EPIC logo

                          E P I C  A l e r t
Volume 10.14                                              July 3, 2003

                           Published by the
             Electronic Privacy Information Center (EPIC)
                           Washington, D.C.


Table of Contents

[1] High Court Upholds Library Filtering, Strikes Down Sodomy Ban
[2] EPIC Urges Opt-In for FCRA Affiliate Sharing
[3] National "Do-Not-Call" Telemarketing Registry Launches
[4] ICANN Discusses WHOIS and New Top-Level Domains
[5] Recent Reports: Video Surveillance; Internet Privacy Policies
[6] News in Brief
[7] EPIC Bookstore: "Emma Goldman: Made for America"
[8] Upcoming Conferences and Events

[1] High Court Upholds Library Filtering, Strikes Down Sodomy Ban

In a 6-3 ruling issued on June 23, the U.S. Supreme Court declared the
Children's Internet Protection Act (CIPA) constitutional.  CIPA
conditions the receipt of federal funds by public libraries upon
installation of filtering software which blocks access to material
that is obscene, child pornography, or "harmful to minors."

Even as it recognized that "a filter set to block pornography may
sometimes block other sites that present neither obscene nor
pornographic material," the Court held that CIPA does not violate
library patrons' First Amendment rights.  The Court's decision relied
heavily on the "ease" with which adult patrons may have the filtering
software disabled and the capacity of libraries to permanently unblock
any erroneously blocked site.  Furthermore, the Court reasoned that
CIPA does not infringe any potential fundamental right, because it
simply allows Congress, under its spending power, to choose not to
subsidize unfiltered Internet access in libraries.  The Court
emphasized that libraries are free to offer unfiltered Internet access
without federal assistance.

In 2001, EPIC joined with the American Civil Liberties Union and the
American Library Association as co-counsel in litigation challenging
the constitutionality of CIPA.  As documented by EPIC's "Faulty
Filters" report and other studies, filtering programs routinely block
sites that clearly do not fall under categories proscribed by the law,
thus burdening free speech. The lawsuit also challenged CIPA on
privacy grounds. Although the law allows library patrons engaged in
"bona fide research" to request access to blocked material, the
complaint alleged that such a procedure forces libraries to violate
"patrons' privacy and anonymity rights".  On May 31, 2002, a
three-judge panel in Philadelphia held that CIPA violated the First
Amendment because it would restrict substantial amounts of protected
speech "whose suppression serves no legitimate government interest."

The Supreme Court's decision, which stands on the basic proposition
that disabling the filtering software will be simple, overlooks the
practical difficulties that libraries will likely face in fulfilling
requests to disable.  The potential of future litigation due to the
consequent frustration of individuals' right to disable is high.  In
addition, the burden that the disabling provision of CIPA places on
individual privacy, through the required disclosure of personal
information, is another probable source of future litigation.

In a separate case decided on June 26, the Supreme Court issued its
opinion in Lawrence v. Texas, holding that a Texas law criminalizing
same-sex sodomy is unconstitutional.  Justice Kennedy, writing for the
majority, affirmed that individuals are "entitled to respect for their
private lives."  He concluded the Texas statute "furthers no
legitimate state interest which can justify its intrusion into the
personal and private life of the individual."

Importantly, the Court did not reach its decision based solely upon
equal protection grounds.  The Texas law specifically discriminated
against gay couples, unlike a Georgia law upheld by the Supreme Court
in 1986.  Justice O'Connor, in a concurring opinion, said she would
have overturned the Texas law, but not those sodomy laws that were
applied to all people equally.  The majority, however, decided the
case on privacy grounds, effectively invalidating all anti-sodomy
laws, and suggesting a right of privacy that may extend outside of the

United States v. American Library Association, No. 02-361 (U.S. 2003):




Lawrence v. Texas, No. 02-102 (U.S. 2003):


EPIC Gender and Privacy Page:


[2] EPIC Urges Opt-In for FCRA Affiliate Sharing

On June 26, the Senate Finance Committee held the fifth of six
hearings on the approaching sunset of state preemption provisions in
the Fair Credit Reporting Act (FCRA).  The FCRA regulates the use,
maintenance, and management of credit information. The provisions of
the law considered in the hearing allow financial institutions to
share personal information about customers with affiliated companies.
Currently, financial institutions are required to notify individuals
that they have a right to "opt-out" from the sharing of personal
information.  While some individuals may be aware of their opt-out
rights, what they probably do not know is that even if they do choose
to opt-out of information sharing, financial institutions may still
share their personal information with other companies that are
classified as "affiliates."  Moreover, several financial institutions
have over 1,000 affiliates, some of which engage in practices ranging
far beyond customer expectations.

Because the FCRA preempts state law, states cannot enact legislation
to provide privacy and consumer protections that go beyond federal
provisions. EPIC submitted comments on the record, advocating that
preemption provisions be "sunsetted" so that states can enact stronger
privacy protections.  EPIC also urged that financial institutions must
obtain "opt-in" consent for the sharing of all personal information.

Financial services representatives on the panel argued that sunsetting
the affiliate sharing loophole would make direct marketing and
pre-approved credit more difficult.  A representative of Citigroup
applauded the affiliate sharing loophole because it allows the company
to set up its own internal credit reporting agency.

Advocating privacy protection, Prof. Joel Reidenberg of Fordham Law
School; Julie Brill, assistant Attorney General from Vermont; and Ed
Mierzwinski of the Public Interest Research Group all argued that the
affiliate sharing preemption loophole in the FCRA should be sunsetted.
Reidenberg argued that, when enacted, Congress intended the FCRA to
act as a floor rather than a ceiling, so that states could provide
further protections to individuals.  Brill explained that Vermont,
unlike other states, has restrictions on affiliate sharing because the
state was grandfathered out of federal preemptions.  While banking
industry representatives argued that restrictions on affiliate sharing
would harm consumers by making access to credit and mortgages more
difficult, Brill testified that Vermont has seen none of these
predicted problems.  Drawing from the Citigroup testimony, Mierzwinski
explained that the financial institutions' practice of creating
internal credit reports is dangerous because these in-house credit
reporting agencies completely bypass the FCRA regulations, such as
accuracy and accountability requirements.  In addition, he explained
that states are in a better position to react quickly and tailor their
laws to local problems.

EPIC Letter on Affiliate Sharing:


EPIC Fair Credit Reporting Act Page:


EPIC Preemption Page:


[3] National "Do-Not-Call" Telemarketing Registry Launches

Individuals can now enroll in the national telemarketing do-not-call
registry (DNC), which was unveiled at a White House Rose Garden
ceremony last week.  In the opening moments of the DNC web site, the
Federal Trade Commission reported that it was receiving over 100
enrollments per second.  The list has now grown to over 12.5 million.

EPIC and a coalition of consumer and civil liberties groups filed
comments on the DNC proposal last year.  Many of the protections
suggested in the comments were incorporated in the FTC regulation.
Most telemarketers will not call individuals enrolled in the list
because the Federal Communications Commission (FCC) acted to
complement the regulations promulgated by the FTC.

The popularity of the DNC registry has spawned additional proposals
for national opt-out databases.  On Capitol Hill, opt-out databases
are being considered for spam, direct mail, and credit card
solicitations. The telemarketing industry has reacted strongly,
claiming that it will initiate a barrage of direct mail and spam
solicitations to fill the void created by the new limits on

National "Do-Not-Call" Registry:


EPIC Telemarketing Page:


[4] ICANN Discusses WHOIS and New Top-Level Domains

The Internet Corporation for Assigned Names and Numbers (ICANN) met
this week in Montreal to discuss WHOIS, the Country Code Supporting
Organization, and sponsorship of a limited number new generic
top-level domains.

WHOIS data may expose domain name registrants' personally identifiable
information (including mailing address, email address, telephone
number, and fax number).  Domain name registrants in the
.com/.org/.net top-level domains include businesses; individuals;
media organizations; non-profit groups; public interest organizations;
political organization; religious organizations; and support groups.
Anyone with Internet access, including stalkers, corrupt governments
who dislike international exposure, spammers, intellectual property
lawyers, law enforcement, consumers, individuals, etc., has access to
WHOIS data.  The important point is that WHOIS data lends itself to
both good faith and bad faith uses, and that investigating fraud is
only one of many uses of WHOIS data.

During the ICANN public participation session on WHOIS, EPIC pointed
out that there are various types of domain name registrants, and that
policies governing the information should consider whether the
registrant is a commercial or non-commercial actor.  The President of
ICANN closed the workshop with a recommendation that ICANN groups and
constituencies work together to prioritize WHOIS issues and develop a
work program. EPIC is serving on the WHOIS Privacy Steering Committee
that will work to devise such a program.

The ICANN Board also adopted the recommendations made by the group's
Evolution and Reform Committee on the formation of a Supporting
Organization for country-code names.  Country-code top-level domains
(ccTLDs) include, for example, .uk, .jp, and .ca.  This
policy-development body, known as the Country-Code Names Supporting
Organization (ccNSO), will serve to develop and recommend global
policies relating to ccTLDs; nurture consensus across the ccNSO's
community, including the name-related activities of ccTLDs; and
coordinate with other ICANN Supporting Organizations, committees, and
constituencies under ICANN.

Finally, ICANN posted draft materials for a request for proposals for
a limited number of new generic top-level domains (gTLDs), which
include, for example, .com, .org, .net, .info, and .edu.  One of
ICANN's main concerns is whether the request for proposals should be
limited to applicants who proposed gTLDs in the November 2000
selection process, or whether new applications should also be accepted
at this stage.  ICANN's request for proposal draft materials are open
for public comment by e-mail until August 25, 2003 (comments may be
submitted to stld-rfp-comments@icann.org).  The ICANN Board also
requested its President to provide, no later than July 26, a detailed
plan and schedule for the development of an appropriate long-term
policy for the introduction of new gTLDs into the domain-name system
using "predictable, transparent, and objective procedures."

EPIC WHOIS Privacy Issues Report:


ICANN's Montreal meeting report:


[5] Recent Reports: Video Surveillance; Internet Privacy Policies

The General Accounting Office (GAO) released a report on video
surveillance this week that covers law enforcement use of closed
circuit television (CCTV) to monitor federal property in Washington,
D.C.  The survey was commissioned in response to a request from the
former Chair of the House Government Reform Subcommittee on the
District of Columbia.  The request asked the GAO to examine the
implementation of the CCTV systems, and how the enforcement agencies
have responded to civil liberties risks flowing from CCTV surveillance

Civil liberties and privacy organizations have criticized CCTV use by
law enforcement, arguing that surveillance cameras invade personal
privacy, infringe on demonstrators' First Amendment rights, are ripe
for misuse, and have never proven to be effective (see, for instance,
the findings of the August 2002 study conducted by the British Home
Office, below).  CCTV is used by the Metropolitan Police Department of
the District of Columbia (MPDC) and the National Park Service's Park
Police to monitor public areas in D.C. around the Mall and other
popular tourist sites, as well as at downtown locations such as Dupont
Circle, Union Station, the Old Post Office Building and a shopping
area in Georgetown.  The systems are allegedly used to deter crime and
combat terrorism.

The GAO survey found that although the MPDC's alleged primary use is
to deter and detect crime, the Park Police reported using CCTV mainly
to counter terrorism.  Video surveillance to combat terrorism has,
according to several experts' studies, not been effective in
apprehending even a single terrorist, and the Park Police has not to
date shown any evidence that its cameras have detected terrorism
activities. Furthermore, the MPDC has been unable to demonstrate that
its video surveillance has furthered the MPDC's stated primary goal of
decreasing or detecting criminality.

The MPDC has been urged by civil liberties groups and the D.C. City
Council to draft guidelines for the use of its video surveillance
system to address serious privacy concerns, and has been called upon
to testify several times on the matter before Congress and the
Council.  In response, the department has released guidelines to
address civil liberties concerns, has put into operation regulations
for use, and disclosed the CCTV locations to the public.  Nonetheless,
the report finds that the Park Police has failed to release any usage
guidelines or disclosed camera locations, although ordered to do so
more than a year ago by Congress.  The Park Police asserts that it is
considering obtaining public input into its CCTV system and is
developing an operations policy.  

The Annenberg Public Policy Center at the University of Pennsylvania
released a study last week that questions the success and viability of
consumer education on Internet privacy policies.  The most startling
finding is that 57 percent of adult home Internet users believe that
websites with privacy policies do not share their personal information
with third parties.  Written by Prof. Joseph Turow, the study also
found that most U.S. Internet users have no idea that websites
manipulate, extract and share data to create profiles about their web

In other findings, 94 percent of the report respondents agreed with
the statement that "I should have a legal right to know everything
that a web site knows about me."  Eighty-five percent thought that a
law that gave individuals the right to control how websites use and
share information would either be "very" or "somewhat" effective in
protecting privacy.

Information on Law Enforcement's Use of Closed-Circuit Television to
Monitor Selected Federal Property in Washington, D.C., GAO 03-748,
June 2003:


British Home Office Research Study 252, Crime Prevention Effects of
Closed Circuit Television: a Systematic Review, August 2002:


EPIC Observing Surveillance Project:


EPIC Video Surveillance Page:


Joseph Turow, Americans and Online Privacy: The System is Broken,
Annenberg Public Policy Center, June 2003:


[6] News in Brief

DPPA Class Action Filed Against ChoicePoint, Lexis-Nexis

Attorneys in Florida have filed a class-action lawsuit against
ChoicePoint and the parent company of Lexis-Nexis for allegedly
violating the Driver's Privacy Protection Act.  The complaint alleges
that the companies obtained driver's records in violation of federal

Complaint in Levine v. ChoicePoint, No. 03-80491 (S.D. Fla. 2003):


California Financial Privacy Update

SB1, the California opt-in financial privacy bill, was defeated by a
coalition of moderate Democrats in the state's assembly last week. The
bill's sponsors will try to have the bill reconsidered, but in the
meantime, privacy advocates' focus will turn to a voter initiative to
be held in March 2004.  Initiative organizers are on track to exceed
the amount of signatures necessary for access to the ballot.  The
initiative, if passed, will set the strongest financial privacy
standards in the nation.  It requires opt-in consent before financial
services companies can exploit personal information with affiliates or

California Privacy Initiative:


RIAA Threatens to ID and Sue Thousands of P2P Users

The Recording Industry Association of America (RIAA) announced last
week that it will aggressively pursue lawsuits against individuals who
share media files online.  The announcement follows the group's
initial success in RIAA v. Verizon, where the music industry sought to
use provisions of the Digital Millennium Copyright Act to identify P2P
users with legal subpoena.

EPIC RIAA v. Verizon Page:


EPIC Letter On P2P Privacy:


Government Surveillance Oversight Bill Introduced

Rep. Joseph Hoeffel (D-PA) recently introduced The Surveillance
Oversight and Disclosure Act (SODA) in the House of Representatives.
The proposed bill would require the Department of Justice (DOJ) to
report yearly to Congress on secret warrants issued under the Foreign
Intelligence Surveillance Act (FISA), including an accounting of how
many secret warrants are issued for electronic surveillance, physical
searches, pen registers, and access to records.  The DOJ would also be
required to disclose how frequently such information is used in
criminal proceedings.  SODA is intended to give Congress greater
oversight of the DOJ's foreign and domestic surveillance activities.

Surveillance Oversight and Disclosure Act:




[7] EPIC Bookstore: "Emma Goldman: Made for America"

Emma Goldman, A Documentary History of the American Years: Made for
America, 1890-1901, Vol. 1 (Candace Falk, Barry Pateman, Jessica
Moran, eds., Univ. California Press 2003).


Emma Goldman Papers Project:


I first encountered Emma Goldman's work when an anonymous campus
pamphleteer passed me a copy of "The Psychology of Political
Violence."  The pamphlet was bound between Goldman's famous mug shot,
in which she cocks her head at the camera with a defiant look, almost
inviting an altercation with the police photographer.  The essay was
stunning; it argued that an "attentat", an act of political propaganda
by deed, was most likely to be committed by those who were sensitive
to social injustice. Compared to the deeds of governments, "political
acts of violence are but a drop in the ocean," and that they represent
"the most compelling moment of human nature."

Since then, I have read a number of Goldman texts, but none so
complete and interesting as "Emma Goldman: Made for America."  This is
the first of four volumes edited by the Emma Goldman Papers Project at
University of California-Berkeley.  The Project has been meticulous in
annotating and providing context for this treasure of news articles,
letters, arrest records, trial transcripts, and other communications
about Goldman. The text is a must have for anyone seriously engaged in
a study of Goldman.

Goldman entered the political scene in her early twenties, speaking to
groups across the nation about anarchism, free expression, women's
liberation, and free love.  She was pursued by police relentlessly,
and ultimately deported during the Red Scare.  By the age of 30, "Red
Emma," an "evil disposed and pernicious person . . .  of turbulent
disposition," had accomplished so much that she considered writing her

Goldman is relevant today because her words are still censored.
Earlier this year, the Project planned to send a fundraising appeal
that contained Goldman's quotes on war and free expression.  For a
short time, Berkeley administrators directed the project not to send
the solicitation, but ultimately reversed the prohibition.  One of the
objectionable quotes was: "In the face of this approaching disaster,
it behooves men and women not yet overcome by war madness to raise
their voice of protest, to call the attention of the people to the
crime and outrage which are about to be perpetrated on them."  The
controversies Emma Goldman created during her lifetime still resonate

- Chris Jay Hoofnagle


EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.


"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/bookstore/crypto00&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

     EPIC Bookstore

     "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk
and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For
more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm

Integrating Privacy Into Your Overall Business Strategy: Complying
with Privacy Legislation for Competitive Advantage. International
Quality and Productivity Centre (IQPC Canada). July 9-10, 2003.
Toronto, Canada. For more information:

Chaos Communication Camp 2003: The International Hacker Open Air
Gathering. Chaos Computer Club. August 7-10, 2003. Paulshof,
Altlandsberg, Germany. For more information: http://www.ccc.de/camp/

WWW2003: 5th Annual Conference on World Wide Web Applications.
Department of Information Studies, Rand Afrikaans University, and the
Department of Information Systems and Technology, University of
Durban-Westville. September 10-12, 2003. Durban, South Africa. For
more information: http://www.udw.ac.za/www2003/

Making Intelligence Accountable, Oslo, Norway September 19-20, 2003.
The Geneva Centre for the Democratic Control of Armed Forces. For more

Privacy2003. Technology Policy Group. September 30-October 2, 2003.
Columbus, OH. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:


Subscribe/unsubscribe via e-mail:

     To: epic_news-request@mailman.epic.org 
     Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org 
     Subject: "help" (no quotes)

Problems or questions? e-mail < info@epic.org >

Back issues are available at: http://www.epic.org/alert/ 

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org ,http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140
(tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can
contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

---------------------- END EPIC Alert 10.14 ----------------------