IP: EPIC Alert 5.15 on EU Privacy and CDA II

[Dave Farber <farber () cis upenn edu>]

   Volume 5.15                                   October 28, 1998
   --------------------------------------------------------------

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

                          http://www.epic.org

=======================================================================
Table of Contents
=======================================================================

[1] Lawsuit Filed Against New Censorship Law
[2] European Privacy Law Goes Forward
[3] FCC Gives Tentative Approval to FBI Wiretap Standards
[4] EPIC Releases New Report on Endangered Civil Liberties
[5] 10th GVU WWW Survey Underway
[6] Report on NSA's Echelon Network Goes to Congress
[7] New Bills and Actions in Congress
[8] Upcoming Conferences and Events

=======================================================================
[1] Lawsuit Filed Against New Censorship Law
=======================================================================

EPIC has joined other online civil liberties groups in a court
challenge to the new federal Internet censorship bill signed by
President Clinton as part of the omnibus budget package.  The lawsuit,
filed in Philadelphia on October 22, asserts that the "Child Online
Protection Act" will violate both the free speech and privacy rights
of Internet users.  The case is being litigated by EPIC, the American
Civil Liberties Union and the Electronic Frontier Foundation.
Demonstrating the range of speech affected, the list of plaintiffs
includes the Internet Content Coalition, a member group including Time
Inc., Warner Bros., C/NET and The New York Times Online; OBGYN.Net, a
women's health website; Philadelphia Gay News; and Salon Magazine.

In February 1996, EPIC, ACLU and EFF filed a challenge to the
ill-fated Communications Decency Act.  A three-judge federal panel in
Philadelphia struck down the law in June 1996, a ruling that was
upheld by a unanimous Supreme Court one year later.

The "Child Online Protection Act" makes it a federal crime to
"knowingly" communicate "for commercial purposes" material considered
"harmful to minors."  Penalties include fines of up to $50,000 for
each day of violation, and up to six months in prison if convicted of
a crime.  The government also has the option of bringing a civil suit
against individuals under a lower standard of proof, with the same
financial penalty of up to $50,000 per violation.  Compliance with the
Act would require websites to obtain identification and age
verification from visitors, a feature of the law that threatens online
privacy and anonymity.

In a seven-page analysis of the bill sent to Congress on October 5,
the Justice Department said that the bill had "serious constitutional
problems" and would likely draw resources away from more important law
enforcement efforts such as tracking down hard-core child
pornographers and child predators.  The Justice Department also noted
that the new law is ineffective because minors would still be able to
access news groups or Internet relay chat channels, as well as any
website generated from outside of the United States.

The text of the complaint is available at:

     http://www.epic.org/free_speech/copa/complaint.html

=======================================================================
[2] European Privacy Law Goes Forward
=======================================================================

The European Union Data Directive goes into force this week.  The new
law provides basic privacy rights for consumers and should encourage
the development of privacy enhancing technologies.  The data directive
grew out of specific circumstances related to the integration of the
European economies and the need to harmonize national privacy laws.  It
also reflects a widely held belief that privacy is a fundamental human
right, entitled to full protection in law.

Under the EU rules, European citizens have a right to:

     See any information about them and know how the information
     will be used;

     access the information and make corrections;

     be notified before the information is sold or shared elsewhere
     and choose who else can have access to the information; and

     sue if a company is in violation of these conditions.

The EU Data Directive has been endorsed strongly by BEUC, the leading
European Consumers Organization.  In a letter this month to European
Commission Member Mario Monti, BEUC Director Jim Murray wrote, "Our
concern is with the personal data of European consumers which may be
exported to the U.S.  European consumers must not lose their specific
protections when that data is exported. If the U.S. cannot give
effective guarantees on this point, personal data should not be
exported from the EU to the U.S."

Other countries are following Europe's lead.  Canada is the most recent
of several governments that have announced plans to adopt comprehensive
privacy legislation to promote consumer confidence and encourage the
development of new commercial services.  The EU Data Directive has also
been cited several times as contributing to the decision of EU member
countries not to endorse the U.S.-promoted key escrow/key recovery
encryption scheme.

Simon Davies, Director of Privacy International, has indicated that PI
will begin enforcement actions against firms that fail to comply with
the requirements of the EU Directive as early as this year.  Louise
Sylvan, Vice President of Consumer International, has said that the
international consumer organization will begin an evaluation this year
of the adequacy of consumer privacy protection around the globe.  In
the United States opinion polls show public support for new privacy
legislation.

The following resources are available online:

European Union Directive

     http://www.privacy.org/pi/intl_orgs/ec/eudp.html

Privacy International

     http://www.privacy.org/pi/

Consumers International

     http://www.consumersinternational.org/

EPIC Congressional Testimony on the EU Data Directive and Privacy

     http://www.epic.org/privacy/intl/rotenberg-eu-testimony-598.html

=======================================================================
[3] FCC Gives Tentative Approval to FBI Wiretap Standards
=======================================================================

In a statement released on October 22, the Federal Communications
Commission expressed its tentative approval of FBI-proposed technical
requirements that would enable law enforcement to determine the
location of individuals using cellular telephones.  The Commission
tentatively approved some other capabilities requested by the Bureau,
rejected several, and deferred decisions on other issues, including
surveillance of Internet "packet" communications. The initial decision
came in a proceeding under the controversial Communications Assistance
to Law Enforcement Act (CALEA).  EPIC previously filed formal comments
with the FCC urging the protection of communications privacy.

In its "Further Notice of Proposed Rulemaking," the FCC proposes to
adopt the "uncontested" elements of an interim technical standard for
CALEA compliance developed by the FBI and the telecommunications
industry.  Despite the Commission's characterization, EPIC and other
parties had urged the rejection of the interim standard.  With respect
to nine capabilities the Bureau and industry were unable to agree on,
the FCC tentatively endorsed five, rejected three and expressed no
opinion on one.  "Location information" -- the ability to determine
the physical location of a cellular phone user -- was the most
controversial issue before the Commission and is likely to receive the
most attention in further proceedings.

The FCC action of October 22 is not final.  The Commission emphasized
that

     while the [Notice] proposes only initial threshold
     judgments on each of the above issues, the Commission
     in this proceeding -- as directed by Congress -- will
     also take into account five factors that must be
     considered under [CALEA]. Those factors are:
     (1) meeting the assistance capability requirements of
     section 103 by cost-effective methods; (2) protecting
     the privacy and security of communications not authorized
     to be intercepted; (3) minimizing the cost of CALEA
     compliance on residential ratepayers; (4) serving the
     policy of the United States to encourage the provision
     of new technologies and services to the public; and (5)
     providing a reasonable time and conditions for CALEA
     compliance.

Additional information on CALEA is available at:

     http://www.epic.org/privacy/wiretap/

=======================================================================
[4] EPIC Releases New Report on Endangered Civil Liberties
=======================================================================

On October 26, EPIC released a new report -- "Critical Infrastructure
Protection and the Endangerment of Civil Liberties."   The report
finds that several Administration recommendations and proposals --
including two Presidential Decision Directives (62 and 63) -- may
severely impact the privacy and civil liberties of Americans.

Notably, the report calls into question the increased national
policing powers of the FBI and the Defense Department in monitoring
potential attacks on the nation's critical infrastructure, including
the Internet.  These activities are being facilitated by several new
federal agencies with significant powers to conduct monitoring of
network activity, including the FBI's National Infrastructure Threat
Center, the White House's Critical Infrastructure Assurance Office
(CIAO), and the President's National Coordinator for Security,
Infrastructure Protection, and Counter-Terrorism.

Several proposals contained in last year's report by the President's
Commission on Critical Infrastructure Protection (the "Marsh Report")
could significantly weaken such important legislation as the Privacy
Act of 1974, the Electronic Communications Privacy Act, the Computer
Security Act, Posse Comitatus, the Freedom of Information Act, the
Employee Polygraph Protection Act, the Federal Advisory Committee Act,
and various state privacy and freedom of information laws.

The EPIC report was released at a press briefing at the National Press
Club.  Proposals to virtually "deputize" private sector information
system and network security personnel by requiring them to be
subjected to polygraph examinations were criticized as "absurd" by
noted computer security expert Bill Murray, who spoke as a panelist on
behalf of the International Information System Security Certification
Consortium (ISC2),

Resource materials on critical infrastructure protection, including
the EPIC report (in PDF format), are available at:

     http://www.epic.org/security/infowar/resources.html

=======================================================================
[5] 10th GVU WWW Survey Underway
=======================================================================

The Graphics, Visualization & Usability Center, an academic research
center affiliated with Georgia Tech's College of Computing, is now
conducting the 10th WWW Survey.  The survey will focus on web and
Internet usage habits; consumer preferences and behaviors; consumer
online privacy; attitudes and opinions on social issues and electronic
commerce; webmastering and more.

Web users are encouraged to visit the survey site and answer a series
of questions.  Privacy and anonymity will be protected.  The survey
runs from October 10 to November 10, 1998.  Results should be available
around January 25, 1999.

The GVU would also like you to know that "numerous $100 (US) cash
prizes will be awarded to randomly selected respondents (you have a
much better chance of winning than the lottery)."

The 10th GVU WWW Survey:

     http://www-survey.cc.gatech.edu/

For more information about public attitudes toward privacy, visit the
EPIC Privacy Surveys Archive at:

     http://www.epic.org/privacy/survey/

=======================================================================
[6] Report on NSA's Echelon Network Goes to Congress
=======================================================================

A new report on the National Security Agency's top-secret spying
network will soon be sent to members of Congress.  The report --
"Echelon: America's Spy in the Sky" was produced by the Free Congress
Foundation and details the history and workings of the NSA's global
electronic surveillance system.  The system is reportedly capable of
intercepting, recording and translating any electronic communication
sent anywhere in the world.

The surveillance system has recently been the focus of controversy.
The European Parliament will commission a full report into the
workings of Echelon.  The parliamentary report is expected to focus on
concerns that the system has been expanded and is being directed at
the communications of European companies and elected officials.  The
Free Congress Foundation is urging the U.S. Congress to examine
Echelon as carefully as the European Parliament has.

The NSA refuses to confirm nor deny Echelon's existence, but
investigative journalists and civil liberties activists have uncovered
a number of the system's details in recent years.

The new report on Echelon is available at:

     http://www.freecongress.org/ctp/echelon.html

=======================================================================
[7] New at the EPIC Bookstore
=======================================================================

New and Available from the EPIC bookstore:

EPIC's latest publication, "Critical Infrastructure Protection and the
Endangerment of Civil Liberties."  This report, authored by EPIC
Senior Fellow Wayne Madsen, an expert in intelligence community
issues, was released October 26 at the National Press Club.  The EPIC
report responds to earlier recommendations of the President's
Commission on Critical Infrastructure Protection (PCCIP) that would
extend government investigative authority and secrecy while limiting
privacy rights. The report warns that efforts to protect the nation's
critical infrastructures could result in sweeping new limitations on
personal privacy and government accountability.

Hard copies of the 54 page report are available for $10 plus $3
shipping and handling.  To order, send a check or money order along
with your delivery address to: EPIC Publications, 666 Pennsylvania
Avenue S.E., Suite 301, Washington, D.C. 20003.

For many other great titles on privacy, free speech and encryption,
visit the EPIC Bookstore at:

     http://www.epic.org/bookstore/#021#

=======================================================================
[8] Upcoming Conferences and Events
=======================================================================

Encryption Controls Workshop. Bedford, MA. October 29. Sponsored by
U.S. Department of Commerce. Contact: (202) 482-6031.

"Protecting Personal Privacy on the Internet: Risks, Laws, and
'Self-Regulation.'"  Washington, DC. November 4. Communication,
Culture and Technology Program, Georgetown University.  Speakers
include David Sobel of EPIC. Contact:
http://cct.georgetown.edu/events/lectures.html

PDC 98 - the Participatory Design Conference, "Broadening
Participation." November 12-14. Seattle, WA.  Sponsored by Computer
Professionals for Social Responsibility in cooperation with ACM and
CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98

Data Privacy in the Global Age.  November 13.  Milwaukee, WI.
Sponsored by ACLU of Wisconsin Data Privacy Project. Contact: Carole
Doeppers <acluwicmd () aol com>.

Computer Ethics. Philosophical Enquiry 98 (CEPE'98). December 14-15.
London, UK. Sponsored by ACMSIGCAS and London School of Economics.
http://is.lse.ac.uk/lucas/cepe98.htm

1999 RSA Data Security Conference. January 18-21, 1999. San Jose, CA.
Sponsored by RSA. Contact: http://www.rsa.com/conf99/

FC '99  Third Annual Conference on Financial Cryptography. February
22-25, 1999 Anguilla, B.W.I. Contact: http://fc99.ai.

Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Contact: DC. Sponsored by ACM. Contact: info () cfp99 org.

1999 EPIC Cryptography and Privacy Conference. June 7, 1999.
Washington, DC. Sponsored by EPIC. Contact: Washington, DC. Sponsored by EPIC. Contact: info () epic org.

=======================================================================
Subscription Information
=======================================================================

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news () epic org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:

     http://www.epic.org/alert/subscribe.html

Back issues are available at:

     http://www.epic.org/alert/

=======================================================================
About EPIC
=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail info () epic org, http://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully tax-
deductible.  Checks should be made out to "The Fund for Constitutional
Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301,
Washington DC 20003. Individuals with First Virtual accounts can
donate at http://www.epic.org/epic/support.html

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law.

Thank you for your support.

  ---------------------- END EPIC Alert 5.15 -----------------------
.