Focusing public attention on emerging privacy and civil liberties issues

Previous Top News 2000

  • President Unveils New Medical Privacy Regulations. On December 20, President Clinton presented the final version of medical privacy regulations drafted by the Department of Health and Human Services (HHS). The regulations are the first federal privacy protections for medical information and will apply to both paper and electronic health records. The White House has distributed a fact sheet on the new regulations and the full text of the final regulations is available from HHS. The President also separately issued an executive order limiting federal law enforcement use of confidential health information.
  • Congress Mandates Use of Filtering in Schools and Libraries. On December 15, the U.S. Congress passed an appropriations bill containing the Children's Internet Protection Act (also available in PDF). The legislation would require schools and libraries receiving federal funds for Internet access to install filtering and blocking software. The measure is expected to be signed by the President. In related news, free speech group Peacefire recently completed a study that found that several popular Internet filters block websites of human rights organizations. The organization is also distributing a bypass program that can disable filters running on Windows.
  • Library Association Seeks Nominations for James Madison Award. The American Library Association (ALA) is currently seeking nominations for the organization's 12th annual James Madison Award. The award is given to individuals and groups that have protected the public's right to know. The group is seeking nominations until January 10, 2001. The award will be presented on March 16, 2001, in conjunction with Freedom of Information Day, jointly organized with the Freedom Forum.
  • International Cyber-Rights Groups Maintain Opposition to Cyber-Crime Treaty. Responding to the latest version of the Council of Europe's Convention on Cyber-Crime, twenty-one member organizations of the Global Internet Liberty Campaign (GILC) have drafted a new letter arguing that the treaty's current provisions will continue to violate the rights of Internet users. The letter from the groups also points out the lack of public input in the drafting process.
  • Documents Disclose FBI Break-In to Counter Encryption. Recently released court documents reveal that the FBI conducted a break-in on private premises in order to install a mechanism on a computer to capture encryption keys and passwords. The operation, which was reported by the Philadelphia Inquirer, is detailed in an FBI application (PDF) and a court order (PDF) filed in the case. Last year, the Justice Department proposed the authorization of such techniques in the Cyberspace Electronic Security Act, but later withdrew the proposal in the face of strong public criticism.
  • Privacy Groups Call for Investigations of Amazon. EPIC, Junkbusters, and Privacy International urged government agencies to investigate the US and UK operations of Amazon, charging violations of trade practices and data protection laws. In a letter to the Federal Trade Commission, EPIC and Junkbusters asked the FTC to determine whether Amazon deceived customers in the United States by changing its privacy policy to permit disclosure of personal customer information obtained when the company offered assurances of privacy protection. In another letter, Privacy International asked the UK Data Protection Registrar to halt Amazon's UK affiliate from processing operations until it complies with UK data protection law. See the press release for more details.
  • EPIC Asks Attorney General to Suspend Use of Carnivore. In formal comments submitted to the Department of Justice on December 1, EPIC urged DOJ and Attorney General Reno to end use of the Carnivore surveillance system until full public disclosure is made of information concerning the invasive technique. The comments were submitted in response to the recent technical report on Carnivore prepared as part of an internal Justice Department review (see below).
  • Justice Department Posts FAQ on Cyber-Crime Treaty. The U.S. Department of Justice has posted a "Frequently Asked Questions" (FAQ) page addressing issues that have been raised concerning the controversial Council of Europe draft treaty on cyber-crime. Additional information is available at Privacy International's Cyber-Crime Page.
  • Carnivore Review Report Raises More Privacy Concerns. A review of the FBI's Carnivore surveillance system released on November 21 indicates that the system can easily collect more information than is legally permitted. The report also finds that the system lacks effective accountability mechanisms. See EPIC's statement for more details. In a related development, FBI documents released to EPIC as part of a Freedom of Information Act lawsuit suggest that the Carnivore surveillance system may capture more information than the Bureau has previously claimed. See the Carnivore Documents Page and EPIC's press release for additional information.
  • Financial Privacy Rule Takes Effect. On November 13, the Privacy of Consumer Financial Information Rule, which implements the privacy provisions of the Gramm-Leach-Bliley Act 1999, became effective. The rule requires banks and other financial institutions to provide consumers with clear and conspicuous notice of privacy practices and the opportunity to opt-out of the disclosure their "non public personal information" to nonaffiliated third parties. As a result of a time extension granted earlier this year, however, the financial institutions do not have to fully comply with these provisions until July 2001.
  • President Vetoes "Official Secrets Act" Legislation. President Clinton has vetoed legislation that would have criminalized the leaking of government secrets, saying that it might "chill legitimate activities that are at the heart of a democracy." See the President's veto message. The veto came as a result of widespread opposition to the legislation from journalistic, civil liberties and government accountability groups. Backround information is available from the Government Accountability Project.
  • Safe Harbor Arrangement Goes Into Effect. On November 1, the U.S. Department of Commerce launched its Safe Harbor website presenting information about how companies can sign up for Safe Harbor as well as the list of companies that have joined. Companies that subscribe to Safe Harbor will have to abide by a set of privacy standards for personal data collected in the European Union. For the consumer perspective on the arrangement, read the Trans Atantic Consumer Dialogue's past statements on Safe Harbor.
  • President Threatens to Veto Social Security Number Anti-Privacy Bill. On October 26, President Clinton indicated he would veto a federal appropriations bill that incorporated Social Security number provisions opposed by consumer and privacy advocates. The White House press release cites the omission of "needed protections against the inappropriate sale and display of individual citizens' Social Security numbers" as one reason for the impending veto. For more information on the bill's language, read the fact sheet (PDF) produced by US PIRG.
  • Free Speech Groups Release New Filtering Report. EPIC and Peacefire, a grassroots organization that researches Internet filtering software, have released "Mandated Mediocrity: Blocking Software Gets a Failing Grade." The report examines a blocking program widely used in schools and finds that the software stops access to many political and educational websites. In related news, a recently published editorial examines the prospect of federally mandated use of such content blocking programs in schools and libraries.
  • International Coalition Releases Letter Opposing Cyber-Crime Treaty. Members of the Global Internet Liberty Campaign (GILC), an international coalition of civil liberties and human rights organizations, have released a letter urging the Council of Europe to reject the current version of its Convention on Cyber-Crime. According to the groups, the draft agreement would infringe on the privacy and free speech rights of all Internet users.
  • EPIC Testifies on Internet Privacy. EPIC Policy Analyst Andrew Shen testified on October 11 before the House Commerce Commitee on "Recent Developments in Privacy Protection for Consumers". In the testimony, EPIC argued that the current approach of self-regulation places consumer privacy at increasing risk and that Congress should respond to public demands for legal protections. An archived recording of the hearing is available.
  • EPIC Receives First Carnivore FOIA Documents. On October 2, EPIC received the first of several installments of documents released by the FBI concerning the controversial Carnivore surveillance system. Of the 565 pages released, nearly 200 were withheld in full and another 400 were released with deletions. The documents reveal the system's origin as Omnivore, contain discussions of interception of voice over IP, and describe various testing procedures.
  • EPIC Testifies on Internet Privacy Bills. As the end of the Congressional session nears, the Senate Commerce Committee held a hearing on several Internet privacy bills that are still waiting for committee action. In the testimony, EPIC argued that there is public support for legal protections over personal information, privacy notices are insufficient protection, and enforcement mechanisms must remain flexible. For more information about bills before Congress, see the EPIC Bill-Track page.
  • U.S. Selects New Encryption Standard. From a pool of five finalists, the National Institute of Standards and Technology (NIST) has selected Rijndael as the government's new encryption standard. Rijndael will be used by federal government agencies but may soon be adopted by private sector companies as well. Rijndael is also not subject to any patent claims.
  • Forum Presents ICANN Candidates. The Internet Democracy Project and the Berkman Center for Internet & Society at Harvard University held a Candidate Forum on October 2 in Cambridge, MA. North American candidates participatedin a debate about the role of ICANN and issues confronting the organization.
  • International Data Protection Conference Brings Together NGOs. "The Public Voice in Privacy Policy", held on September 27 in conjunction with the 22nd International Privacy and Personal Data Protection Conference, brought together academics, non-profit organizations, and policy-makers to discuss emerging privacy issues. A video recording of the conference is available online.
  • Libraries and Booksellers Kick Off Banned Books Week. "Fish in the River of Knowledge", the Nineteenth Annual Banned Books Week, will take place from September 23rd through the 30th. The event highlights attempts to remove and ban books from schools, public libraries, and bookstores and the need for vigilant protection of free expression. The sponsor organizations have also put together the top ten list of most challenged books in 1999 as well as the hundred most challenged books of the decade.
  • Living.com Settles Bankruptcy Case Involving Customer Lists. On September 25, the Texas Attorney General's office announced that it had settled with bankrupt e-tailer Living.com over the disposition of its customer data. Living.com, a home furnishings website, filed for bankruptcy on August 29. The agreement reached with the Attorney General requires the company to destroy financial data such as credit card numbers and give customers an opportunity to opt-out before other personal data is transferred to a third party. The settlement still has to be approved by a Federal bankruptcy judge.
  • EPIC and Privacy International Release Third Annual Privacy and Human Rights Survey. On September 19, 2000 EPIC and Privacy International announced the release of "Privacy and Human Rights 2000: An International Survey of Privacy Laws and Developments". The report reviews the state of privacy in over fifty countries around the world and finds worldwide recognition of privacy as a fundamental human right. At the same time, the report notes that both law enforcement agencies and private corporations are extending surveillance powers through the use of new technologies and new Internet-based commercial services, such as interactive television -- or "SpyTV" -- that record the preferences of individuals." The report is available for sale at the EPIC Bookstore. See the Press Release for more information.
  • EPIC Ends Ties with Amazon.com. EPIC has sent a letter to its subscribers notifying them that we will no longer have a formal relationship with Amazon.com due that company's recent changes to its privacy practices. The EPIC Bookstore has been part of the Amazon Affiliates program since 1996 as part of our efforts to make our publications as widely available as possible. The recent changes in Amazon's privacy policy indicate that the online retailer can no longer guarantee that the its customers' personal information will not be disclosed to third parties. See the press release for more details.
  • GAO Finds Government Websites Don't Live up to Privacy Act. On September 12, the General Accounting Office (GAO) published its study (PDF) of privacy policies posted on government websites. The study found that ninety-seven percent of government agency websites failed to address principles of Fair Information Practices in privacy statements. The Privacy Act guarantees all citizens with certain rights with respect to their personal information collected and stored by government agencies, even if not mentioned in a privacy policy.
  • PDD-63 Available to the Public. A full version of PDD-63, the Presidential Decision Directive on Critical Infrastructure Protection, is now available to the public. The previously classified document calls for a national effort to ensure network security and raises questions about a new area of government authority and secrecy. For related information, visit EPIC's Critical Infrastructure Protection Resources page.
  • EPIC Testifies Before Congress on Wiretapping Bills. On September 6, EPIC presented testimony before the House Judiciary Committee on H.R. 5018, the "Electronic Communications Privacy Act of 2000", and H.R. 4987, the "Digital Privacy Act of 2000", supporting both bills' efforts to strengthen standards and oversight for wiretapping - particularly for new communication technologies such as e-mail. The testimony also discusses H.R. 4098, the "Notice of Electronic Monitoring Act", and recommends greater incorporation of privacy provisions from existing U.S. laws and International Labour Organization privacy guidelines. For more information about these and other bills in Congress, visit the EPIC Bill-Track page.
  • Survey Documents Public's Demands for Privacy Protection. The Pew Internet & American Life Project has released a report, "Trust and privacy online: Why Americans want to rewrite the rules", examining the public's attitudes towards online privacy. The report found two major points of consistency: Internet users want a guarantee of privacy when they go online and many consumers are unaware of how privacy invasions take place and are consequently unable to take advantage of available privacy-enhancing technologies. Another finding of the report is that 86% of Internet users surveyed support an opt-in standard for the collection of personal information, at odds with the opt-out favored by industry groups and endorsed by the Federal Trade Commission. For available online privacy technologies, visit EPIC's Online Guide to Practical Privacy Tools.
  • EPIC Asks Court to Set Deadline for Release of Carnivore Information. In a submission (PDF) filed on August 17, EPIC asked U.S. District Judge James Robertson to order the FBI to release information concerning the Carnivore surveillance system no later than December 1. In an FOIA lawsuit filed by EPIC, Judge Robertson had ordered the FBI to establish a timetable for release of the information. The Bureau identified 3000 pages of relevant material and set a release schedule that would begin in 45 days, but did not include a date for the completion of processing. After EPIC filed suit on August 2, the FBI granted EPIC's request to expedite the processing of a request submitted to the Bureau on July 12. See EPIC's Carnivore Litigation page for more details.
  • Appeals Court Limits Use of New Surveillance Techniques. The U.S. Court of Appeals for the D.C. Circuit has ruled that law enforcement agencies must meet the highest legal standard before using new surveillance capabilities. The court decision came in a legal challenge filed by EPIC, other privacy groups and the telecommunications industry to invalidate technical surveillance standards issued by the Federal Communications Commission last year. The capabilities, which include cellular phone location tracking and surveillance of "packet mode" data, were ordered implemented by the FCC under the Communications Assistance to Law Enforcement Act (CALEA). Several other technical capabilities were completely rejected by the court. Background information on CALEA can be found at EPIC's Wiretap Page.
  • Consumer Groups Oppose FTC Online Profiling Agreement, Urge Stronger Action. On August 9, fourteen consumer and privacy groups signed onto a group letter asking Congress to closely analyze the proposal and to establish privacy protections supported by millions of consumers. Previously, on July 28, EPIC and Junkbusters released "Network Advertising Initiative: Principles not Privacy", a report that assesses past events surrounding Internet advertisers, analyzes the recent self-regulatory guidelines approved by the Federal Trade Commission (FTC), and proposes solutions that will provide for the adequate protection of online privacy. The two groups also sent a letter to the Senate Commerce Committee urging them to examine the proposal. For background, also see the June 21 letter from several Senators on the Commerce Commitee to the FTC, urging the inclusion of consumers and privacy groups in the negotiations.
  • FTC Endorses Self-Regulatory Internet Advertising Principles. The Federal Trade Commission (FTC) has announced that it supports the Network Advertising Initiative's Self-Regulatory Principles for online advertising. The Network Advertising Initiative includes most of the major online advertisers including DoubleClick, Engage, and 24/7 Media. In February 2000, EPIC filed a complaint (PDF) with the FTC that DoubleClick had violated laws prohibiting unfair and deceptive business practices. For more information, also see EPIC's testimony submitted for Congressional hearings on Online Profiling in June 2000 and Online Privacy (PDF) in July 1999.
  • FBI System Takes a Bite Out of Privacy. The Federal Bureau of Investigation has rolled out a new system to monitor private communications -- "Carnivore." The first public discussion of the system was contained in Congressional testimony delivered earlier this year. EPIC has filed a Freedom of Information Act request for details. The House Subcommittee on the Constitution held hearings on the controversial system on July 24. More on the history of FBI monitoring of Internet communications and the earlier program, "Operation Root Canal," is available at the EPIC Wiretap Page. An online, grassroots petition drive against Carnivore is being organized at the Stop Carnivore website.
  • White House to "Update" the Federal Wiretap Statute. On July 17, White House Chief of Staff, John Podesta, announced that the Government is proposing legislation to harmonize the rules governing the interception of electronic communications. The proposal calls for ways to make the wiretapping rules "more effective for law enforcement while also assuring privacy and civil liberties." Draft legislation has not yet been released. Podesta also announced updates to the Administration's encryption export policy. For more information on the history of these issues, see EPIC's Wiretap and Crypto pages.
  • FTC Settles with Toysmart.com. On July 10, the Federal Trade Commission filed a complaint against failed online retailer Toysmart.com for selling customer lists despite earlier privacy statements that their customers' personal data would never be shared with a third party. The customer lists were included as assets to be sold as part of the company's bankruptcy proceedings. On July 21, the FTC issued its settlement with Toysmart.com allowing the lists to be sold as long as the sale occurs before July 2001, the customer lists are bought by a family-oriented company, and the buyer agrees to abide by the original Toysmart.com privacy policy.
  • New Project Promotes Civil Society. The Internet Democracy Project, organized by EPIC, the ACLU, and Computer Professionals for Social Responsibility (CPSR), launched on July 6. Promoting public participation in Internet governance, one of the organization's first projects is encouraging public involvement in the upcoming Internet Corporation for Assigned Names and Numbers (ICANN) meeting in Japan.
  • European Parliament Adopts Safe Harbor Resolution. On July 5, the European Parliament adopted a resolution drafted by the Committee on Citizens' Freedoms and Rights, Justice and Home Affairs on the adequacy of Safe Harbor. The report proposes that Safe Harbor include an individual right to appeal privacy violations, compensation for damages, clear guidelines for redress, and a review of the system within six months of Safe Harbor's enactment.
  • EPIC Files Brief in Telephone Consumer Privacy Case. In a "friend-of-the-court" brief filed with the Second Circuit Court of Appeals, EPIC urges the court to provide meaningful recourse for consumers whose personal information has been improperly disclosed by telephone service providers. The pending case involves the telephone privacy provisions of the Telecommunications Act of 1996, which prohibits the disclosure of "customer proprietary network information," including unlisted phone numbers and telephone billing records.
  • Is NSA Watching Jimmy Carter and Hillary Clinton? According to newly declassified documents obtained by EPIC under the Freedom of Information Act, the National Security Agency drafted policies for handling communications intercepted from or about former President Jimmy Carter, First Lady Hillary Rodham Clinton and candidates who ran for national office in 1996. The disclosures were made as a result of a lawsuit EPIC filed against NSA for access to information concerning the agency's surveillance activities. See USA Today's coverage of the new disclosures for more details.
  • Appeals Court Strikes Down CDA II. The U.S. Court of Appeals for the Third Circuit has ruled that the Child Online Protection Act (COPA) is unconstitutional. The court's decision finds that COPA impermissibly restricts the First Amendment free speech rights of web publishers. The challenge was brought by EPIC, ACLU and EFF on behalf of a coalition of online publishers. See EPIC's COPA Litigation Page for the history of the litigation.
  • House Subcommittee Considers "Cyber Security" FOIA Exemption. A subcommittee of the House Government Reform Committee held a hearing on June 22 to consider H.R. 4246, the Cyber Security Information Act. In testimony delivered at the hearing, EPIC General Counsel David Sobel told the subcommittee that the bill's proposed exemption of data concerning "critical infrastructure protection" is unnecessary because the Freedom of Information Act currently protects such information. He said that the proposed exemption could remove from public view important information on controversial government activities. See EPIC's Critical Infrastructure Protection Resources page for background information.
  • Privacy Advocates Call for Investigation of "Cookiegate". Privacy advocates wrote to congressional leaders urging an investigation of the privacy practices of the White House Office on National Drug Control Policy website. The site has been using DoubleClick advertisements which placed cookies on users' computers, possibly violating federal laws on government collection of data from citizens. See the press release and letter for more details.
  • Report Released on P3P. EPIC and Junkbusters have released their report on the Platform for Privacy Preferences (P3P), "Pretty Poor Privacy: An Assessment of P3P and Internet Privacy". The report concludes that there is little evidence that P3P will improve privacy protection on the Internet and recommends adopting privacy standards built on Fair Information Practices and genuine privacy-enhancing technologies.
  • EPIC Testifies on Internet Privacy. On June 13, EPIC Executive Director Marc Rotenberg testified before the Senate Commerce Committee on Internet Privacy. Also appearing before the Committee were representatives of the Federal Trade Commission (FTC), DoubleClick, and Engage. For hearing statements and a link to the live broadcast visit the Senate Committee's Press Page. ( See also our Press Release for more information) At the hearing, the FTC also released their report on online profiling.
  • EPIC Testifies on Child Online Protection. In testimony before the Commission on Child Online Protection, EPIC General Counsel David Sobel urged the rejection of age verification requirements as a condition of access to Internet content, noting that the privacy implications of such requirements are inseparable from the free speech implications. He told the Commission that rather than focussing on approaches that seek to block access to information and compromise privacy, it should emphasis and support educational initiatives that will help young people learn to responsibly and safely navigate the Internet.
  • Latest Version of Safe Harbor Made Public. The latest draft of the U.S. Department of Commerce Safe Harbor principles are now available. The Article 31 Committee of the European Commission and U.S. negotiatiors reached preliminary agreement on Safe Harbor at the recent EU-US summit in Portugal. The European Parliament has yet to approve the agreement and is expected to issue their opinion later this month.
  • Vice President Presents Protections for SSNs. Responding to growing public concern over personal privacy, Vice President Gore presented his plan for the protection of social security numbers (SSNs). The proposal, the Social Security Protection Act, would require an individual's consent before the sale or purchase of a SSN. Sen. Dianne Feinstein and Rep. Ed Markey are sponsoring the bill in Congress. For more information, visit EPIC's page on Social Security Numbers and Privacy.
  • Report on Terrorism Threatens Privacy. The National Commission on Terrorism's final report, "Countering the Changing Threat of International Terrorism", puts forth proposals that would affect personal privacy. Among other recommendations, the report is in favor of a joint task force composed of the NSA, CIA, IRS and other government agencies, more technologies to monitor and search people entering the country and closer monitoring of the immigration status of foreign students.
  • Court Decides Not to Hear Phone Privacy Case. The Supreme Court has refused to hear a case impacting the privacy of telephone records. EPIC, other privacy and consumer groups and law professors have been involved in the case against US West. See EPIC's archive on the case for the relevant legal documents and news.
  • EPIC Event. On June 5, EPIC held "The Internet, Privacy and the Open Source Movement", a two-panel event at the National Press Club to discuss privacy and the open source movement and to celebrate new publications in these areas. The panels featured distinguished authors, technical experts, professors in law and public policy, and public interest advocates. The event was cyber cast live and is available for "on demand" viewing at EXBTV.COM . An audio recording of the panels is also available through the Freedom Forum network.
  • EU-US Move Forward on Safe Harbor. The Article 31 Committee of the European Commission has approved the proposed the Safe Harbor agreement that would govern the processing of personal information on European citizens by U.S. companies. The proposal now goes to the European Parliament for consideration. Consumer groups have raised objections to the agreement, arguing that the proposal lacks adequate standards for access and enforcement.
  • FTC Calls for Privacy Legislation to Protect Internet Users. On May 22, the Federal Trade Commission (FTC) released a report (PDF) on the results of its latest survey of website privacy policies. The survey documented that only 20% of a random sample of websites addressed basic elements of Fair Information Practices. Based on the findings of the survey, a majority of the FTC Commissioners have recommended that legislation is needed. On Thursday, the FTC will formally present its findings and recommendations in front of the Senate Commerce Committee. EPIC's latest survey, "Surfer Beware 3: Privacy Policies without Privacy Protection", also found that self-regulation provided an inadequate level of online privacy protection.
  • G-8 Cyber-Crime Meeting Ends Without Significant Progress. The Group of 8 (G-8), the eight largest economies in the world, met in Paris to discuss a possible resolution on cyber-crime. Industry and governments agreed to cooperate more to fight cybercrime. Controversial suggestions to mandate that ISPs gather and keep more information about users were opposed. See Privacy International's new Cyber-Crime page for more information.
  • FTC Advisory Committee Releases Final Report. The Federal Trade Commission released the final report of its Advisory Committee on Online Access and Security on May 16. The report details options and recommendations for access and security -- two key components of Fair Information Practices. The work of the Committee is expected to inform the Federal Trade Commission in its ongoing work towards protecting consumer privacy online. [NY Times article]
  • Financial Privacy Protections Delayed. Despite widespread public support for the protection of personal financial records and opposition from consumer groups, the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision issued a joint press release announcing that rules protecting financial privacy would not become effective until July 2001. On May 15, the Federal Trade Comission issued its own press release announcing its final rules with the same delayed effective date. The rules were originally set to go into effect in November 2000.
  • Anonymous Message Board Poster Sues Yahoo! for Disclosures. A ground-breaking lawsuit (PDF) has been filed in federal court in Los Angeles challenging Yahoo!'s controversial practice of routinely disclosing user information -- without prior notice -- in response to subpoenas. EPIC and the ACLU have issued a joint press release discussing the importance of the case, and the anonymous plaintiff has released a detailed statement explaining his claims.
  • EPIC Testifies on Use of Social Security Numbers. On May 11, the House Subcommittee on Social Security held hearings on the "Use and Misuse of Social Security Numbers". EPIC's testimony argues that there is clear judicial and legislative support for further legal restrictions on the collection and use of social security numbers.
  • Privacy Groups Oppose Delay in Financial Privacy Regs. A coalition of consumer and privacy groups have sent a letter to federal agencies objecting to any delay of the financial privacy rules set to go into effect in November 2000. The statement argues that while the groups are dissatisfied with the level of protections offered by current law, they are a necessary first step towards adequate financial privacy.
  • EPIC, Consumer Groups, and Law Profs File Amicus in the Supreme Court. On May 1, the Electronic Privacy Information Center, 14 consumer organizations, and 19 law professors filed a brief (HTML or PDF) in support of a petition for certiorari that asks the U.S. Supreme Court to review the 10th Circuit's opinion in US West v. FCC, a decision that raises troubling concerns for the future of telephone privacy. See EPIC's archive on the case for more information.
  • President Introduces Financial Privacy Proposal. In an address on April 30, President Clinton presented a new proposal protecting personal financial information. The long anticipated proposal clearly improves some aspects of financial privacy but falls short of the opt-in for third parties and affiliates favored by EPIC and other privacy advocates. Perhaps the most significant improvement in the proposal would be the introduction of privacy guidelines over the transfer of personal information from financial institutions to marketers. The bill as introduced in the House is available.
  • Intel Drops Processor Serial Numbers. In a major victory for Internet anonymity, the world's dominant chip maker has decided to discontinue the use of Processor Serial Numbers (PSNs) in its next generation of products. The PSN, which was embedded in Intel Pentium III chips, was extremely controversial and led to a consumer boycott led by EPIC and other privacy groups. See CNET's coverage of Intel's decision and the Big Brother Inside page for more details.
  • Appeal Filed Against Injunction in Censorware Case. An appeal has been filed challenging a permanent injunction issued on March 28 against distribution of a program that discloses the list of sites that Cyber Patrol blocks. EPIC is joining the ACLU as counsel to three U.S. websites that have been ordered to remove copies of the "cphack" program, which was created by filtering critics in Canada and Sweden. Microsystems Software Inc., which sells Cyber Patrol, filed suit against the program creators and sought to identify individuals who downloaded the program. See EPIC's Cyber Patrol Litigation page for links to all relevant documents.
  • EPIC Continues the Challenge to FBI Wiretap Standards. EPIC, joined by the ACLU and EFF, has filed a reply brief (PDF) asking a federal appeals court to block new rules that would permit the FBI to dictate the design of the nation's communication infrastructure. The challenged rules would enable the Bureau to track the physical locations of cellular phone users and potentially monitor Internet traffic. The brief challenges an FCC order implementing the Communications Assistance to Law Enforcement Act (CALEA).
  • Court Rules that Crypto Source Code is Speech. The U.S. Court of Appeals for the Sixth Circuit ruled on April 4 that "because computer source code is an expressive means for the exchange of information and ideas about computer programming, . . . it is protected by the First Amendment." The court decision was issued in Junger v. Daley, a legal challenge to U.S. export controls on encryption software. The case, in which EPIC filed an amicus brief, will now return to a lower court for consideration of the impact of new U.S. export regulations issued in January.
  • EPIC Releases International Crypto Survey. On April 3, the Electronic Privacy Information Center released a study on encryption policies in 135 countries. Cryptograpy and Liberty 2000 finds that that the trend toward relaxation of export controls is continuing, but also that law enforcement agencies are seeking new authority and new funding to gain access to private keys and personal communications.
  • EU Fails to Adopt Safe Harbor. As expected, the Article 31 Committee established by the EU Data Directive failed to take action this week on the proposed Safe Harbor arrangement. The European Member States have identified several provisions that will require further examination. European governments will push for improvement on the question of individual redress. The next meeting of the Article 31 committee is scheduled for May 30-31.
  • Judge Finds that President Violated the Privacy Act. In a controversial decision (PDF) issued on March 29, U.S. District Judge Royce C. Lamberth found that the White House and President Clinton committed a "criminal violation of the Privacy Act" when they released personal letters sent to the President by Kathleen Willey. The White House has appealed the judge's decision.
  • Consumer Groups Comment on Safe Harbor. On March 30, the TransAtlantic Consumer Dialogue, a coalition of over sixty American and European consumer groups, submitted its comments on the latest version of the Safe Harbor Proposal. In its comments, the TACD urges the EU and U.S. negotiators to incorporate an effective enforcement mechanism over the arrangement and to strengthen the underlying principles. The TACD comments also point out that such changes are necessary to qualify the Safe Harbor as "adequate" as demanded by the EU Data Protection Directive.
  • Safe Harbor Proposal Made Public. The text of the proposal that would allow the transfer of personal information on European citizens to companies operating in the United States where there is no comprehensive privacy protection is now available. Public comments in the US are due March 28. EU Article 31 Political Committee meets at the end of March.
  • EPIC Submits Comments on Barriers to Electronic Commerce. On March 17, EPIC responded to the Department of Commerce's Request for Public Comment on Legal Barriers to Electronic Commerce. In its submission (HTML or PDF), EPIC supports legally enforceable privacy protections, the free use and availability of cryptography and the formation of international consumer protection standards.
  • Justice Department Releases "Unlawful Conduct" Report. Expressing concerns about anonymity, open government and pesky privacy laws, the DOJ nonetheless concludes that new legislation is not necessary to address computer crime. For an analysis of the risks that expanded law enforcement authority poses, read the EPIC report Critical Infrastructure Protection and the Endangerment of Civil Liberties.
  • EPIC Censored. Again. The Electronic Privacy Information Center was one of the lead plaintiffs in ACLU v. Reno, the successful legal challenge to the Communications Decency Act. EPIC's official page about the lawsuit, which included links to the text of the court decision, news coverage, and briefs filed in the case, was blocked by I-Gear in the summer of 1997. The site was un-blocked about six months later. Now a new report from Peacefire finds that EPIC and other "indecent" pages are being blocked again. Download IGDecode, a program that can decrypt the list of sites blocked by I-Gear filtering software. Also check out the EPIC report Filters & Freedom: Free Speech Perspectives on Internet Content Controls.
  • DoubleClick Drops User Profiling. The Internet's largest advertising network announced that it had made a "mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards." See EPIC's DoubleTrouble page, Junkbusters' page on the Doubleclick/Abacus merger, Richard Smith's page on online advertising, and EPIC's testimony on Internet Privacy and Doubleclick.
  • FTC Decides Trans Union Case. The Federal Trade Commission (FTC) announced that it issued an order on Trans Union, a credit reporting agency, to halt the selling of targeted marketing lists. The opinion (200K PDF) of the FTC determined that the selling of those lists constitutes a violation of the Fair Credit Reporting Act.
  • Safe Harbor for Childrens' Privacy? The Federal Trade Commission has posted a notice soliciting comments on a proposal from PrivacyBot.com to provide a Safe Harbor -- a self-regulatory alternative -- for the Childrens Online Privacy Protection Act (COPPA). COPPA, passed in 1998 and set to go into effect in April, protects the collection and use of personal information from children up to the age of thirteen.
  • Congressman Seeks Home Telephone Records of NGO Director. Representative Don Young has issued a subpoena to obtain the telephone records of the Project on Government Oversight and its Executive Director.
  • State Department Releases Human Rights Report. The Bureau of Democracy, Human Rights, and Labor has released the 1999 Country Reports on Human Rights Practices. The annual report provides an extensive review of human rights practices around the globe.
  • 60 Minutes on ECHELON. The television news program broadcast a story on ECHELON on Sunday, February 27. The National Security Agency has circulated a letter to Congress, assuring all that the NSA fully complies with U.S. law. For more information and earlier news reports, visit the ECHELON Watch page.
  • EPIC Testifies on US Data Protection before European Parliament. On February 22, EPIC Executive Director Marc Rotenberg presented testimony to the European Parliament at a hearing on the "European Union and Data Protection." The statement argues that the self-regulatory approach in the US has failed to adequately protect consumer privacy and that legally enforceable standards and privacy-enhancing techniques are necessary.
  • DoubleClick Reveals Investigation by FTC. In a document filed with the U.S. Securities and Exchange Commission on February 14, DoubleClick acknowledged that it is the subject of a Federal Trade Commission (FTC) investigation. The FTC investigation officially began on February 8. The filing also notes that DoubleClick is facing several pending class action lawsuits.
  • Consumer Groups Raise Privacy Angle of Mergers. The TransAtlantic Consumer Dialogue, a coalition of over sixty American and European consumer groups, has pointed out that consumer privacy is an important issue with regards to corporate mergers. The press release highlights that the recently announced America Online-Time Warner merger will combine consumer data from the world's largest Internet Service Provider and one of the world's largest media companies.
  • EPIC Files FTC Privacy Complaint Against DoubleClick. EPIC has filed a complaint (PDF) with the Federal Trade Commission concerning the information collection practices of DoubleClick Inc., a leading Internet advertising firm, and its business partners. The complaint alleges that DoubleClick is unlawfully tracking the online activities of Internet users and combining surfing records with detailed personal profiles contained in a national marketing database. EPIC's complaint follows the merger of DoubleClick and Abacus Direct, the country's largest catalog database firm. DoubleClick has announced its intention to combine anonymous Internet profiles in the DoubleClick database with the personal information contained in the Abacus database. See EPIC's press release for additional information.
  • President Issues Executive Order on Genetic Privacy. On February 8, President Clinton released an executive order prohibiting any federal agency from using genetic information in the process of hiring or promoting personnel. He also endorsed legislation introduced in the House of Representatives and the Senate which would extend similar nondiscrimination protections to the private sector.
  • Proposed Financial Privacy Regulations Released. The Treasury Department, Federal Reserve, Federal Deposit Insurance Corporation, and Office of Thrift Supervision issued a joint notice of proposed rule-making on February 3. The rules (160K PDF) will govern how financial institutions may pass on customer information to affiliated and third parties. On February 24, the Federal Trade Commission released its own notice and rules (120K PDF) for financial institutions within its jurisdiction. Comments on both sets of proposed rules are due by March 31.
  • EPIC Testifies on National Plan for Information Systems Protection. On February 1, EPIC Executive Director Marc Rotenberg presented testimony (PDF) before the Senate Judiciary Committee, on the privacy implications of "FIDNET" and the Administration's plan for infrastructure protection. EPIC warned that the plan would violate civil liberties. EPIC also released a Justice Department memo which indicates that the plan violates the federal wiretap law and a second government memo that suggests FIDNET would make use of credit card records and toll billing information. Both memos were obtained under the Freedom of Information Act. See EPIC's press release for more details.
  • President Calls for Privacy Safeguards. In his State of the Union speech on January 27, President Clinton said that in response to the growing reach of information technology "first and foremost, we have to safeguard our citizens' privacy." He specifically mentioned recent proposed regulations on medical privacy, the planned introduction of legislation protecting financial privacy, and the importance of guarding genetic information.
  • Privacy Groups Challenge FBI Wiretap Standards. EPIC, ACLU and EFF have asked a federal appeals court to block new rules that would permit the FBI to dictate the design of the nation's communication infrastructure. The challenged rules would enable the Bureau to track the physical locations of cellular phone users and potentially monitor Internet traffic. The appellate brief (PDF version available) challenges an FCC order implementing the Communications Assistance to Law Enforcement Act (CALEA). See the joint press release for additional information.
  • Revised Crypto Export Control Rules Released. The U.S. Commerce Department has announced the issuance of revised regulations governing the export of encryption products. While permitting the export of previously controlled items, the new rules maintain a complex and burdensome licensing scheme, and retain substantial restrictions on the ability to exchange information concerning encryption. See the joint press release issued by EPIC, ACLU and EFF more additional information.
  • Supreme Court Upholds Drivers' Privacy Law. The Supreme Court issued its decision in Condon v. Reno, a case concerning the constitutionality of the 1994 Drivers' Privacy Protection Act (DPPA) -- a federal law protecting personal information collected by state DMVs. In the unanimous decision, the court found that the law does not impinge on states' rights. On July 15, EPIC filed an amicus brief [PDF] in the case arguing that Congress is entitled to protect personal information held by state agencies.
  • White House Announces "Cyber-Terrorism" Initiative. The Clinton Administration released the final version of its "National Plan for Information Systems Protection" on January 7. The plan calls for development of the controversial Federal Intrusion Detection Network (FIDNET) to monitor activity on government computer systems. The text of the plan and other relevant material -- including EPIC's report "Critical Infrastructure Protection and the Endangerment of Civil Liberties -- is available at our Critical Infrastructure Protection Resources page.
  • ReverseAuction.com Settles Privacy Violation Charges. In FTC v. ReverseAuction.com, the Federal Trade Commission charged in its complaint that the auction site had pursued "unfair and deceptive" practices in collecting email addresses from eBay customers and sending spam containing false information about the status of their accounts. The settlement will require ReverseAuction.com to inform all the users they deceived, allow these customers to remove their registration information, and delete all email addresses unfairly obtained from eBay's site.
  • EPIC Submits Comments to FEC. On January 4, EPIC responded to the Notice of Inquiry from the Federal Election Commission regarding the use of the Internet for campaign activity. The comments argue that the Commission should preserve the Internet's capacity as a vehicle for democracy and debate and free individuals from reporting and disclosure requirements for political speech.