Source
Automatically imported from: http://commons.somewhere.com:80/rre/1998/RRE.EPIC.Alert.5.12.html
Content
This web service brought to you by Somewhere.Com, LLC.
[RRE]EPIC Alert 5.12
``` ---
This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html or send a message to requests@lists.gseis.ucla.edu with Subject: info rre
---
Date: Thu, 17 Sep 1998 10:17:34 -0400
From: Marc Rotenberg --- Volume 5.12 September 16, 1998 --- Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C. http://www.epic.org --- Table of Contents ======================================================
[1] House Committee Holds Ironic Censorship Hearing
[2] Global Groups Urge Removal of Crypto Controls;
More Minor Changes in U.S. Policy Announced
[3] FCC Extends Deadline for Wiretap Law Compliance
[4] Federal Trade Commission Acts on Privacy
[5] Global Conference on Internet Policy - Ottawa, October 7
[6] EPIC Publishes Privacy Law Sourcebook
[7] New Bills and Action in Congress
[8] Upcoming Conferences and Events --- [1] House Committee Holds Ironic Censorship Hearing --- A House subcommittee held a hearing on September 11 to consider
"legislative proposals to protect children from inappropriate
materials on the Internet." The timing of the hearing proved to be
ironic; several lawmakers and witnesses noted that the House of
Representatives would, within hours, post on its website Independent
Counsel Kenneth Starr's sexually explicit report on President
Clinton's relationship with Monica Lewinsky. The coincidence
underscores the fact that distinguishing between "inappropriate"
material and that which deserves wide distribution requires
difficult -- and subjective -- judgments. Before the subcommittee are a half dozen bills intended to limit
children's access to online materials. The "Safe Schools Internet
Act" (H.R. 3177) would require that all public libraries and schools
that receive federal funds for Internet access install blocking
software to restrict minors' access to "inappropriate" material. The
"E-Rate Policy and Child Protection Act" (H.R. 3442) would require
schools and libraries to adopt policies "with respect to access to
material that is inappropriate for children." The "Child Online
Protection Act" (H.R. 3783) would punish commercial online
distributors of material deemed "harmful to minors" with up to six
months in jail and a $50,000 fine. Three pending bills (H.R. 774,
H.R. 1180 and H.R. 1964) would require Internet access providers to
offer customers "screening" software designed to block access to
material that might be "unsuitable" or "inappropriate" for children.
The Senate has already approved its own versions of H.R. 3177 and
H.R. 3783 and a requirement that ISPs make screening software
available. In a joint statement submitted at the hearing, 24 organizations
urged Congress "to oppose any measure that would dilute the
potential" of the Internet. The groups expressed their view that
"community-based educational approaches, as opposed to
federally-mandated filtering requirements and new criminal laws, are
the best ways to address the issue of how our children use the
Internet." The statement was coordinated by the Internet Free
Expression Alliance (IFEA). The House Subcommittee on Telecommunications, Trade and Consumer
Protection has scheduled a markup of H.R. 3783, the Child Online
Protection Act, for September 17. Additional information on pending Internet censorship legislation,
including the full text of the joint statement, is available at the IFEA website: http://www.ifea.net --- [2] Global Groups Urge Removal of Crypto Controls;
More Minor Changes in U.S. Policy Announced --- Members of the Global Internet Liberty Campaign (GILC) -- a
coalition of nearly 50 non-governmental human rights, civil
liberties, consumer, and computer user groups from around the world
-- issued an open statement on September 14 calling for the removal
of cryptography controls from the Wassenaar Arrangement, an
international agreement that governs the proliferation of offensive
military technology. The statement was sent to the technical expert
representatives of the 33 nations who are signatories to the
Wassenaar Arrangement and who are due to begin a review of the
arrangement this Fall. The statement argues that continued efforts to impose controls on
the use of encryption based on outdated Cold War policies run
contrary to the growing trend among national government to promote
the availability of strong encryption to encourage electronic
commerce and protect personal privacy. Earlier this year, GILC
released a report that found that few countries impose controls on
the use, manufacture, or distribution of encryption products. The
report cited the disproportionate influence of state security
agencies in the United States to explain that country's efforts to
expand law enforcement authority in the development of encryption
policy. EPIC serves as the U.S. coordinator of the international campaign to
remove encryption from the Wassenaar Arrangement. The GILC member statement, which was signed by 25 non-governmental
organizations from around the world, can be found at: http://www.gilc.org/crypto/wassenaar/ The White House announced on September 16 more changes to U.S.
export control laws on cryptography. The announcement reflects minor
changes in existing controls and the bulk of controls on strong
encryption still remain, especially for end users who are not major
corporations. Under the new changes, strong crypto would be available to a limited
number of non-us companies - insurance, health care and online
merchants in the 45 countries with money laundering laws. US
Companies would be able to export to their subsidiaries in nearly
all countries. Following the announcement by the Electronic Frontier Foundation
of the creation of a DES-cracker, restrictions on 56-bit products
would be relaxed to most countries. Regulations on export of key recover products would be reduced and
export of products such as Cisco Systems' "Private Doorbell" would
be exportable with minimum review. A "Technology Support Center" would be created to assist law
enforcement agencies with encryption problems. The White House is
calling on Congress to fund the center and the private sector will work
in partnership with the effort. Additional information on the new U.S. encryption control policy will
soon be available at: http://www.crypto.org/ --- [3] FCC Extends Deadline for Wiretap Law Compliance --- In an order issued on September 11, the Federal Communications
Commission extended until June 30, 2000, the deadline for industry
compliance with the Communications Assistance for Law Enforcement
Act (CALEA). At issue is the feasibility of implementing the
controversial 1994 law, which requires the telecommunications
industry to ensure that new digital technologies do not hamper
traditional law enforcement wiretapping capabilities. Had the
Commission not acted, compliance would have been required by October
25 of this year. The current FCC proceedings on CALEA began after negotiations
between the FBI and the telecommunications industry broke down over
FBI demands for enhanced access to the communications network.
Disputed issues include: whether wireless service providers must
provide location tracking capabilities; increased abilities to
monitor conference calls; proposed access to the full content of
customer communications from carriers using packet switching; and
the scope of "call-identifying information" that must be provided to
law enforcement agencies. The FCC proceeding is the culmination of a
controversy that began in the early 1990's when the FBI first sought
a "digital telephony" law to address new communications technology. The Commission expressly rejected "the FBI's assertion that an
extension of the compliance date would interfere with law
enforcement's ability to protect the public from criminal activity,"
noting that "All carriers currently provide technical assistance to
law enforcement to conduct lawfully authorized wiretaps, and nothing
in this Order should be construed as relieving carriers of their
pre-CALEA responsibilities to assist law enforcement authorities in
conducting authorized surveillance." The Senate Judiciary Committee is scheduled to debate and approve
H.R. 3303, the Justice Department authorization bill already
approved by the House, on September 17. The bill includes a
two-year delay in CALEA implementation and a change in the law
extending the deadlines for telephone companies to be reimbursed
for equipment required under the law. Additional information on CALEA is available at: http://www.epic.org/privacy/wiretap/ --- [4] Federal Trade Commission Acts on Privacy --- An FTC Administrative Law Judge ruled on July 31 that Trans Union,
one of the nation's largest credit agencies, violated the Fair
Credit Reporting Act by selling information from individuals' credit
records to direct marketing firms. The Judge ordered the company to
stop the practice, finding that "Trans Union invades consumers'
privacy when it sells consumers' credit histories to third-party
marketers without consumers' knowledge or consent." The judge was
also critical of opt-out approaches, citing evidence that most
consumers are unaware of their ability to be removed from marketing
lists. He found that "there is no direct credible evidence of the
success rate of the opt-out actually stopping direct mail and
telemarketing calls." On August 13, the FTC agreed to a settlement with GeoCities, a major
Internet site. GeoCities was charged with collecting personal
information from users and disclosing it to other companies and
deceptively collecting information from children. Under the
settlement, GeoCities agreed to post on its site a privacy notice
telling consumers what information is being collected and for what
purpose; to whom it will be disclosed; and how consumers can access
and remove the information. To ensure parental control, GeoCities
also will need to obtain parental consent before collecting
information from children 12 and under. However, the agreement is
limited because the settlement does not set standards for
GeoCities's privacy policy and there will be compensation for people
affected by the deceptive practices. More information on the FTC is available at: http://www.ftc.gov/ --- [5] Global Internet Policy Conference in Ottawa, October 7 ================================================= The Global Liberty Internet Campaign (GILC) will sponsor "The Public
Voice in the Development of Internet Policy" in Ottawa, Canada on
Wednesday, October 7, 1998. The meeting is scheduled to coincide
with the Ministerial meeting of the Organization for Economic
Cooperation and Development that begins in Ottawa on October 8. The Public Voice conference is a public meeting on the role of the
citizen in the development of the information society. The meeting
will hear from consumer groups, human rights organizations and civil
liberties advocates on such issues as privacy, access, consumer
protection and human rights in the 21st century. The featured speakers include M. David Johnston, the former chairman
of the Canadian Information Highway Advisory Council (IHAC) and
Stephen Lau, the Privacy Commissioner for Personal Data in Hong Kong. The GILC meeting is being organized by EPIC in cooperation with
Federation Nationale des Associations de Consommateurs du Quebec
(Montreal), the Public Interest Advocacy Center (Ottawa), and
Electronic Frontiers Canada. More information about the GILC Public Voice conference, including
registration information, is available at: http://www.gilc.org/events/ottawa98/ --- [6] EPIC Publishes Privacy Law Sourcebook ============================================ New from EPIC: "The Privacy Law Sourcebook: United States Law,
International Law, and Recent Developments" by EPIC's Director Marc
Rotenberg, is the most-current single-volume collection of major
privacy laws from around the globe. This essential resource contains
all of the major U.S. privacy laws, including the Privacy Act of
1974, the Electronic Communications Privacy Act of 1986 and the
Telephone Consumer Protection Act of 1991, as well as the text of
the OECD Cryptography Guidelines and the European Union Data
Directive, which goes into force in the fall of 1998. The Sourcebook also includes the complete text of the 1980 OECD
Privacy Guidelines, the international privacy framework that is the
basis for many privacy laws around the globe. Recent working papers
from the European Commission on the critical issue of determining
"adequacy" of data protection in third party countries are also
covered. The detailed Table of Contents makes it easy to find and identify
the statutory provisions that you are looking for, while a Privacy
Resources page provides you with the online addresses to several
excellent sites dealing with privacy laws and policies. Total length of the soft cover book is approximately 435 pages. To
order, send a check or money order along with your delivery address
to: EPIC Publications, 666 Pennsylvania Avenue S.E., Suite 301,
Washington, D.C. 20003. Within the U.S., cost is $54 per copy, $29
for law students, non-government organizations and non-profits.
Outside of the U.S., the Sourcebook is $60 per copy, $35 for law
students, non-government organizations and non-profits. All prices
include shipping and handling and are in U.S. funds. For many other great titles on privacy, free speech and encryption,
visit the EPIC Bookstore at: http://www.epic.org/bookstore/ --- [7] New Bills and Action in Congress =============================================== H.R. 4281. Patient Privacy Act of 1998. Repeals requirement for
national patient ID number. Introduced by Paul (R-TX) on July 21.
Referred to the Committee on Ways and Means. H.R. 4312. Medical Privacy Protection Act of 1998. Repeals national
ID number for patients. Introduced by Barr (R-GA) on July 22.
Referred to the Committee on Ways and Means, and in addition to the
Committee on Government Reform and Oversight. H.R. 4321. Financial Information Privacy Act of 1998. To protect
consumers and financial institutions by preventing personal
financial information from being obtained from financial
institutions under false pretenses. Introduced by Leach (R-IA) on
July 23. Referred to the Committee on Banking and Financial
Services. Approved by House Committee on Banking and Financial
Service on August 21. Referred sequentially to the House Committee
on the Judiciary and House Committee on Commerce until Sept 25. H.R. 4388. Consumer Financial Privacy Protection Act of 1998. Amends
the Consumer Credit Protection Act to require consumer privacy
protections. Introduced by LaFalce (D-NY) on August 4. Referred to
the Committee on Banking and Financial Services. H.R. 4395. Real Estate Transaction Privacy Promotion Act. Prohibit a
lender from requiring a borrower in a residential mortgage
transaction to provide the lender with unlimited access to the
borrower's tax return information. Introduced by Rivers (D-MI) on
August 4. Referred to the Committee on Banking and Financial
Services. H.R. 4425. Personal Privacy Protection Act. Anti-Paparazzi bill.
Introduced by Conyers (D-MI) on August 6. Referred to the Committee
on the Judiciary. H.R. 4431. HIV Partner Protection Act. AIDS partner notification
bill. Introduced by Ackerman (D-NY). Referred to the Committee on
Commerce. H.R. 4470. Personal Data Privacy Act of 1998. To prohibit Federal,
State, and local agencies and private entities from transferring,
selling, or disclosing personal data with respect to an individual
to other agencies or entities without the express consent of the
individual except in limited circumstances, and to require such
agencies and entities to provide individuals with personal data
maintained with respect to such individuals. Introduced by Hinchey
(D-NY) on August 6. Referred to the Committee on Government Reform
and Oversight. H.R. 4478. Depository Institution Customers Financial Privacy
Enhancement Act of 1998. To require insured depository institutions,
depository institution holding companies, and insured credit unions
to protect the confidentiality of financial information obtained
concerning their customers, and for other purposes. Introduced by
Markey (D-MA) on August 6. Referred to the Committee on Banking
and Financial Services. H.R. 4479. Securities Investors Privacy Enhancement Act of 1998.
To require brokers, dealers, investment companies, and investment
advisers to protect the confidentiality of financial information obtained
concerning their customers, and for other purposes. Introduced by
Markey (D-MA) on August 6. Referred to the Committee on Committee on
Commerce. S. 2433. To protect consumers and financial institutions by preventing
personal financial information from being obtained from financial institutions
under false pretenses. Introduced on September 2 by D'Amato (R-NY). --- [8] Upcoming Conferences and Events --- The Public Voice in the Development of Internet Policy. Ottawa,
Canada.
October 7, 1998. Sponsored by GILC. Contact:
http://www.gilc.org/events/ottawa98/ One Planet, One Net: Governing the Internet Symposium. Boston, Mass,
Oct. 10-11. Sponsored by CPSR. Contact:
http://www.cpsr.org/conferences/annmtg98/ PDC 98 - the Participatory Design Conference, "Broadening
Participation" November 12-14, 1998. Seattle, Washington. Sponsored by
Computer Professionals for Social Responsibility in cooperation with
ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December
1998 London, UK. Sponsored by ACMSIGCAS and
London School of Economics.
http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. January 18-21, 1999. San Jose,
California. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ FC '99 Third Annual Conference on Financial Cryptography. February
22-25 1999 Anguilla, B.W.I., (submissions due: September 25, 1998). Computers, Freedom and Privacy (CFP) '99. April 6-8. Washington, DC.
Sponsored by ACM. Contact: info@cfp99.org. (Send calendar submissions to alert@epic.org) --- Subscription Information --- The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ --- About EPIC --- The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues such as the
Clipper Chip, the Digital Telephony proposal, national ID cards,
medical record privacy, and the collection and sale of personal
information. EPIC is sponsored by the Fund for Constitutional
Government, a non-profit organization established in 1974 to protect
civil liberties and constitutional rights. EPIC publishes the EPIC
Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, e-mail info@epic.org,
http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482
(fax). If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully tax-
deductible. Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.12 ----------------------- --- Marc Rotenberg, director * +1 202 544 9240 (tel)
Electronic Privacy Information Center * +1 202 547 5482 (fax)
666 Pennsylvania Ave., SE Suite 301 * rotenberg@epic.org
Washington, DC 20003 USA + http://www.epic.org ---
``` This web service brought to you by
Somewhere.Com, LLC.