============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 9.03 February 13, 2002 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.03.html ======================================================================= Table of Contents ======================================================================= [1] Opposition to National ID System Grows [2] Comcast Backs Down from Tracking Web Users [3] EPIC Urges Verizon, Ameritech to Drop Marketing Plans [4] Individuals Encouraged to Comment on Telemarketing Sales Rule [5] CPSR Announces New "Privaterra" Coalition [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - Web Security, Privacy & Commerce [8] Upcoming Conferences and Events ======================================================================= [1] Opposition to National ID System Grows ======================================================================= By compelling standardization of the issuance and content of driver's licenses, including additional immigration and biometric data fields, and obtaining legislative support for the implementation of its Driver Record Information Verification System (DRIVerS) to link state and national driver records, the American Association of Motor Vehicle Administrators (AAMVA) hopes to effect a nationally interoperable repository of drivers' personal information: a National ID system in all but name. EPIC has been involved in two key initiatives opposing AAMVA's plan to convert the state driver's license into a de facto National ID card. In a letter sent to President Bush and Transportation Secretary Mineta on Monday February 11, 2002, EPIC joined a broad coalition of civil liberties groups urging the administration to reject the creation of a National ID Card through the standardization of state driver's licenses. Also, EPIC today released the latest policy report in its Watching the Watchers series, entitled "Your Papers, Please: From the State Drivers License to a National Identification System." The paper offers a detailed assessment of the AAMVA proposal in the context of prevailing security concerns, Constitutional values and Congress' history of protecting the privacy of driver's license information. While EPIC supports efforts to detect and prevent fraud and counterfeiting of driver's licenses, AAMVA's move to standardize driver's licenses, to collect more invasive personal information, and to expand the legitimate function of state motor vehicle authorities must be rejected. The increased reliance on a single form of identification compromises privacy and exacerbates the risks and consequences of identity theft. The new report recommends that there should be wider public debate about the details and the consequences of AAMVA's national identification card and driver's license system. The combination of technical concerns and prevalent American Constitutional values protecting freedom of movement, privacy, and anonymity strongly suggest that this and any National ID system should be rejected. Letter Sent by Coalition to President Bush and Secretary Mineta: http://www.epic.org/privacy/id_cards/presidentltr2.11.02.html "Your Papers, Please: From the State Drivers License to a National Identification System" is available at: http://www.epic.org/privacy/id_cards/yourpapersplease.pdf EPIC's National ID Page: http://www.epic.org/privacy/id_cards/ ======================================================================= [2] Comcast Backs Down from Tracking Web Users ======================================================================= Comcast Corp., which yesterday acknowledged that it had begun tracking the Web browsing activities of its one million high-speed Internet subscribers without notifying them, announced today that it will no longer be engaging in this practice. Comcast's acknowledgment of its tracking activities raised questions from Representative Edward Markey (D-MA), a long-time privacy advocate in Congress. Markey sent a letter to Comcast asking about "the nature and extent of any transgressions of the law that may have resulted in consumer privacy being compromised," stating that he believed Comcast should be prohibited from collecting information without obtaining consent, pursuant to the 1984 Cable Act. Although the practice was part of a technology overhaul that Comcast claims was not intended to infringe on privacy, experts agree that an unnecessarily large amount of information was being collected, and that the use for that information was not clear. "Once a company collects this kind of data, it's really inviting all kinds of requests for access," said EPIC General Counsel David Sobel. "If they can't identify a specific need for collecting it, Comcast should take the necessary steps to eliminate it." Comcast had been recording subscriber IP addresses, along with Internet addresses of each requested Web page. This information was being stored "temporarily," although no figure has been provided stating exactly how long the information was being stored. Some angry Comcast customers likened this practice to the FBI's controversial Carnivore surveillance technology. Other large Internet providers such as America Online and Earthlink were quoted in reports as saying that they do not track their subscribers' Web browsing habits, citing privacy reasons. Comcast Cable Communications President Stephen Burke claims that the information the company was collecting has "never been connected to individual subscribers and has been purged automatically to protest subscriber privacy," though he added that "[b]eginning immediately, we will stop storing this individual customer information in order to completely reassure our customers that the privacy of their information is secure." Rep. Markey's Letter to Comcast is available at: http://www.epic.org/privacy/internet/markey_comcast.html ======================================================================= [3] EPIC Urges Verizon, Ameritech to Drop Marketing Plans ======================================================================= In letters to Ameritech President Gail Torreano and Verizon President Ivan Seidenberg, EPIC has urged the companies to suspend their plans to use records of telephone calls for marketing purposes. Both phone companies sent opt-out notice to customers in their most recent billing statements. The notices, which required customers to call a toll-free telephone number to opt-out of the sale of their calling data, sparked controversy as customers cited privacy concerns and experienced difficulty attempting to opt-out. The information that Verizon and Ameritech are planning on using is known as customer proprietary network information (CPNI), and includes the information contained within a billing statement, such as calls dialed. In late January, in response to a national campaign led by EPIC, with the support of state Attorneys General and consumers nationwide, Qwest Communications withdrew plans for opt-out marketing with CPNI. The company has stated that it will wait to devise its plans until the Federal Communications Commission (FCC) has proposed a final rule on the issue. EPIC's letters to Verizon and Ameritech urged the companies to follow Qwest's example. EPIC initiated the campaign for opt-in by filing comments, signed by 17 consumer organizations, with the FCC last November. The FCC's request for comments followed a federal court decision that the FCC's opt-in proposal violated the First Amendment because there was not adequate evidence that opt-in would protect customer privacy interests. The comments noted that 86% of consumers favor opt-in for communications services. EPIC's letter to Ameritech President Gail Torreano: http://www.epic.org/privacy/cpni/ameritechletter.html EPIC's letter to Verizon President Ivan Seidenberg: http://www.epic.org/privacy/cpni/verizonletter.html For a history of the debate, see EPIC's CPNI page: http://www.epic.org/privacy/cpni/ ======================================================================= [4] Individuals Encouraged to Comment on Telemarketing Sales Rule ======================================================================= EPIC has urged individuals to submit comments to the Federal Trade Commission (FTC) on the Telemarketing Sales Rule (TSR). The TSR governs how many telemarketers can contact individuals, and changes to the rule proposed by the FTC may have a significant effect on limiting sales calls. EPIC has posted a five-point guide to commenting on the privacy issues in the TSR. First, individuals should support a national Do-Not-Call (DNC) list. Second, the FTC should require telemarketers to send accurate caller ID information every time a sales call is initiated. Third, the FTC should require improvement to autodialers so that "dead air" or "abandoned" calls are eliminated. Fourth, the FTC should ban the collection and sharing of pre-acquired account information. Last, the FTC should find ways to expand the scope of the TSR, so that all commercial entities that engage in telemarketing are subject to the rule. Individuals can comment until March 29, 2002. EPIC's recommendations to the public for comment are online at: http://www.epic.org/privacy/telemarketing/ Individuals can comment on the FTC web site: http://www.ftc.gov/bcp/conline/edcams/donotcall/form.htm ======================================================================= [5] CPSR Announces New "Privaterra" Coalition ======================================================================= On January 30, Computer Professionals for Social Responsibility (CPSR) announced Privaterra, a new coalition of computer professionals, human rights workers and human rights organizations joined to harness the power of technology and help protect human rights workers worldwide. Established in December 2001, Privaterra will be an ongoing project of CPSR. Privaterra is a volunteer-based organization with offices in the United States and Canada, and members in North America, South America and Europe. To help human rights workers and organizations conduct their activities in safety, and to protect the safety and anonymity of those they serve, Privaterra is seeking funding, donations-in-kind, and qualified volunteers. Privaterra provides human rights workers with technology and teaches them how to secure their information and communications. The group is also constructing a protected clearinghouse of information and resources relating to privacy and security for human rights organizations. Privacy and security oriented NGOs from all over the world, including Amnesty International, have contributed support to the newly formed organization, recognizing the critical need for secure communications in the fight for human rights. Privaterra Website: http://privaterra.cpsr.org/ CPSR Website: http://www.cpsr.org/ ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.3482 Cyber Security Enhancement Act of 2001. To provide greater cybersecurity. Sponsor: Rep Smith, Lamar (R-TX). Latest Major Action: 12/13/2001 Referred to House committee: House Judiciary. H.R.3483 Intergovernmental Law Enforcement Information Sharing Act of 2001. To amend title 31, United States Code, to provide for intergovernmental cooperation to enhance the sharing of law enforcement information. Sponsor: Rep Horn, Stephen (R-CA). Latest Major Action: 12/13/2001 Referred to House committee: House Judiciary. H.R.3494 Use NICS in Terrorist Investigations Act. To give the Federal Bureau of Investigation access to NICS records in law enforcement investigations, and for other purposes. Sponsor: Rep McCarthy, Carolyn (D-NY). Latest Major Action: 1/14/2002 Referred to House subcommittee: House Judiciary. H.R.3525 Enhanced Border Security and Visa Entry Reform Act of 2001. To enhance the border security of the United States, and for other purposes. Sponsor: Rep Sensenbrenner, F. James, Jr. (R-WI). Latest Major Action: 12/20/2001 Referred to Senate committee: House Judiciary; House Select Committee on Intelligence; House International Relations; House Ways and Means; House Transportation and Infrastructure; Senate Judiciary. H.R.3555 United States Security (`USA') Act of 2001. To prevent, prepare for, and respond to the threat of terrorism in America, and for other purposes. Sponsor: Rep Menendez, Robert (D-NJ). Latest Major Action: 12/28/2001 Referred to House Committees: House Energy and Commerce; House Transportation and Infrastructure; House Education and the Workforce; House Government Reform; House Ways and Means; House Armed Services; House International Relations; House Select Committee on Intelligence; House Financial Services; House Judiciary. H.R.3600 National Border Security Agency Act. To establish a National Border Security Agency. Sponsor: Rep Tancredo, Thomas G. (R-CO). Latest Major Action: 1/15/2002 Referred to House Subcommittee: House Government Reform; House Judiciary; House Transportation and Infrastructure; House Ways and Means. *Senate* S.1881 Telemarketing Intrusive Practices Act of 2001. A bill to require the Federal Trade Commission to establish a list of consumers who request not to receive telephone sales calls. Sponsor: Sen Dodd, Christopher J. (D-CT). Latest Major Action: 12/20/2001 Referred to Senate committee: Senate Commerce, Science, and Transportation. S.1900 Cyberterrorism Preparedness Act of 2002. A bill to protect against cyberterrorism and cybercrime, and for other purposes. Sponsor: Sen Edwards, John (D-NC). Latest Major Action: 1/28/2002 Referred to Senate Committees: Senate Commerce, Science, and Transportation. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - Web Security, Privacy & Commerce ======================================================================= Web Security, Privacy & Commerce, by Simson Garfinkel (O'Reilly, 2nd Ed., November 2001). http://www.epic.org/bookstore/powells/redirect/alert903.html This new, expanded edition, nearly twice the size of the first edition, explores web security risks and how to minimize them. Aimed at web users, administrators, and content providers, Web Security, Privacy & Commerce covers Windows and Unix environments, Internet Explorer and Netscape Navigator, and many other programs, products, and features: cryptography, SSL, the Public Key Infrastructure (PKI), digital signatures, digital certificates, privacy threats such as cookies, log files, web logs, and web bugs, hostile mobile code, and web publishing (intellectual property, P3P, digital payments, client-side digital signatures, code signing, PICS). Web Security, Privacy & Commerce is the definitive reference on Web security risks and technologies and methods you can use to protect your organization, your system, your network, and your privacy. ================================ EPIC Publications: "Privacy & Human Rights 2001: An International Survey of Privacy Laws and Developments," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/phr2001/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2001: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001). Price: $40. http://www.epic.org/bookstore/pls2001/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= The Biometric Consortium Conference. February 13-15, 2002 (rescheduled from September 12-14, 2001). Arlington, VA. For more information: http://www.nist.gov/bcfeb02/ Congressional Briefing on Cybersecurity. Forum on Technology & Innovation. February 14, 2002. Washington, DC. For more information: http://www.tech-forum.org/ CLA 6th Annual Cyberspace Camp Conference. Computer Law Association. February 14-16. San Jose, CA. For more information: http://www.cla.org/cal_camp.htm 2nd Annual BNA Summit: Combatting Cyber Attacks on your Corporate Data. Bureau of National Affairs. February 27-28, 2002. Washington, DC. For more information: http://cybersecurity.pf.com/ Rethinking Law & Marketing in the Age of Privacy & Security. Wiley Rein & Fielding LLP. February 28, 2002. Redwood Shore, CA. For more information: http://www.wrf.com/event/home.asp Understanding Privacy: New Laws, New Challenges. BC Freedom of Information and Privacy Association (FIPA). March 11-12, 2002. Vancouver, British Columbia, Canada. For more information: http://ellisriley.on.ca/fipa/ HIPAA Summit West II: The Leading Forum on Healthcare Privacy, Confidentiality, Data Security, and HIPAA Compliance. March 13-15, 2002. San Francisco, CA. For more information: http://www.hipaasummit.com/ Eighth Annual National Conference, "Managing the NEW Privacy Revolution," and First Annual Privacy Expo 2002. Privacy & American Business and Privacy Council. March 20-22, 2002. Washington, DC. For more information: http://www.ManagingThePrivacyRevolution.com/ Fourth Annual e-ProtectIT Infrastructure Security Conference. Norwich University. March 20-22, 2002. Northfield, Vermont. For more information: http://www.e-protectIT.org/ International Symposium on Freedom of Information and Privacy. Office of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New Zealand. For more information: Blair.Stewart@privacy.org.nz Workshop on Privacy Enhancing Technologies. April 14-15, 2002. San Francisco, CA. For more information: http://www.pet2002.org/ CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy. April 16-19, 2002. San Francisco, CA. For more information: http://www.cfp2002.org/ 2002 IEEE Symposium on Security and Privacy. IEEE and the International Association for Cryptologic Research. May 12-15, 2002. Oakland, CA. For more information: http://www.ieee-security.org/TC/SP02/sp02index.html INET 2002. Internet Society. June 18-21, 2002. Washington, DC. For more information: http://www.isoc.org/inet2002/ ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via email: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription email address, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ======================================================================= Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 9.03 ----------------------- .