============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 8.24 December 18, 2001 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_8.24.html ======================================================================= Table of Contents ======================================================================= [1] Intelligence Funding Bill Contains Wiretap Provisions [2] FOIA Suit Challenges Secrecy of Post-9/11 Detentions [3] Congress Urged to Examine Microsoft Passport [4] Computer Experts Question National ID Schemes [5] TRAC Terrorism Enforcement Report Released [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - The Security of Freedom [8] Upcoming Conferences and Events ======================================================================= [1] Intelligence Funding Bill Contains Wiretap Provisions ======================================================================= Just weeks after passage of comprehensive anti-terrorism legislation, Congress continues to tinker with the laws governing electronic monitoring. An appropriations bill awaiting the President's signature provides for increased governmental surveillance capabilities under the Foreign Intelligence Surveillance Act (FISA), increasing the authorities recently broadened by the USA PATRIOT Act passed in October (see EPIC Alert 8.21). H.R. 2883 expands "roving wiretap" authority by amending the location provision in FISA, which currently requires agents to identify the location of the instrument to be monitored. The amendment requires identification of location only "if known." Roving wiretap authority under FISA was established by the USA PATRIOT Act to allow the Foreign Intelligence Surveillance Court (FISC) to issue generic orders to any communications provider, thereby permitting the government to track the communications of a specific individual carried over a variety of sources. The new amendment permits the FISC to issue orders permitting government surveillance of communications where neither the provider nor the location of the communication device is specified. Under current law, the Attorney General may authorize electronic surveillance or a search without a court order in an emergency. In such instances, the government must present a formal application to the FISC within 24 hours of the Attorney General's authorization. The new legislation extends the time in which the government must present a formal order to 72 hours. It also contains various technical amendments to the USA PATRIOT Act. The bill, which was the result of a House-Senate conference, specifies four priority areas in the nation's intelligence capabilities: (1) revitalizing the National Security Agency; (2) correcting deficiencies in human intelligence; (3) addressing the imbalance between intelligence collection and analysis; and (4) rebuilding a robust research and development program. H.R. 2883, the Intelligence Authorization Act for Fiscal Year 2002, is available at: http://www.epic.org/privacy/wiretap/hr2883.html EPIC's Wiretap Page: http://www.epic.org/privacy/wiretap/ ======================================================================= [2] FOIA Suit Challenges Secrecy of Post-9/11 Detentions ======================================================================= A coalition of civil liberties, civil rights and human rights organizations filed suit against the Justice Department on December 5, seeking the disclosure of basic information about more than 1000 individuals arrested and detained since September 11. The government has continually refused to disclose the data in response to Freedom of Information Act (FOIA) requests, resulting in unprecedented secrecy surrounding the status of the individuals. EPIC is participating in the case as both co-plaintiff and co-counsel. Members of Congress, the news media and civil liberties groups have all raised questions as to whether those jailed since September 11 are being accorded applicable constitutional protections. The FOIA lawsuit asserts that the requested information involves a matter of extraordinary public interest and that the secrecy surrounding the detentions is at odds with longstanding principles of open judicial proceedings. On October 29, the plaintiff organizations requested disclosure of detainee information under the FOIA from the Justice Department and two of its components -- the Federal Bureau of Investigation and the Immigration and Naturalization Service. They specifically requested the release of, among other things, the identity of the detainees, where they are being held, the names of their lawyers, which courts are involved, how long the detainees have been held and the nature of any charges filed against them. In late November, the Justice Department released partial and fragmentary information about the detainees but, for the most part, fell far short of satisfying the FOIA request. Under a court-approved schedule to expeditiously litigate the case, the government will be filing its brief on January 11. The text of the lawsuit is available (in PDF) at: http://www.epic.org/open_gov/FOIA/detainee_complaint.pdf ======================================================================= [3] Congress Urged to Examine Microsoft Passport ======================================================================= On December 11, EPIC sent a letter to members of the Senate Judiciary Committee urging them to question witnesses at a recent hearing on the Microsoft antitrust settlement about the role that the settlement can play in addressing the security and privacy risks of Passport. EPIC warned committee members that Passport "could literally become the tollbooth that controls Internet access for millions of consumers in the United States." EPIC suggested three issues that could be further explored in order to protect consumers from Microsoft Passport. First, Congress should consider how Microsoft could be prevented from using its market dominance to acquire more Passport users. Second, the settlement should be tailored to prevent Microsoft from conditioning access to the Internet on Passport subscription. Finally, the settlement should prevent Microsoft from using its market dominance to profile individuals and to share their personal information. Currently, Microsoft claims to have 200 million users with Passport accounts, and that number increases every time Microsoft ties a new service to Passport. Most recently, users of the Zone.com gaming service were required to sign up for Microsoft Passport before accessing services. During the hearing, Chairman Patrick Leahy (D-VT) and Senator Orrin Hatch (R-UT) issued statements criticizing the settlement as vague and unenforceable. A procedural rule was invoked during the hearing that forced Chairman Leahy to end the proceeding early. To date, the hearing has not been rescheduled. However, the record of the partial hearing was forwarded to the judge overseeing the settlement matter. EPIC Letter to Members of the Senate Judiciary Committee: http://www.epic.org/privacy/consumer/microsoft/senjud12.11.01.html EPIC's Sign Out of Passport Page: http://www.epic.org/privacy/consumer/microsoft/ ======================================================================= [4] Computer Experts Question National ID Schemes ======================================================================= Computer Professionals for Social Responsibility (CPSR), an international association of computer experts, has released a Frequently Asked Questions (FAQ) document explaining and critiquing recent proposals to create national identification schemes (NIDS) in the United States, Canada, and other countries. CPSR says that a national ID scheme "could combine the functions of a driver's license, social security registration, immigration documents, and other government- issued identification." Individuals would be entered in a nationwide database and issued a "smart card" containing personal information. In some proposals, this smart card would include fingerprints, retina scans, and/or other biometric data. "CPSR doubts that national identification schemes can provide additional security against terrorist attacks," said CPSR president Coralee Whitcomb. She added: These ideas have been around for a while, but after September 11 their proponents, including potential suppliers, who stand to profit handsomely from massive ID Card programs, used the climate of fear to dust them off in response to the public's desire for improved security. National identification schemes instead would endanger civil liberties, allowing those with access to the data base to track the behavior, associations, and finances of innocent people. Further, Whitcomb stated that a new ID system could "leave us relying on the wrong approach to security, and create a false sense of security that leaves us more vulnerable than before." CPSR links to resources on National ID and related information (including the National ID FAQ) can be found at: http://www.cpsr.org/program/natlID/natlIDlinks.html EPIC's National ID Page: http://www.epic.org/privacy/id_cards/ EPIC's Biometrics Page: http://www.epic.org/privacy/biometrics/ ======================================================================= [5] TRAC Terrorism Enforcement Report Released ======================================================================= The Transactional Records Access Clearinghouse (TRAC), a research organization supported by the Knight Foundation, the Rockefeller Family Fund, the Open Society Institute and others released a Terrorism Enforcement Report on December 3. Using extensive internal Justice Department data that TRAC recently received under court order, the report shows that only a tiny fraction of FBI terrorism investigations in the last five years resulted in the Bureau actually requesting a prosecution. Further, the report showed that the number of investigations was inflated by the inclusion of non-terrorist crimes, and that this practice continued even after the events of September 11. As reported in the Philadelphia Inquirer, some of the cases labeled as terrorism involve convicts rioting to get better prison food, erratic behavior by people with mental illnesses, and passengers getting drunk on airplanes. An Assistant U.S. Attorney in San Francisco asked the District Judge to stiffen a sentence against an Arizona man who got drunk on a United Airlines flight, repeatedly rang the call button, demanded more alcohol, and touched a flight attendant. Justice Department records say the case falls under "domestic terrorism." The judge said that this was not terrorism; it was simply a man "being an annoyance beyond belief." The most recent Justice Department annual report says that FBI investigations led to 236 terrorism convictions in fiscal year 2000. That number is generated from an FBI computer system that follows criminal cases from beginning to end. The government would not release details of the 236 cases identified as terrorism in the Justice Department's annual report; however, Knight Ridder journalists submitted requests under the Freedom of Information Act (FOIA) to find out more about the cases, and deduced that only a handful of the cases actually involved terrorist acts, such as the 1996 bombing of Khobar Towers in Saudi Arabia. Justice Department officials, both former and current, say that the numbers in the reports are used to justify the department's $22 billion annual budget. Details can be found in "U.S. Overstates Arrests in Terrorism," by Mark Fazlollah and Peter Nicholas, Philadelphia Inquirer, December 16, 2001: http://inq.philly.com/content/inquirer/2001/12/16/front_page/terror16.htm Transactional Records Access Clearinghouse (TRAC) -- click on What's New (Terror Report): http://www.trac.syr.edu ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.3387 Fair Credit Reporting Act Limitations on Actions Act of 2001. To amend the Fair Credit Reporting Act to extend the limitation on actions, and for other purposes. Sponsor: Rep Terry, Lee (R-NE). Latest Major Action: 11/30/2001 Referred to House committee: House Financial Services; House Judiciary. *Senate* S.1749 Enhanced Border Security and Visa Entry Reform Act of 2001. A bill to enhance the border security of the United States, and for other purposes. Sponsor: Sen Kennedy, Edward M. (D-MA) Latest Major Action: 11/30/2001 Referred to Senate committee: Senate Judiciary. S.1788 Use NICS in Terrorist Investigations Act. A bill to give the Federal Bureau of Investigation access to NICS records in law enforcement investigations, and for other purposes. Sponsor: Sen Schumer, Charles E. (D-NY) Latest Major Action: 12/7/2001 Referred to Senate committee: Senate Judiciary. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - The Security of Freedom ======================================================================= The Security of Freedom: Essays on Canada's Anti-Terrorism Bill, ed., Ronald J. Daniels (University of Toronto 2001) http://www.utppublishing.com/detail.asp?TitleID=2493 Law schools move slowly in matters of national policy. Their participation in public debate is oftentimes after the fact, once the law is passed, once the case is decided. Too few academic conferences engage political leaders and political institutions. Too many assume that to present positions pro and con is to promote a meaningful public dialogue. All this is worth keeping in mind when reading this extraordinary collection of essays prepared by the Faculty of Law at the University of Toronto. "The Security of Freedom: Essays on Canada's Anti-Terrorism Bill" is based on a conference organized at the University of Toronto in early in November, just as the Canadian government began to consider legislative responses to the tragic events of September 11. That conference brought together legal experts, government officials, and community leaders to evaluate the specific provisions contained in C-36, Canada's proposed Anti-terrorism Bill which is still pending before the Parliament. Although most of the papers lean toward criticism of the expanded police powers, the tone is restrained, the analysis proceeds in measured steps. Several authors note that the proposal of the Minister of Justice Anne McLellan would probably pass court review under the Canadian Charter of Rights and Freedoms, "Charter-proofing" as several of the commentators say. But this does answer the most fundamental questions. As the editor and dean of the Faculty of Law Ronald Daniels observes, "the impact of expanded governmental powers on individuals rights and liberties" transcends the question of whether the measure passes judicial scrutiny. "The question posed," writes Daniels, is "a more fundamental one of whether the enhanced powers being sought for the state are congruent with our democratic traditions and values, and consistent with bedrock ideas of the rule of law." A key problem, for example, with Canada's Anti-terrorism bill is simply the definition of "terrorist activity." The term in the original draft could include all forms of public protest that are not "lawful," i.e. approved by government. At a time when there is real debate about environment policy, the impact of globalization, and the rights of native people, the risk that an anti-terror measure could sweep up public protest is very real. Several of the authors point to the impact that the proposed measure would have on judicial oversight, legislative review of actions by the executive, and public access to information about the conduct of government. These proposals also threaten to change the character of democratic institutions. Other essays touch upon criminal justice, privacy, and profiling in a multi-cultural society. Concluding remarks from government officials note both the real challenges of public safety and the real concern about preserving the freedoms in the Charter. At the time of this review, it is clear that the work of the University of Toronto, as well as public officials, the Canadian Bar Association, and NGO advocates has changed the debate in Canada. Changes to the definition of terrorism have been adopted, as well as new means of oversight. Still, concerns remain about limitations on the right to counsel, and the "preventive arrest" and "investigative hearings" provisions in the bill. We come to the end of a difficult year. The challenges of September 11 remain within us. But "Security of Freedom" provides the best publication to date on the role of law and the importance of individual rights after September 11. This collection helps us better understand the political and legal dimensions of security and freedom, and wisely suggests that the answer is not in the proverbial balance of these two goals but in the recognition that without freedom there can be no real security. - Marc Rotenberg Security of Freedom Conference web site: http://www.law.utoronto.ca/c-36/index.htm ================================ EPIC Publications: "Privacy & Human Rights 2001: An International Survey of Privacy Laws and Developments," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/phr2001/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2001: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001). Price: $40. http://www.epic.org/bookstore/pls2001/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= ** POSTPONED! ** First Privacy Expo 2001. Privacy & American Business and Privacy Council. Was November 27-29, 2001; will be rescheduled for February or March 2002. Washington, DC. For more information: info@pandab.org ** POSTPONED! ** Eighth Annual National "Managing the NEW Privacy Revolution" Conference. Privacy & American Business and Privacy Council. Was November 28-29, 2001; will be rescheduled for February or March 2002. Washington, DC. For more information: info@pandab.org Future of Music Coalition Policy Summit. January 7-8, 2002. Washington, DC. For more information: http://www.futureofmusic.org/events/summit0102/ Chief Privacy Officer Skills Development Workshop. PRIVA-C and Select Knowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX. For more information: http://www.priva-c.com/cpoworkshop/ Debating Privacy and ICT: Before and After September 11th. Rathenau Instituut. January 17, 2002. Amsterdam, The Netherlands. For more information: privacy@jcc-congress.nl International Symposium on Freedom of Information and Privacy. Office of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New Zealand. For more information: Blair.Stewart@privacy.org.nz CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy. April 16-19, 2002. San Francisco, CA. For more information: http://www.cfp2002.org/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via email: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription email address, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= **Last chance for an end-of-year tax break!** ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. Thank you for your support. ---------------------- END EPIC Alert 8.24 ----------------------- .