EPIC logo

                          E P I C  A l e r t
Volume 10.11                                               June 6, 2003

                           Published by the
             Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


Table of Contents

[1] EPIC Conference Explores Privacy and Technology Issues
[2] Ashcroft Testifies on PATRIOT Act Implementation
[3] Inspector General Criticizes DOJ on September 11 Detainees
[4] FCC Opens Door to Media Consolidation
[5] Council of Europe Adopts Declaration of Freedom on the Internet
[6] News in Brief
[7] EPIC Bookstore: Privacy Times
[8] Upcoming Conferences and Events

[1] EPIC Conference Explores Privacy and Technology Issues

"There was of course no way of knowing whether you were being watched
at any given moment." - George Orwell, 1984. 

In honor of the 100th anniversary of George Orwell's birth, EPIC
hosted a conference on June 2 entitled "Privacy and Technology:
Looking Back, Looking Ahead" at the National Press Club in Washington,
DC.  Members of EPIC's advisory board discussed the challenges of new
technologies as they relate to privacy and surveillance, the role of
law in safeguarding freedom, and the role of technology in
safeguarding freedom.

In talking about new technologies as they relate to privacy and
surveillance, many panelists, including Professor Daniel Solove of
Seton Hall Law School,  discussed the risks of the Defense
Department's proposed Terrorism Information Awareness (TIA) system and
the government's expanding use of third-party information brokers. 
Dr. Barbara Simons of the U.S. Association of Computing Machinery
discussed data mining problems and issues related to false positive
results.  She also noted how often a technology bias leads toward
technological solutions to problems that would best be solved by
non-technological means.  Professor Oscar Gandy of the University of
Pennsylvania's Annenberg School of Communication concluded the panel
by comparing industrialization's impact on the environment with the
negative externalities on privacy produced by government security

Regarding the role of law in safeguarding freedom, Professor Jerry
Kang of the UCLA Law School presented two different visions of
pervasive computing and how they might alter legal paradigms.
Professor Anita Ramasatry of the University of Washington Law School
expressed concern over a lack of due process in current security
systems, while Judith Krug, the Director of the American Library
Association's Office for Intellectual Freedom, discussed efforts to
modify Section 215 of the PATRIOT Act, which allows authorities to
examine book sales and library records.

When it came to the role of technology in safeguarding freedom,
Professor Ann Bartow of the University of South Carolina School of Law
discussed how the Digital Millennium Copyright Act in some cases
prevents users from fully understanding the technology that they use.
Dr. David Chaum's discussion centered on voting technology and the
simultaneous need for voter anonymity and voting audit trails.  Dr.
Peter Neumann's opening presentation also discussed the issue of
ensuring privacy and integrity in the voting process.  The conference
concluded with Dr. Bruce Schneier, Chief Technology Officer of
Counterpane Internet Security, who presented a five-part framework for
analyzing the nature of security threats and determining the
suitability of security solutions.

EPIC Privacy and Technology Conference Website:


[2] Ashcroft Testifies on PATRIOT Act Implementation

After a long hiatus, Attorney General Ashcroft appeared before the
House Judiciary Committee to answer questions concerning the Justice
Department's implementation of the controversial USA PATRIOT Act.
Ashcroft began his testimony by stating that terrorists still pose a
significant threat to American security.  He said that without the
tools provided by the PATRIOT Act, combating terrorism would be
difficult if not "impossible."  He warned Committee members that, "As
we consider the Constitutional methods we use to fight the enemies of
freedom, we must remember that terrorism threatens our future."
Ashcroft concluded his testimony by describing measures to expand the
PATRIOT Act, including adding to the definition of "material support
to terrorists" punishable under the Act, increasing the maximum
penalties for terrorism, and allowing for pretrial detentions in
terrorism cases.

The House Judiciary Committee has been at the forefront of efforts to
ensure legislative oversight of Executive Branch powers granted in the
PATRIOT Act.  Last month the Justice Department submitted written
responses to a series of questions surrounding the implementation of
the PATRIOT Act (See Alert 10.10).  The questions from the Committee
members during the hearing focused on the impact of the Department's
policies on privacy and civil liberties.   Rep. James Sensenbrenner
(R-WI), chair of the Committee, said that his support of the PATRIOT
Act was neither "perpetual, nor unconditional" and that he wanted to
consider the long term effect of the measure even if might produce
some short term results.  Ranking member John Conyers (D-MI) reminded
Ashcroft that America was "marching into history" and that the
terrorists must be dealt with in the context of Constitutional values
such as due process, which "separate us from our enemies."

The first line of questioning focused on the legislative oversight of
the Justice Department.  Ashcroft acknowledged that he did not consult
with members of Congress concerning his significant revisions of the
Attorney General Guidelines governing security investigations.  He
promised to be more forthcoming with Congress in the future.  Several
members questioned the Attorney General concerning the use of library
and bookstore records during investigations following passage of the

Rep. William Delahunt (D-MA) criticized the Justice Department's
penchant for excessive secrecy saying, "It appears that the American
people feel that the government is intent on prying into every nook
and cranny of people's private lives, while at the same time doing all
it can to block access to government information that would inform the
American people about what is being done in their name."  In response
to a question about data mining, Ashcroft advocated a policy of
"minimization."  He noted that faulty data is a problem and said that
the best safeguard is to ensure that the FBI obtains only information
required for investigations.  Ashcroft stated that he did not believe
that FBI is conducting data mining on non-criminal suspects.  In
regards to the Terrorist Information Awareness system, Ashcroft
recognized the need for operational safeguards, efficacy and accuracy
of search tools, and security systems to prevent unauthorized access.

The Attorney General was also repeated questioned about the Inspector
General's report on the abusive practices concerning the September 11
detainees (see item below).  Finally, a number of Committee members,
instead of taking the opportunity to examine how the Justice
Department is employing the sweeping anti-terrorism laws, asked a
series of questions about the Department's effort to stop peer to peer
file sharing of copyrighted material.

Attorney General Ashcroft's Prepared Statement:


EPIC Attorney General Guidelines page:


[3] Inspector General Criticizes DOJ on September 11 Detainees

The Inspector General of the Department of Justice has released a
198-page report examining the treatment of people who were held on
immigration charges in connection with the investigation of the
September 11, 2001 terrorist attacks.  The report details how the
Justice Department used federal immigration laws to detain 762
persons, mostly of Arab or South Asian origin, who were suspected of
having ties to the attacks or connections to terrorism, or who were
simply encountered during the course of the FBI's inquiry into the
attacks.  The report highlights serious problems with the round-up and
treatment of the 762 detainees, including arbitrary detentions,
prolonged detentions, restrictive detention conditions, and in some
instances physical and verbal abuse. The Office of Inspector General
is an independent internal investigation unit within the Justice

The report, instigated by media reports and reports from human rights
organizations, paints a picture of chaos immediately following the
attacks, followed by a long period of negligence that left detainees
in administrative limbo.  Only after details of the abusive treatment
emerged in the press did the Department begin to process the detainees
more quickly in January 2002.  DOJ has not apologized for its actions,
but instead has taken the position that the crisis atmosphere
immediately after September 11, and the fact that all the persons
detained were in technical violation of immigration laws, makes it
"unfair to criticize the conduct" of Department officials.  The
Department spokesperson said that, "We make no apologies for finding
every legal way possible to protect the American public from further
terrorist attacks."  EPIC and a coalition of public interest groups is
litigating under the Freedom of Information Act to require disclosure
of the names of the detainees; the case is now pending before the D.C.
Circuit Court of Appeals.

According to the report, the Justice Department instituted a "no bond"
policy for all detainees connected to the terrorism probe after the
attacks -- even though immigration officials quickly questioned the
policy's legality.  Without bail, terrorism suspects remained in jail
for an average of nearly three months, much longer than the FBI
projected before it cleared most of them for release, the report said.
In addition, detainees faced monumental difficulties and weeks of
delay before they were allowed to make phone calls and find lawyers.
Some were kept for months in cells illuminated 24 hours a day and were
escorted in handcuffs, leg irons and waist chains.  Most of the
detainees were eventually found to have no connection to the terrorist

The September 11 Detainees Report, Office of Inspector General:

CNSS/EPIC v. Department of Justice (detainee FOIA case):


[4] FCC Opens Door to Media Consolidation

On June 2 the Federal Communications Commission voted 3-2 along party
lines to relax the rules surrounding media ownership.  The
regulations, among other things, would permit a television station to
own a newspaper in the same media market.  The agency received an
unprecedented 750,000 public comments, with 99 percent opposed to
deregulation, but only held a single official hearing on the issue in
Richmond, Virginia last winter.  The Center for Public Integrity
reports that in the months leading up to the final decision, agency
staff met with senior industry lobbyists behind closed doors on 71
different instances, while they privately met with public interest
advocates only 5 times.

The FCC decision came under close scrutiny in the Senate Commerce
Committee; at a hearing on June 3, several senators voiced their
bipartisan opposition to the Commission's decision to promote media
concentration.  Lawmakers warned that the deregulation of the radio
media market promoted significant consolidation, and that the new FCC
rules could produce a similar environment for other media outlets. 
Consumers Union, the Media Access Project, and other public interest
groups have begun a campaign to educate people about the consequences
of the FCC decision and to mobilize a grassroots campaign to support
stronger public interest regulations.

The agency decision to deregulate is spurred by the belief that new
information sources including cable, satellite, and Internet, allow
for enough diversity and that dominance by a handful of media moguls
should no longer be a concern.  Critics charge that traditional media
outlets continue to dominate how most people receive their news, and
that the media giants in the offline world are using their position to
extend their power in the online world.  In addition, the FCC proposal
to allow wireline broadband to be exempt from open access requirements
would further consolidate the dominance of information providers who
increasingly straddle the content and transmission industries.  Public
interest advocates contend that the FCC's commitment to media
deregulation does not serve the important public interest values,
including localism, diversity, and competition.  "This is the most
sweeping and destructive rollback of consumer protection rules in the
history of American broadcasting," said Commissioner Adelstein who
voted against the measure.

FCC Press Release on Decision:

    http://www.epic.org/redirect/fcc_press.html (PDF)

"Behind Closed Doors," Center for Public Integrity Report:


FCC Critique, Consumer Federation of America and Consumers Union:


[5] Council of Europe Adopts Declaration of Freedom on the Internet

The Council of Europe (CoE) Committee of Ministers adopted on May 28 a
"Declaration on Freedom of Communication on the Internet" that
establishes seven principles underlining freedom of communication, and
condemns practices aimed at restricting or controlling Internet
access, especially for political reasons.

Most notable among the principles enshrined in the Declaration is the
acknowledgement that CoE Member States must respect Internet users'
anonymity, "in order to ensure protection against online surveillance
and to enhance the free expression of information and ideas."

Another principle condemns the practice of governmental blocking and
filtering measures ordered preventively, that is, before any decision
is taken by competent national authorities on the illegality of a web
site.  The Declaration recommends that Internet content, if it is to be
removed or blocked, must be clearly identified, and that Article 10,
paragraph 2 of the Convention for the Protection of Human Rights and
Fundamental Freedoms be followed.

The declaration also tackles the issue of the liability of service
providers for Internet content by providing that CoE Member States
should not impose on service providers a general obligation to monitor
content on the Internet to which they give access, that they transmit
or store, closely following in that the legal framework of the EU
E-Commerce Directive (2000/31/EC).  However, contrary to the
Directive, the Council of Europe emphasizes that where CoE Member
States regulate at the national level the obligations of service
providers, they need to protect the freedom of expression and the
rights of users to information.

The Council of Europe is an intergovernmental organization formed in
1949 by West European countries that is currently composed of 45
member countries from across Europe.  Its main role is "to strengthen
democracy, human rights and the rule of law throughout its Member
states," which it does mainly by promoting the binding rules of the
European Convention for the Protection of Human Rights and Fundamental
Freedoms of 1950 (ECHR), an international convention covering a wide
range of civil and political rights that is enforced by the European
Court of Human Rights in Strasbourg.

Council of Europe Declaration (May 28, 2003):


EPIC Page on Anonymity:


EPIC's Filters & Freedom 2.0:


[6] News in Brief

Tivo Sells Viewing Data

Tivo, a company that sells digital video recorders, announced this
week that the company will sell aggregate information collected from
customers' viewing habits.  Tivo's product is capable of tracking
individuals' second-by-second viewing behaviors, and whether
commercials were skipped using the device.  Tivo claims that the
information sold to advertisers will be anonymous, and not reveal
personal or household-level viewing data.

AOL/Microsoft Agreement on Digital Rights Management

America Online and Microsoft came to an agreement last week that will
result in the companies entering into a partnership to develop digital
media initiatives.  The move is likely to accelerate the development
of Digital Rights Management (DRM) systems, many of which are privacy
invasive and incompatible with fair use rights.  Many DRMs, including
systems developed by Microsoft, link individuals' identity to the
content they choose, thus enabling tracking and profiling of
intellectual pursuits.

EPIC Digital Rights Management Page:


California Privacy Laws Advance

This week, California Governor Gray Davis announced support for Sen.
Jackie Speier's (D-San Francisco) financial information privacy bill,
SB 1.  The bill would improve notice requirements and require opt-in
consent from the consumer before information could be sold to
non-affiliates.  Individuals could opt-out of affiliate sharing under
the law, but a recent compromise would allow such sharing if the
affiliates are in the same line of business.

A second bill, SB 27, sponsored by Sen. Liz Figueroa (D-Fremont)
passed the State Senate.  That bill would require businesses to
disclose whether personal information is being sold to marketers
upon a consumer's request.  If information is being sold, the business
must also disclose the sources and recipients of the data and
the actual information disclosed.  Businesses could not condition a
sale of a product on waving this rights of access, and a failure to
comply with the law carries civil penalties.

SB 1:


SB 27:


North Dakota Enacts Two Privacy Laws

Rep. Jim Kasper (R-Fargo) has introduced three privacy bills in
the North Dakota legislature, two of which are now law in that State.
HB 1478 requires financial services institutions to obtain opt-in
consent before exploiting personal information for joint marketing
purposes.  The law also requires a rulemaking to limit financial
information sharing exemptions in the Gramm-Leach-Bliley Act of 1999.

A second bill, HB 1179, requires a rulemaking that may result in the adoption of
opt-in regulations for insurance industry sharing of information among
non-affiliates.  A third measure, HB 1477, would have restricted
affiliate sharing and joint marketing agreements in the securities
industry, but that bill failed narrowly in the State Senate.

HB 1478:


HB 1179:


Industry Anti-Privacy Commercial in North Dakota:

[7] EPIC Bookstore: Privacy Times

Privacy Times http://www.privacytimes.com/

Since 1981, Privacy Times has provided its readers with accurate
reporting, objective analysis and thoughtful insight into the events
that shape the ongoing debate over privacy.  Publisher Evan Hendricks
is a widely respected and thoughtful member of the privacy community.
Privacy Times is the leading subscription-only newsletter covering
privacy & Freedom of Information Law and policy. It is read largely by
attorneys and professionals who must stay abreast of the legislation,
litigation, and executive branch activities, as well as consumer news,
technology trends and business developments. Subscriptions are also
available for individuals.


EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.


"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

     EPIC Bookstore

     "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

June 23-27, 2003. Partenit, Crimea, Ukraine. For more information:

Press Freedom on the Internet. The World Press Freedom Committee. June
26-28, 2003. New York, NY. For more information: mgreene@wpfc.org

Building the Information Commonwealth: Information Technologies and
Prospects for Development of Civil Society Institutions in the
Countries of the Commonwealth of Independent States.
Interparliamentary Assembly of the Member States of the Commonwealth
of Independent States (IPA). June 30-July 2, 2003. St. Petersburg,
Russia. For more information:

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk
and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For
more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm

Integrating Privacy Into Your Overall Business Strategy: Complying
with Privacy Legislation for Competitive Advantage. International
Quality and Productivity Centre (IQPC Canada). July 9-10, 2003.
Toronto, Canada. For more information:

Chaos Communication Camp 2003: The International Hacker Open Air
Gathering. Chaos Computer Club. August 7-10, 2003. Paulshof,
Altlandsberg, Germany. For more information: http://www.ccc.de/camp/

WWW2003: 5th Annual Conference on World Wide Web Applications.
Department of Information Studies, Rand Afrikaans University, and the
Department of Information Systems and Technology, University of
Durban-Westville. September 10-12, 2003. Durban, South Africa. For
more information: http://www.udw.ac.za/www2003/

Making Intelligence Accountable, Oslo, Norway September 19-20, 2003.
The Geneva Centre for the Democratic Control of Armed Forces. For more

Privacy2003. Technology Policy Group. September 30-October 2, 2003.
Columbus, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:


Subscribe/unsubscribe via e-mail:

  To: epic_news-request@mailman.epic.org
  Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

  To: epic_news-request@mailman.epic.org
  Subject: "help" (no quotes)

Problems or questions? e-mail info@epic.org

Back issues are available at: http://www.epic.org/alert/ 

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140
(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 10.11 ----------------------