EPIC logo

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 9.05                                     March 15, 2002
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
Table of Contents

[1] National Freedom of Information Day -- March 16, 2002
[2] EPIC Files FOIA Lawsuit for Air Travel Security Documents
[3] Council of Europe Considers Cybercrime Protocols
[4] UK Holds Big Brother Awards
[5] Scarfo "Key Logger" Case Ends in Plea Bargain
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online
[8] Upcoming Conferences and Events

[1] National Freedom of Information Day -- March 16, 2002

     Knowledge will forever govern ignorance, and a people who
     mean to be their own governors, must arm themselves with the
     power knowledge gives.  A popular government without popular
     information or the means of acquiring it, is but a prologue
     to a farce or a tragedy or perhaps both. -- James Madison

On March 16 -- James Madison's birthday -- EPIC will join with other
open government advocates to emphasize the value and importance of the
Freedom of Information Act.

The public's right of access to government information is a
cornerstone of our democratic society.  Free and open access to
information is a basic principle that has enabled the United States to
endure and prosper for more than 200 years.  For more than a quarter
of a century, the Freedom of Information Act (FOIA) has ratified the
public's right to know what the government, its agencies, and its
officials have done.  It has substituted public oversight for secrecy,
and our country has benefited from the truths that been extracted from
public records.  Although our nation must be safeguarded from further
acts of terrorism, we must never allow the public's right to know,
enshrined in the FOIA, to be suppressed for the sake of official
convenience.  Our system of representative democracy depends on the
free flow of information produced, collected and published by the
government and available to the American people so they can
participate as an informed electorate and be aware of actions the
government takes in their name.

On October 12, 2001, Attorney General John Ashcroft issued a
memorandum on behalf of the Bush Administration, directing federal
agency heads -- with the full support of the Department of Justice --
to search for and use any legal authority for denying access to
records under FOIA.  This policy of secrecy is incompatible with the
values of a free society.

In February, the House Government Reform Committee, with oversight on
FOIA issues, marked up a draft update of its popular "Citizen's Guide
on Using the Freedom of Information Act and the Privacy Act of 1974 to
Request Government Records."  Rep. Henry Waxman (D-CA) offered, and
Committee Chair Dan Burton (R-IN) approved, the addition of the
following paragraphs to the 2002 draft:

     The history of the act reflects that it is a disclosure
     law.  It presumes that requested records will be disclosed,
     and the agency must make its case for withholding in terms
     of the act's exemptions to the rule of disclosure. . . . 
     Contrary to the instructions issued by the Department of
     Justice on October 12, 2001, the standard should not be to
     allow the withholding of information whenever there is
     merely a "sound legal basis" for doing so.

The action represents a symbolic, bipartisan Congressional repudiation
of the Attorney General's October directive.

In these trying times, our future as a nation and as individuals will
be determined by how successfully we use information.  That is why
EPIC urges individuals and associations across American to join in
celebrating the public's "right to know" on Freedom of Information
Day, March 16.  EPIC has created an online "Freedom of Information Act
Gallery" to showcase some of the information recently made public as a
result of the law.

EPIC's Freedom of Information Act Gallery:

EPIC's Former Secrets Page:


Information on the 2002 National Freedom of Information Day
conference, "Access & Security in a Time of Crisis," is available at:


[2] EPIC Files FOIA Lawsuit for Air Travel Security Documents

EPIC filed suit on March 14 against the Department of Transportation
(DOT), seeking the expedited release of documents concerning proposed
air travel security systems.  EPIC asserts in the lawsuit that the
potential privacy implications of such proposals require full and
informed public debate on the design of security systems.

In early February, EPIC submitted Freedom of Information Act (FOIA)
requests to DOT for records relating to the newly-created
Transportation Security Administration's plans to develop a biometric
identification card for use in a "trusted passengers" program, and to
establish airline passenger screening and profiling systems.  Noting
the privacy issues surrounding these initiatives and the substantial
public interest in security matters, EPIC requested "expedited
processing" of its requests -- a procedure Congress mandated in 1996
to hasten the disclosure of information concerning matters of "current
exigency to the American public."  Despite a legal requirement to
render a decision on an expedition request within 10 days, DOT never
responded to EPIC's request.

EPIC does not question the need for effective air travel security, but
believes that there is no reason to develop these procedures under a
shroud of secrecy.  The public has a significant interest in the design
of new security systems and ensuring that privacy rights are respected.

EPIC's lawsuit is available at:


ID Card for Air Passengers, Washington Times, Jan. 31, 2002:


Intricate Screening of Fliers in Works, Washington Post, Feb. 1, 2002:


[3] Council of Europe Considers Cybercrime Protocols

On February 7, the Council of Europe publicly released a draft of the
First Additional Protocol to the Convention on Cybercrime on the
criminalization of acts of a racist or xenophobic nature committed
through computer systems.  The Convention itself was signed in
November 2001 by most of the body's 43 member states, as well as
observer nations Canada, Japan, South Africa and the U.S. (see EPIC
Alert 8.23).  It is the first international treaty to address crimes
committed in "cyberspace," including intellectual property violations,
computer-related fraud, child pornography, hacking, and the
distribution of hacking tools.  It greatly expands law enforcement
investigative powers, including real time electronic surveillance and
access to user records maintained by Internet Service Providers, not
only for these crimes, but also for any other crime "committed by
means of a computer system" or for "the collection of evidence in
electronic form" of a crime.  It also requires signatory countries to
provide each other with mutual legal assistance in investigations.  It
has been widely criticized by civil liberties, privacy, and security
advocates as disproportionately weighted in favor of law enforcement

The protocol is an optional supplement to the Convention that will
criminalize the "making available" or "distribution" of racist and
xenophobic material through a computer system.  An article
criminalizing the "denial or justification of racist or xenophobic
crimes" is stated in the draft to be under preparation.  The draft was
made available the day after the Global Internet Liberty Campaign
(GILC) -- an international coalition of civil liberties and human
rights groups -- sent a letter to the Council of Europe asking for its
release in conformity with "principles of transparency and democratic
decision-making."  Although the U.S. government is participating in
the negotiation of this protocol, it has stated that it does not
intend to sign it due to the obvious inconsistencies with the First

GILC also sent a letter to the Council of Europe on February 28
following reports that the body was considering a second optional
protocol on "terrorist messages and the decoding thereof."  Although
GILC has not received an official response from the Council of Europe,
member groups in the U.S. have been assured by the government that no
such proposal is moving forward.  Work on the First Additional
Protocol is expected to be completed by April 30, 2002.

The draft Protocol is available on the Council of Europe site at:


GILC's February 6 letter to the Council of Europe is available at:


GILC's February 28 letter to the Council of Europe is available at:


For more information on the Treaty generally see:

[4] UK Holds Big Brother Awards

On March 4, Privacy International presented the 4th annual UK "Big
Brother" awards to the government and private sector organizations
that have done the most to invade personal privacy in Britain.  The
award for "Worst Public Servant" went to Sir Richard Wilson, Cabinet
Secretary; "Most Invasive Company" went to Norwich Union; "Most
Appalling Project" went to the National Criminal Intelligence Service
(NCIS), and "Most Heinous Organization" went to the Department of
Education and Skills.  A "Lifetime Menace" award was given to the
national identification and data sharing scheme.

"Winston" awards were also given to individuals and organizations that
have made an outstanding contribution to the protection of privacy, as
well as to people who have been victims of privacy invasion.  Those
individuals and organizations were: Maurice Frankel, Campaign for
Freedom of Information; Lord Andrew Phillips; The Daily Telegraph;
David Shaylor; and Ilka Schroeder, Member of the European Parliament.

Other countries that have held Big Brother Awards so far this year
include Denmark, France, and the Netherlands.  Hungary, Germany,
Austria, and Switzerland all presented Big Brother Awards late last

Detailed information about the 2002 UK Big Brother Awards is available

For more information on the Big Brother Awards, see:

The Campaign for Freedom of Information Web site is located at:


[5] Scarfo "Key Logger" Case Ends in Plea Bargain

The federal government and Nicodemo Scarfo, Jr. entered into a plea
agreement on February 28, ending a case that raised novel privacy
issues.  In a decision issued in December, a federal judge in New
Jersey upheld the legality of the FBI's use of a "key logger system"
secretly installed on Scarfo's computer to capture his encryption
passphrase, and denied a defense motion to suppress evidence obtained
through the technique.  As a result of the plea bargain, there will be
no appellate consideration of the issues raised in the case.

The gambling and loansharking case against Scarfo became the first to
test the legality of law enforcement efforts to counter the use of
encryption.  Scarfo's lawyers had argued that the "key-logger system"
violated both the Fourth Amendment (by collecting more information
than needed) and the federal wiretap statute (by intercepting modem
transmissions without a wiretap order).  They asserted that they
needed, through pre-trial discovery, a detailed explanation of the
technology to determine whether its use was improper.

In a decision issued on December 26, U.S. District Judge Nicholas
Politan upheld the legality of the FBI's use of the technique and
denied a defense motion to suppress evidence obtained through it.
Judge Politan also allowed prosecutors to keep secret the specifics of
the technology, saying disclosure "would cause identifiable damage to
the national security of the United States."  The government had
earlier invoked the Classified Information Procedures Act (CIPA) to
conceal details of the surveillance system (see EPIC Alert 8.16).  The
events of September 11 seem to have had an influence in the case;
Judge Politan wrote in the first paragraph of his opinion that "the
matter takes on added importance in light of recent events and
potential national security implications."

The court's opinion is available at:


Other selected court documents on the Scarfo case are available at:


[6] EPIC Bill-Track: New Bills in Congress


H.R.3806 Paul Revere Freedom to Warn Act. To amend title 5, United
States Code, to protect those who defend the United States by
exercising their duty as patriots to warn against the existence of
threats to weaknesses created by institutional failures that should be
identified and corrected in a timely manner, and for other purposes.
Sponsor: Rep Israel, Steve (D-NY). Latest Major Action: 2/27/2002
Referred to House committee: House Judiciary; House Government Reform.

H.R.3825 Homeland Security Information Sharing Act. To provide for the
sharing of homeland security information by Federal intelligence and
law enforcement agencies with State and local entities. Sponsor: Rep
Chambliss, Saxby (R-GA). Latest Major Action: 2/28/2002 Referred to
House committee: House Select Committee on Intelligence; House
Judiciary; House Government Reform.

H.R.3833 Dot Kids Implementation and Efficiency Act of 2002. To
facilitate the creation of a new, second-level Internet domain within
the United States country code domain that will be a haven for
material that promotes positive experiences for children and families
using the Internet, provides a safe online environment for children,
and helps to prevent children from being exposed to harmful material
on the Internet, and for other purposes. Sponsor: Rep Shimkus, John
(R-IL). Latest Major Action: 3/7/2002 House committee/subcommittee
actions: Forwarded by Subcommittee to Full Committee by Voice Vote.
Committees: House Energy and Commerce.

H.R.3844 To strengthen Federal Government information security,
including through the requirement for the development of mandatory
information security risk management standards. To strengthen Federal
Government information security, including through the requirement for
the development of mandatory information security risk management
standards. Sponsor: Rep Davis, Tom (R-VA). Latest Major Action:
3/5/2002 Referred to House committee: House Government Reform; House

H.R.3911 Telemarketing Relief Act of 2002. To direct the Federal Trade
Commission to issue rules that establish a list of telephone numbers
of consumers who do not want to receive telephone calls for
telemarketing purposes, and for other purposes. Sponsor: Rep Johnson,
Nancy L. (R-CT). Latest Major Action: 3/7/2002 Referred to House
committee: House Energy and Commerce; House Financial Services; House


S.1974 Federal Bureau of Investigation Reform Act of 2002. A bill to
make needed reforms in the Federal Bureau of Investigation, and for
other purposes. Sponsor: Sen Leahy, Patrick J. (D-VT). Latest Major
Action: 2/28/2002 Referred to Senate committee: Senate Judiciary.

S.1981 Enhanced Penalties for Enabling Terrorists Act of 2002. A bill
to enhance penalties for fraud in connection with identification
documents that facilitates an act of domestic terrorism. Sponsor: Sen
Boxer, Barbara (D-CA). Latest Major Action: 3/1/2002 Referred to
Senate committee: Senate Judiciary.

S.1989 National Cyber Security Defense Team Authorization Act. A bill
to authorize the establishment of a National Cyber Security Defense
Team for purposes of protecting the infrastructure of the Internet
from terrorist attack. Sponsor: Sen Schumer, Charles E. (D-NY) Latest
Major Action: 3/5/2002 Referred to Senate committee: Senate Judiciary.

S.1995 Genetic Information Nondiscrimination Act of 2002. A bill to
prohibit discrimination on the basis of genetic information with
respect to health insurance and employment. Sponsor: Sen Snowe,
Olympia J. (R-ME). Latest Major Action: 3/6/2002 Referred to Senate
committee: Senate Health, Education, Labor, and Pensions.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:

[7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online

Privacy Defended: Protecting Yourself Online, by Gary Bahadur, William
Chan, and Chris Weber.


Privacy Defended is a comprehensive yet highly readable book that
explains why you should care about online privacy and security in this
digital age, and teaches you step-by-step how to use various tricks
and technologies to protect your privacy.  It examines legal threats
to privacy (such as people-finder Web sites, online public records,
the Gramm-Leach-Bliley Act, and the PATRIOT Act) as well as illegal
threats (such as hackers, insidious business tactics, spyware, and
identity theft), and shows you how to understand and avoid those
threats.  Also contained in the book are good summaries of the history
of the right to privacy and privacy-related cases and laws, a brief
listing of privacy organizations and initiatives, and numerous
examples of privacy-enhancing tools that you can use to protect your
personal information and communications.  There are also a few
chapters devoted to technical information that relates to setting up
secure networks and detecting security breaches.

Written in a personal yet technology-savvy tone by three computer and
network security experts, Privacy Defended is a great resource on how
to protect yourself against threats to your privacy and security. It
contains a great deal of in-depth information about laws and
technology, but you don't have to be an expert in either of those
fields to find this book both useful and easy to read.
EPIC Publications:
"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events

HIPAA Summit West II: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security, and HIPAA Compliance. March 13-15,
2002. San Francisco, CA. For more information:

Eighth Annual National Conference, "Managing the NEW Privacy
Revolution," and First Annual Privacy Expo 2002. Privacy & American
Business and Privacy Council. March 20-22, 2002. Washington, DC. For
more information: http://www.ManagingThePrivacyRevolution.com/

Fourth Annual e-ProtectIT Infrastructure Security Conference. Norwich
University. March 20-22, 2002. Northfield, Vermont. For more
information: http://www.e-protectIT.org/

The Role of the Federal Communications Commission in the Digital Era:
A Panel Discussion at Duke Law School. Duke Fellowship in Intellectual
Property and the Public Domain. March 25, 2002. Durham, NC. For more
information: http://www.law.duke.edu/fccfuture/

International Symposium on Freedom of Information and Privacy. Office
of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New
Zealand. For more information: Blair.Stewart@privacy.org.nz

Consumer Protection Issues in 2002 and Beyond. Association of the Bar
of the City of New York, Committee on Consumer Affairs. April 11,
2002. New York, NY. For more information: avernick@fgkks.com

The 27th Annual AAAS Colloquium on Science and Technology Policy:
Science and Technology in a Vulnerable World: Rethinking Our Roles.
American Association for the Advancement of Science. April 11-12,
2002. Washington, DC. For more information:

Workshop on Privacy Enhancing Technologies. April 14-15, 2002. San
Francisco, CA. For more information: http://www.pet2002.org/

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

4th Annual MIT Sloan eBusiness Awards. Massachusetts Institute of
Technology, Sloan School of Management. April 17, 2002. Cambridge, MA.
For more information: http://www.mitawards.org/home.asp

4th National HIPAA Summit: The Leading Forum on Healthcare Privacy,
Confidentiality, Data Security and HIPAA Compliance. April 24-26,
2002. Washington, DC. For more information:

2002 IEEE Symposium on Security and Privacy. IEEE and the
International Association for Cryptologic Research. May 12-15, 2002.
Oakland, CA. For more information:

Information Integrity World Summit. The Hands-On Summit to Protect
Your Organization: Overcoming Cyber-security and E-Privacy Threats.
Information Integrity. May 15-16, 2002. Washington, DC. For more
information: http://www.411integrity.com/live/80/events/80II102

Privacy Law: Emerging Issues in Employee and Consumer Relations. CLE
International. May 16-17, 2002. Los Angeles, CA. For more information:

Personal Privacy in the Digital Age: The Challenge for State and Local
Governments. Joint Center for eGovernance. May 19-21, 2002. Arlington,
VA. For more information: http://www.conted.vt.edu/privacy/agenda.htm

Call For Papers - June 1, 2002 (special recognition for outstanding
student papers). 18th Annual Computer Security Applications Conference
(ACSAC): Practical Solutions to Real Security Problems. Applied
Computer Security Associates. December 9-13, 2002. Las Vegas, Nevada.
For more information: http://www.acsac.org/

INET 2002. Internet Crossroads: Where Technology and Policy Intersect.
Internet Society. June 18-21, 2002. Washington, DC. For more
information: http://www.inet2002.org/

Privacy2002. Technology Policy Group. September 24-26, 2002.
Cleveland, OH. For more information:

Subscription Information
Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe"
Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 9.04 -----------------------