EPIC logo

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 9.25                                  December 19, 2002
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.

                         **  HAPPY HOLIDAYS!  **

End of Year Appeal - Support EPIC - Protect Privacy - Annoy the Snoops

Send checks for "EPIC" to: 1718 Connecticut Ave., NW, Suite 200,
Washington, DC 20009, or contribute online: http://www.epic.org/donate/
Thank you for your support.

Table of Contents

[1] FTC Announces National Do-Not-Call List for Telemarketing
[2] EPIC Files Suit on "Total Information Awareness" Documents
[3] Court Asked to Reconsider Faxed Warrant Decision
[4] ICANN Meets in Amsterdam, Adopts By-Law Changes
[5] EPIC Files Comments on Canadian Surveillance Proposal
[6] New Report Finds Errors, Inconsistency in Credit Scores
[7] EPIC Publications
[8] Upcoming Conferences and Events

[1] FTC Announces National Do-Not-Call List for Telemarketing

The Federal Trade Commission (FTC) will create a national do-not-call
(DNC) list and has adopted new regulations to give individuals greater
control over telemarketing.  EPIC and a coalition of consumer and
civil liberties groups filed comments on the proposals earlier this
year.  Many of the protections suggested in the comments were
incorporated in the FTC regulation.

The DNC list will support both telephone and Internet enrollment.
Once enrolled, individuals remain on the list for five years.  Most
telemarketers will be prohibited from calling individuals enrolled on
the DNC list.  However, charitable organizations, banks, and common
carriers that have in-house telemarketing operations will not be
affected by the list.  In order to include those telemarketers, the
Federal Communications Commission (FCC) will have to adopt new sales
call regulations.  The FCC requested comments on these issues earlier
this month, and is said to be coordinating with the FTC to ensure
comprehensive application of the DNC list.

The FTC's announcement is the first step toward giving individuals
greater control over telemarketing.  FTC must obtain approval from
Congress to charge telemarketers $16 million in order to build and
administer the list.  Additionally, telemarketing industry groups are
likely to mount lobbying and litigation campaigns against the new
protections.  The industry has long used grossly-inflated statistics
and questionable research methods to prevent protections against
telemarketing.  According to recent Direct Marketing Association
figures, nearly $300 billion was spent on telemarketing in 2001.  If
that statistic were true, it would mean that the average household in
the United States spends over $2,800 annually on goods pitched by

Other regulations included in the FTC package include the requirement
that telemarketers transmit valid caller ID information.
Telemarketers also face greater restrictions on the use of predictive
dialers that produce "dead air" or abandoned calls.  Telemarketers
will continue to be permitted to engage in "preacquired account
number" sales calling, but the practice will be subject to the new

President Bush commended the FTC for planning a DNC list.  In a
statement released yesterday, he said, "Time with family is a precious
commodity, and families should be given the tools they need to help
prevent unwanted calls from telemarketers."

FTC Do Not Call Page:


EPIC Comments on the TSR:


EPIC Comments on the TCPA:


EPIC Telemarketing Page:


[2] EPIC Files Suit on "Total Information Awareness" Documents

The Electronic Privacy Information Center on December 17 asked a
federal judge to issue an emergency order requiring the Pentagon to
release information about the controversial "Total Information
Awareness" (TIA) program.  The invasive data-mining initiative, headed
by retired Admiral John Poindexter, has raised widespread privacy
concerns.  Within hours of the court filing, the Defense Department
claimed that only one document discusses the privacy implications of
TIA and released it to EPIC.

The lawsuit challenges the Defense Department's continuing efforts to
block EPIC's Freedom of Information Act (FOIA) requests for documents
about DoD's Information Awareness Office.  EPIC first requested
information about the Office in February, but the Defense Department,
in a very unusual move, tried to impose substantial processing fees,
often applied to commercial requesters but never applied to an
organization like EPIC.  That earlier Pentagon action is the subject
of pending litigation.  The new lawsuit seeks to overturn DoD's
refusal to expedite the processing of a second information request
EPIC submitted on November 21.  The FOIA requires agencies to expedite
their handling of requests involving issues of substantial public

Soon after EPIC filed suit, the Defense Department released one
document -- a study titled "Security with Privacy" which was prepared
by the Information Sciences and Technologies Study Group (ISAT), a
group of civilian and military researchers.  The study recommends more
DoD research on privacy, but does not address policy issues and states
explicitly that it is "not a review of Total Information Awareness."

The TIA program is developing data-mining tools that will sort through
massive amounts of personal information, including financial, medical,
communications, and travel records as well as new sources of
information.  Several members of Congress have already called for
investigations of the program.

EPIC's lawsuit against the Defense Department is available at:


The ISAT study "Security with Privacy" is available at:


Background information is available at EPIC's TIA page:


[3] Court Asked to Reconsider Faxed Warrant Decision

EPIC has filed a response to a petition for reconsideration in the
U.S. Court of Appeals for the Eighth Circuit, urging the court to
reconsider a November ruling that service of a warrant on an ISP by
fax complies with the "reasonableness" requirements of the Fourth
Amendment.  EPIC's latest filing argues that the November opinion
"fails to distinguish between an officer's presence at the service of
a warrant, and an officer's presence at the execution of that warrant."

The case arose after Yahoo! was "served" with a search warrant by fax.
The defendant had argued that the law enforcement practice of faxing
the warrant to the Internet Service Provider (ISP) and having the ISP
execute the warrant violated his Fourth Amendment rights.  Although
the district court agreed, the Eighth Circuit ruled in November that
service of a warrant on an ISP by fax was "reasonable," without
deciding the broader issue of whether an Internet user has a Fourth
Amendment expectation of privacy in their e-mail.  EPIC filed an
amicus brief arguing that police officer presence is required during
the service of a warrant on an ISP, because service of a search
warrant by fax machine doesn't adequately safeguard Fourth Amendment
guarantee of a "reasonable" search.  EPIC's brief details the history
of U.S. search and seizure law, which has mandated officer presence at
the service of a warrant since the 1700s.

The case was one of the first to address the issue of how the Fourth
Amendment applies to the protection of stored e-mail and other files
held by ISPs.  The application of Fourth Amendment protection to
privacy interests in digital environments raises important questions
concerning the procedural service of a valid search warrant.  EPIC
participated as an amicus in this case to ensure that, as the legal
system responds to advances in technology, the law continues to
protect Fourth Amendment guarantees.

EPIC's response to the petition for reconsideration urges the Eighth
Circuit to affirm the district court's conclusion that "[t]he
circumstances of this case, . . . do not justify [the officer's]
choice to fax the warrant to Yahoo and allow Yahoo employees to
conduct the search and seizure without any supervision or
instruction."  The filing concluded that "[a]lthough in limited
circumstances, civilian searches may be more reasonable than searches
by law enforcement officers, the justification for this exception does
not extend to an abrogation of the requirement of an officer's
presence at the service of the warrant."

EPIC's response to the petition for rehearing is available at:


The Eighth Circuit's Opinion is available at:


For more information on the case, see EPIC's Bach Page:


Recordings of the oral arguments and other files are available through
the Web site of the U.S. Court of Appeals for the 8th Circuit:


[4] ICANN Meets in Amsterdam, Adopts By-Law Changes

The Internet Corporation for Assigned Names and Numbers (ICANN) annual
meeting took place in Amsterdam on December 14-15, 2002.

In response to criticism that ICANN has moved too slowly in
approving new generic Top-Level Domains (gTLDs), ICANN resolved to
draft a Request for Proposals for a limited number of new sponsored

The ICANN Board also adopted changes to its bylaws that include:

     - the formation of an interim At-Large Advisory Committee
     (ALAC) to become the permanent ALAC, serving to foster
     participation from the Internet community in ICANN's
     decision making process;

     - the termination of the Domain Name Supporting
     Organization (DNSO);

     - the formation of the new Generic Names Supporting
     Organization (GNSO) to make the work of policy development
     more efficient;

     - the termination of the Protocol Supporting Organization

     - the formation of a Technical Liaison Group (TLG) to
     provide technical expertise on Internet standards setting;

     - the appointment of liaisons from various advisory
     committees, including the Governmental Advisory Committee
     (GAC), to other Councils and Committees to augment
     communication among ICANN constituent groups.

At the meeting, the WHOIS Task Force asked the Names Council to
endorse its recommendations on the accuracy and marketing of WHOIS
data.  While the Names Council accepted the report, it requested
that the report comments site be reopened.  The comments site will
remain open until January 30, 2003, after which the WHOIS Task Force
will put forward another version of its policy recommendations, taking
any additional comments into account.  The Names Council will then
vote on the recommendations on February 20, 2003.  The Names Council
also asked the WHOIS Task Force to plan to terminate.  The Names
Council hopes to establish a new Task Force, acknowledging the
possibility of membership overlap.

ICANN's preliminary meeting report:


WHOIS Task Force report:


[5] EPIC Files Comments on Canadian Surveillance Proposal

EPIC has submitted recommendations on the Canadian government's
"Lawful Access Consultation Document" that would give police more
power to monitor Canadians' private communications.  In its
recommendations, EPIC supports many of the country's civil liberties
groups' concerns about the lack of justification and counter-balancing
measures that would sufficiently protect the public interest and
prevent misuse of the new powers.

The Consultation Document proposes amendments to many Canadian
statutes in preparation for the ratification of the Council of
Europe's Convention on Cybercrime.  The proposal would require all
providers of Internet, wireline and wireless services to add
surveillance capabilities to their networks in order for police and
security agencies to monitor people's communications more easily.
Further, new investigatory powers for law enforcement could be
exercised under lower judicial standards than those applied under
current criminal statutes to search warrants and intercepts.  New
mechanisms for providing centralized subscriber and service provider
information to law enforcement would be established.

The Consultation Document has met with strong opposition among several
stakeholders in Canada.  The telecommunications and ISP industries
have raised issues regarding implementation and cost of compliance.
Internet users and citizens have expressed their concerns about losing
more privacy.  Privacy watchdogs, provincial data protection
authorities, and the civil society are criticizing the document for
supporting an unjustified increase in the level of electronic
surveillance, as well as noting the major impact the government
proposal could have upon important constitutional values and rights,
such as the right to online privacy and anonymity.

EPIC's comments are available at:


Canadian government's Consultation Document:


Other submissions:


Background information on the CoE Cyber-Crime Convention:



[6] New Report Finds Errors, Inconsistency in Credit Scores

Millions of Americans may pay more for their home loans and insurance,
and may be denied other opportunities because of errors or
inconsistencies in credit scores, according to a new report written by
the Consumer Federation of America (CFA) and the National Credit
Reporting Association (NCRA).  Credit scores are used by many
businesses to evaluate risk, set interest rates, and even to make
hiring decisions.  The scores range from a low of 400 to a high of 800

Credit scoring violates privacy principles because individuals do not
have access to underlying algorithms or factors used to evaluate their
credit history.  Because of a loophole in the Fair Credit Reporting
Act (FCRA), credit bureaus are not required to provide the score with
credit reports.  In the last year, however, credit bureaus have been
selling scores to consumers who wish to monitor their credit for
indications of identity theft or for errors.

The CFA and NCRA analyzed 500,000 credit scores and more than 1,700
credit reports from all three major credit bureaus.  The groups found
that credit scores varied an average of 41 points.  Individuals on the
edge of the sub-prime lending market would be affected by this
variance greatly.  A home loan applicant improperly classified in the
sub-prime market could receive a 9.8% interest rate rather than a 6.5%
one, resulting in an enormous increase in interest payments over the
life of a mortgage.

The groups also found that certain items on the credit reports, such
as entries regarding medical collections, could indicate that the
consumer has a specific medical condition.

Congress is likely to amend the FCRA in the next session, and possibly
provide individuals with greater access to their credit scores and the
system used to determine the scores.

Credit Score Accuracy and Implications for Consumers (PDF document):


EPIC Fair Credit Reporting Act Page:


[7] EPIC Publications

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events

** The Public Voice in the Digital Economy. January 14, 2002.
Honolulu, HI. The Electronic Privacy Information Center (EPIC) will
host a free public symposium in conjunction with the OECD-APEC Global
Forum and the WSIS Prep Meeting.  For more information:
http://www.thepublicvoice.org/events/honolulu03/ **


World Sousveillance/Subjectrights Day (WSD). December 24, 2002. For
more information: http://www.wearcam.org/wsd.htm

Government Convention on Emerging Technologies. Defending America
Together: The New Era. Government Emerging Technology Alliance (GETA).
January 8-10, 2003. Las Vegas, NV. For more information:

O'Reilly Bioinformatics Technology Conference. February 3-6, 2003.
San Diego, CA. For more information:

Politics of Code: Shaping the Future of the Next Internet. Oxford
University Programme in Comparative Media Law and Policy. February 6,
2003. Oxford, England. For more information:

Third Annual Privacy & Data Security Summit: Implementing & Managing
Privacy in a Complex Environment. International Association of Privacy
Professionals. February 26-28, 2003. Washington, DC. For more
information: http://www.privacyassociation.org/html/conferences.html

Spectrum Policy: Property or Commons? Stanford Law School Center for
Internet and Society. March 1, 2003. For more information:

P&AB's Privacy Practitioners' Workshop and Ninth Annual National
Conference. Privacy & American Business. March 12-14, 2002.
Washington, DC. For more information:

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information: http://www.cfp2003.org/

28th Annual AAAS Colloquium on Science and Technology Policy. American
Association for the Advancement of Science. April 10-11, 2003.
Washington, DC. For more information:

O'Reilly Emerging Technology Conference. April 22-25, 2003. Santa
Clara, CA. For more information: http://conferences.oreilly.com/etcon/

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/

Subscription Information
Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org
     Subject: "help" (no quotes)
Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 9.25 -----------------------