Source
Automatically imported from: http://commons.somewhere.com:80/rre/1998/Letter.on.White.House.Pr.html
Content
This web service brought to you by Somewhere.Com, LLC.
Letter on White House Privacy Conference
``` ---
This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu
---
Date: Thu, 26 Feb 1998 13:33:19 -0500
From: Marc Rotenberg
Friends -
The final letter on the White House privacy conference follows. Thank you all for your help and suggestions. Already the Department of Commerce has indicated that they are rethinking the plan for the event. A meeting has been scheduled for next week. [...]
Several people asked about good references on the general topic of privacy policy. Here are few that may be useful:
"A Framework for Global Electronic Commerce - Privacy" [http://www.iitf.nist.gov/eleccomm/ecomm.htm#privacy] (This is the key administration document on electronic commerce and privacy)
"Options for Promoting Privacy on the National Information Infrastructure" [http://www.iitf.nist.gov/ipc/privacy.htm] (Extensive review of privacy options prepared by the National Information Infrastructure Task Force)
"Privacy and the NII: Safeguarding Telecommunications Related Personal Information" [http://www.ntia.doc.gov/ntiahome/privwhitepaper.html] (NTIA white paper on privacy issues)
"The Protection of Personal Information: Building Canada's Information Economy and Society" [http://strategis.ic.gc.ca/privacy/] (A recent consultation document on privacy from the Canadian government)
"OECD Guidelines on Protection of Privacy and Transborder Data Flow" [http://www.oecd.org/dsti/sti/it/secur/prod/] (A set of international guidelines adopted in 1980 that form the basis of many national privacy laws and many voluntary codes of conduct)
European Union Directive on the Protection of Individuals with Regard to the Processing of Personal Data [http://www2.echo.lu/legal/en/dataprot/directiv/directiv.html] (The EU directive establishes European-wide privacy standards for the processing of personal information and has raised questions about the adequacy of privacy laws in the US).
Regards,
Marc Rotenberg
---
February 26, 1998
The Honorable William M. Daley Office of the Secretary Rm. 5854 U.S. Department of Commerce 14th & Constitution Ave. NW Washington, DC 20230
Dear Secretary Daley:
We are writing to you regarding the proposed Department of Commerce conference on privacy and the Internet. We are academics, representatives of consumer, civil liberties and privacy organizations, and technical experts.
We appreciate your interest and the interest of the White House in a public forum on privacy. We believe that privacy is one of the most important issues facing the American public today. Privacy is a fundamental value, a continuing source of great popular concern. We are all aware that the United States lacks adequate and effective privacy protection. We support your efforts to convene a conference on these issues.
At the same time, we are troubled by the current planning for this event. We understand that the Department has essentially delegated to the private sector the responsibility for organizing this meeting. Planning has begun for the event, even though there is no formal announcement from the Department and no announced request for public participation. Many of the country's leading experts and advocates have not been contacted nor invited to participate. Given the enormous importance of this issue for so many people, we believe it is critical that the planning and organization of this event be as open and as inclusive as possible.
We further believe that there must be certain goals for a White House conference on privacy. These goals include:
=85 Understanding the threats to privacy and the difficulty that consumers face trying to protect their privacy
=85 Evaluating the sufficiency of self-regulation and the adequacy and effectiveness of current US privacy policies
=85 Exploring the use of encryption, anonymity, and other privacy enhancing techniques to protect online privacy
=85 Recognizing the level of public support for strong privacy protection
This conference provides an important opportunity for listening to the public and developing policies that respond to public concerns. It is critical to the operation of democratic government that all interested parties are given an opportunity to participate in important government proceedings.
Therefore, we urge you to take the following steps to make clear the Department's commitment to a fair and open meeting and to ensure that critical issues are considered at this important event:
1. The conference should be organized by full-time employees of the US government and decisions about participation, progam, and conference activities must be made by the agency responsible for the event. This is simply a matter of fairness: If the Department of Commerce has the staff and resources to meet with and organize on behalf of industry groups, it must expend at least as much energy soliciting public opinion and making possible meaningful public input in the planning of a national conference on privacy. This function cannot be delegated to a particular stakeholder or group of stakeholders.
2. The organizing of this event should be as open and inclusive as possible. Many agencies, including the NTIA, the FTC and the FCC, have made effective use of the Internet to engage the public and request public comment on events in Washington. Mr. Magaziner's work to solicit public comments on the White Paper on Electronic Commerce was also a good example of this. Considering the tremendous opportunity that the Internet provides for public participation in government decision-making, it is clear that much more could be done to engage the public in the development of a national conference on privacy.
3. The evaluation of the adequacy of self-regulation to protect privacy should be a primary goal of this conference. The Administration has recommended self-regulation to protect privacy in lieu of other policies and approaches. Many believe that the policy has not succeeded and that stronger steps, including legislation, should be considered. With the the July 1st deadline for a report to the President approaching, now would be the right time to determine whether in fact self-regulation has worked.
4. Cryptography should be a central issue at a White House conference on Internet Privacy. Encryption is critical to the future of on-line privacy. Without some consideration of the use of cryptography to protect privacy, the meeting will lack credibility and the proposals discussed will necessarily be incomplete. Encryption policy is particularly relevant because the Department of Commerce currently exercises export control over the distribution of encryption products and will be issuing rules on the use of encryption by federal agencies later this year. We also expect that some discussion of the importance of anonymity will be included in the conference program.
The White House has made a commendable commitment to openness and accountability in the development of Internet policy. While we have not always agreed on the outcomes produced, the process has inspired confidence that the Administration is genuinely interested in all points of view.
The current planning for the privacy conference inspires no such confidence. We believe that a fundamental change in the organization of this event must be made to address the issues we have outlined.
We look forward to working with you on this important and timely event. Please contact Marc Rotenberg at EPIC if you have further questions.
Sincerely yours,
Philip E. Agre, University of California San Diego Anita L. Allen, Georgetown University Law Center William E. Boyd, University of Arizona College of Law James Boyle, Washington College of Law, American University Dan L. Burk, Seton Hall University L. Jean Camp, Harvard University Angela Campbell, Georgetown University Law Center Fred H. Cate, Indiana University School of Law-Bloomington Richard Pierre Claude, University of Maryland, Julie E. Cohen, University of Pittsburgh School of Law Mary J. Culnan, Georgetown University School of Business Judith Wagner DeCew, Clark University William J. Drake, Georgetown University Thomas J. Field, Franklin Pierce Law Center Peter Fitzgerald, Stetson University College of Law Leonard N. Foner, MIT Media Lab Susan Freiwald, University of San Francisco Michael Froomkin, University of Miami School of Law Oscar Gandy, Annenberg School for Communication Llew Gibbons, Franklin Pierce Law Center Lawrence O. Gostin, Georgetown and Johns Hopkins University Program on Law and Public Health Sheldon W. Halpern, The Ohio State University College of Law Donna Hoffman, Vanderbilt University Deborah Hurley, Harvard Information Infrastructure Project Peter Jaszi, Washington College of Law, American University Jerry Kang, UCLA School of Law Gary Marx, Woodrow Wilson Center Helen Nissenbaum, Princeton University Eli M. Noam, Columbia University Tom Novak, Vanderbilt University David G. Post, Temple University Law School Margaret Jane Radin, Stanford Law School Priscilla M. Regan, George Mason University Joel Reidenberg, Fordham University School of Law Jeffrey Reiman, American University James Rule, State University of New York, Stoney Brook Paul M. Schwartz, University of Arkansas School of Law-Fayetteville Paul Starr, Princeton University George Trubow, John Marshall School of Law Frank Tuerkheimer, University of Wisconsin School of Law Richard C. Turkington, Villanova School of Law
[academic affiliations for identification only]
Laura W. Murphy, Director, ACLU Washington National Office Kathryn C. Montgomery, Center for Media Education Denise Nagel, National Coalition for Patient Rights Aki Namioka, Computer Professionals for Social Responsibility Jamie Love, Consumer Project on Technology Jason Catlett, Junkbusters Corp. Barry Steinhardt, Electronic Frontier Foundation Marc Rotenberg, Electronic Privacy Information Center Robert Ellis Smith, Privacy Journal Beth Givens, Privacy Rights Clearinghouse Evan Hendricks, Privacy Times David Burnham, Transactional Records Access Clearinghouse Ed Mierswinski, U.S. Public Interest Research Group
Patrick Ball, AAAS Science and Human Rights Program * Ken Bass, Plaintiff's Counsel, Karn v. U.S. Department of Commerce Cindy Cohn, Plaintiff's Counsel, Bernstein v. U.S. Department of Justice Whitfield Diffie, inventor of public key cryptography Alexander Fowler, AAAS Scientific Freedom, Responsibility and Law Program * Simson Garfinkel, author, Web Security & Commerce Stanley A. Kurzban, Founder of ACM SIG for Security, Audit, and Control Susan Landau, author, Privacy On the Line Peter G. Neumann, author, Computer-Related Risks Bruce Schneier, author, Applied Cryptography Barbara Simons, IBM * Richard Stallman, inventor of GNU Philip Zimmermann, Network Associates *
[*: affiliation for indentification only]
cc: Ira Magaziner Chairman Robert Pitofsky, Federal Trade Commission
Senator John Ashcroft Senator John Breux Senator Diane Feinstien Senator Ernest F. Hollings Senator John McCain Rep. Tom Bliley Rep. John D. Dingell Rep. Bob Franks Rep. Edward J. Markey Rep. W.J. Tauzin Rep. Bruce Vento ```
This web service brought to you by Somewhere.Com, LLC.