Financial Services; House International Relations; House Energy and Commerce; House Education and the Workforce; House Transportation and Infrastructure; House Armed Services H.R.3181 To establish a temporary moratorium on the issuance of visas for nonimmigrant foreign students and other exchange program participants, to improve procedures for issuance of nonimmigrant student visas. To establish a temporary moratorium on the issuance of visas for nonimmigrant foreign students and other exchange program participants, to improve procedures for issuance of nonimmigrant student visas, and to enhance procedures for admission at ports of entry to the United States. Sponsor: Rep Bilirakis, Michael (R-FL). Latest Major Action: 10/30/2001 Referred to House committee: House Judiciary. H.R.3205 Enhanced Border Security Act of 2001 To enhance the border security of the United States, and for other purposes. Sponsor: Rep Conyers, John, Jr. (D-GA) Latest Major Action: 11/1/2001 Referred to House committee: House Judiciary; House Select Committee on Intelligence; House International Relations; House Government Reform; House Ways and Means; House Transportation and Infrastructure. H.R.3221 To establish a temporary moratorium on the issuance of visas for nonimmigrant foreign students and other exchange program participants and to improve reporting requirements for universities To establish a temporary moratorium on the issuance of visas for nonimmigrant foreign students and other exchange program participants and to improve reporting requirements for universities under the foreign student monitoring program. Sponsor: Rep Roukema, Marge (R-NJ). Latest Major Action: 11/1/2001 Referred to House committee: House Judiciary. *Senate* S.1618 Enhanced Border Security Act of 2001 A bill to enhance the border security of the United States, and for other purposes. Sponsor: Sen Kennedy, Edward M. (D-MA). Latest Major Action: 11/1/2001 Referred to Senate committee: Senate Judiciary. S.1627 Visa Entry Reform Act of 2001 A bill to enhance the security of the international borders of the United States.Sponsor: Sen Feinstein, Dianne (D-CA). Latest Major Action: 11/1/2001 Referred to Senate committee: Senate Judiciary. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - The Future of Ideas ======================================================================= The Future of Ideas: The Fate of the Commons in a Connected World, by Lawrence Lessig. http://www.powells.com/cgi-bin/partner?partner_id=24075&cgi=search/search&searchtype=isbn&searchfor=0375505784 "The Future of Ideas" is a highly readable and deeply engaging sequel to Stanford Law professor Lawrence Lessig's "Code and Other Laws of Cyberspace." In this book, Lessig, who is perhaps most famous for his brief tenure as a court-appointed "special master" in the Microsoft antitrust trial, also sees dominant players exercising control through the law, technical standards and political might to resist the change that might otherwise take place. He urges the Internet generation not to forget what made the last 10 years exciting: an open platform that did not discriminate among applications or content, an environment for creativity and innovation, a public commons for an information age. In a word: the Internet. And instead of calling for the removal of regulation to encourage freedom, he recommends that there is a place for some regulation, if we want to preserve liberty. Lessig's argument is compelling at many levels. It is as good a history of the development of Internet architecture as one is likely to find in a book without pictures. It is also an extraordinarily skillful interweaving of technical characterization and legal argument. And it is a story well told, with a fair balance of clever aside and clear purpose. In time, companies such as Microsoft either acquired or drove out many of the smaller players. But while the software industry shakedown moved forward, the public was transfixed by the rapid emergence of the Internet and a new era of creativity. It could be that in the steady march today toward the cable companies' "walled garden" and the software giant's ".NET platform," there are the early indicators of a new revolution, what the business folks sometimes call "disruptive technologies." But there is also reason to believe that the cycle of innovation and consolidation may not continue endlessly. As more of the commons -- as more of the intellectual material of innovation -- is controlled, the opportunity for new forms of production is diminished. The monopolies of today sweep more broadly than the monopolies of the past. Mr. Ford may have controlled the auto industry, but he did not control the nation's roads. This is the warning in Lessig's masterly exploration of the history of the Internet and the future of innovation. ================================ EPIC Publications: "Privacy & Human Rights 2001: An International Survey of Privacy Laws and Developments," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/phr2001/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2001: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001). Price: $40. http://www.epic.org/bookstore/pls2001/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= Fifth Annual Cato Institute/Forbes ASAP Technology & Society Conference: The Future of Intellectual Property in the Information Age. November 14, 2001. Washington, DC. For more information: http://www.cato.org/events/futureip/program.html Information Operations: Applying Power in the Information Age. Jane's Information Group. November 14-15, 2001. Washington, DC. For more information: http://www.janes.com/security/conference/info_op/info_op.shtml Information Gathering in the 21st Century. Seton Hall Law School. November 16, 2001. South Orange, NJ. For more information: ilst@shu.edu The 2001 Freedom of Information and Privacy Awards. BC Freedom of Information and Privacy Association. November 19, 2001. Vancouver, British Columbia. For more information: http://www.fipa.bc.ca/ Managing Privacy of Health Information. The Canadian Institute. November 19-20, 2001. Vancouver, British Columbia. For more information: http://www.CanadianInstitute.com/ CPO and Privacy Practitioners Workshop. Privacy & American Business and Privacy Council. November 27, 2001. Washington, DC. For more information: info@pandab.org First Privacy Expo 2001. Privacy & American Business and Privacy Council. November 27-29, 2001. Washington, DC. For more information: info@pandab.org Eighth Annual National "Managing the NEW Privacy Revolution" Conference. Privacy & American Business and Privacy Council. November 28-29, 2001. Washington, DC. For more information: info@pandab.org Privacy Law: New Developments & Issues in a Security-Conscious World. Practising Law Institute. November 29, 2001. Satellite Viewing Locations. For more information: http://www.pli.edu/ Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd European Anti-Malware Conference. European Institute for Computer Anti-Virus Research (EICAR). June 8-11, 2002. Berlin, Germany. For more information: http://conference.eicar.org/ Privacy By Design 2001: Building Privacy for Better Business. ZeroKnowledge. December 3-5, 2001. Montreal, Canada. For more information: http://www.zeroknowledge.com/privacybydesign2001/ Get Noticed: Effective Financial Privacy Notices. Federal Trade Commission. December 4, 2001. Washington, DC. For more information: http://www.ftc.gov/bcp/workshops/glb/ Call for Papers - December 10, 2001. Workshop on Privacy Enhancing Technologies 2002. April 14-15, 2002. San Francisco, CA. For more information: http://www.pet2002.org/ 17th Annual Computer Security Applications Conference (ACSAC). Applied Computer Security Associates. December 10-14, 2001. New Orleans, LA. For more information: http://www.acsac.org/ Call for Content - December 15, 2001. INET 2002 - Internet Crossroads: Where Technology and Policy Intersect. The Internet Society. June 18-21, 2002. Arlington, VA. For more information: http://www.isoc.org/inet2002/cfc/ Future of Music Coalition Policy Summit. January 7-8, 2002. Washington, DC. For more information: http://www.futureofmusic.org/events/summit0102/ Chief Privacy Officer Skills Development Workshop. PRIVA-C and Select Knowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX. For more information: http://www.priva-c.com/cpoworkshop/ CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy. April 16-19, 2002. San Francisco, CA. For more information: http://www.cfp2002.org/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via email: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription email address, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at http://www.guidestar.org/partners/helping/gs_report.jsp?npoId=715209 ======================================================================= **NEW!** Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.22 ----------------------- .