EPIC logo


        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

    Volume 9.03                                  February 13, 2002

                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.


Table of Contents

[1] Opposition to National ID System Grows
[2] Comcast Backs Down from Tracking Web Users
[3] EPIC Urges Verizon, Ameritech to Drop Marketing Plans
[4] Individuals Encouraged to Comment on Telemarketing Sales Rule
[5] CPSR Announces New "Privaterra" Coalition
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Web Security, Privacy & Commerce
[8] Upcoming Conferences and Events

[1] Opposition to National ID System Grows

By compelling standardization of the issuance and content of driver's
licenses, including additional immigration and biometric data fields,
and obtaining legislative support for the implementation of its Driver
Record Information Verification System (DRIVerS) to link state and
national driver records, the American Association of Motor Vehicle
Administrators (AAMVA) hopes to effect a nationally interoperable
repository of drivers' personal information: a National ID system in
all but name.

EPIC has been involved in two key initiatives opposing AAMVA's plan to
convert the state driver's license into a de facto National ID card.
In a letter sent to President Bush and Transportation Secretary Mineta
on Monday February 11, 2002, EPIC joined a broad coalition of civil
liberties groups urging the administration to reject the creation of a
National ID Card through the standardization of state driver's
licenses.  Also, EPIC today released the latest policy report in its
Watching the Watchers series, entitled "Your Papers, Please: From the
State Drivers License to a National Identification System."  The paper
offers a detailed assessment of the AAMVA proposal in the context of
prevailing security concerns, Constitutional values and Congress'
history of protecting the privacy of driver's license information.

While EPIC supports efforts to detect and prevent fraud and
counterfeiting of driver's licenses, AAMVA's move to standardize
driver's licenses, to collect more invasive personal information, and
to expand the legitimate function of state motor vehicle authorities
must be rejected.  The increased reliance on a single form of
identification compromises privacy and exacerbates the risks and
consequences of identity theft.

The new report recommends that there should be wider public debate
about the details and the consequences of AAMVA's national
identification card and driver's license system.  The combination of
technical concerns and prevalent American Constitutional values
protecting freedom of movement, privacy, and anonymity strongly
suggest that this and any National ID system should be rejected.

Letter Sent by Coalition to President Bush and Secretary Mineta:

"Your Papers, Please: From the State Drivers License to a National
Identification System" is available at:

EPIC's National ID Page:


[2] Comcast Backs Down from Tracking Web Users

Comcast Corp., which yesterday acknowledged that it had begun tracking
the Web browsing activities of its one million high-speed Internet
subscribers without notifying them, announced today that it will no
longer be engaging in this practice.  Comcast's acknowledgment of its
tracking activities raised questions from Representative Edward Markey
(D-MA), a long-time privacy advocate in Congress.  Markey sent a
letter to Comcast asking about "the nature and extent of any
transgressions of the law that may have resulted in consumer privacy
being compromised," stating that he believed Comcast should be
prohibited from collecting information without obtaining consent,
pursuant to the 1984 Cable Act.

Although the practice was part of a technology overhaul that Comcast
claims was not intended to infringe on privacy, experts agree that an
unnecessarily large amount of information was being collected, and
that the use for that information was not clear.  "Once a company
collects this kind of data, it's really inviting all kinds of requests
for access," said EPIC General Counsel David Sobel. "If they can't
identify a specific need for collecting it, Comcast should take the
necessary steps to eliminate it."

Comcast had been recording subscriber IP addresses, along with
Internet addresses of each requested Web page.  This information was
being stored "temporarily," although no figure has been provided
stating exactly how long the information was being stored.  Some angry
Comcast customers likened this practice to the FBI's controversial
Carnivore surveillance technology.

Other large Internet providers such as America Online and Earthlink
were quoted in reports as saying that they do not track their
subscribers' Web browsing habits, citing privacy reasons.

Comcast Cable Communications President Stephen Burke claims that the
information the company was collecting has "never been connected to
individual subscribers and has been purged automatically to protest
subscriber privacy," though he added that "[b]eginning immediately, we
will stop storing this individual customer information in order to
completely reassure our customers that the privacy of their
information is secure."

Rep. Markey's Letter to Comcast is available at:


[3] EPIC Urges Verizon, Ameritech to Drop Marketing Plans

In letters to Ameritech President Gail Torreano and Verizon President
Ivan Seidenberg, EPIC has urged the companies to suspend their plans
to use records of telephone calls for marketing purposes.  Both phone
companies sent opt-out notice to customers in their most recent
billing statements.  The notices, which required customers to call a
toll-free telephone number to opt-out of the sale of their calling
data, sparked controversy as customers cited privacy concerns and
experienced difficulty attempting to opt-out.

The information that Verizon and Ameritech are planning on using is
known as customer proprietary network information (CPNI), and includes
the information contained within a billing statement, such as calls

In late January, in response to a national campaign led by EPIC, with
the support of state Attorneys General and consumers nationwide, Qwest
Communications withdrew plans for opt-out marketing with CPNI.  The
company has stated that it will wait to devise its plans until the
Federal Communications Commission (FCC) has proposed a final rule on
the issue.  EPIC's letters to Verizon and Ameritech urged the
companies to follow Qwest's example.

EPIC initiated the campaign for opt-in by filing comments, signed by
17 consumer organizations, with the FCC last November.  The FCC's
request for comments followed a federal court decision that the FCC's
opt-in proposal violated the First Amendment because there was not
adequate evidence that opt-in would protect customer privacy
interests.  The comments noted that 86% of consumers favor opt-in for
communications services.

EPIC's letter to Ameritech President Gail Torreano:


EPIC's letter to Verizon President Ivan Seidenberg:


For a history of the debate, see EPIC's CPNI page:


[4] Individuals Encouraged to Comment on Telemarketing Sales Rule

EPIC has urged individuals to submit comments to the Federal Trade
Commission (FTC) on the Telemarketing Sales Rule (TSR).  The TSR
governs how many telemarketers can contact individuals, and changes to
the rule proposed by the FTC may have a significant effect on limiting
sales calls.

EPIC has posted a five-point guide to commenting on the privacy issues
in the TSR.  First, individuals should support a national Do-Not-Call
(DNC) list.  Second, the FTC should require telemarketers to send
accurate caller ID information every time a sales call is initiated.
Third, the FTC should require improvement to autodialers so that "dead
air" or "abandoned" calls are eliminated.  Fourth, the FTC should ban
the collection and sharing of pre-acquired account information.  Last,
the FTC should find ways to expand the scope of the TSR, so that all
commercial entities that engage in telemarketing are subject to the

Individuals can comment until March 29, 2002.

EPIC's recommendations to the public for comment are online at:


Individuals can comment on the FTC web site:


[5] CPSR Announces New "Privaterra" Coalition

On January 30, Computer Professionals for Social Responsibility (CPSR)
announced Privaterra, a new coalition of computer professionals, human
rights workers and human rights organizations joined to harness the
power of technology and help protect human rights workers worldwide.
Established in December 2001, Privaterra will be an ongoing project of

Privaterra is a volunteer-based organization with offices in the
United States and Canada, and members in North America, South America
and Europe.  To help human rights workers and organizations conduct
their activities in safety, and to protect the safety and anonymity of
those they serve, Privaterra is seeking funding, donations-in-kind,
and qualified volunteers.

Privaterra provides human rights workers with technology and teaches
them how to secure their information and communications.  The group is
also constructing a protected clearinghouse of information and
resources relating to privacy and security for human rights

Privacy and security oriented NGOs from all over the world, including
Amnesty International, have contributed support to the newly formed
organization, recognizing the critical need for secure communications
in the fight for human rights.

Privaterra Website:

CPSR Website:


[6] EPIC Bill-Track: New Bills in Congress


H.R.3482 Cyber Security Enhancement Act of 2001. To provide greater
cybersecurity. Sponsor: Rep Smith, Lamar (R-TX). Latest Major Action:
12/13/2001 Referred to House committee: House Judiciary.

H.R.3483 Intergovernmental Law Enforcement Information Sharing Act of
2001. To amend title 31, United States Code, to provide for
intergovernmental cooperation to enhance the sharing of law
enforcement information. Sponsor: Rep Horn, Stephen (R-CA). Latest
Major Action: 12/13/2001 Referred to House committee: House Judiciary.

H.R.3494 Use NICS in Terrorist Investigations Act. To give the Federal
Bureau of Investigation access to NICS records in law enforcement
investigations, and for other purposes. Sponsor: Rep McCarthy, Carolyn
(D-NY). Latest Major Action: 1/14/2002 Referred to House subcommittee:
House Judiciary.

H.R.3525 Enhanced Border Security and Visa Entry Reform Act of 2001.
To enhance the border security of the United States, and for other
purposes. Sponsor: Rep Sensenbrenner, F. James, Jr. (R-WI). Latest
Major Action: 12/20/2001 Referred to Senate committee: House
Judiciary; House Select Committee on Intelligence; House International
Relations; House Ways and Means; House Transportation and
Infrastructure; Senate Judiciary.

H.R.3555 United States Security (`USA') Act of 2001. To prevent,
prepare for, and respond to the threat of terrorism in America, and
for other purposes. Sponsor: Rep Menendez, Robert (D-NJ). Latest Major
Action: 12/28/2001 Referred to House Committees: House Energy and
Commerce; House Transportation and Infrastructure; House Education and
the Workforce; House Government Reform; House Ways and Means; House
Armed Services; House International Relations; House Select Committee
on Intelligence; House Financial Services; House Judiciary.

H.R.3600 National Border Security Agency Act. To establish a National
Border Security Agency. Sponsor: Rep Tancredo, Thomas G. (R-CO).
Latest Major Action: 1/15/2002 Referred to House Subcommittee: House
Government Reform; House Judiciary; House Transportation and
Infrastructure; House Ways and Means.


S.1881 Telemarketing Intrusive Practices Act of 2001. A bill to
require the Federal Trade Commission to establish a list of consumers
who request not to receive telephone sales calls. Sponsor: Sen Dodd,
Christopher J. (D-CT). Latest Major Action: 12/20/2001 Referred to
Senate committee: Senate Commerce, Science, and Transportation.

S.1900 Cyberterrorism Preparedness Act of 2002. A bill to protect
against cyberterrorism and cybercrime, and for other purposes.
Sponsor: Sen Edwards, John (D-NC). Latest Major Action: 1/28/2002
Referred to Senate Committees: Senate Commerce, Science, and

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:


[7] EPIC Bookstore - Web Security, Privacy & Commerce

Web Security, Privacy & Commerce, by Simson Garfinkel (O'Reilly, 2nd
Ed., November 2001).


This new, expanded edition, nearly twice the size of the first
edition, explores web security risks and how to minimize them.  Aimed
at web users, administrators, and content providers, Web Security,
Privacy & Commerce covers Windows and Unix environments, Internet
Explorer and Netscape Navigator, and many other programs, products,
and features: cryptography, SSL, the Public Key Infrastructure (PKI),
digital signatures, digital certificates, privacy threats such as
cookies, log files, web logs, and web bugs, hostile mobile code, and
web publishing (intellectual property, P3P, digital payments,
client-side digital signatures, code signing, PICS).

Web Security, Privacy & Commerce is the definitive reference on Web
security risks and technologies and methods you can use to protect
your organization, your system, your network, and your privacy.


EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information


"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/

The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

     EPIC Bookstore

     "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

The Biometric Consortium Conference. February 13-15, 2002 (rescheduled
from September 12-14, 2001). Arlington, VA. For more information:

Congressional Briefing on Cybersecurity. Forum on Technology &
Innovation. February 14, 2002. Washington, DC. For more information:

CLA 6th Annual Cyberspace Camp Conference. Computer Law Association.
February 14-16. San Jose, CA. For more information:

2nd Annual BNA Summit: Combatting Cyber Attacks on your Corporate
Data. Bureau of National Affairs. February 27-28, 2002. Washington,
DC. For more information: http://cybersecurity.pf.com/

Rethinking Law & Marketing in the Age of Privacy & Security. Wiley
Rein & Fielding LLP. February 28, 2002. Redwood Shore, CA. For more
information: http://www.wrf.com/event/home.asp

Understanding Privacy: New Laws, New Challenges. BC Freedom of
Information and Privacy Association (FIPA). March 11-12, 2002.
Vancouver, British Columbia, Canada. For more information:

HIPAA Summit West II: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security, and HIPAA Compliance. March 13-15,
2002. San Francisco, CA. For more information:

Eighth Annual National Conference, "Managing the NEW Privacy
Revolution," and First Annual Privacy Expo 2002. Privacy & American
Business and Privacy Council. March 20-22, 2002. Washington, DC. For
more information: http://www.ManagingThePrivacyRevolution.com/

Fourth Annual e-ProtectIT Infrastructure Security Conference. Norwich
University. March 20-22, 2002. Northfield, Vermont. For more
information: http://www.e-protectIT.org/

International Symposium on Freedom of Information and Privacy. Office
of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New
Zealand. For more information: Blair.Stewart@privacy.org.nz

Workshop on Privacy Enhancing Technologies. April 14-15, 2002. San
Francisco, CA. For more information: http://www.pet2002.org/

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

2002 IEEE Symposium on Security and Privacy. IEEE and the
International Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

INET 2002. Internet Society. June 18-21, 2002. Washington, DC. For
more information: http://www.isoc.org/inet2002/

Subscription Information

Subscribe/unsubscribe via Web interface:


Subscribe/unsubscribe via email:

     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe"

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, or if you have any
other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:



Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

   ---------------------- END EPIC Alert 9.03 -----------------------