============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================ Volume 1.05 July 28, 1994 ------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, DC (Alert@epic.org) ======================================================================= Table of Contents ======================================================================= [1] New Digital Telephony Draft Released [2] National ID Card Returns? [3] Clipper Watch [4] New Files in the Archive [5] Upcoming Conferences and Events ======================================================================= [1] New Draft of Digital Telephony Proposal Released ======================================================================= EPIC has obtained a copy of a new draft of the FBI's Digital Telephony proposal. The new draft is dated July 19 and contains some significant changes over earlier drafts released in March. The draft was written by staff members of the House and Senate Judiciary Committees and is the result of negotiations between telephone companies and the FBI. The first major change over earlier drafts is its expanded scope. The bill now covers "telecommunications carriers," which is defined as "any person or entity engaged in the transmission or switching of wire or electronic communications for value for unaffiliated persons, but does not include persons or entities engaged in providing information services." This would appear to be far broader than an earlier draft which covered only common carriers. This bill would cover everything from small BBSs that charge fees to large on-line services like AOL and Prodigy. The following requirement would apply: Every carrier must ensure that its equipment allows for interception of a communication concurrent with a transmission and provide call identifying information to a remote government facility. Manufacturers and support service providers must also assist by developing equipment and software with these capabilities. Providers have four years after enactment to comply. Under the draft, the Attorney General would also provide carriers with written notice of needed capacity for electronic surveillance. Service providers must ensure that they have the required capability within four years or else face civil fines. Carriers are not obligated to decrypt communications that are encrypted by the subscriber unless the carrier provided the encryption and has the key to decrypt the message. The draft authorizes the Attorney General and other law enforcement agencies to meet with industry associations and standards settings bodies to develop standards for surveillance capabilities. If there is a dispute over standards, or the bodies fail to issue standards, any person can petition the FCC to establish standards. The FCC can impose fees for conducting such rulemaking. Under the draft, a court could order a manufacturer or support service provider to re-design a carrier's equipment to ensure the carrier's compliance with the requirements of the bill. The Attorney General could also petition the court to order the carrier, manufacturer and support service provider to comply with the requirements. The court could impose civil fines of up to $10,000 per day for non-compliance. To pay for the mandated re-designs, the draft bill authorizes $500,000,000 for fiscal years 1995 through 1998. After 1999, "sums as may be necessary to carry out the purposes" are authorized. Negotiations are continuing between the FBI, industry and Congressional staff over the text of the bill. ======================================================================= [2] National ID Card Idea Resurfaces ======================================================================= On July 12, CBS Evening News reported that the National Commission on Immigration Reform, a bipartisan group formed by the 1990 Immigration Reform Act, was planning to recommend a national identity card for all persons in the United States for the purpose of verifying employment eligibility and facilitating transactions with government agencies. CBS reported that each card will contain a name, photo, fingerprints, magnetic stripe with info and a "verified SSN." The network reported that the program would be implemented by age group over a number of years. The proposal was reportedly supported by Senator Alan Simpson of Wyoming, a long-time supporter of ID cards. California Gov. Pete Wilson has offered to make California a test-bed for the proposal. The proposal was opposed by Xavier Beccera, a Congressman from California, who expressed concern over cost and privacy issues. The Secret Service has testified that a secure card system could be developed for an estimated $2 - 4 billion but cautioned that within a few months, forged cards would be available. The day after the CBS report, the Commission issued a press release stating that it was still in the process of completing a draft report which is due on September 30. The release stated that the commission "has not proposed a national identity card. Citizens will not be required to carry a photo ID with fingerprints to prove that they are legally in the United States, despite media reports." The Commission said it would investigate a "simple, fraud resistant way of verifying authorization to work, building on information the government already maintains...." Former Congresswoman Barbara Jordan will testify before the Senate Judiciary Committee on August 3, 1994 regarding the preliminary recommendations of the Commission on Immigration Reform for a "Workplace Eligibility Card." Expect heated debate about the use of the card as a national identifier, and also questions about the use of the Social Security Number and linkages to the Social Security Administration databases. There have been several attempts in the past 20 years to implement ID cards. Congress rejected proposals in 1986 and 1990 by Sen. Simpson to require identity cards for employment. Martin Anderson, a former aide to President Reagan also reported that Reagan rejected an ID card in 1981. EPIC is working with Privacy International and several domestic groups to investigate this issue. PI has led successful campaigns against national ID cards in Australia, New Zealand and the Philippines. ======================================================================= [3] Clipper Watch ======================================================================= A letter from Vice President Gore to Rep. Maria Cantwell last week prompted some reports that the Clipper Chip is dead. Here is what one leading proponent of Clipper and one leading opponent of Clipper had to say about the reported demise of the NSA-developed standard: "We are working with industry to develop the same capability for data networks that Clipper provides for voice networks. I would hardly call that backing away." - Attorney General Janet Reno, press conference, July 22, 1994 "The letter makes clear to me that the Administration continues to embrace key escrow encryption technology, and stands behind Clipper Chip as a federal standard for telephone communications. The official standard makes clear that this standard applies to any communications over telephone lines. Those communications include not only voice, but also low-speed computer data and facsimile messages. - Senator Patrick Leahy, press statement, July 21, 1994 ======================================================================= [4] New Files at the Archive ======================================================================= Index of Privacy Journal Articles, 1984 - 1993. /privacy/misc_privacy/privacy_journal_index.txt CPSR/Seattle Information Policy Fact Sheets /cpsr/chapters/seattle Caller-ID.fact - Fact Sheet on Caller ID Clipper.fact - Fact Sheet on Clipper General.fact - Fact Sheet on information privacy K-12.fact - Fact Sheet on education privacy SCN-FAQ - Seattle Community Network FAQ SCN-policy - Seattle Community Network policies SSN.fact - Seattle Community Network factsheet The CPSR Internet Library is a free service available via FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact ftp-admin@cpsr.org. ======================================================================= [5] Upcoming Privacy Related Conferences and Events ======================================================================= Information Security Committee, EDI/IT Committee, Aug 1-3, 1994. Quebec City, Canada. Sponsored by: Section of Science and Technology, American Bar Association. Contact: baum@im.com. Hackers on Planet Earth: The First US Hacker Congress. Hotel Pennsylvania, New York City, NY. Aug 13-14. Sponsored by 2600 Magazine. Contact: 2600@well.sf.ca.us. ONE BBS, Atlanta, GA. Aug 17-21. For further info, contact Peg Coniglio at 303-693-5253. ASAP 1994 Symposium "Impact of Technology and Privacy Act". Holiday, Inn, Rockville, MD, Aug 30-Sept 1. Contact: ASAP 301-913-0030 16th International Conference on Data Protection. The Hague, Netherlands. September 6-8. Contact: B. Crouwers 31 70 3190190 (tel), 31-70-3940460 (fax). Technologies of Surveillance; Technologies of Privacy. The Hague, The Netherlands. September 9. Sponsored by Privacy International and EPIC. Contact: Simon Davies (davies@privint.demon.co.uk). Legal and Business Aspects of the Internet and Online Services" New York City, September 29 and 30, 1994. Sponsored by the publisher of the National Law Journal and the New York Law Journal. Contact 800-888-8300, ext. 6111, or 212-545-6111. National Conference of Lawyers and Scientists "Legal, Ethical and Technological Aspects of Computer and Network Use and Abuse" Maryland, October 7-9. Contact: drunkle@aaas.org. CPSR Annual Meeting. University of California, San Diego. October 8-9. Contact: Phil Agre . Symposium: An Arts and Humanities Policy for the National Information Infrastructure. Boston, Mass. October 14-16. Sponsored by the Center for Art Research in Boston. Contact: Jay Jaroslav (jaroslav@artdata.win.net). Third Biannual Conference on Participatory Design, Chapel Hill, North Carolina. October 27-28. Sponsored by CPSR. Contact: trigg@parc.xerox.com. 2nd ACM Conference on Computer and Communications Security, Fairfax, Virginia. Nov 2-4, 1994. Sponsored by: ACM SIGSAC, Hosted by: Bell Atlantic, George Mason University. Contact: gong@csl.sri.com Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November 11-13. Sponsored by ACM. Contact: jkizza@utcvm.utc.edu The Technology for Information Security Conference '94 (TISC '94). Galveston, Texas. Dec. 5-8, sponsored by: NASA Johnson Space Center Mission Operations Directorate (MOD), MOD AIS Security Engineering Team, and the ISSA. Contact: John D'Agostino (dagostin@killerbee.jsc.nasa.gov). Second International Conference on Information Warfare: "Chaos on the Electronic Superhighway" Jan 18-19, Montreal, CA. January 18, 1995, Sponsored by NCSA. Contact: Mich Kabay (75300.3232@compuserve.com). (Send calendar submissions to Alert@epic.org) ======================================================================= To subscribe to the EPIC Alert, send the message: SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname to listserv@cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce. Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information email info@epic.org, or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: cpsr-info@cpsr.org ------------------------ END EPIC Alert 1.05 ------------------------