EPIC logo




EPIC ALERT


                    Volume 3.15            August 23, 1996


Published by the
Electronic Privacy Information Center
Washington, D.C.
http://www.epic.org/


Table of Contents

[1] Senate to Consider Counterterrorism Bill in September
[2] Call for Grassroots Crypto Action
[3] Welfare Bill Signed by Clinton
[4] Court Rules NSC Not Subject to FOIA
[5] Congress to Review National ID Card Proposals
[6] Another Suit Filed Challenging Crypto Export Restrictions
[7] EPIC/PI to Sponsor Conference on Surveillance Technologies
[8] Upcoming Conferences and Events


[1] Senate to Consider Counterterrorism Bill in September


The Senate is scheduled to take up counter-terrorism legislation in early September that will include expansion of government wiretapping authority, increased collection of personal information, and other provisions that would limit personal privacy. The House passed a version of the bill, the Aviation Security and Antiterrorism Act of 1996 (HR 3953), on August 2. Led by freshman Republicans, the House rejected efforts by the Clinton Administration to include in the bill new expanded powers for wiretapping. Another measure, the Antiterrorism Law Enforcement Act of 1996 (H.R. 3960), was also introduced -- it includes the full wiretapping authority requested by the White House. Rep. Bill McCollum (R-FL) is planning to hold hearings on wiretapping in September. The Senate is planning to consider a number of wiretap-related provisions, including: o More "emergency wiretaps" that could be conducted without a warrant; o Roving Taps - more wiretaps without specifying the target; o Expanded number of crimes for which wiretaps could be conducted; o "Bad faith" exception which would allow use of illegal taps in court unless target can prove bad faith action by govt agent; o Expanded use of pen registers and trap and trace devices for "counterintelligence" purposes; and o Funding for Digital Telephony. More information on current anti-terrorism proposals is available at: http://www.epic.org/privacy/terrorism/


[2] Call for Grassroots Crypto Action


Encryption legislation will also be on the agenda when Congress returns in September. The Promotion of Commerce Online in the Digital Era ("Pro-CODE") bill in the Senate (S.1726) and the Security and Freedom Through Encryption ("SAFE") bill in the House (HR 3011) would relax U.S. export controls on strong encryption. EPIC has joined with other organizations to encourage grassroots support for these efforts during the week of September 3 - 10. Information on "Crypto Action Week" can be found at: http://www.epic.org/crypto/legislation/caw.html Individuals and organizations supporting on-line security and privacy should display the "Golden Key Campaign" logo on their homepages. Information is available at the Internet Privacy Coalition site: http://www.privacy.org/ipc/


[3] Welfare Legislation Signed by Clinton


On August 22, President Clinton signed the Personal Responsibility and Work Opportunity Reconciliation Act of 1996. The bill includes a number of sections that expand the use of the Social Security Number and create new databases of personal information. The bill requires that states obtain individuals' Social Security Numbers for many state documents. It provides that on "any application for a professional license, commercial driver's license, occupational license, or marriage license [the SSN] be recorded on the application." The new bill also creates a national database of every employee in the United States. States are also required to create databases of "new hires." The state databases would be uploaded to a federal registry and the Social Security Administration would verify the SSNs. The Commissioner of Social Security is required to develop "a prototype of a counterfeit-resistant social security card" made of tamper proof materials for proving citizenship, and to issue a report on the cost of issuing a new card to all citizens over a three, five or ten year period. More information on the welfare bill, the Social Security Number, and efforts to expand its use is available at: http://www.epic.org/privacy/ssn/


[4] Court Rules NSC Not Subject to FOIA


In a major blow to the principle of government accountability, the federal appeals court in Washington, DC, has ruled that the National Security Council (NSC) is not subject to the disclosure requirements of the Freedom of Information Act (FOIA). The August 2 split decision in Armstrong v. Executive Office of the President was written by Judge Douglas Ginsburg, who was joined by Judge Harry Edwards. A dissenting opinion was written by Judge David Tatel. The Armstrong case involved the status of archived White House e-mail dating back to the Reagan administration. While successive administrations have fought to preserve the confidentiality of White House e-mail and computer systems, the Clinton administration was the first to contend that the NSC is not an "agency" subject to the FOIA and the Federal Records Act. The lower court (Judge Charles Richey) had rejected the administration's position, but the Court of Appeals for the District of Columbia Circuit reversed, concluding that "the close working relationship between the NSC and the President indicates that the NSC is more like 'the President's immediate personal staff' than it is like an agency exercising authority independent of the President." The decision will have a significant impact on the ability of the public to oversee the development of policies that affect the Internet. The NSC, for instance, has been deeply involved in encryption policy and the controversial Clipper Chip initiative. An NSC-related entity, the Security Policy Board, is currently developing "information security" policies that will potentially have a substantial impact on the Internet and other electronic communications media. EPIC is currently litigating FOIA cases against the NSC seeking the disclosure of information concerning these activities. The future of those cases is now in doubt. The text of the decision is available at: http://www.epic.org/open_gov/nsc_decision.html


[5] Congress to Review National ID Card Proposals


Congress is expected to take up immigration bills with controversial identification provisions in early September. Different versions of the bill were passed by the House and the Senate in April and May, and a conference committee has been reviewing the bills since then. Both versions of the bill contain ID provisions for the purpose of employment eligibility. The House bill creates a pilot program for a national database that employers in five of the states with the most illegal immigration would use to determine eligibility. Employers would voluntarily call a toll free number to check applicants' Social Security Numbers against a database created by the Social Security Administration and the Immigration and Naturalization Service. Proposals to make this system mandatory and to use a tamper-proof identity card were defeated in April. Opponents, such as Rep. Steven Chabot (R-OH) have described the program as "1-800-BIG BROTHER" and questioned the accuracy of the databases used. Even a small percentage of incorrect data could result in the denial of jobs for hundreds of thousands of people each year. They also note the likelihood that the program would become mandatory nationwide since the size of the pilot program would already cover nearly half of the U.S. population. The Senate bill would require the Attorney General to set up several pilot programs, including telephone verification of the SSN, using state issued licenses with machine readable SSNs, and requiring employers to verify eligibility with the INS for individuals who do not attest that they are citizens. The Attorney General would determine which jurisdictions would use the programs and could make the programs mandatory for all employers in designated regions. After three years, the President would develop and recommend a program to Congress. More information on these proposals, and other information related to national ID cards, is available at: http://www.epic.org/privacy/id_cards/


[6] Another Suit Filed Challenging Crypto Export Restrictions


An Ohio law professor filed suit against the State Department and the National Security Agency on August 8, challenging the constitutionality of export controls on cryptography. Professor Peter Junger, a Case Western Reserve University Law School challenged the restrictions on a number grounds, including that they constitute a prior restraint on free speech; are vague; infringe on academic freedom and political speech; and violate separation of powers by creating de facto domestic restrictions on cryptography without Congressional authority. Junger teaches the "Computers and the Law" course at the university. As part of the course, he wrote an encryption program designed to illustrate how to use various cryptosystems. He has had to prohibit foreign students from taking the class and restrict distribution of his course material because of the ITAR restrictions. More information on the Junger lawsuit, other challenges to the ITAR, and general information on export controls is available at: http://www.epic.org/crypto/export_controls/


[7] EPIC/PI to Hold Conference on Surveillance


The new generation of covert surveillance activities of government agencies and private companies will be examined at a conference to be held in Ottawa next month, sponsored by EPIC and Privacy International. The conference will explore the process of planning and implementation of the technologies, their operating conditions, and the people and organizations responsible for instituting them. The conference will also examine possible technical, regulatory and legal responses. A number of former government agents, intelligence experts and surveillance analysts will gather at the Advanced Surveillance Technologies II conference on September 16th to discuss the use of powerful new technologies being used to gather information. Speakers will include Mike Frost, a former intelligence officer for the Canadian Communications Security Establishment and author of the bestseller "Spyworld." He will discuss the surveillance technologies used by the CSE and its American counterpart, the National Security Agency. The Conference will take place at the Citadel Hotel in Ottawa, Canada. More information is available on the conference from the Privacy International Web Page at: http://www.privacy.org/pi/conference/ottawa/


[8] Upcoming Conferences and Events


"Symposium on Integrated Justice Information Systems." September 9-11, 1996. Washington, DC. Sponsored by the SEARCH Group. Contact: (916) 392-2550. "Salute to FOIA." September 12-13, 1996. Arlington, VA. Sponsored by the Freedom Forum and the American Society of Newspaper Editors. Contact: asne@asne.org. "Advanced Surveillance Technologies II." September 16, 1996. Ottawa, Canada. Sponsored by EPIC and Privacy International. Contact: http://www.privacy.org/pi/conference/ottawa/ or email pi@privacy.org. "Privacy Beyond Borders", 18th International Privacy and Data Protection Conference. September 18-20, 1996. Ottawa, Canada. Sponsored by the Privacy Commissioner of Canada. Contact: jroy@fox.nstn.ca. "Regulation or Private Ordering? The Future of the Internet." September 20, 1996. Washington, DC. Sponsored by the CATO Institute. Contact: R. Scott Wallis, (202) 789-5296. "The 2nd International Conference & Exhibit on Doing Business Securely on the Information Highway." September 30 - October 1, 1996. Montreal, Quebec, Canada. Contact: http://www.ecworld.org/Conferences/2nd_Security/menu.ht ml. "Managing Privacy in Cyberspace and Across National Borders." October 8-10, 1996. Washington, DC. Sponsored by Privacy and American Business. Contact: Lorrie Sherwood, (201) 996-1154. "The Information Society: New Risks & Opportunities in Privacy," October 17-18, 1996. Bruxelles, Belgium. Sponsored by the European Parliament. Contact: http://www.droit.fundp.ac.be/privacy96.html "Communications Unleashed - What's at Stake? Who Benefits? How to Get Involved!" October 19-20, 1996. Washington DC. Sponsored by CPSR and Georgetown University. Contact: phyland@aol.com. 19th National Information Systems Security Conference. October 22-25, 1996. Baltimore, MD. Sponsored by NSA & NIST. Contact: Tammy Grice (301) 948-2067. "Eurosec'97, the Seventh Annual Forum on Information Systems Quality and Security." March 17-19. 1997. Paris, France. Sponsored by XP Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/ (Send calendar submissions to Alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes). Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info@epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support.