Volume 3.07 March 28, 1996
 CDA Trial Begins in Federal Court  House Approves Immigration Bill, Rejects National ID Card  Court Dismisses Case Challenging Export Controls  Medical Privacy Coalition Releases Draft Medical Privacy Bill  California PUC Files Supreme Court Appeal on Caller Id Decision  Administration's FY 1997 Budget - 100 million for Digital Telephony  CFP Begins in Cambridge  Upcoming Conferences and Eventss
 CDA Trial Begins in Federal Court
An evidentiary hearing opened in U.S. District Court in Philadelphia on March 21 in the constitutional challenge to the Communications Decency Act. During two days of testimony, the plaintiffs explained the workings of the Internet to the special three-judge panel and demonstrated the potential adverse impact of the statutory ban on the transmission of "indecent" material. "We succeeded in presenting strong evidence on all the major reasons why this law is unconstitutional," said Christopher Hansen, lead counsel for the American Civil Liberties Union. The censorship law, he said, "is technically and economically infeasible to enforce, it blocks speech that has value to a great many people, and it ignores effective alternatives available both to protect children and to protect free speech." The three-judge panel was clearly interested in the workings of the Internet and engaged in extended dialogue with the witnesses called by the plaintiffs. The witnesses included: Scott O. Bradner, senior technical consultant, Information Technology Services, Harvard University Ann W. Duvall, president, SurfWatch Inc. Patricia Nell Warren, author and publisher, WildCat Press Kiyoshi Kuromiya, director, Critical Path AIDS Project Reverend William R. Stayton, psychologist and Baptist minister Donna Hoffman, associate professor of management, Owen Graduate School of Management at Vanderbilt University Robert B. Croneberger, director, Carnegie Library of Pittsburgh The proceedings will resume on April 1, when the plaintiffs will conclude the presentation of their case. The government will present its evidence on April 12 and 15, with plaintiffs' rebuttal scheduled for April 26. The litigation was initiated by the ACLU, EPIC and a coalition of other organizations on February 8, shortly after the CDA was signed into law. A second case, which has been consolidated with the ACLU/EPIC challenge, was subsequently filed by a coalition led by the American Library Association. Additional information on the case, including links to media coverage of the trial, is available at: http://www.epic.org/free_speech/censorship/lawsuit/
 House Approves Immigration Bill, Rejects National ID Card
The House of Representatives rejected proposals for a national ID card and a mandatory national database of all workers in the United States. The vote came on March 22 when the House approved a far reaching immigration reform bill. A manager's amendment submitted by Rep. Lamar Smith (R-TX) made the employment verification provisions voluntary in at least five of the seven states with the highest levels of illegal immigration. To encourage companies to use the voluntary system, firms would be provided various incentives. By a vote of 221 to 191, the House rejected a proposal from Rep. Bill McCollum (R-FL) to create a "tamperproof social security account card." Previous proposals by McCollum would have required that all individuals over the age of 16 obtain such a card, which would include the person's photograph, name, address, social security number, and some form of biometric identification such as a fingerprint or retinal scan. An amendment by Rep. Steve Chabot (R-OH) to eliminate all identification provisions was defeated by a vote of 260 to 159. The final bill passed on a vote of 333 to 87. The Senate is expected to take up the Immigration bill starting this week.
 Court Dismisses Case Challenging Export Controls
A federal district court in Washington, D.C. on March 22 dismissed a case brought by privacy activist Phil Karn challenging the constitutionality of export controls on cryptography. In February 1994, Karn applied for a license to export cryptographer Bruce Schneier's book "Applied Cryptography." The State Department approved the license, but shortly thereafter, denied Karn's request for a license to export a disk set which contained text files of different cryptographic algorithms that were printed in the book. Karn filed suit, claiming that the denial violated the Administrative Procedures Act and the First and Fifth Amendments to the Constitution. The court rejected all of Karn's claims, stating that the case presented a "political question for the two elected branches" to decide. It found that the Arms Export Control Act precluded judicial review of administrative decisions concerning the applicability the "Munitions List," a regulatory listing of items that may not be exported. On the First Amendment claim, the court held that the restrictions were "content neutral" because the government is "not regulating the export because of the expressive content of the comments and or source code, but instead [is] regulating because of the belief that the combination of encryption source code on machine readable media will make it easier for foreign governments to encode their communications." More information on the case and on export controls is available at: http://www.epic.org/crypto/export_controls/
 Medical Privacy Coalition Releases Draft Medical Privacy Bill
The Medical Privacy Coalition, an ad hoc group of privacy, medical, consumer and patient rights groups has prepared a draft medical privacy bill. Dr. Denise Nagel, chair of the Privacy Coalition and the head of the Coalition for Patient's Rights, said that the draft bill addresses privacy concerns that have been raised about Senate measure S. 1360. (The American Medical Association recently wrote to Senator Kassebaum to express concern about S. 1360. See EPIC Alert 3.06) The new draft bill is based on a patient-centered view of medical record privacy and strictly limits disclosure of medical information for other purposes. It is based on five principles: o Individuals posses a right to privacy with respect to their personally identifiable health information; o This right to privacy may not be waived in the absence of meaningful notice and informed (not coerced) consent; o In the absence of an express waiver, the right to privacy may not be eliminated or limited, except as expressly provided under this legislation; o The private patient/physician relationship must be facilitated and protected; and o Information that is disclosed must be limited in amount, duration, and use, thus prohibiting secondary, unauthorized uses or disclosures, as well as fishing expeditions. The proposed bill gives each patient the right to access, copy and correct health information, limits third party access, prohibits the use of the SSN as a health care identifier, and prohibits the creation of longitudinal health records without the consent of the patient. Activity in Washington on medical privacy is likely to accelerate in the next few months. The Consumer Project on Technology is expected to host a workshop in Washington, DC in early May on medical record privacy. A copy of the Medical Privacy Coalition's draft bill and more information on medical privacy is available at: http://www.epic.org/privacy/medical/
 California PUC Files Supreme Court Appeal on Caller Id Decision
The California Public Utility Commission has filed a Petition with the U.S. Supreme Court, asking the Court to overturn the 9th Circuit Court of Appeals' recent decision upholding FCC preemption of California rules on Caller ID. The CPUC petition is based on two grounds: (1) federalism; and (2) the important individual interests in freedom of speech and privacy involved in the issue. The Commission argues that the purpose of its Caller ID regulation was to protect individuals who have nonpublished numbers and who may not be reached by the education campaign currently being conducted by the telephone companies. The petition asserts that "the compelled nondisclosure of private telephone numbers identifying the speaker 'burdens protected speech' and is subject to exacting First Amendment scrutiny." It also argues that because the individuals already have nonpublished numbers, they have a greater expectation of privacy. The CPUC submission ends with a plea to protect privacy: As we enter the "Information Age" of relentless telemarketing, of readily available databases containing universal directories, customer credit profiles and other current virtual biographies, with cross referencing software, and of the unencumbered dissemination of information on the Internet, California's authority to adopt a mechanism to preserve its citizen's control over personal information such as their nonpublished telephone numbers should be protected by this Court. A copy of the Ninth Circuit opinion may be viewed at: http://www.epic.org/privacy/caller_id/cal_v_fcc.html Additional materials on Caller ID will soon be available at the EPIC web site.
 Administration's FY 1997 Budget - 100 million for Digital Telephony
The Clinton Administration is asking for $100 million for Fiscal Year 1997 to fund the FBI's Digital Telephony proposal. In addition to the money that will go to telephone companies under the "Telephone Carrier Compliance Program," the FBI is also seeking funds to develop its own wiretap tools. An undefined amount of additional funding from the $133 million Violent Crime Reduction Program will be used to "finance continued research and development efforts to produce the equipment to perform court ordered wiretaps within a digital telephony environment." A substantial sum of money is being requested to enhance the FBI's databases. The Bureau is also asking for $84.4 million for an automated fingerprint identification system (AFIS) and $5.5 million for DNA testing and "establishing an index to facilitate law enforcement exchange of DNA identification information" -- the Combined DNA Index System (CODIS). Other funds will be used for a nation name/background check for handgun purchases and to establish new databases for "violent gangs/terrorists" and "hostage/barricade." DOJ's Office of Justice is asking for another $60 million to fund states to computerize their criminal records systems so that they can be incorporated in the federal network. According to the Administration's budget document, there were over 574 million transactions on the National Crime Information Computer (NCIC) in 1995, and it is estimated that in 1996, it will be accessed 631 million times. The new budget also seeks $20 million for the Immigration and Naturalization Service to improve its computer records and to fund pilot programs for employment verification. According to a budget overview, the Administration estimates that 1,000 employers will be using the program by the end of 1996. The INS is also asking for $7.8 million to fund the IDENT system, which would use biometrics to identify individuals crossing the border.
 CFP Begins in Cambridge
The sixth annual conference on Computers, Freedom and Privacy begins this week in Cambridge Massachusetts. The conference brings together individuals from across the cyberspace community to explore new challenges to on-line freedom. Featured panels include a moot court case involving a federal law that restricts the use of encryption, limitations on on-line speech on campus, new proposals on copyright, and Internet policies in China. More information about CFP, including daily updates, may be obtained from the CFP home page: http://web.mit.edu/cfp96
 Upcoming Conferences and Events
Computers Freedom and Privacy '96. March 27-30, 1996. Cambridge, Mass. Sponsored by MIT, ACM and WWW Consortium. Contact email@example.com or http://web.mit.edu/cfp96/ Information Leakage by World Wide Web Browsers: How to Blackmail Someone With Their Own Web Surfing Habits with Shabbir J. Safdar of Voters Telecommunications Watch. April 16, 1995. Washington, DC. Sponsored by the Institute for Computer and Telecommunications Systems Policy, George Washington University. Contact http://www.seas.gwu.edu/seas/ictsp/Activities/Seminars/. Conference on Technological Assaults on Privacy, April 18-20, 1996. Rochester Institute of Technology, Rochester, New York. Contact: Wade Robison, firstname.lastname@example.org, by FAX at (716) 475-7120, or by phone at (716) 475-6643. Electronic Democracy. April 24-25, 1996. Ottawa, Ontario. Sponsored by Riley Information Services. Contact: email@example.com or http://www.rileyis.com. RSA Day in Washington. April 25, 1996. Washington, D.C. Sponsored by RSA Data Security. Contact: Layne Kaplan Events (415) 340-9300 or http://www.rsa.com. Computerizing Medical Records and Health Information: The Societal Benefits and Privacy Issues with Professor Alan Westin and EPIC's Marc Rotenberg. April 26, 1995. Washington, DC. Sponsored by the Institute for Computer and Telecommunications Systems Policy, George Washington University. Contact http://www.seas.gwu.edu/seas/ictsp/ Activities/Seminars/. IEEE Symposium on Security and Privacy, May 6-8, 1996. Oakland, CA. Sponsored by IEEE. Contact: firstname.lastname@example.org or http://www.cs.pdx.edu/SP96. Visions of Privacy for the 21st Century: A Search for Solutions. May 9-11, 1996. Victoria, British Columbia. Sponsored by The Office of Information and Privacy Commissioner for the Province of British Columbia and the University of Victoria. Program at http://www.cafe.net/gvc/foi Internet Privacy and Security Workshop. May 20-21, 1996. Haystack Observatory, MA. Sponsored by Federal Networking Council and MIT. Contact: email@example.com. InfoWarCon (Europe) '96, Defining the European Perspective. May 23-24, 1996. Brussels, Belgium. Sponsored by the National Computer Security Association. Contact: firstname.lastname@example.org. Australasian Conference on Information Security and Privacy. June 24-26, 1996. New South Wales, Australia. Sponsored by Australasian Society for Electronic Security and University of Wollongong. Contact: Jennifer Seberry (email@example.com). Personal Information - Security, Engineering and Ethics. 21-22 June, 1996. Isaac Newton Institute, Cambridge. Sponsored by Cambridge University and British Medical Association. Paper submission due 10 May 1996. Contact: Ross Anderson (firstname.lastname@example.org). Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St. John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181 423 1300 (tel), +44 181 423 4536 (fax). Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored by Ross Associates. Contact: Marilyn Roseberry 703-450-2200. Fifth International Information Warfare Conference, "Dominating the Battlefields of Business and War", September 5-6, 1996. Washington, DC. Sponsored by Interpact, NCSA, OSS. Contact: email@example.com Advanced Surveillance Technologies II. Sponsored by EPIC and Privacy International. September 16, 1996. Ottawa, Canada. Contact: firstname.lastname@example.org or http://www.privacy.org/pi/conference/ 18th International Conference of Data Protection and Privacy Commissioners. September 18-20, 1996. Ottawa, Canada. Sponsored by the Privacy Commissioner of Canada. (Send calendar submissions to Alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to email@example.com with the subject: "subscribe" (no quotes). Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email firstname.lastname@example.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support.