============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 9.05 March 15, 2002 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_9.05.html ======================================================================= Table of Contents ======================================================================= [1] National Freedom of Information Day -- March 16, 2002 [2] EPIC Files FOIA Lawsuit for Air Travel Security Documents [3] Council of Europe Considers Cybercrime Protocols [4] UK Holds Big Brother Awards [5] Scarfo "Key Logger" Case Ends in Plea Bargain [6] EPIC Bill-Track: New Bills in Congress [7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online [8] Upcoming Conferences and Events ======================================================================= [1] National Freedom of Information Day -- March 16, 2002 ======================================================================= Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue to a farce or a tragedy or perhaps both. -- James Madison On March 16 -- James Madison's birthday -- EPIC will join with other open government advocates to emphasize the value and importance of the Freedom of Information Act. The public's right of access to government information is a cornerstone of our democratic society. Free and open access to information is a basic principle that has enabled the United States to endure and prosper for more than 200 years. For more than a quarter of a century, the Freedom of Information Act (FOIA) has ratified the public's right to know what the government, its agencies, and its officials have done. It has substituted public oversight for secrecy, and our country has benefited from the truths that been extracted from public records. Although our nation must be safeguarded from further acts of terrorism, we must never allow the public's right to know, enshrined in the FOIA, to be suppressed for the sake of official convenience. Our system of representative democracy depends on the free flow of information produced, collected and published by the government and available to the American people so they can participate as an informed electorate and be aware of actions the government takes in their name. On October 12, 2001, Attorney General John Ashcroft issued a memorandum on behalf of the Bush Administration, directing federal agency heads -- with the full support of the Department of Justice -- to search for and use any legal authority for denying access to records under FOIA. This policy of secrecy is incompatible with the values of a free society. In February, the House Government Reform Committee, with oversight on FOIA issues, marked up a draft update of its popular "Citizen's Guide on Using the Freedom of Information Act and the Privacy Act of 1974 to Request Government Records." Rep. Henry Waxman (D-CA) offered, and Committee Chair Dan Burton (R-IN) approved, the addition of the following paragraphs to the 2002 draft: The history of the act reflects that it is a disclosure law. It presumes that requested records will be disclosed, and the agency must make its case for withholding in terms of the act's exemptions to the rule of disclosure. . . . Contrary to the instructions issued by the Department of Justice on October 12, 2001, the standard should not be to allow the withholding of information whenever there is merely a "sound legal basis" for doing so. The action represents a symbolic, bipartisan Congressional repudiation of the Attorney General's October directive. In these trying times, our future as a nation and as individuals will be determined by how successfully we use information. That is why EPIC urges individuals and associations across American to join in celebrating the public's "right to know" on Freedom of Information Day, March 16. EPIC has created an online "Freedom of Information Act Gallery" to showcase some of the information recently made public as a result of the law. EPIC's Freedom of Information Act Gallery: http://www.epic.org/open_gov/foiagallery.html EPIC's Former Secrets Page: http://www.epic.org/open_gov/foia/secrets.html Information on the 2002 National Freedom of Information Day conference, "Access & Security in a Time of Crisis," is available at: http://www.freedomforum.org/templates/document.asp?documentID=15783 ======================================================================= [2] EPIC Files FOIA Lawsuit for Air Travel Security Documents ======================================================================= EPIC filed suit on March 14 against the Department of Transportation (DOT), seeking the expedited release of documents concerning proposed air travel security systems. EPIC asserts in the lawsuit that the potential privacy implications of such proposals require full and informed public debate on the design of security systems. In early February, EPIC submitted Freedom of Information Act (FOIA) requests to DOT for records relating to the newly-created Transportation Security Administration's plans to develop a biometric identification card for use in a "trusted passengers" program, and to establish airline passenger screening and profiling systems. Noting the privacy issues surrounding these initiatives and the substantial public interest in security matters, EPIC requested "expedited processing" of its requests -- a procedure Congress mandated in 1996 to hasten the disclosure of information concerning matters of "current exigency to the American public." Despite a legal requirement to render a decision on an expedition request within 10 days, DOT never responded to EPIC's request. EPIC does not question the need for effective air travel security, but believes that there is no reason to develop these procedures under a shroud of secrecy. The public has a significant interest in the design of new security systems and ensuring that privacy rights are respected. EPIC's lawsuit is available at: http://www.epic.org/open_gov/foia/DOT_complaint.pdf ID Card for Air Passengers, Washington Times, Jan. 31, 2002: http://www.washtimes.com/business/20020131-32817256.htm Intricate Screening of Fliers in Works, Washington Post, Feb. 1, 2002: http://www.washingtonpost.com/wp-dyn/articles/A5185-2002Jan31.html ======================================================================= [3] Council of Europe Considers Cybercrime Protocols ======================================================================= On February 7, the Council of Europe publicly released a draft of the First Additional Protocol to the Convention on Cybercrime on the criminalization of acts of a racist or xenophobic nature committed through computer systems. The Convention itself was signed in November 2001 by most of the body's 43 member states, as well as observer nations Canada, Japan, South Africa and the U.S. (see EPIC Alert 8.23). It is the first international treaty to address crimes committed in "cyberspace," including intellectual property violations, computer-related fraud, child pornography, hacking, and the distribution of hacking tools. It greatly expands law enforcement investigative powers, including real time electronic surveillance and access to user records maintained by Internet Service Providers, not only for these crimes, but also for any other crime "committed by means of a computer system" or for "the collection of evidence in electronic form" of a crime. It also requires signatory countries to provide each other with mutual legal assistance in investigations. It has been widely criticized by civil liberties, privacy, and security advocates as disproportionately weighted in favor of law enforcement interests. The protocol is an optional supplement to the Convention that will criminalize the "making available" or "distribution" of racist and xenophobic material through a computer system. An article criminalizing the "denial or justification of racist or xenophobic crimes" is stated in the draft to be under preparation. The draft was made available the day after the Global Internet Liberty Campaign (GILC) -- an international coalition of civil liberties and human rights groups -- sent a letter to the Council of Europe asking for its release in conformity with "principles of transparency and democratic decision-making." Although the U.S. government is participating in the negotiation of this protocol, it has stated that it does not intend to sign it due to the obvious inconsistencies with the First Amendment. GILC also sent a letter to the Council of Europe on February 28 following reports that the body was considering a second optional protocol on "terrorist messages and the decoding thereof." Although GILC has not received an official response from the Council of Europe, member groups in the U.S. have been assured by the government that no such proposal is moving forward. Work on the First Additional Protocol is expected to be completed by April 30, 2002. The draft Protocol is available on the Council of Europe site at: http://www.coe.int/T/E/Communication%5Fand%5FResearch/Press/Themes%5Ffiles/Cybercrime/ GILC's February 6 letter to the Council of Europe is available at: http://www.treatywatch.org/Letter_Feb_6_2002.html GILC's February 28 letter to the Council of Europe is available at: http://www.treatywatch.org/Letter_Feb_28_2002.html For more information on the Treaty generally see: http://www.treatywatch.org/ ======================================================================= [4] UK Holds Big Brother Awards ======================================================================= On March 4, Privacy International presented the 4th annual UK "Big Brother" awards to the government and private sector organizations that have done the most to invade personal privacy in Britain. The award for "Worst Public Servant" went to Sir Richard Wilson, Cabinet Secretary; "Most Invasive Company" went to Norwich Union; "Most Appalling Project" went to the National Criminal Intelligence Service (NCIS), and "Most Heinous Organization" went to the Department of Education and Skills. A "Lifetime Menace" award was given to the national identification and data sharing scheme. "Winston" awards were also given to individuals and organizations that have made an outstanding contribution to the protection of privacy, as well as to people who have been victims of privacy invasion. Those individuals and organizations were: Maurice Frankel, Campaign for Freedom of Information; Lord Andrew Phillips; The Daily Telegraph; David Shaylor; and Ilka Schroeder, Member of the European Parliament. Other countries that have held Big Brother Awards so far this year include Denmark, France, and the Netherlands. Hungary, Germany, Austria, and Switzerland all presented Big Brother Awards late last year. Detailed information about the 2002 UK Big Brother Awards is available at: http://www.privacyinternational.org/bigbrother/uk2002/ For more information on the Big Brother Awards, see: http://www.privacyinternational.org/bigbrother/ The Campaign for Freedom of Information Web site is located at: http://www.cfoi.org.uk/ ======================================================================= [5] Scarfo "Key Logger" Case Ends in Plea Bargain ======================================================================= The federal government and Nicodemo Scarfo, Jr. entered into a plea agreement on February 28, ending a case that raised novel privacy issues. In a decision issued in December, a federal judge in New Jersey upheld the legality of the FBI's use of a "key logger system" secretly installed on Scarfo's computer to capture his encryption passphrase, and denied a defense motion to suppress evidence obtained through the technique. As a result of the plea bargain, there will be no appellate consideration of the issues raised in the case. The gambling and loansharking case against Scarfo became the first to test the legality of law enforcement efforts to counter the use of encryption. Scarfo's lawyers had argued that the "key-logger system" violated both the Fourth Amendment (by collecting more information than needed) and the federal wiretap statute (by intercepting modem transmissions without a wiretap order). They asserted that they needed, through pre-trial discovery, a detailed explanation of the technology to determine whether its use was improper. In a decision issued on December 26, U.S. District Judge Nicholas Politan upheld the legality of the FBI's use of the technique and denied a defense motion to suppress evidence obtained through it. Judge Politan also allowed prosecutors to keep secret the specifics of the technology, saying disclosure "would cause identifiable damage to the national security of the United States." The government had earlier invoked the Classified Information Procedures Act (CIPA) to conceal details of the surveillance system (see EPIC Alert 8.16). The events of September 11 seem to have had an influence in the case; Judge Politan wrote in the first paragraph of his opinion that "the matter takes on added importance in light of recent events and potential national security implications." The court's opinion is available at: http://lawlibrary.rutgers.edu/fed/html/scarfo2.html-1.html Other selected court documents on the Scarfo case are available at: http://www.epic.org/crypto/scarfo.html ======================================================================= [6] EPIC Bill-Track: New Bills in Congress ======================================================================= *House* H.R.3806 Paul Revere Freedom to Warn Act. To amend title 5, United States Code, to protect those who defend the United States by exercising their duty as patriots to warn against the existence of threats to weaknesses created by institutional failures that should be identified and corrected in a timely manner, and for other purposes. Sponsor: Rep Israel, Steve (D-NY). Latest Major Action: 2/27/2002 Referred to House committee: House Judiciary; House Government Reform. H.R.3825 Homeland Security Information Sharing Act. To provide for the sharing of homeland security information by Federal intelligence and law enforcement agencies with State and local entities. Sponsor: Rep Chambliss, Saxby (R-GA). Latest Major Action: 2/28/2002 Referred to House committee: House Select Committee on Intelligence; House Judiciary; House Government Reform. H.R.3833 Dot Kids Implementation and Efficiency Act of 2002. To facilitate the creation of a new, second-level Internet domain within the United States country code domain that will be a haven for material that promotes positive experiences for children and families using the Internet, provides a safe online environment for children, and helps to prevent children from being exposed to harmful material on the Internet, and for other purposes. Sponsor: Rep Shimkus, John (R-IL). Latest Major Action: 3/7/2002 House committee/subcommittee actions: Forwarded by Subcommittee to Full Committee by Voice Vote. Committees: House Energy and Commerce. H.R.3844 To strengthen Federal Government information security, including through the requirement for the development of mandatory information security risk management standards. To strengthen Federal Government information security, including through the requirement for the development of mandatory information security risk management standards. Sponsor: Rep Davis, Tom (R-VA). Latest Major Action: 3/5/2002 Referred to House committee: House Government Reform; House Science. H.R.3911 Telemarketing Relief Act of 2002. To direct the Federal Trade Commission to issue rules that establish a list of telephone numbers of consumers who do not want to receive telephone calls for telemarketing purposes, and for other purposes. Sponsor: Rep Johnson, Nancy L. (R-CT). Latest Major Action: 3/7/2002 Referred to House committee: House Energy and Commerce; House Financial Services; House Agriculture. *Senate* S.1974 Federal Bureau of Investigation Reform Act of 2002. A bill to make needed reforms in the Federal Bureau of Investigation, and for other purposes. Sponsor: Sen Leahy, Patrick J. (D-VT). Latest Major Action: 2/28/2002 Referred to Senate committee: Senate Judiciary. S.1981 Enhanced Penalties for Enabling Terrorists Act of 2002. A bill to enhance penalties for fraud in connection with identification documents that facilitates an act of domestic terrorism. Sponsor: Sen Boxer, Barbara (D-CA). Latest Major Action: 3/1/2002 Referred to Senate committee: Senate Judiciary. S.1989 National Cyber Security Defense Team Authorization Act. A bill to authorize the establishment of a National Cyber Security Defense Team for purposes of protecting the infrastructure of the Internet from terrorist attack. Sponsor: Sen Schumer, Charles E. (D-NY) Latest Major Action: 3/5/2002 Referred to Senate committee: Senate Judiciary. S.1995 Genetic Information Nondiscrimination Act of 2002. A bill to prohibit discrimination on the basis of genetic information with respect to health insurance and employment. Sponsor: Sen Snowe, Olympia J. (R-ME). Latest Major Action: 3/6/2002 Referred to Senate committee: Senate Health, Education, Labor, and Pensions. EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 107th Congress, is available at: http://www.epic.org/privacy/bill_track.html ======================================================================= [7] EPIC Bookstore - Privacy Defended: Protecting Yourself Online ======================================================================= Privacy Defended: Protecting Yourself Online, by Gary Bahadur, William Chan, and Chris Weber. http://www.epic.org/bookstore/powells/redirect/alert905.html Privacy Defended is a comprehensive yet highly readable book that explains why you should care about online privacy and security in this digital age, and teaches you step-by-step how to use various tricks and technologies to protect your privacy. It examines legal threats to privacy (such as people-finder Web sites, online public records, the Gramm-Leach-Bliley Act, and the PATRIOT Act) as well as illegal threats (such as hackers, insidious business tactics, spyware, and identity theft), and shows you how to understand and avoid those threats. Also contained in the book are good summaries of the history of the right to privacy and privacy-related cases and laws, a brief listing of privacy organizations and initiatives, and numerous examples of privacy-enhancing tools that you can use to protect your personal information and communications. There are also a few chapters devoted to technical information that relates to setting up secure networks and detecting security breaches. Written in a personal yet technology-savvy tone by three computer and network security experts, Privacy Defended is a great resource on how to protect yourself against threats to your privacy and security. It contains a great deal of in-depth information about laws and technology, but you don't have to be an expert in either of those fields to find this book both useful and easy to read. ================================ EPIC Publications: "Privacy & Human Rights 2001: An International Survey of Privacy Laws and Developments," (EPIC 2001). Price: $20. http://www.epic.org/bookstore/phr2001/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty countries around the world. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws. ================================ "The Privacy Law Sourcebook 2001: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001). Price: $40. http://www.epic.org/bookstore/pls2001/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ======================================================================= [8] Upcoming Conferences and Events ======================================================================= HIPAA Summit West II: The Leading Forum on Healthcare Privacy, Confidentiality, Data Security, and HIPAA Compliance. March 13-15, 2002. San Francisco, CA. For more information: http://www.hipaasummit.com/ Eighth Annual National Conference, "Managing the NEW Privacy Revolution," and First Annual Privacy Expo 2002. Privacy & American Business and Privacy Council. March 20-22, 2002. Washington, DC. For more information: http://www.ManagingThePrivacyRevolution.com/ Fourth Annual e-ProtectIT Infrastructure Security Conference. Norwich University. March 20-22, 2002. Northfield, Vermont. For more information: http://www.e-protectIT.org/ The Role of the Federal Communications Commission in the Digital Era: A Panel Discussion at Duke Law School. Duke Fellowship in Intellectual Property and the Public Domain. March 25, 2002. Durham, NC. For more information: http://www.law.duke.edu/fccfuture/ International Symposium on Freedom of Information and Privacy. Office of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New Zealand. For more information: Blair.Stewart@privacy.org.nz Consumer Protection Issues in 2002 and Beyond. Association of the Bar of the City of New York, Committee on Consumer Affairs. April 11, 2002. New York, NY. For more information: avernick@fgkks.com The 27th Annual AAAS Colloquium on Science and Technology Policy: Science and Technology in a Vulnerable World: Rethinking Our Roles. American Association for the Advancement of Science. April 11-12, 2002. Washington, DC. For more information: http://www.aaas.org/spp/dspp/rd/colloqu.htm Workshop on Privacy Enhancing Technologies. April 14-15, 2002. San Francisco, CA. For more information: http://www.pet2002.org/ CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy. April 16-19, 2002. San Francisco, CA. For more information: http://www.cfp2002.org/ 4th Annual MIT Sloan eBusiness Awards. Massachusetts Institute of Technology, Sloan School of Management. April 17, 2002. Cambridge, MA. For more information: http://www.mitawards.org/home.asp 4th National HIPAA Summit: The Leading Forum on Healthcare Privacy, Confidentiality, Data Security and HIPAA Compliance. April 24-26, 2002. Washington, DC. For more information: http://www.hipaasummit.com/ 2002 IEEE Symposium on Security and Privacy. IEEE and the International Association for Cryptologic Research. May 12-15, 2002. Oakland, CA. For more information: http://www.ieee-security.org/TC/SP02/sp02index.html Information Integrity World Summit. The Hands-On Summit to Protect Your Organization: Overcoming Cyber-security and E-Privacy Threats. Information Integrity. May 15-16, 2002. Washington, DC. For more information: http://www.411integrity.com/live/80/events/80II102 Privacy Law: Emerging Issues in Employee and Consumer Relations. CLE International. May 16-17, 2002. Los Angeles, CA. For more information: http://www.cle.com/upcoming/laxpri02.shtml Personal Privacy in the Digital Age: The Challenge for State and Local Governments. Joint Center for eGovernance. May 19-21, 2002. Arlington, VA. For more information: http://www.conted.vt.edu/privacy/agenda.htm Call For Papers - June 1, 2002 (special recognition for outstanding student papers). 18th Annual Computer Security Applications Conference (ACSAC): Practical Solutions to Real Security Problems. Applied Computer Security Associates. December 9-13, 2002. Las Vegas, Nevada. For more information: http://www.acsac.org/ INET 2002. Internet Crossroads: Where Technology and Policy Intersect. Internet Society. June 18-21, 2002. Washington, DC. For more information: http://www.inet2002.org/ Privacy2002. Technology Policy Group. September 24-26, 2002. Cleveland, OH. For more information: http://www.privacy2000.org/privacy02/index.shtml ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via email: To: epic_news-request@mailman.epic.org Subject line: "subscribe" or "unsubscribe" Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription email address, or if you have any other questions. ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ ======================================================================= Drink coffee, support civil liberties, get a tax deduction, and learn Latin at the same time! Receive a free epic.org "sed quis custodiet ipsos custodes?" coffee mug with donation of $75 or more. ======================================================================= Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 9.04 ----------------------- .