=============================================================
      
        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

     =============================================================
     Volume 2.12                                   October 23, 1995
     -------------------------------------------------------------

                         Published by the
           Electronic Privacy Information Center (EPIC)
                          Washington, DC
                          info@epic.org
                      http://www.epic.org/

            * Special Edition: National Wiretap Plan *

=======================================================================
Table of Contents 
=======================================================================
  
 [1] FBI Wiretap Plan Exceeds Legislative Authority
      (and what you can do)
 [2] Illegal Bugging by US Agencies Continues
 [3] Status of Wiretap Funding
 [4] Court Rules Against Hi-tech Spy Devices
 [5] NTIA to Release Privacy "Policy"
 [6] Privacy Success -- Marketry Drops Plan to Sell Net Data
 [7] ACLU Civil Liberties Update / Privacy Rights Clearinghouse
 [8] Upcoming Conferences and Events

=======================================================================
[1] FBI Wiretap Plan Exceeds Legislative Authority
      (and what you can do)
=======================================================================

The FBI has released a dramatic "reinterpretation" of the Communications
Assistance for Law Enforcement Act (the "Digital Telephony" bill or 
"CALEA"). In a Federal Register notice which outlines "capacity 
requirements" for surveillance of the nation's communications 
infrastructure, the FBI is claiming that compliance with CALEA requires 
that telephone companies and other service providers in some regions of
the country build in enough surveillance capacity so that *one percent* 
of all phone lines could be *simultaneously* wiretapped, calls isolated,
and forwarded to the FBI. This would permit wiretapping at a level at 
least a thousand time greater than currently occurs in the United 
States.  This level of surveillance is also far in excess of what 
Congress intended when it enacted the CALEA. The rule, if adopted, will 
lead to a radical change in the surveillance capabilities of the 
government.

The methodology used to determine capacity requirements is also deeply 
flawed. Wiretapping reports, as required by law, have always been based 
on actual taps authorized, actual conversations intercepted, and actual 
lines surveilled. These numbers are reported annually by the 
Administrative Office of the U.S. Courts. The Bureau's proposed rule 
attempts to shift from the analytic approach required by current wiretap 
law to one that is based on percentages of total communications 
activity. It is similar (in purpose and magnitude) to a government 
agency that had received an annual appropriation of $12 m to argue by 
regulation that it was now entitled to 1% of the federal budget (roughly 
$18 b).

EPIC has filed a Freedom of Information Act request seeking all 
documents relating to the development of this proposed rule.

WHAT YOU CAN DO:

 (a) Submit comments to the FBI.  Object to the "percentage approach" to 
     wiretap capacity.  Urge the FBI to follow the current measurement 
     of wiretapping, as reported annually by the Administrative 
     Office of the U.S. Courts, which considers the actual number of
     wiretaps authorized. If you are a telephone customer, ask 
     the FBI to address the privacy risks of unauthorized, illegal, or 
     excessive wire surveillance. Comments should be submitted in 
     triplicate to the Telecommunications Industry Liaison Unit 
     (TILU), Federal Bureau of Investigation, P.O. Box 220450, 
     Chantilly, VA 22022-0450. For further information, contact TILU
     at (800) 551-0336. Refer to your question as a "capacity notice"
     inquiry.
 
       ** Comments must be received by November 15, 1995.**

  (b) If you represent or work for a telecommunications company, 
     equipment manufacturer, or service provider, assess carefully the 
     cost and liability that this proposed federal regulation may impose 
     on your company and the risk that it may expose your customers to 
     illegal wiretapping. If you are interested in challenging the 
     final FBI rule, contact EPIC and send us a copy of your comments.  
     We are prepared to assist individuals and companies with a legal
	challenge.

The FBI Federal Register notice (October 16, 1995, Volume 60, Number 
199, Pages 53643 - 53646) is available at:

   http://www.epic.org/wiretap/calea_notice_10_95.txt

EPIC will soon post a copy of its FOIA request and its comments on the
regulation to implement a national wiretap plan.

=======================================================================
[2] Illegal Bugging by U.S. Agencies Continues
=======================================================================

Reports of illegal wiretapping by U.S. agencies are on the rise. Last 
week Japanese officials expressed concern over a report of CIA spying 
during automotive trade talks earlier this year, and said they would ask 
the United States to investigate, according to an October 16 Reuters 
report. "This is certainly not a very pleasant matter," said Trade 
Minister Ryutaro Hashimoto.  Ichiro Fujisaki, political minister at the 
Japanese embassy "expressed the Japanese government's concern that 
should the report be true, it could hurt our national sentiment and 
U.S.-Japanese friendship and mutual trust."

The New York Times reported earlier that the Central Intelligence Agency
conducted electronic surveillance in the course of preparing reports for
American negotiators prior to an accord reached in June. The Times also 
reported that U.S. Trade Representative Mickey Kantor "was regularly
supplied with information gathered about the Japanese negotiation 
position by the CIA's Tokyo station and the National Security Agency,
which operates electronic eavesdropping equipment." (NYT, Oct. 14, 
1995). The Washington Post confirmed the incident and noted that the 
"eavesdropping reflected the U.S. intelligence community's increasing 
involvement in economic and commercial information gathering since the 
end of the Cold War."

The illegal wiretapping report follows an incident earlier this year 
when French officials charged that the United States intelligence 
agencies engaged in clandestine monitoring of trade negotiations.

Meanwhile, the President of Estonia was forced to resign following news
that he had engaged in secret wiretapping of political opponents. 
According to the New York Times, residents of Estonia wondered whether 
the days of Soviet police agents spying on citizens had returned. Newly
chosen President Lennart Mei called the scandal "a crisis of democracy."
 He said, "We must ask ourselves: Does power belong to the people if
surveillance equipment is in the hands of others?"  (NYT, Oct. 18)

Estonia is the most recent country to see its government fall after 
public disclosure of illegal wiretapping. In the last few years, Greece
and France have replaced political leaders because of wiretapping 
scandals.

=======================================================================
[3] Status of Wiretap Funding
=======================================================================

In 1995 the Communications Assistance for Law Enforcement Act authorized
the expenditure of $500,000,000 over four years to reimburse companies
to design wiretap-ready communications technologies.  But opposition to 
the "Digital Telephony" proposal forced the FBI and the White House to 
find a creative way to fund the unpopular program.  Now the 
Administration is proposing that the $500 M be gathered from a special
fund which authorizes the surcharge of 40 percent on all civil fines 
levied by the United States after October 1, 1995, excluding fines 
levied by the Internal Revenue Service. [The specific legislative 
provision may be found in Title IV of the Counterterrorism Bill, HR 1710 
(Civil Monetary Penalty Surcharges and Telecommunications Carrier 
Compliance Payments).  The terrorism bill is now under consideration by 
Congress and will be the subject of an upcoming EPIC Alert].

But even the "slush" fund may not generate enough money to reimburse
companies to design wiretap capabilities, which some industry experts 
estimate may run in excess of $2 billion.  The House appropriations bill 
for the Department of Justice sets aside only $50 M for the Telephone 
Carrier Compliance program.

The U.S. Telephone Association earlier recommended that the government 
follow traditional funding methods for the program rather than the
slush fund approach taken in the Counter-terrorism bill. The benefits
of such a budget, said the USTA, include the fact that "it brings the 
process into the sunshine, making government surveillance expenditures 
an issue for public scrutiny." (USTA Wiretap Workshop, May 1995). The 
Office of Technology Assessment, before its demise, also prepared a 
useful overview of the bill and discussed the funding issues -- 
"Electronic Surveillance in a Digital Age" (OTA 1995).

Further information about wiretapping is available at the EPIC web page:

   http://www.epic.org/privacy/wiretap/

=======================================================================
[4] Court Rules Against Hi-tech Spy Toys
=======================================================================

In a case that illustrates that the protections provided by the Fourth 
Amendment against the intrusiveness of modern technologies are still 
very much alive, the U.S. Court of Appeals for the 10th Circuit ruled on
October 4 that police must obtain a warrant before using Forward Looking
Infrared Radar (FLIR) devices to examine private residences. FLIR 
measures heat differentials on surfaces of as little as 0.5 degrees 
Celsius to determine activities inside homes. Police use FLIR devices to
scan neighborhoods an detect houses that emanate heat which may be 
caused by "grow" lamps. 

In U.S. v. Cusumano, No 94-8056, No 94-8057, Oct. 4, 1995, the court 
ruled that new technologies do not eliminate the normal expectation of 
privacy that individuals have in their homes. Echoing the words of
Justice Brandeis' opinion in a 1928 wiretap case, the court said:

   the Defendants need not have anticipated and guarded against
   every investigative tool in the government's arsenal. To hold
   otherwise would leave the privacy of the home at the mercy of the
   government's ability to exploit technological advances: the
   government could always argue that an individual's failure (or
   inability) to ward off the incursions of the latest scientific
   innovation forfeits the protection of the Fourth Amendment ... [T]he
   government would allow the privacy of the home to hinge upon the
   outcome of a technological race of measure/counter-measure between
   the average citizen and the government -- a race, we expect, that 
   the people will surely lose.

Other courts have split on this question. Recently, the Washington State 
Supreme Court ruled that a warrant is required before FLIR can be used 
(State v. Young, 867 P.2d 593 (Wash. 1994), while several other federal 
appeals courts have ruled that the heat is "waste" not protected by the 
Fourth Amendment.  The 10th Circuit opinion rejected the waste argument
"because the interpretation of that data allows the government to 
monitor those domestic activities that generate a significant amount of 
heat. It . . . strips the sanctuary of the home of one vital dimension 
of its security: the 'right to be let alone' from the arbitrary and 
discretionary monitoring of our actions by government officials." 


=======================================================================
 [5] NTIA to Release Privacy "Policy"
=======================================================================

The National Telecommunications and Information Administration is 
expected to release today (October 23) a white paper entitled "Privacy 
and the NII: Safeguarding Telecommunications-Related Personal 
Information." In an agency press release, NTIA administrator Larry 
Irving said, "We hope to contribute to the effort of addressing the 
public's concerns regarding the protection of their personal 
information." NTIA says the paper will focus on "privacy concerns 
associated with an individual's subscription to or use of a 
telecommunications or information service."

But if the final NTIA report is at all similar to a privacy policy 
discussed by an NTIA official at a conference earlier this month in 
Brehmen, Germany there is little that will reassure the public about
this policy. Ignoring mounting evidence that voluntary codes have 
failed and that new technologies of privacy should be promoted, the 
NTIA recommends a "be careful out there" strategy, in effect saying 
that it is better to post warning signs along the information highway 
than to make the road safer to travel. 

The NTIA proposal specifically recommends the "contract" approach to 
privacy that was rejected by European officials earlier this year as 
an inadequate safeguard for consumers using advanced communications 
services. 
 
NTIA officials, and other members of this Administration, have claimed 
that with changing technology it is too difficult to legislate 
effectively.  But a different group of public officials, facing a 
similar challenge 20 years ago did not make such excuses. *Records, 
Computers, and the Rights of Citizens* (1973) was a ground-breaking
report that spoke clearly of the need to protect citizens rights, led to 
passage of the Privacy Act of 1974, and established firmly the 
importance of Fair Information Practices.  NTIA's report, like the other 
privacy "policies" of this administration, will occupy no similar place 
in history. The spirit of Clipper has infused this government.

Copies of the report are available from NTIA at 202/482-3999 and will 
soon be posted at the EPIC web site with a complete critique.  EPIC has 
also prepared a detailed review of an earlier administration privacy 
code:

   http://www.epic.org/privacy/internet/epic_nii_privacy.txt


=======================================================================
[6] Privacy Success -- Marketry Drops Plan to Sell Net Data
=======================================================================

In a notable victory for consumer privacy and on-line activism, a 
Bellevue, Washington company has backed off plans to sell personal 
information gathered from the Internet following reports in the 
Washington Post and a call to action in the EPIC Alert.  Marketry 
President Norm Swent announced last week "Marketry's resignation as 
manager of the email Internet Interest Selector list." However, Marketry 
was not the compiler of the data. Another agent could still be found.

Washington Post reporter John Schwartz broke the Marketry story in the 
paper's Business section following news of the proposal in the industry 
trade publication The Friday Report. The Marketry data was to be 
gathered from newsgroup posts, website visits, and chat room comments.

=======================================================================
 [7] ACLU Civil Liberties Alert / Privacy Rights Clearinghouse
=======================================================================

An excellent civil liberties on-line newsletter is the ACLU
Cyber-Liberties Update/

   To subscribe to the ACLU Cyber-Liberties Update, send an e-mail 
   message to infoaclu@aclu.org with "subscribe ACLU" in the subject 
   line of your message.  For more information about the newsletter, 
   contact editor Ann Beeson, beeson@aclu.org.

One of the leading consumer privacy organizations in the country is
the Privacy Rights Clearinghouse in San Diego.  Formed in 1992, the 
Clearinghouse has produced many consumers fact sheets on common privacy
concerns, and maintains a toll free hotline to provide advice to 
consumers about their rights.

   More information about the Privacy Rights Clearinghouse is available
   at http://www.manymedia.com/prc/. 5998 Alcala Park, San Diego, CA 
   92110. (619) 260-4806 (tel). 800-773-7748 (in Cal. only) 
   prc@teetot.acusd.edu (email) Director: Beth Givens. 

For a comprehensive guide to online privacy resources, check out:

    http://www.epic.org/privacy/privacy_resources_faq.html

=======================================================================
[8] Upcoming Privacy Related Conferences and Events
=======================================================================

SPECIAL: Ram Avrahami will discuss efforts to strengthen consumer 
  privacy this week on NPR's Morning Edition and then on CNN Today. For
  more information, check out http://www.epic.org/privacy/junk_mail/)

Smithsonian Institution, "Frontiers in Cyberspace: Encryption, Privacy,
and Cybercodes. October 25, 1995.  Marc Rotenberg, Director, Electronic 
Privacy Information Center (EPIC), Philip Zimmermann, Creator, Pretty 
Good Privacy (PGP); Stewart Baker, Attorney, Steptoe & Johnson, former
General Counsel, National Security Agency. Contact: Melody Curtis 
(CurtisM@aol.com)

Managing the Privacy Revolution. October 31 - November 1, 1995. 
Washington, DC. Sponsored by Privacy & American Business. Speakers 
include Mike Nelson (White House) C.B. Rogers (Equifax). Contact Alan 
Westin 201/996-1154.

Innovation and the Information Environment.  November 3-4. University 
of Oregon School of Law in Eugene,  Oregon.  Contact: Keith Aoki
KAOKI@law.uoregon.edu.

National Privacy and Public Policy Symposium.  November 2-4., Hartford, 
Cosponsored by the Connecticut Foundation for Open Government. Contact 
Richard Akeroyd, rakeroyd@csunet.ctsateu.edu 203/566-4301 (tel), 
203/566-8940 (fax)

22nd Annual Computer Security Conference and Exhibition. November 6-8,
Washington, DC. Sponsored by the Computer Security Institute.
Contact: 415-905-2626.

Global Security and Global Competitiveness: Open Source Solutions.
November 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert Steele
oss@oss.net.

"The Right to Privacy," November 9.  Authors Caroline Kennedy and Ellen
Alderman discuss their new book on privacy.  Lizner Auditorium, George 
Washington University, Washington, DC.  Contact 202/357-3030.

11th Annual Computer Security Applications Conference: Technical
papers, panels, vendor presentations, and tutorials that address the
application of computer security and safety technologies in the civil,
defense, and commercial environments. December 11-15, 1995, New Orleans,
Louisiana. Contact Vince Reed at (205)890-3323 or vreed@mitre.org.

RSA 6th Annual Data Security Conference:  Cryptography Summit. 
Focus on the commercial applications of modern cryptographic technology, 
with an emphasis on Public Key Cryptosystems. January 17-19, 1996. 
Fairmont  Hotel, San Francisco.  Contact Layne Kaplan Events, at (415) 
340-9300, e-mail at info@lke.com, or register at http://www.rsa.com/.

Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact cfp96@mit.edu or
http://www-swiss.ai.mit.edu/~switz/cfp96

Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers should 
be submitted by February 1, 1996. Contact Wade Robison privacy@rit.edu, 
by FAX at (716) 475-7120, or by phone at (716) 475-6643.

Australasian Conference on Information Security and Privacy June
24-26, 1996. New South Wales, Australia. Sponsored by Australasian
Society for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (jennie@cs.uow.edu.au).

Visions of Privacy for the 21st Century: A Search for Solutions. 
May 9-11, 1996.  Victoria, British Columbia. Sponsored by The Office 
of Information and Privacy Commissioner for the Province of British 
Columbia and the University of Victoria. Program at 
http://www.cafe.net/gvc/foi

18th International Conference of Data Protection and Privacy 
Commissioners. Sponsored by the Privacy Commissioner of Canada. 
September 18-20, 1996. Ottawa, Canada.

Advanced Surveillance Technologies II. Sponsored by EPIC and Privacy
International. September 17, 1995. Ottawa, Canada. Contact 
pi@privacy.org

International Colloquium on the Protection of Privacy and Personal
Information. Commission d'acces a l'information du Quebec. May 1997.
Quebec City, Canada.

             (Send calendar submissions to Alert@epic.org)

=======================================================================

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe, send the message:

    SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname

to listserv@cpsr.org.  You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce.

Back issues are available via http://www.epic.org/alert/ or
FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (Go
NCSA), Library 2 (EPIC/Ethics).


=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information, email info@epic.org, WWW at
HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 
301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).

The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  Computer Professionals for Social Responsibility is a
national membership organization of people concerned about the impact
of technology on society.  For information contact: cpsr-info@cpsr.org

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks 
should be made out to "The Fund for Constitutional Government" and sent 
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act
litigation, strong and effective advocacy for the right of privacy and
efforts to oppose government regulation of encryption and funding of
the National Wiretap Plan.

Thank you for your support.

------------------------ END EPIC Alert 2.12 ------------------------