EPIC logo

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 9.13                                      July 11, 2002
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
Table of Contents

[1] EPIC Urges Accountability for Homeland Security Department
[2] Supreme Court Limits FERPA, Expands Student Drug Testing
[3] EU Confirms Probe of Microsoft Passport
[4] Privacy Groups Demand Protection of Users' Anonymity Online
[5] DC Police Use Surveillance Cameras on the Fourth of July
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Organization Man
[8] Upcoming Conferences and Events

[1] EPIC Urges Accountability for Homeland Security Department

In testimony before the House Energy and Commerce Committee on July 9,
EPIC General Counsel David Sobel urged rejection of a proposal to
exempt from the Freedom of Information Act (FOIA) large amounts of
material relating to "infrastructure protection" and counter-terrorism
measures.  Testifying on the Bush Administration's legislation to
create a new Department of Homeland Security, Sobel said an FOIA
exemption would "cast a shroud of secrecy over one of the Department's
critical functions, removing any semblance of meaningful public
accountability."  The secrecy provision is the latest in a series of
proposals designed to encourage private sector operators of "critical
infrastructures" to voluntarily share with the government information
concerning security flaws and other vulnerabilities in their systems.

A broad coalition of civil liberties, environmental and consumer
organizations has expressed serious concerns about such proposals,
which would render the public unable to hold the new Department
accountable should it fail to make effective use of information it
obtains.  As Sobel told the committee, "What did DHS know and when did
it know it?" is a question that will go unanswered if the secrecy
provision becomes law.

Sobel also noted that a new FOIA exemption designed to protect
voluntarily-submitted private sector information is not needed.  FOIA
caselaw makes it clear that existing exemptions contained in the Act
provide adequate protection against harmful disclosures of "critical
infrastructure information."  Most significantly, Exemption 4, which
protects against disclosures of trade secrets and confidential
information, extends to virtually all of the "critical infrastructure"
material that properly could be withheld from disclosure.  Exemption
proponents have not cited a single instance in which a federal agency
has disclosed voluntarily submitted data against the express wishes of
an industry submitter.

In his testimony, Sobel noted the irony of Congress discussing the
desire of private companies to keep secret potentially embarrassing
information at a time when the disclosure practices of many in the
business world are being scrutinized.  He told the committee that "if
a company is willing to fudge its financial numbers to maintain its
stock price, it would be similarly inclined to hide behind a 'critical
infrastructure' FOIA exemption in order to conceal gross negligence in
its maintenance and operation of a chemical plant or a transportation

The secrecy provision is becoming a key point of contention as
Congress quickly moves to finalize Homeland Security legislation.
House action on the bill is scheduled to be completed tomorrow, July

EPIC's testimony on the Homeland Security bill is available at:


Background information is available at EPIC's Critical Infrastructure
Protection page:


[2] Supreme Court Limits FERPA, Expands Student Drug Testing

The Supreme Court concluded its 2001 term with two decisions that will
diminish student privacy.  In Gonzaga University v. Doe, a University
official informed a state teacher licensing board that a graduate was
accused of sexual misconduct.  The graduate sued under the Family
Education Rights and Privacy Act of 1974 (FERPA), a law that
conditions federal funding on the protection of students' educational
records.  The Court held that FERPA does not create an individual
right to sue.  Instead, enforcement of the privacy protections rests
with the Secretary of Education where a educational institution has a
"policy or practice" of disclosing student records inappropriately. In
a dissenting opinion, Justices Stevens and Ginsburg argued that FERPA
does create individual rights, and that every federal circuit court
had recognized an individual right to bring suit under the statute.

In Board of Ed. v. Earls, the Supreme Court expanded the ability of
school administrators to engage in suspicionless drug testing of
students.  In the case, a student was required to submit a urine
sample in order to participate in non-athletic extracurricular
activities such as choir and an academic club.  The Court reasoned
that drug tests were justified under the "special needs" exception to
the Fourth Amendment because the students had a reduced expectation of
privacy and because the government has a interest in preventing drug
use.  In a strong dissent, four justices called the testing plan
"perverse," as it targeted students who were least likely to engage in
illegal drug use.

Gonzaga Univ. v. Doe, No. 01-679, 536 U.S. ___ (2002).


Board of Ed. of Independent School Dist. No. 92 of Pottawatomie Cty. v.
Earls, No. 01-332, 536 U.S. ___ (2002):


[3] EU Confirms Probe of Microsoft Passport

European Union (EU) officials have issued their first official
confirmation of an investigation into the Microsoft Passport
identification and authentication service.  The Article 29 Working
Party has issued a statement outlining legal issues raised by the
Passport system.

The Working Party will inquire into whether Microsoft is giving
individuals adequate notice of information processing and transferring
of data; whether adequate consent from the individual is being
obtained; whether Passport affiliates have adequate privacy protection
rules; whether Passport's use of a unique identifier is necessary; the
quality of data collected by the system; the rights of individuals to
access or delete their Passport profile; and the security risks in the
Passport system.

The stakes are rising because Microsoft recently announced plans to
implement a Digital Rights Management Operating System called
"Palladium."  The Palladium system would limit the use of content
through software and hardware controls.  These controls could also be
used to identify individuals and eliminate anonymous communication.
Additionally, in order to legitimize the Passport system, Microsoft
has begun a partnership to develop Passport as an authentication tool
for credit card transactions.

A competing identification system, called Project Liberty, is also
developing.  This week, the project's sponsors will release the
specifications for their federated identification scheme.  Project
Liberty presents the same risks as Microsoft's Passport.  It will
likely be used to profile individuals' web surfing habits, as the
group's stated goals include the ability to "[e]nable commercial and
non-commercial organizations to realize new revenue and cost saving
opportunities that economically leverage their relationships with
customers, business partners, and employees."

"First orientations of the Article 29 Working Party concerning on-line
authentication services," EU Article 29 Working Party, July 2, 2002
(PDF document):


EPIC's Passport Investigation Docket Page:


EPIC's Sign Out of Passport Page:


[4] Privacy Groups Demand Protection of Users' Anonymity Online

In a letter sent to over 100 Internet Service Providers (ISPs),
Internet discussion boards, and other online companies, EPIC, in a
coalition of civil liberties and privacy groups, urged the adoption of
policies protecting the rights of users to engage in anonymous speech
over the Internet.  The letter asked each company to include in its
privacy policy a promise that it would notify any customer whose
personal information or identity is subpoenaed.

The Supreme Court has repeatedly found that anonymous speech is a
right protected by the First Amendment.  That right has come under
attack in recent years through a growing number of "cyberSLAPP"
(Strategic Lawsuits Against Public Participation) lawsuits, in which
companies file suit just to discover the identity of their online
critics -- often in order to silence or intimidate them.  In a
cyberSLAPP suit, the target of anonymous online criticism typically
files a lawsuit against an anonymous "John Doe" defendant and then
issues an identity-seeking subpoena to an ISP.  CyberSLAPP cases are
considered unfair because the 'punishment' that often matters most to
average citizens (i.e. the loss of anonymity) comes not after
consideration and judgment by a court or jury, but as a result of the
mere filing of a lawsuit.  Although some online service providers
already notify their customers when they receive subpoenas for
identifying information, there is currently no legal requirement that
ISPs notify their customers before complying with such subpoenas, even
though many of the lawsuits are frivolous and have no chance of
prevailing in court.

The anti-SLAPP coalition also announced the unveiling of a new Web
site that includes a broad range of information about the cyberSLAPP
issue, from a "Frequently Asked Questions" list for the general public
to legal briefs and other detailed information about ongoing legal

The new cyberSLAPP Web site is available at:


EPIC's Free Speech Page:


[5] DC Police Use Surveillance Cameras on the Fourth of July

The United States Park Police and District of Columbia Police operated
video surveillance cameras during the Fourth of July festivities on
the National Mall.  The Park Police said they installed temporary
cameras and would draft guidelines for their permanent use.

Discussion of the cameras' installation came as a surprise to the
congressional committee overseeing the District of Columbia, prompting
members of the committee to call for guidelines that would treat the
use of video surveillance like any other form of electronic
surveillance.  EPIC sought details of the Park Police plans in March
under open government law, but was informed that no records existed.
EPIC is currently seeking under the Freedom of Information Act any
records of surveillance conducted by the Park Police during the July
4th celebration.

ACTION: DC Council Considers Cameras - Your Views Still Needed

The District of Columbia has extended the deadline for accepting
public comments on the video surveillance regulations until July 27,
2002.  You should act now to express your views on this matter.

Send your comments via our link below, or send them directly to:
Ms. Phyllis Jones, Secretary to the Council, Suite 5, John A. Wilson
Building, 1350 Pennsylvania Avenue, N.W., Washington, DC 20004.

DC Surveillance Comment page:


EPIC's Video Surveillance page:


Observing Surveillance:


[6] EPIC Bill-Track: New Bills in Congress


H.R.4757 Our Lady of Peace Act. To improve the national instant
criminal background check system, and for other purposes. Sponsor: Rep
McCarthy, Carolyn (D-NY). Latest Major Action: 5/16/2002 Referred to
House committee. Latest Status: Referred to the House Committee on the
Judiciary. Committees: House Judiciary.

H.R.4779 To authorize appropriations for fiscal years 2002 through
2004 for the United States Customs Service for antiterrorism, drug
interdiction, and other operations, for the Office of the United
States Trade Representative, for the United States International Trade
Commission, and for other purposes. Sponsor: Rep Crane, Philip M.
(R-IL). Latest Major Action: 5/21/2002 Referred to House committee.
Latest Status: Referred to the House Committee on Ways and Means.
Committees: House Ways and Means.

H.R.4860 United States Commission on an Open Society with Security
Act. To establish the United States Commission on an Open Society with
Security. Sponsor: Rep Norton, Eleanor Holmes (D-DC). Latest Major
Action: 6/5/2002 Referred to House subcommittee. Latest Status:
Referred to the Subcommittee on Economic Development, Public Buildings
and Emergency Management. Committees: House Transportation and

H.R.5005 Homeland Security Act of 2002. To establish the Department of
Homeland Security, and for other purposes. Sponsor: Rep Armey, Richard
K. (R-TX). Latest Major Action: 6/27/2002 House committee/subcommittee
actions. Latest Status: Committee Hearings Held. Committees: House
Select Committee on Homeland Security; House Agriculture; House
Appropriations; House Armed Services; House Energy and Commerce; House
Financial Services; House Government Reform; House Select Committee on
Intelligence; House International Relations; House Judiciary; House
Science; House Transportation and Infrastructure; House Ways and

H.R.5057 To prevent and punish counterfeiting and copyright piracy,
and for other purposes. Sponsor: Rep Smith, Lamar (R-TX). Latest Major
Action: 6/27/2002 Referred to House committee. Latest Status: Referred
to the House Committee on the Judiciary. Committees: House Judiciary.

H.R.5061 To amend part D of title IV of the Social Security Act to
improve the collection of child support arrears in interstate cases.
Sponsor: Rep Woolsey, Lynn C. (D-CA). Latest Major Action: 6/27/2002
Referred to House committee. Latest Status: Referred to the House
Committee on Ways and Means. Committees: House Ways and Means.


S.2476 International Cooperation Against Terrorism Act of 2002. A bill
to improve antiterrorism efforts, and for other purposes. Sponsor: Sen
Schumer, Charles E. (D-NY). Latest Major Action: 5/8/2002 Referred to
Senate committee. Latest Status: Read twice and referred to the
Committee on Foreign Relations. Committees: Senate Foreign Relations.

S.2534 Reducing Crime and Terrorism at America's Seaports Act of 2002.
A bill to reduce crime and prevent terrorism at America's seaports.
Sponsor: Sen Biden Jr., Joseph R. (D-DE). Latest Major Action:
5/21/2002 Referred to Senate committee. Latest Status: Read twice and
referred to the Committee on Finance. Committees: Senate Finance.

S.2537 Dot Kids Implementation and Efficiency Act of 2002. A bill to
facilitate the creation of a new, second-level Internet domain within
the United States country code domain that will be a haven for
material that promotes positive experiences for children and families
using the Internet, provides a safe online environment for children,
and helps to prevent children from being exposed to harmful material
on the Internet, and for other purposes. Sponsor: Sen Dorgan, Byron L.
(D-ND). Latest Major Action: 5/21/2002 Referred to Senate committee.
Latest Status: Referred to the Committee on Commerce, Science, and
Transportation. Committees: Senate Commerce, Science, and

S.2541 Identity Theft Penalty Enhancement Act of 2002. A bill to amend
title 18, United States Code, to establish penalties for aggravated
identity theft, and for other purposes. Sponsor: Sen Feinstein, Dianne
(D--CA). Latest Major Action: 5/22/2002 Referred to Senate committee.
Latest Status: Read twice and referred to the Committee on the
Judiciary. Committees: Senate Judiciary.

S.2629 Federal Privacy and Data Protection Policy Act of 2002. A bill
to provide for an agency assessment, independent review, and Inspector
General report on privacy and data protection policies of Federal
agencies, and for other purposes. Sponsor: Sen Torricelli, Robert G.
(D-NJ). Latest Major Action: 6/17/2002 Referred to Senate committee.
Latest Status: Read twice and referred to the Committee on
Governmental Affairs. Committees: Senate Governmental Affairs.

S.2659 To amend the Foreign Intelligence Surveillance Act of 1978 to
modify the standard of proof for issuance of orders regarding
non-United States persons from probable cause to reasonable.... A bill
to amend the Foreign Intelligence Surveillance Act of 1978 to modify
the standard of proof for issuance of orders regarding non-United
States persons from probable cause to reasonable suspicion. Sponsor:
Sen DeWine, Michael (R-OH). Latest Major Action: 6/20/2002 Referred to
Senate committee. Latest Status: Read twice and referred to the
Committee on Intelligence. Committees: Senate Intelligence.

S.2661 Video Voyeurism Act of 2002. A bill to amend title 18, United
States Code, to prohibit video voyeurism in the special maritime and
territorial jurisdiction of the United States. Sponsor: Sen DeWine,
Michael (D-OH). Latest Major Action: 6/20/2002 Referred to Senate
committee. Latest Status: Read twice and referred to the Committee on
the Judiciary. Committees: Senate Judiciary.

S.2686 A bill to strengthen national security by providing
whistleblower protections to certain employees at airports, and for
other purposes. Sponsor: Sen Grassley, Charles E. (R-IA). Latest Major
Action: 6/26/2002 Referred to Senate committee. Latest Status: Read
twice and referred to the Committee on Commerce, Science, and
Transportation. Committees: Senate Commerce, Science, and

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:


[7] EPIC Bookstore - The Organization Man

The Organization Man, by William H. Whyte Jr. (1st Ed. 1956)


The youth have abandoned Protestant values of individualism and
competitive struggle for a collectivist system that emphasizes
survival of the group and blunts creative spirit and ambition.  So
argued William H. Whyte Jr. in "The Organization Man," a book
detailing the decline of American values for a culture of conformity.
At its first printing in 1956, the book had a profound effect.  Last
month, the University of Pennsylvania Press republished the text with
an afterword by Whyte's wife.

Whyte writes with disdain for the organization, be it the corporation,
the labor union, university, or law firm -- any entity that dictates
that creativity only flows from "group think," that "belongingness" is
the desire of every individual, and that science can be applied to
individuals in order to create organization men.  The brotherhood of
the organization is in reality a prison, a slave morality that employs
mindless social science to control deviance and to create a bland,
predictable life.  Organization grade schools turn introverts into
extroverts.  Organization churches ignore basic religious tradition in
order to appeal to a larger audience. Organization colleges emphasize
practical training over academic coursework, and use the fraternity to
identify and eliminate "aberrant tendencies."  And, organization
businesses use tools such as the "Harwald Group-Thinkometer," to
eliminate the troublesome "personality factor."

For the organization to operate, individuals must believe that they do
not have control over their own lives.  They must believe that burning
a bridge, or engaging in some form of social deviance, will result in
harm to their future.  This is creating a generation of people who
fear authority and have abandoned their duties as moral agents in

Whyte argues that the individual needs to fight the organization.  The
individual, using education and spirit, must recognize that there are
conflicts between the individual and society.  One way to fight, Whyte
suggests, is to cheat on personality tests.  Whyte's advice is to
appear complacent, conservative, and submissive to group or social
interests: "you should try to answer as if you were like everybody

Whyte died in 1999.  However, his ideas from 50 years ago have clearly
influenced modern rejections of work- and consumption-oriented
society, such as Chuck Palahniuk's "Fight Club" (1996), Mike Judge's
"Office Space" (1999), and the work of Kalle Lasn and Adbusters

- Chris Hoofnagle

EPIC Publications:
"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events

IViR International Copyright Law Summer Course. Royal Netherlands
Academy of Arts and Sciences. July 8-12, 2002. Amsterdam, Netherlands.
For more information: http://www.ivir.nl/

O'Reilly Open Source Convention. O'Reilly and Associates. July 22-26,
2002. San Diego, CA. For more information:

Cyberwar, Netwar and the Revolution in Military Affairs: Real Threats
and Virtual Myths. International School on Disarmament and Research on
Conflicts (ISODARCO). August 3-13, 2002. Trento, Italy. For more
information: http://www.isodarco.it/html/trento02.html

IT and Law. University of Geneva, University of Bern, Swiss
Association of IT and Law. September 9-10, 2002. Geneva, Switzerland.
For more information: http://www.informatiquejuridique.ch/

ILPF Conference 2002: Security v. Privacy. Internet Law & Policy
Forum. September 17-19, 2002. Seattle, WA. For more information:

Privacy2002: Information, Security & New Global Realities. Technology
Policy Group. September 24-26, 2002. Cleveland, OH. For more
information: http://www.privacy2000.org/privacy2002/

Bridging the Digital Divide: Challenge and Opportunities. 3rd World
Summit on Internet and Multimedia. October 8-11, 2002. Montreux,
Switzerland. For more information: http://www.internetworldsummit.org/

2002 WSEAS International Conference on Information Security (ICIS
'02). World Scientific and Engineering Academy and Society. October
14-17, 2002. Rio de Janeiro, Brazil. For more information:

IAPO Privacy & Security Conference. International Association of
Privacy Officers. October 16-18, 2002. Chicago, IL. For more
information: http://www.privacyassociation.org/html/conferences.html

3rd Annual Privacy and Security Workshop: Privacy & Security: Totally
Committed. Centre for Applied Cryptographic Research, University of
Waterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For more
information: http://www.epic.org/redirect/cacr.html

18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied Computer
Security Associates. December 9-13, 2002. Las Vegas, NV. For more
information: http://www.acsac.org/

Third Annual Privacy Summit. International Association of Privacy
Officers. February 26-28, 2003. Washington, DC. For more information:

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information: http://www.cfp.org/

Subscription Information
Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org
     Subject: "help" (no quotes)
Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 9.13 -----------------------