EPIC logo




EPIC ALERT


                    Volume 3.12             January 11, 1996


Published by the
Electronic Privacy Information Center
Washington, D.C.
http://www.epic.org/


Table of Contents

[1] FLASH -- Charges Dropped Against Phil Zimmermann
[2] EPIC Wins Appeal: "Hacker" Raid Info to be Released
[3] FBI Fails to File Required Wiretap Report
[4] EPIC Urges FTC to Pursue Strong Privacy Safeguards
[5] Compuserve Censors 200 Usenet Newsgroups
[6] Telecom Bill Vote Delayed
[7] House Delays Vote on Counter-terrorism Bill
[8] Upcoming Conferences and Eventss       


[1] FLASH -- Charges Dropped Against Phil Zimmermann


The federal government has dropped all charges against Phil Zimmermann, the author of the popular encryption program Pretty Good Privacy. In a letter addressed to Zimmermann's attorney Philip L. Dubois, federal prosecutors Michael Yamaguchi and William P. Keane wrote that " The U.S. Attorney's Office in the Northern District of California has decided that your client, Philip Zimmermann, will not be prosecuted in connection with the posting to USENET in June 1991 of the encryption program Pretty Good Privacy. The investigation is closed." Mr. Zimmermann told the EPIC Alert that he was "greatly relieved." The software programmer, who has become a folk hero to hundreds of thousands Internet users as he has also lived daily with the threat of federal indictment said, "I am thrilled and elated by the decision." Copies of PGP and PGPFone may be downloaded from the EPIC web site at: http://www.epic.org/privacy/tools.html


[2] EPIC Wins Appeal: "Hacker" Raid Info to be Released


In a case litigated by EPIC staff, the federal appeals court in Washington, DC, has ordered the U.S. Secret Service to release information concerning a controversial "hacker" investigation. The January 2 ruling partially rejected the agency's three-year attempt to withhold documents concerning the 1992 "Pentagon City Mall Raid." In November of that year, a group of young people affiliated with the computer magazine "2600" were confronted by mall security personnel, local police officers and several unidentified individuals in the Virginia shopping mall. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded and some of their property was confiscated. Computer Professionals for Social Responsibility (CPSR) filed suit in federal court in early 1993 seeking the release of relevant Secret Service records under the Freedom of Information Act. The litigation of the case has been handled by the Electronic Privacy Information Center (EPIC). In July 1994, U.S. District Judge Louis Oberdorfer ordered the Secret Service to release the vast majority of documents it maintains on the incident. The government appealed that decision to the U.S. Court of Appeals for the District of Columbia Circuit, which partially affirmed the lower court decision in the recent ruling. The appeals court rejected the agency's attempt to invoke a blanket claim of "source confidentiality" for all information involving investigations of computer crime, noting that "the Service offered no evidence that a fear of retaliation by hackers is sufficiently widespread to justify an inference that sources of information relating to computer crimes expect their identities and the information they provide to be kept confidential." The court did, however, uphold the agency's claim that information identifying particular individuals should be withheld from disclosure. Additional information, including the text of the appellate decision, is available at: http://www.epic.org/computer_crime/2600/


[3] FBI Fails to File Required Wiretap Report


The Federal Bureau of Investigation has missed a Congressionally- mandated November 30 deadline for the submission of a public report on wiretap expenditures. The requirement is contained in the controversial digital telephony legislation enacted in late 1994, which mandated the re-design of the nation's telephone network to facilitate wiretapping. The legislation required the Bureau to "submit to Congress and make available to the public a report on the amounts paid during the preceding fiscal year to telecommunications carriers" to reimburse the costs of compliance. The mandated report must also include "projections of the amounts expected to be paid in the current fiscal year, the carriers to which payment is expected to be made, and the equipment, facilities, or services for which payment is expected to be made." On December 12, EPIC sent a letter to Sen. Orrin Hatch and Rep. Henry Hyde, chairmen of the Senate and House Judiciary Committees, concerning the FBI's violation of the statute. EPIC's letter notes that "the privacy of the nation's communications infrastructure is a matter of great public concern" and that "only through effective Congressional and public oversight can we ensure that it is not violated." The FBI's failure to comply with the statutory reporting requirements comes on the heels of its Federal Register notice concerning wiretapping "capacity requirements." In that notice, the Bureau announced its intention to require telecommunications providers to ensure that wiretaps can simultaneously be conducted on one percent of all telephone calls in major urban areas. The public comment period on that proposal ends on January 16. More information on the FBI's proposed wiretap "capacity requirements," and the text of EPIC's December 12 letter, is available at: http://www.epic.org/privacy/wiretap/oppose_wiretap.html SPECIAL NOTE: Comments on the FBI Wiretap Proposal are due by January 16. Check out the EPIC web page and submit your comments.


[4] EPIC Urges FTC to Pursue Strong Privacy Safeguards


EPIC has urged the Federal Trade Commission to take an aggressive stand in support of on-line privacy. In a letter addressed to FTC Commissioner Christine Varney, EPIC ask the FTC " to investigate the misuse of personal information by the direct marketing industry and to begin a serious and substantive inquiry into the development of appropriate privacy safeguards for consumers in the information age." EPIC has asked the FTC to investigate four issues: "1. How is personal information collected and sold within the industry? What is the extent of data aggregation on particular individuals? Do current collection and trade practices violate federal or state law? "2. Has the Mail Preference Service actually protected the privacy interests of consumers? Are there better and simpler methods for consumers to control personal data? "3. What are the implications of the sale of direct marketing lists to federal and state investigative agencies? Does this practice violate privacy rights of American citizens? Should it be regulated or prohibited? "4. Could new technologies for anonymous and pseudo-anonymous payment schemes coupled with enforceable legal rights ensure the development of on-line commerce that promotes business opportunity and protects personal privacy? What steps should be taken to pursue these new opportunities?" A copy of the EPIC letter is available at: http://www.epic.org/privacy/internet/ftc/ftc_letter.html The FTC on-line discussion of privacy issues is at: http://www.ftc.gov/ftc/privacy.htm


[5] Compuserve Censors 200 Usenet Newsgroups


Following a request by a local prosecutor in Bavaria, Germany, Compuserve Information Services (CIS) removed over 200 Usenet newsgroups, claiming that they violated German law on the dissemination of sexually-explicit materials. It is unclear why many of the newsgroups were removed. Many contained no explicit sexual material. The Clairinet news service, which reprints stories from Associated Press and Reuters, had three groups removed. Other newsgroups, which were for fans of Star Trek's Captain Picard, victims of sexual assault and gay teenagers were also removed. Both sides of the conflict are blaming the other for the decision. The Bavarian prosecutor's office claims that it did not specifically tell CIS to remove the newsgroups, while a spokesman for CIS claims that they were provided a list of offending newsgroups. Compuserve, which has members in 140 countries, removed the newsgroups from its service worldwide because it was technically unable to remove them from just Germany. CIS says that it is attempting to change its system to allow blocking of newsgroups in only particular countries.


[6] Telecom Bill Vote Delayed


According to news reports, passage of the telecommunications act has been delayed until after the current debate on the budget has been resolved. Speaker of the House Newt Gingrich was quoted as saying that there will be "nothing on the telecom bill until we have a budget." Other major issues, such as allocation of spectrum for digital tv, have not been resolved and are may also hold up agreement in the conference committee. In December, conferees agreed to language which makes distribution of "indecent" material over computer networks a federal crime. The Internet Day of Protest organized by Voters Telecom Watch and other public interest groups generated calls from over 20,000 people to Congress, many who talked to several offices. Several free speech, privacy rights and newspaper groups are planning to challenge the legislation if it is included in the final bill. More information on the Communications Decency Act is available at http://www.epic.org/free_speech/censorship/


[7] House Delays Vote on Counter-terrorism Bill


The House leadership decided in late December not to schedule a vote on HR 2703, the controversal 'Comprehensive Counterterrorism Act of 1995' after they realized that there were not enough votes to pass the bill. The revised bill is opposed by conservative Republicans who object to provisions increasing federal law enforcement powers and liberal Democrats who also oppose limitaions on the Habeas Corpus rule. The current bill expands the defination of terrorism, allows the use of evidence created by illegal wiretaps in court proceedings, expands the FBI ability to obtain travel, financial, and telephone records without needing to show that the invidual is suspected of violating any law, allow the use of secret evidence in deporation hearings, and limit federal courts from reviewing unconstitutional state court proceedings that resulting in inprisonment or executions. It is expected that the leadership will attempt to bring to bill to the floor for a vote in late January or early February. On December 22, the House approved HR 1655, the 'Intelligence Authorization Act for Fiscal Year 1996'. The bill provides for an estimated $30 billion budget for the intelligence agencies. It also amends the Fair Credit Reporting Act to allow easier access to credit reports in "national security" investigations. The bill allows the FBI to obtain information on the locations of all of an individuals' financial institutions without a court order upon the written request of the FBI. The FBI may get a copy of the full consumer report without having to prove 'probable cause' that the individual is violating a federal law. More information is available at http://www.epic.org/privacy/terrorism/


[8] Upcoming Conferences and Events


RSA 6th Annual Data Security Conference:Cryptography Summit. January 17-19, 1996. FairmontHotel, San Francisco. Contact Layne Kaplan Events, at (415) 340-9300, email at info@lke.com, or register at http://www.rsa.com/. Security, Privacy and Intellectual Property Protection in the Global Information Infrastructure, Canberra, Australia. February 7-8, 1996. Sponsored by the Australian Government, Attorney-General's Department and the Organisation for Economic Cooperation and Development. http://www.nla.gov.au/gii/oecdconf.html Computers Freedom and Privacy '96. March 27-30, 1996. Cambridge, Mass. Sponsored by MIT, ACM and WWW Consortium. Contact cfp96@mit.edu or http://web.mit.edu/cfp96/ Conference on Technological Assaults on Privacy, April 18-20, 1996. Rochester Institute of Technology, Rochester, New York. Papers should be submitted by February 1, 1996. Contact Wade Robison privacy@rit.edu, by FAX at (716) 475-7120, or by phone at (716) 475-6643. IEEE Symposium on Security and Privacy, May 6-8, 1996. Oakland, CA. Sponsored by IEEE. Contact: sp96@cs.pdx.edu or http://www.cs.pdx.edu/SP96. Australasian Conference on Information Security and Privacy June 24-26, 1996. New South Wales, Australia. Sponsored by Australasian Society for Electronic Security and University of Wollongong. Contact: Jennifer Seberry (jennie@cs.uow.edu.au). Visions of Privacy for the 21st Century: A Search for Solutions. May 9-11, 1996. Victoria, British Columbia. Sponsored by The Office of Information and Privacy Commissioner for the Province of British Columbia and the University of Victoria. Program at http://www.cafe.net/gvc/foi Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St. John's College, Cambridge, England.Contact: Ms. Gill Ehrlich +44 181 423 1300 (tel), +44 181 423 4536 (fax). Advanced Surveillance Technologies II. Sponsored by EPIC and Privacy International. September 16, 1996. Ottawa, Canada. Contact pi@privacy.org or http://www.privacy.org/pi/conference/ 18th International Conference of Data Protection and Privacy Commissioners. Sponsored by the Privacy Commissioner of Canada. September 18-20, 1996. Ottawa, Canada. International Colloquium on the Protection of Privacy and Personal Information. Commission d'acces a l'information du Quebec. May 1997. Quebec City, Canada. (Send calendar submissions to Alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes). Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info@epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support.