============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.23 December 3, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.23.html ======================================================================= Table of Contents ======================================================================= [1] Supreme Court Hears Arguments on Internet Censorship [2] Amicus Brief Filed in Defense of Anonymous Speech [3] Cybercrime Treaty Signed and Other International Developments [4] Privacy Legislation Passes Congress [5] Second Briefing Held in "Security or Surveillance?" Series [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - Filters & Freedom 2.0 [8] Upcoming Conferences and Events ======================================================================= [1] Supreme Court Hears Arguments on Internet Censorship ======================================================================= The U.S. Supreme Court on November 28 heard oral argument on the constitutionality of the Child Online Protection Act (COPA). American Civil Liberties Union attorney Ann Beeson, representing a coalition of online companies and organizations, including EPIC, urged the Justices to affirm the June 2000 decision of the U.S. Court of Appeals for the Third Circuit, which upheld a lower court injunction against COPA. In that opinion, a unanimous three-judge panel expressed its belief that the 1998 censorship law is fatally flawed. U.S. Solicitor General Theodore Olson argued for reversal of the appellate decision. The legislation was introduced in Congress after an earlier effort to regulate children's access to "indecent" material, the Communications Decency Act (CDA), was held unconstitutional by a unanimous U.S. Supreme Court in 1997. To date, every federal judge to consider the legality of either CDA or COPA has found that the Internet content regulation laws violate the First Amendment. COPA would make it a federal crime to "knowingly" communicate "for commercial purposes" material considered "harmful to minors" to anyone under the age of 17. Penalties include fines of up to $50,000 for each day of violation and up to six months in prison. Compliance with COPA would require websites to obtain identification and age verification from visitors, a feature of the law that EPIC has argued threatens online privacy and anonymity. The Supreme Court is expected to issue a ruling by next June. Complete information on the COPA litigation, including the text of the briefs filed with the Supreme Court, is available at: http://www.epic.org/free_speech/copa/ ======================================================================= [2] Amicus Brief Filed in Defense of Anonymous Speech ======================================================================= On November 29, EPIC, the ACLU, and 14 legal scholars filed an amicus curiae brief with the Supreme Court in Watchtower Bible v. Stratton, Ohio, a case which implicates privacy rights, as well as the First Amendment rights of anonymity, expression, and freedom of association. The case concerns a Stratton city ordinance that requires those going door-to-door to obtain a permit and to identify themselves prior to and during petitioning. The lower court found that neither requirement violated the First Amendment freedom of expression or right to anonymity. Anonymity is a core First Amendment value that enables the expression of political ideas, participation in the political process, membership in political associations, and the practice of religious belief without fear of government intimidation or public retaliation. The brief argues that the Stratton ordinance, in forcing people to sacrifice their anonymity, chills activity protected by the First Amendment. The Supreme Court has long held anonymous speech to be "an honorable tradition of advocacy and of dissent." In Talley v. California, the fountainhead case for anonymity protection, the Court struck down a California law prohibiting anonymous leafletting on the grounds that it "might deter perfectly peaceful discussions of public matters of importance." The Court has twice recently reaffirmed the nexus between the freedoms of speech and association and the right of anonymity by striking down statutes in Colorado and Illinois that required speakers to sacrifice their anonymity. The Court will hear arguments in the case next year. The EPIC/ACLU amicus brief (in PDF) is available at: http://www.epic.org/anonymity/watchtower.pdf Watchtower Bible v. City of Stratton, 240 F.3d 553 (6th Cir. 2001), cert. granted, 2001 U.S. LEXIS 9772: http://pacer.ca6.uscourts.gov/cgi-bin/getopn.pl?OPINION=01a0045p.06 ======================================================================= [3] Cybercrime Treaty Signed and Other International Developments ======================================================================= On November 23, thirty nations, including most European countries, Canada, Japan, South Africa and the U.S., signed the Council of Europe's Convention on Cybercrime at an official ceremony in Budapest, Hungary. The Convention, which has been under negotiation since 1997, is the first international treaty to address crimes committed in "cyberspace," including breach of copyright, computer-related fraud, child pornography and hacking. An optional protocol also criminalizes publication of or linking to racist and xenophobic material on computer networks. The convention harmonizes penalties for these crimes and requires signatory countries to provide each other with mutual legal assistance in investigations. It authorizes a wide range of investigative powers, such as electronic surveillance and access to user records maintained by communications providers. The Convention does not require "dual criminality," meaning that individuals can be investigated by their national authorities for activities that are not even crimes in their home countries. The Convention has been consistently criticized by civil liberties, privacy and security organizations as disproportionately weighted in favor of law enforcement interests. The Convention will enter into force as soon as five countries, including three of the member states, have ratified it. In the U.S., ratification of the treaty will require approval by the Senate. Related measures to combat cybercrime are also being considered at the EU level. On November 27, the European Commission held a special forum on cybercrime to discuss future EU policy making in this area. The main focus of the meeting was the retention of electronic traffic data for law enforcement purposes, an issue that was recently condemned by an international coalition of consumer and privacy organizations as in violation of the fundamental rights to privacy and data protection, freedom of expression, and presumption of innocence. (See EPIC Alert 8.22, "International Coalition Urges EU to Safeguard Privacy.") Information about the Cybercrime treaty (including links to full text, summary, and explanatory report) is available at: http://conventions.coe.int/Treaty/EN/WhatYouWant.asp?NT=185 ======================================================================= [4] Privacy Legislation Passes Congress ======================================================================= Newly enacted legislation will prohibit federal government agencies from snooping into individuals' web browsing habits. The new privacy protections, passed in H.R. 2590, an appropriations bill, apply to all federal agencies. Section 639 of the bill prohibits agencies from collecting personally-identifiable information "relating to an individual's access to or use of" any federal agency Internet sites. The legislation also prohibits the purchase of personally-identifiable information on visits to non-governmental websites. There are notable exceptions to the prohibitions on collecting information. Agencies will be able to collect personally-identifiable information on individuals who voluntarily submit data to government web sites. Additionally, there are law enforcement and security exemptions that allow collection of personally-identifiable information. H.R. 2590 -- Making appropriations for the Treasury Department, the United States Postal Service, the Executive Office of the President, and certain Independent Agencies, for the fiscal year ending September 30, 2002, and for other purposes (see section 639): http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.2590: ======================================================================= [5] Second Briefing Held in "Security or Surveillance?" Series ======================================================================= On Friday, November 30, EPIC hosted the second policy briefing in the ongoing "Security or Surveillance?" event series at the National Press Club in Washington, D.C. Speakers included Simon Davies, Director of Privacy International; Bruce Schneier, CTO and co-founder of Counterpane Internet Security; and Chris Hoofnagle, Legislative Counsel of EPIC. Issues discussed included the technical reliability and privacy implications of new security systems and legal measures being considered both domestically and internationally since September 11. Simon Davies spoke extensively on international developments in anti-terrorism and surveillance provisions, especially in the United Kingdom. Bruce Schneier illustrated many unforeseen ways that a national ID card system might fail. He also examined computer security scenarios that involve "real" terrorism, comparing them with relatively trivial security problems such as the "ILOVEYOU" virus and denouncing the use of the word "cyberterrorism" to describe minor security breaches. Chris Hoofnagle explained that a national ID card is likely to become subject to "function creep," where narrowly targeted regulation expands to other unintended areas. While ID cards have initially been suggested for non-U.S. citizens entering the country, their use could be extended to other groups, such as convicts, welfare recipients, and children. Davies added that a national ID card for noncitizens would likely cause citizens to also carry such a card, in order to prove that they were indeed citizens. More panels in this series will be scheduled in the near future. Visit http://www.epic.org/events/ for a current list of upcoming and past events hosted by EPIC. Audiocast of briefing (in RealAudio format): http://www.connectlive.com/events/surveillance/surveillance-113001.ram For more information about the briefing, see: http://www.epic.org/events/nov30/ EPIC's National ID Page: http://www.epic.org/privacy/id_cards/ ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.3266 To amend title 18, United States Code, to prohibit unauthorized trafficking in personal DNA information, and for other purposes. Sponsor: Rep Rivers, Lynn N.(D-MI). Latest Major Action: 11/8/2001 Referred to House committee: House Judiciary. H.R.3285 Federal-Local Information Sharing Partnership Act of 2001. To provide for the sharing of certain foreign intelligence information with local law enforcement personnel, and for other purposes. Sponsor: Rep Weiner, Anthony D. (D-NJ). Latest Major Action: 11/13/2001 Referred to House committees: House Judiciary; House Select Committee on Intelligence; House Financial Services; House Education and the Workforce. H.R.3367 To amend title 10, United States Code, to require certain contractors with the Department of Defense to perform background investigations, psychological assessments, and behavioral observations, and provide fingerprint cards, with respect to individuals who perform work on military installations or facilities. Sponsor: Rep Saxton, Jim (R-NJ). Latest Major Action: 11/28/2001 Referred to House committee: House Armed Services. H.R.3368 To amend the Fair Credit Reporting Act with respect to statute of limitations on actions. Sponsor: Rep Schakowsky, Janice D. (D-IL). Latest Major Action: 11/28/2001 Referred to House committee: House Financial Services; House Judiciary. H.R.3369 To amend the Fair Credit Reporting Act to provide that the statute of limitations begins to run when a violation is first discovered by a consumer. Sponsor: Rep Shadegg, John B. (R-AZ). Latest Major Action: 11/28/2001 Referred to House committee: House Financial Services; House Judiciary. H.R.3371 To amend the Federal Advisory Committee Act to establish public disclosure requirements for working groups of advisory committees. Sponsor: Rep Waxman, Henry A. (D-CA). Latest Major Action: 11/28/2001 Referred to House Committees: House Government Reform. *Senate* S.1684 A bill to provide a 1-year extension of the date for compliance by certain covered entities with the administrative simplification standards for electronic transactions and code sets issued in accordance with the Health Insurance Portability and Accountability Act of 1996. Sponsor: Sen Dorgan, Byron L.(D-ND). Latest Major Action: 11/14/2001 Referred to Senate committee: Senate Finance. S.1723 Protect Victims of Identity Theft Act of 2001. A bill to amend the Fair Credit Reporting Act with respect to the statute of limitations on actions. Sponsor: Sen Leahy, Patrick J. (D-VT). Latest Major Action: 11/16/2001 Referred to Senate committee: Senate Banking, Housing, and Urban Affairs. S.1733 Name Matching for Enforcement and Security Act of 2001. A bill to develop and implement a unified electronic data system to enhance access to information that is relevant to determine whether to issue a visa or admit an alien to the United States, and for other purposes. Sponsor: Sen Edwards, John (D-NC). Latest Major Action: 11/27/2001 Referred to Senate committee: Senate Judiciary. S.1742 A bill to prevent the crime of identity theft, mitigate the harm to individuals victimized by identity theft, and for other purposes.Sponsor: Sen Cantwell, Maria (D-WA). Latest Major Action: 11/29/2001 Referred to Senate committee: Senate Judiciary. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - Filters & Freedom 2.0 ======================================================================= Filters & Freedom 2.0: Free Speech Perspectives on Internet Content Controls, edited by David L. Sobel (2001) http://www.epic.org/bookstore/filters2.0/ Originally proposed as a technological solution that would forestall official censorship, content filtering has been shown to pose its own significant threats to free expression on the Internet. Often characterized by their proponents as mere features or tools, filtering and rating systems can also be viewed as fundamental architectural changes that may, in fact, facilitate the suppression of speech far more effectively than national laws alone ever could. This revised edition addresses recent developments, including new content control legislation in the United States, efforts within the European Union to establish a uniform rating regime for online material, and the growing controversy over the use of filtering in public libraries. Partly as a result of the writings contained in this collection, the headlong rush toward the development and acceptance of filtering and rating systems has slowed. These critical views must be considered carefully if we are to preserve freedom of expression in the online world. ================================ EPIC Publications: "Privacy & Human Rights 2001: An International Survey of Privacy Laws and Developments," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/phr2001/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2001: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001). Price: $40. http://www.epic.org/bookstore/pls2001/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= ** POSTPONED! ** First Privacy Expo 2001. Privacy & American Business and Privacy Council. Was November 27-29, 2001; will be rescheduled for February or March 2002. Washington, DC. For more information: info@pandab.org ** POSTPONED! ** Eighth Annual National "Managing the NEW Privacy Revolution" Conference. Privacy & American Business and Privacy Council. Was November 28-29, 2001; will be rescheduled for February or March 2002. Washington, DC. For more information: info@pandab.org Privacy By Design 2001: Building Privacy for Better Business. ZeroKnowledge. December 3-5, 2001. Montreal, Canada. For more information: http://www.zeroknowledge.com/privacybydesign2001/ Get Noticed: Effective Financial Privacy Notices. Federal Trade Commission. December 4, 2001. Washington, DC. For more information: http://www.ftc.gov/bcp/workshops/glb/ Call for Papers - December 10, 2001. Workshop on Privacy Enhancing Technologies 2002. April 14-15, 2002. San Francisco, CA. For more information: http://www.pet2002.org/ 17th Annual Computer Security Applications Conference (ACSAC). Applied Computer Security Associates. December 10-14, 2001. New Orleans, LA. For more information: http://www.acsac.org/ Call for Content - December 15, 2001. INET 2002 - Internet Crossroads: Where Technology and Policy Intersect. The Internet Society. June 18-21, 2002. Arlington, VA. For more information: http://www.isoc.org/inet2002/cfc/ Future of Music Coalition Policy Summit. January 7-8, 2002. Washington, DC. For more information: http://www.futureofmusic.org/events/summit0102/ Chief Privacy Officer Skills Development Workshop. PRIVA-C and Select Knowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX. For more information: http://www.priva-c.com/cpoworkshop/ Debating Privacy and ICT: Before and After September 11th. Rathenau Instituut. January 17, 2002. Amsterdam, The Netherlands. For more information: privacy@jcc-congress.nl International Symposium on Freedom of Information and Privacy. Office of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New Zealand. For more information: Blair.Stewart@privacy.org.nz CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy. April 16-19, 2002. San Francisco, CA. For more information: http://www.cfp2002.org/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via email: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription email address, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org/ or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ======================================================================= **NEW!** Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 8.23 ----------------------- .