EPIC Alert 2.06

Volume 2.06 April 28, 1995

Published by the Electronic Privacy Information Center (EPIC) Washington, DC info@epic.org

Table of Contents

[1] EPIC Sends Letter to Congress on Terrorism Bill
In a letter sent April 27 to Senator Orin Hatch, the Electronic Privacy Information Center, urged the Congress to proceed cautiously in the wake of the tragic bombing incident in Oklahoma. EPIC said that "any expansion of federal authority to investigate political activity could have a profound impact upon communication networks and the future of electronic democracy." Senator Hatch held hearings on April 27 on counter-terrorism proposals. The EPIC letter focused on the history of the Attorney General guidelines that permit the government to conduct investigations of domestic organizations. The original guidelines were issued in 1976 by Attorney General Edward Levi. The "Levi Guidelines," as they came to be known, recognized the FBI's legitimate investigative needs while seeking to protect the First Amendment rights of dissident politic organizations. The Guidelines were promulgated in the wake of Watergate and the revelations of the Senate's Church Committee investigation. According to EPIC, the Levi Guidelines reflected the post- Watergate consensus that the investigation of controversial or unpopular political groups had at times been overzealous and had violated fundamental constitutional rights. In 1983 President Reagan's Attorney General, William French Smith, issued a new set of guidelines that replaced the Levi Guidelines. The "Smith Guidelines" were far less restrictive than the Levi Guidelines. As President Reagan's FBI Director William Webster said, the Smith Guidelines "should eliminate any perceptions that actual or imminent commission of a violent crime is a prerequisite to investigation." The critical section of the Smith Guidelines cited in the EPIC letter provides that "[a] domestic security/terrorism investigation may be initiated when facts or circumstances reasonably indicate that two or more persons are engaged in an enterprise for the purpose of furthering political or social goals wholly or in part through activities that involve force or violence and a violation of the criminal laws of the United States." EPIC said that "the current guidelines provide the FBI with ample authority to initiate investigations of organizations and individuals similar to those alleged to have been involved in the Oklahoma City bombing." EPIC noted that public information concerning paramilitary right-wing organizations in general -- and the Michigan Militia in particular -- has been readily available to the FBI and other law enforcement agencies for some time. EPIC also noted that former Attorney General Griffin Bell and former Assistant Attorney General Victoria Toensing have recently expressed the view that the FBI possessed sufficient authority under the Smith Guidelines to investigate and monitor the activities of this organization and affiliated individuals. Finally, EPIC urged Senator Hatch to give similar careful consideration to any proposals for the modification of the wiretap statute or privacy statutes that would diminish the freedoms that all American currently enjoy. EPIC's Letter to Senator Hatch and other materials on domestic security investigations and the counterterrorism bill is available via WWW from http://epic.org/terrorism/
[2] Supreme Court Upholds Anonymous Speech
In an important case for privacy and free speech advocates, the Supreme Court ruled recently that the First Amendment protects anonymous political speech. In McIntyre v. Ohio Election Commission, decided April 19, 1995, the Court struck down an Ohio law that required the disclosure of personal identity on political literature. The petitioner McIntyre distributed pamphlets opposing a proposed school tax levy. The pamphlets were signed simply "Concerned Parents and Taxpayers." McIntyre was fined under a provision of the Ohio code that prohibited the distribution of campaign literature that does not contain the name and address of the person who issued the literature. The Supreme Court ruled that the ordinance violates the First Amendment. The Court said that the ordinance burdened core political speech and noted that the documents covered by the law included only publications intended to influence voters on political issues. The Court relied in part on a 1960 opinion, Talley v. California, which held that the First Amendment protected anonymous speech. The Supreme Court also said that the ban on anonymous speech is not justified by the state's asserted interest in preventing the distribution of fraudulent and libelous information. The Court said that there are more direct ways to address that problem and said also that the code's broad prohibition of anonymous leaflets covered all documents, regardless of whether they are arguably false or misleading. Justice Steven's opinion for the Court note that arguments favoring the ratification of the Constitution advanced in the Federalist Papers were published under fictitious names. Justice Stevens said "quite apart from any threat of persecution, an advocate may believe her ideas will be more persuasive if her readers are unaware of her identity. Anonymity thereby provides a way for a writer who may be personally unpopular to ensure that readers will not prejudge her message simply because they do not like its proponent." Stevens concluded "Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority. " In a surprising and somewhat strained opinion, Justice Scalia wrote in dissent that he could "imagine no reason why an anonymous leaflet is any more honorable, as a general matter, than an anonymous phone call or an anonymous letter. It facilitates wrong by eliminating accountability, which is ordinarily the very purpose of the anonymity." The Court's opinion in McIntyre vs Ohio Election Commission may be significant for several emerging privacy issues. Anonymity is a hotly debated topic in such areas as on-line commerce, the Intelligent Transportation System, electronic mail, and news groups postings. The Court's opinion in McIntyre makes clear that, at least as far as the expression of political opinion is concerned, the Court will continue to view anonymous speech as protected by the First Amendment. A copy of the opinion is available via ftp/gopher from cpsr.org/cpsr/ free_speech/mcintyre.txt or http://epic.org/free_speech/
[3] Virginia Removes SSN, SSA to Match SSN Records with State DMV's
Governor George Allen on March 18 signed a bill allowing Virginia residents the option to not have their Social Security Numbers on their driver's licenses. Virginia now joins 40 other states in not requiring SSN's to be placed on the face of the driver's license. The new law also allows residents to use their work address or a post office box as their address on the license. The legislation comes after 3 years of work by consumer and civil liberties groups including CPSR, the ACLU and the Virginia Citizen's Consumers' Council. The Bill passed the State Senate 39-0 and the House 71-28. Police groups and the DMV expressed no opposition to the bill. In a related action, the Social Security Administration announced that it was filing for an exemption to the Federal Privacy Act to allow it to verify Social Security Numbers for the state DMV's. The SSA is offering to verify SSNs for state DMVs under the "routine use" exception of the Privacy Act. The SSA claims that the proposal is justified under the notion that improving state IDs would improve efficiency of federal programs. The proposal is part of a growing movement in the federal government to create an identification system for immigration control and other federal programs. The SSA attempted to conduct a similar matching program with the credit bureaus in the 1980's but withdrew the program after the Congress Research Service stated that it was illegal. A copy of the Federal Register Notice is available at cpsr.org /cpsr/privacy/epic/ssa_dmv_notice.txt. Comments are due by May 8. Send comments to SSA Privacy Officer, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Blvd., Baltimore, MD 21235 or faxed to (410) 966-0869.
[4] Appeals Court Rules on Pager Privacy
The US Court of Appeals for the 4th Circuit ruled on March 30 that communications of digital pagers are protected by the Electronic Privacy Communications Act (ECPA). The appeals court overturned a lower court decision that ruled that duplicate "clone pagers" could be obtained using a lower legal standard usually reserved for transactional information. The Appeals court found that since pagers could receive more information than just telephone numbers they were therefor protected as electronic communications. Under ECPA, interception of electronic communications requires that a judge issue a warrant showing "probable cause." However, ECPA only requires that for pen registers, which are devices that capture the telephone numbers dialed by a particular telephone line, that a judge "certify" that the "information likely to be obtained is relevant to an ongoing criminal investigation," a much lower standard. Since 1985, when the use of those devices were regulated by the ECPA, no federal judge has rejected any of the 22,000 warrant requests made by law enforcement officials. This lower standard is also now used to regulate law enforcement access to electronic transactional records under the recently passed Law Enforcement Communications Assistance Act of 1994. The court rejected the lower courts analysis based on legislative history of ECPA and a recognition that digital pagers can receive additional messages beyond mere telephone numbers: [A] digital display pager programmed to receive numeric transmissions has the capability to receive by that means coded substantive messages--whether or not it happens to do so during a particular period of interception by clone pager--is what makes the interception subject to the authorization requirements of sections 2516 and 2518. The case began when the Durnham, NC police department began to investigate one of its own employees and obtained a court order using the pen register standard for obtaining a "clone pager" that would intercept messages intended for Jamie Brown. The police department has also obtained a court order authorizing pen requesters to be placed on Brown's telephones. After a month, the police department was unable to find any evidence of wrong doing and sent a letter to brown apologizing for the investigation, describing it as "failing to meet high standards of professionalism." Brown then filed suit against the police department under the civil action available under the ECPA. The case has been remanded back to the lower court, which will now decide if the police are not liable because they are immune or they acted in good faith.
[5] House Passes Family Privacy Bill
As part of the Contract with America, the US House of Representatives on April 4 approved the Family Privacy Protection Act of 1995 by a vote of 418-7. The bill requires that anyone conducting a survey funded in part with federal funds must obtain the prior written consent of parents of minors before the children can be surveyed about a number of sensitive areas. Those areas include parental political affiliation or beliefs; mental or psychological problems; sexual behavior or attitudes; illegal, antisocial, or self incriminating behavior; privileged relationships such as with physicians or clergy; and religious affiliations or beliefs. Congress enacted a provision last year that only prohibited the Department of Education from asking these questions. There are exceptions for criminal investigations for child abuse, immigration, tax and customs laws, financial eligibility and academic tests. It is now pending before the Senate Committee on Governmental Affairs. The text of the bill is available at cpsr.org /cpsr/privacy/epic/ 104th_congress_bills/hr1271_family_privacy.txt
[6] Russian Decree on Crypto
According to a memo prepared for the Washington law firm of Steptoe & Johnson, Russian President Yeltsin's edict "On Measures to Observe the Law in Development, Production, Sale and Use of Encryption Devices and on Provision of Services in Encrypting Information" (April 3, 1995) will restrict the use of encryption technologies by Russian government agencies, State-owned, private and foreign entities. The Edict bans the development, import, sale and use of unlicensed encryption devices, as well as of "protected technological means of storage, processing and transmission of information", and directs the Federal Counterintelligence Service and other enforcement agencies to ensure compliance and to prosecute violators. The Edict designates the Federal Agency of Government Telecommunications and Information attached to the Office of the RF President (FAGTI)as the authority responsible for the review of applications and issuance of licenses. The FAGTI, headed by a Director General, reports directly to the RF President and -- in a familiar combination of SIGINT and COMSEC authority -- is responsible for the security of government communications, as well as for intelligence operations in connection with encrypted and coded information The intelligence branch of FAGTI, also headed by a Director General, is semi-autonomous and and operates "in accordance with the Russian Federation Law 'On External Intelligence'". At least one article written by a prominent Russian mathematician and published in the influential Russian newspaper Izvestia on April 20, 1995 harshly criticized the Edict as overbroad, granting unlimited discretion to the secret police and ignorant customs officers, violating civil rights, creating obstacles for international cooperation in the field of exchange and processing of information, and making meaningless the recently adopted intellectual property laws. The article expresses concern that the new statutes seek to revive and legitimize KGB methods in controlling Russian society. Thanks again to the firm of Steptoe & Johnson for this information.
[7] Wiretap Watch: More Freeh on Encryption
From Senate Judiciary Committee Hearing on Terrorism, April 27, 1995 "... Just as important and perhaps more frightening and more destructive is terrorists communicating over the Internet in encrypted conversations, for which we will have no available means to read and understand unless that encryption problem is dealt with immediately." ... From Hearing of the House Judiciary Committee on International Terrorism, April 6, 1995 "... An even more difficult problem with respect to counterterrorism fighting has to do with encryption. Powerful drug cartels as well as terrorist organizations are aware of the hiding and concealing power of strong encryption and are making headway to develop that technology to defeat counterterrorism investigations. This will be an increasing technology problem, which we know the Congress is eager to take up."
[8] EPIC Privacy Resources
-> Oppose the National Wiretap Plan! Email wiretap@epic.org, call 1-800-651-1489, or http://epic.org/wiretap/ -> Check out the EPIC Web Page - http://epic.org New information on the Counter terrorism proposals in Congress and analysis by Georgetown Law School Professor David Cole The EPIC Online Guide to Privacy Resources (updated 4/16/95) contains a complete listing of privacy resources (http://cpsr.org/cpsr/privacy/epic/privacy_resources_faq.html) The EPIC Legislative Overview lists bills in the 104th Congress that affect Civil Liberties and Privacy (updated 3/22/95) (http://cpsr.org/cpsr/privacy/epic/104th_congress_bills/)
[9] Upcoming Privacy Related Conferences and Events
The 1995 Summer Security Conference "Summercon." June 2-4 1995. Atlanta, GA. Speakers include Eric Hughes (cypherpunks), Bob Stratton (Alternet). Email scon@fc.net or http://www.fc.net/scon.html Society and the Future of Computing 95. June 11-14,1995. Durango, Colorado. Sponsored by USACM. Email sfc95@lanl.gov http://www.lanl.gov/LANLNews/Conferences/.sfc95/sfcHome.html INET '95. June 28-30, 1995. Honolulu, HI. Sponsored by the Internet Society. Speakers on privacy include Frank Tuerkheimer (University of Wisconsin School of Law.), Marc Rotenberg (EPIC), Bill Burrington (AOL). Contact inet95@isoc.org. Key Players in the Introduction of Information Technology: Their Social Responsibility and Professional Training. July 5-6-7, 1995. Namur, Belgium. Sponsored by CREIS. Contact: nolod@ccr.jussieu.fr. DEF CON III. August 4-6, 1995. Las Vegas. Major hacker conference. Contact: dtangent@defcon.org or http://dfw.net/~aleph1/defcon Advanced Surveillance Technologies. Sept. 4, 1995. Copenhagen, Denmark. Sponsored by Privacy International and EPIC. Contact pi@privacy.org. HTTP://privacy.org/pi/conference/ 17th International Conference of Data Protection and Privacy Commissioners. September 6-8, 1995. Copenhagen, Denmark. Sponsored by the Danish Data Protection Agency. Contact Henrik Waaben, +45 33 14 38 44 (tel), +45 33 13 38 43 (fax). InfoWarCon '95. September 7-8, 1995. Arlington, VA. Sponsored by NCSA and OSS. Email: Winn@Infowar.Com. "Managing the Privacy Revolution." Privacy & American Business. Oct. 31 - Nov. 1, 1995. Washington, DC. Speakers include C.B. Rogers (Equifax). Contact Alan Westin 201/996-1154. 11th Annual Computer Security Applications Conference: The conference includes technical papers, panels, vendor presentations, and tutorials that address the application of computer security and safety technologies in the civil, defense, and commercial environments. December 11-15, 1995, New Orleans, Louisiana. Contact Vince Reed at (205)890-3323 or vreed@mitre.org. (Send calendar submissions to Alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send the message: SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname to listserv@cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce. Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). An HTML version of the current issue is available from http://epic.org
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information, email info@epic.org, WWW at HTTP://epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax). The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: cpsr-info@cpsr.org If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy and efforts to oppose Clipper and Digital Telephony wiretapping proposals. Current FOIA cases include: EPIC v. National Security Council (effort to uncover information surrounding Security Policy Board, EPIC v. FBI (effort to obtain information justifying wiretap legislation), CPSR v. National Security Agency (records relating to Clipper and NSA decision to classify public documents), CPSR v. National Institute of Standards and Technology (records regarding development of Digital Signature Standard), and CPSR v. Secret Services (activities of Secret Service in beak-up of 2600 group at Pentagon City) Thank you for your support.