EPIC logo

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 9.18                                    October 7, 2002
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.

Table of Contents

[1] EPIC Testifies Before Congress on Anti-Privacy Bill
[2] European Conference Reaffirms Support for Data Directive
[3] Landmark Public Domain Case To Be Argued Before Supreme Court
[4] Student Profilers Settle Privacy Cases with FTC
[5] Intellectual Property, Digital Rights Management, Online Privacy
[6] First Monday 2002: Civil Liberties In A New America
[7] EPIC Bookstore - Books by Christine L. Borgman and Bruce Schneier
[8] Upcoming Conferences and Events

[1] EPIC Testifies Before Congress on Anti-Privacy Bill

On September 24, EPIC Executive Director Marc Rotenberg testified
before the House Subcommittee on Commerce, Trade, and Consumer
Protection on the Consumer Privacy Protection Act, H.R. 4678.  The
hearing was chaired by Rep. Cliff Stearns (R-FL), the original sponsor
of the bill.  In addition to Mr. Rotenberg, six industry
representatives testified about the bill.

The EPIC testimony noted that the bill favors industry over the
consumer and the invasion of privacy over the protection of privacy in
almost every key provision.  It would require companies to adopt
privacy policies; however, no restrictions are placed on what the
policies can say, and the policies could be substantively changed at
any time.  The bill also allows sale of personal data to third parties
as long as a benefit is offered to the customer, which could simply be
the services originally sought. Furthermore, the Act provides no
safeguards against disclosure of personally identifiable information
to law enforcement agencies.

The bill would also preempt all state and local information privacy
laws.  Recent privacy victories such as an "opt-in" standard for
financial information sharing in North Dakota and San Mateo County,
California would thus be repealed.  Local interest in privacy
protection has sprung up across the country, but further efforts would
be stymied by this bill.

Mr. Rotenberg noted that even the White House panel charged with
protecting the country from cyberterrorism had shown greater regard
for privacy protection.  Meanwhile, the industry representatives
praised the bill.  When asked by a committee member about the costs of
compliance with the bill, they responded that their policies were
already in compliance with the bill's requirements, and implementation
costs would be minimal.

EPIC's Testimony is available at:


Hearing Notice and Links to Witness Testimony:


H.R. 4678, Consumer Privacy Protection Act of 2002:


[2] European Conference Reaffirms Support for Data Directive

A landmark conference in Brussels with leading privacy experts,
industry leaders, and data protection officials, ended with support
for the continued implementation of the European Union Data Directive,
but noted areas where implementation could be improved and new
opportunities for privacy protection pursued.

Fritz Bolkestein, European Commissioner for Internal Markets, said
that "the Commission will hesitate before embarking on any kind of new
legislative action, even those involving minor amendments.  Rather
than embarking on legislative change which, of course, can be slow to
produce results, we should first exploit all more pragmatic
possibilities at our disposal."  Peter Hustinx, the Dutch Data
Protection Commissioner, expressed the view of many when he said that
no one had suggested that the principles in the Directive are not
valid or that the Directive is unworkable.

The conference explored a wide range of issues related to the
implementation of the Data Directive, the growth of the Internet, the
processing of sound and image files, and international issues
including data transfers, applicable law, and jurisdiction.

Among the speakers were Lene Espersen, Danish Minister of Justice;
Giacomo Santini, vice-chairman of the Committee on Citizens' Freedoms
and Rights, Justice and Home Affairs of the European Parliament; and
Stefano Rodotà, President of the Working Party of Article 29 of the
Directive (committee of Data Protection Commissioners in the

EPIC Executive Director Marc Rotenberg chaired a session on the
Internet and Privacy Enhancing Technologies, which included Helmut
Bäumler of the German Data Protection Authority, Lee Bygrave of the
University of Oslo, Stephanie Perrin of zeroknowledge, Maurice
Wessling of Bits of Freedom, and Jason Albert with Covington & Burling
in Brussels.  The session explored opportunities and obstacles for the
development of new techniques to safeguard privacy.

Simon Davies, Director General of Privacy International, summarizing a
report on the rights and interests of data subjects, urged the
Commission to continue to seek input from the public and to ensure
that the Directive continues to uphold its critical purpose of
safeguarding human rights.

In conclusion, Mr. Bolkestein suggested that the Commission would
consider several proposals for future Community action, including:

	*  the simplification of notification requirements;

	*  reduction of divergences in Member States practices;

	*  a more determined effort to promote privacy enhancing

	*  more flexible arrangements for the transfer of personal
	data to third countries, together with a clearer and more
	uniform interpretation of the rules;

	*  promotion of self-regulatory approaches and in particular
	Codes of Conduct that can contribute to the free movement of
	personal data.

A report from the Commission is expected later this year.

European Commission, Data Protection:


Data Protection Conference and Report of the Implementation of the
Directive 95/46/EC:


Privacy International:


EPIC, Privacy and Human Rights: An International Survey of Privacy
Laws and Developments:


[3] Landmark Public Domain Case To Be Argued Before Supreme Court

On Wednesday, October 9, the U.S. Supreme Court will hear the case of
Eldred v. Ashcroft, the challenge to the controversial 1998 Sonny Bono
Copyright Term Extension Act (CTEA). The CTEA lengthened copyright
terms by 20 years, stretching them to 70 years after an artist's
death.  This effectively prevents hundreds of thousands of works
(notably, and not coincidentally, Mickey Mouse) from falling into the
public domain for an additional 20 years. Eldred is the first
challenge to copyright extensions to reach the Supreme Court.

Although the outcome of this case has significant consequences for the
future of the CTEA, the public domain, and copyright in general, the
Supreme Court on Wednesday will be considering the more narrow
question of whether Congress has the right to extend copyright law if
the change does not promote the "progress of science and useful arts"
as stated in Article 1, Section 8 of the Constitution.  Professor
Lawrence Lessig, who will argue for Eldred before the Court, argues
that Congress should extend copyright protection only if the change is
aimed at promoting new creative works.  The CTEA, rather than
promoting the progress of arts and sciences, prevents works from
falling into the public domain (where they can be used to create new
and significant works: Shakespeare and Disney, for example, borrowed
liberally from prior works in creating their masterpieces) despite the
fact that no incentive will urge the works' creators, long dead, to
produce new works.  The government counters that the 1998 Act promotes
the arts by protecting their economic value, thereby fostering greater
incentives to create.

The copyright term limit in 1790, as passed by the First Congress, was
14 years, plus another 14 if the creator was still alive.  Under this
standard, Mickey Mouse, first introduced in 1928, would have entered
the public domain in 1956.  Under the CTEA, Mickey Mouse will not
enter the public domain until 2023.  (Prior to the passage of the
CTEA, Mickey would have entered the public domain in 2003).

On the eve of the Court hearing, "The Bookmobile" is scheduled to
reach Washington, DC on Tuesday night.  It is a "mobile digital
library capable of downloading public domain books from the Internet
via satellite and printing them anytime, anywhere, for anyone."  The
Bookmobile, which is intended to illustrate the value of books and the
importance of the public domain, left San Francisco on September 30,
and has stopped at schools and libraries across the nation.

Information on The Bookmobile is available at:


Legal materials on Eldred v. Ashcroft are available at:


[4] Student Profilers Settle Privacy Cases with FTC

The Federal Trade Commission (FTC) has settled cases against American
Student List (ASL) and the National Research Center for College and
University Admissions (NRCCUA) for collecting personal information
from students through deceptive practices.  The FTC complaint alleged
that the companies operated a scheme to cull marketing data through
surveys administered under the pretense of college admissions and
scholarship opportunities.

NRCCUA sent letters to schools asking teachers to dedicate classroom
time to administering detailed surveys for college admissions and
financial aid purposes.  These "Post-Secondary Planning" surveys
elicited detailed personal information from students, including their
religious affiliations, personal interests, and social attitudes.  The
surveys did have a privacy notice, but the language implied that the
information was for educational purposes only.  NRCCUA marketed the
information collected to higher education institutions, but also
shared the information with ASL, which used the data for direct
marketing.  ASL is a list brokerage company that sells personal
information in "Teenage Lifestyle Interests," "Ethnic Families," and
"Preschool" databases.

The settlement requires the companies to improve their privacy notices
by disclosing future marketing use of the survey data in
communications with students and teachers.  Also, the companies cannot
use data collected prior to the settlement for "non-educational
marketing purposes."  However, this still allows use of student data
for student "recognition" programs, book clubs, magazine
subscriptions, and other "educational" products.

The FTC's action follows a prosecution brought by the New York
Attorney General against Student Marketing Group (SMG), a similar
student-profiling company (see EPIC Alert 9.16).

FTC Settlement with Student Profilers:


EPIC's Student Privacy Page:


[5] Intellectual Property, Digital Rights Management, Online Privacy

Several recent bills and proposals to increase intellectual property
protection rights could significantly impact online privacy.

In July, Rep. Howard Berman (D-CA) introduced H.R. 5211, the
Peer-to-Peer Piracy Prevention Act, a bill which would "limit the
liability of copyright owners for protecting their works on
peer-to-peer networks."  Under the bill, copyright owners would be
exempt from all State and Federal statutory and common law liability
for engaging in self-help, including "disabling, interfering with,
blocking, diverting, or otherwise impairing the unauthorized
distribution, display, performance, or reproduction . . . on a
publicly accessible peer-to-peer file trading network."  While
proponents of the bill claim it would only permit the use of innocuous
technologies, the language of the bill fails to limit the copyright
owner's self-help activities other than in terms of direct monetary
loss of "$50 per impairment."  For copyright owners to effectively
reduce P2P piracy, they are likely to employ more invasive measures in
an escalating "arms race" with peer-to-peer software.  As it becomes
harder to discover what is being exchanged across P2P networks, and as
the distinction blurs between the peer-to-peer file trading networks
and other general Internet communications such as e-mail and Web
browsing, copyright owners may scrutinize the content of
communications in order to identify potentially infringing
transactions.  Furthermore, it may become increasingly difficult to
even identify which system within a local network is running a file-
sharing application, requiring more sophisticated surveillance on the
part of the copyright owner.  This sort of activity is a necessary
predicate to taking the self-help measures proposed in H.R. 5211, and
could open the door to significant invasions of user privacy.

Meanwhile, Rep. Billy Tauzin (R-LA) has circulated a draft bill that
would mandate the adoption of a "broadcast flag" in devices receiving
digital television broadcast; the FCC has also initiated a request for
comments on a similar rule.  In theory, the flag allows copyright
owners to signal that redistribution or duplication of certain content
broadcast over the public airwaves is prohibited.  The implications of
the mandate, however, could be far-reaching as copyright owners seek
to gain complete control over their content.  For example, the flag's
presence might trigger certain devices to report back to the copyright
owner that unauthorized duplication is taking place.  Furthermore, the
flag could be used to prohibit traditional "fair use" of copyrighted
works.  Since details on the actual implementation of the broadcast
flag remain unresolved, EPIC plans to monitor these developments

Finally, Rep. Zoe Lofgren (D-CA) and Rep. Rick Boucher (D-VA) each
introduced legislation in the past week to protect consumer's rights
and limit some of the more invasive provisions of the Digital
Millenium Copyright Act.  Although action on the bills is unlikely in
the remaining days of this Congressional session, these bills will set
the stage in the next Congress for a debate over the balance between
the rights of copyright owners and consumers.

H.R. 5211, Peer-to-Peer Piracy Prevention Act of 2002:


Tauzin Draft of Broadcast Flag Mandate:


H.R. 5522, Digital Choice and Freedom Act of 2002:


H.R. 5544, Digital Media Consumers' Rights Act of 2002:


[6] First Monday 2002: Civil Liberties In A New America

Today, October 7, marks First Monday 2002.  First Monday is an
organizing effort by the Alliance for Justice to bring attention to a
critical public policy issue each year and to reach out to young
people, mobilizing them to become activists for change.  Founded in
1994, First Monday began as an annual event coinciding with the
opening of the Supreme Court's session on the first Monday in October.
It was originally designed to support law students who were
considering careers in public interest law.  Over time, First Monday
has grown to become a rallying point for the entire public interest
community, including progressive students in social work, medicine,
public health, nursing and undergraduate colleges.

The purpose of this year's First Monday theme, "Civil Liberties in a
New America," is to raise awareness about the importance of civil
liberties after September 11th.  This is accomplished through the
organization of numerous grassroots events involving students and
community members across the nation.

At the heart of First Monday is a documentary film that serves as the
cornerstone for every First Monday event, whether they are
campus-based educational events, city-wide screenings, community
forums, or ongoing organizing by activists and advocates.  The films
coincide with each year's focus and have explored such topics as
hunger and homelessness, the death penalty, and the gun violence

It's not too late to bring First Monday: Civil Liberties in a New
America to your community or campus.  Contact First Monday today if
you want to host a screening of their film "Of Rights and Wrongs: The
Threat to America's Freedoms," featuring Susan Sarandon and the music
of Bruce Springsteen.  First Monday activists are also taking action
by signing "Subpoenas for Information" addressed to Attorney General
John Ashcroft, pressuring him to lift the veil of secrecy at the
Justice Department and answer important questions concerning civil
liberties.  You can add your voice to the growing chorus seeking
information from Attorney General Ashcroft by signing on to the

This year, there are over 200 events being planned on campuses and in
communities from Maine to California.  Get involved in this national
mobilization to protect America's freedoms!

Sign the subpoena on the First Monday Web site at:


To find the First Monday event nearest you, go to:


[7] EPIC Bookstore - Books by Christine L. Borgman and Bruce Schneier

From Gutenberg to the Global Information Infrastructure: Access to
Information in the Networked World, by Christine L. Borgman

Will the emerging global information infrastructure (GII) create a
revolution in communication equivalent to that wrought by Gutenberg,
or will the result be simply the evolutionary adaptation of existing
behavior and institutions to new media?  Will the GII improve access
to information for all?  Will it replace libraries and publishers?
How can computers and information systems be made easier to use?
What are the trade-offs between tailoring information systems to user
communities and standardizing them to interconnect with systems
designed for other communities, cultures, and languages?

This book takes a close look at these and other questions of
technology, behavior, and policy surrounding the GII.  Topics covered
include the design and use of digital libraries; behavioral and
institutional aspects of electronic publishing; the evolving role of
libraries; the life cycle of creating, using, and seeking information;
and the adoption and adaptation of information technologies.  The book
takes a human-centered perspective, focusing on how well the GII fits
into the daily lives of the people it is supposed to benefit.

Taking a unique holistic approach to information access, the book
draws on research and practice in computer science, communications,
library and information science, information policy, business,
economics, law, political science, sociology, history, education, and
archival and museum studies.  It explores both domestic and
international issues.  The author's own empirical research is
complemented by extensive literature reviews and analyses.


Secrets and Lies: Digital Security in a Networked World, by Bruce

Internationally recognized information security expert Bruce Schneier
provides a practical, straightforward guide to understanding and
achieving security throughout computer networks.  Schneier uses his
extensive field experience with his own clients to dispel the myths
that can mislead you while trying to build secure systems.  He also
clearly covers everything you'll need to know to protect your
company's digital information.  And he shows you how to assess your
business and corporate security needs so that you can choose the right
products and implement the right processes.

Both of the above books are available through the EPIC Bookstore at:



EPIC Publications:

"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events

Bridging the Digital Divide: Challenge and Opportunities. 3rd World
Summit on Internet and Multimedia. October 8-11, 2002. Montreux,
Switzerland. For more information: http://www.internetworldsummit.org/

Symposium: The Rule of Law in the Information Age: Reconciling Private
Rights and Public Interest. The Catholic University of America School
of Law, Interdisciplinary Program in Law and Religion and the
Institute for Communications Law Studies. October 9-10, 2002.
Washington, DC. For more information:

2002 WSEAS International Conference on Information Security (ICIS
'02). World Scientific and Engineering Academy and Society. October
14-17, 2002. Rio de Janeiro, Brazil. For more information:

Privacy & Data Security Academy & Expo. International Association of
Privacy Officers (IAPO). October 16-18, 2002. Chicago, IL. For more
information: http://www.privacyassociation.org/html/conferences.html

Privacy Law and Policy: Meeting the Challenges of Technology,
Terrorism, and Accountability. Council on Law in Higher Education
(CLHE). October 20-22, 2002. Washington, DC. For more information:

Privacy Trends: Complying With New Demands. Riley Information Services
Inc. and the Commonwealth Centre for Electronic Governance. October
22, 2002. Ottawa, Canada. For more information:

Symposium on Privacy and Security (SPS). Stiftung für Datenschutz und
Informationssicherheit (SDI), Basel/Switzerland. October 30-31, 2002.
Zurich, Switzerland. For more information:

3rd Annual Privacy and Security Workshop: Privacy & Security: Totally
Committed. Centre for Applied Cryptographic Research, University of
Waterloo and the Information and Privacy Commissioner/Ontario.
University of Toronto. November 7-8, 2002. Toronto, Canada. For more
information: http://www.epic.org/redirect/cacr.html

First Hawaii Biometrics Conference. Windward Community College,
Pacific Center for Advanced Technology Training (PCATT). November
10-13, 2002. Waikiki, HI. For more information:

Transformations in Politics, Culture and Society. Inter-
Disciplinary.Net. December 6-8, 2002. Brussels, Belgium. For more
information: http://www.inter-disciplinary.net/tpcs1.htm

18th Annual Computer Security Applications Conference (ACSAC):
Practical Solutions to Real Security Problems. Applied Computer
Security Associates. December 9-13, 2002. Las Vegas, NV. For more
information: http://www.acsac.org/

Third Annual Privacy Summit. International Association of Privacy
Officers. February 26-28, 2003. Washington, DC. For more information:

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information: http://www.cfp.org/

Subscription Information
Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via email:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org
     Subject: "help" (no quotes)
Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 9.18 -----------------------