EPIC logo




EPIC ALERT


                    Volume 3.16            September 12, 1996


Published by the
Electronic Privacy Information Center
Washington, D.C.
http://www.epic.org/


Table of Contents

[1] White House Proposes Screening of all Airline Passengers
[2] EPIC Testifies on Children's Privacy Bill
[3] House Panel Probes White House Database
[4] Crypto Update
[5] Anonymous Remailer Shuts Down
[6] EPIC Now Accepts First Virtual Contributionst
[7] EPIC/PI to Sponsor Conference on Surveillance Technologies
[8] Upcoming Conferences and Events


[1] White House Proposes Screening of all Airline Passengers


In the wake of perceived terrorist threats and the mysterious crash of TWA Flight 800 in July, a Presidential advisory panel has proposed an automated system for increased screening and "profiling" of airline passengers for all domestic and international flights. In its interim report sent to President Clinton on September 9, the White House Commission on Aviation Safety and Security provided few specifics, but noted that "[b]ased on information that is already in computer databases, passengers could be separated into a very large majority who present little or no risk, and a small minority who merit additional attention." Details of the profiling system will presumably be withheld from the public on national security grounds -- a substantial portion of the Commission's "public" meeting on September 5 was closed to permit the discussion of "classified" matters. Nonetheless, the proposed system appears to raise substantial privacy issues. The Washington Post recently reported that under the proposal, "the federal government would require creation of a computer profiling system that would examine passengers' bill-paying records, flying habits and much other data to determine which checked baggage should undergo examination by sophisticated explosives detection equipment." The Commission's initial report also calls for FBI and CIA involvement in the development of the profiling database. The theory underlying the profiling proposal appears to be that even seemingly innocuous bits of personal data can raise the suspicions of a law enforcement agency. This point is illustrated by the comments of an unidentified FBI agent recently quoted in a New York Times article. Discussing the Bureau's investigation of the bombing of Pan Am Flight 103 over Scotland, the agent noted that, "Almost everyone on the plane, almost everyone you ever met, has something that can get your imagination going. A recent fight, a divorce, a business deal, an overseas connection -- when you don't know what you're looking for, it's easy to see all kinds of possibilities." EPIC plans to monitor the development of the automated passenger profiling system under the public oversight provisions of the Federal Advisory Committee Act, which governs the proceedings of the White House Commission. More information, including relevant government documents, is available at: http://www.epic.org/privacy/faa/


[2] EPIC Testifies on Children's Privacy Bill


EPIC Director Marc Rotenberg testified today before the House Judiciary Committee Subcommittee on Crime in support of the Childrens Privacy Protection and Parental Empowerment Act of 1996. The bill would establish basic privacy standards for organizations that collect personal information on children and curb recent abuses in the marketing industry. The bill is sponsored by Rep. Bob Franks (R-NJ) and has 46 cosponsors in the House of Representatives. A similar measure has been introduced in the Senate by Senator Dianne Feinstein (D-CA). Rotenberg said that "current practices pose a substantial threat to the privacy and safety of young people." He described a recent incident where a reporter posing as the murderer of Polly Klaas was able to obtain the ages and address of young children living in the Pasadena area. Rotenberg also cited editorials from USA Today and the Economist favoring privacy legislation as well as public opinion polls which show that 9 out of 10 Americans object to the sale of personal data where explicit consent is not obtained. Recalling the passage of the Family Educational Right to Privacy Act of 1974, which protects the privacy of student records, Rotenberg said there was already Congressional recognition of the need to protect personal information about young children. "No universities have been shut down because of the Act, but the privacy of children's educational records is more secure because Congress did not fail to act when it had the opportunity to establish privacy protection for young people." Also testifying in support of the bill were Rep. Bob Franks, children rights advocate Marc Klaas, and Miriam Bell of Enough is Enough. Marc Klaas also heads the Klaas Foundation for Children which launched the Kids Off Lists campaign. Testifying against the bill were representatives from the Direct Marketing Association, a list broker, a book publisher, and a police officer from San Bernardino. More information on the Childrens Privacy bill and kids privacy may be found at: http://www.epic.org/privacy/kids/ The Klaas Foundation for Children is on the web at: http://www.klaaskids.inter.net/


[3] House Panel Probes White House Database


The General Accounting Office revealed at a hearing of a subcommittee of the House Committee on Government Reform and Oversight on September 11 that the secret White House database of 200,000 people has inadequate controls on access. The GAO reported that the database, the existence of which was revealed during the Filegate controversy, does not keep track of what files have been viewed by the 150 White House staffers who are authorized to access the files. The database contains 125 different fields of information for each file. Several thousand files included ethnic and political information. The GAO did not reveal in its testimony what was contained in the other fields. According to news reports, the database was designed to link into other related databases, including the Secret Service and the Democratic National Committee. The White House claims that the database is used for a number of reasons, including invitation lists for White House events, tracking correspondence, sending out Christmas cards and other matters. Congressional Republicans claim that it is more akin to the Nixon "enemies list." The database was created by PRC Inc., a company that also creates databases for the CIA and other intelligence agencies, among other government agencies.


[4] Crypto Update


As the election approaches and Congress scrambles to complete its agenda before recessing for the year, members are continuing to deal with cryptography-related issues. The Senate Commerce Committee delayed its scheduled vote on S. 1735, the Promotion of Commerce Online in the Digital Era, originally planned for September 12. The Committee is expected to take up the measure next week. Members of the Committee have reported receiving a large number of calls supporting the bill. Individuals interested in supporting the bill should continue calling members of the Committee. The House is planning to hold hearings at the end of September to examine the companion House bill. The hearings were originally scheduled for September 11 but were delayed due to other legislative matters. The White House is also expected to introduce its own legislation next week. According to reporter Brock Meeks, the legislation will offer "sweetheart deals" to limited segments of the industry including financial, health care and insurance sectors who would then agree to support government key escrow systems. The systems would then become de facto mandatory. Internationally, an expert committee of the Organization for Economic Cooperation and Development is meeting on September 26-27 to review draft guidelines on cryptography policy. The US has been pressuring the OECD to adopt its key escrow proposals as an international standard but has been opposed by other countries and business representatives. EPIC will be hosting an international symposium in Paris on September 25, in cooperation with the OECD, to provide an opportunity for cryptographers, human rights advocates, privacy experts and user associations to present public concerns about the development of international privacy guidelines. The event will feature speakers from more than a dozen countries and includes US cryptographers Matt Blaze, Whit Diffie, and Phil Zimmermann. On September 20, oral arguments will be heard in Daniel Bernstein's challenge to the constitutionality of export controls in federal court in San Francisco. Bernstein is arguing that the controls violate the First Amendment. Judge Marilyn Patel ruled preliminarily in May that software code is speech protected by the First Amendment More information on cryptography is available from: http://www.epic.org/crypto/


[5] Anonymous Remailer Shuts Down


Johann Helsingius, the operator of the anon.penet.fi anonymous e-mail service has decided to shut down his remailer service because of the unknown legal protections of privacy on the Internet. He had come received requests by the Church of Scientology and the Singapore government demanding to know the identity of some of his users. In a press release, he said that he hoped to bring the server back up once the Finnish government enacted new laws protecting privacy of electronic messages, "I will close down the remailer for the time being because the legal issues governing the Internet in Finland are yet undefined. The legal protection of the users needs to be clarified. At the moment the privacy of Internet messages is judicially unclear." A list of remailers and other tools to protect privacy are available from: http://www.epic.org/privacy/tools.html


[6] EPIC Now Accepts First Virtual Contributionst


Individuals interested in donating or purchasing books from EPIC can now use the First Virtual system to transfer money to EPIC. Until the end of 1996, donations of up to $50 will be matched by the Stern Foundation. Your support is appreciated and will help make possible our continued FOIA litigation, privacy advocacy, and web site development. More information about supporting EPIC is available at: http://www.epic.org/epic/donate.html


[7] EPIC/PI to Sponsor Conference on Surveillance Technologies


The new generation of covert surveillance activities of government agencies and private companies will be examined at a conference to be held in Ottawa next week, sponsored by EPIC and Privacy International. The conference will explore the process of planning and implementation of the technologies, their operating conditions, and the people and organizations responsible for instituting them. The conference will also examine possible technical, regulatory and legal responses. A number of former government agents, intelligence experts and surveillance analysts will gather at the Advanced Surveillance Technologies II conference on September 16th to discuss the use of powerful new technologies being used to gather information. Speakers will include Mike Frost, a former intelligence officer for the Canadian Communications Security Establishment and author of the bestseller "Spyworld." He will discuss the surveillance technologies used by the CSE and its American counterpart, the National Security Agency. The Conference will take place at the Citadel Hotel in Ottawa, Canada. More information is available on the conference from the Privacy International Web Page at: http://www.privacy.org/pi/conference/ottawa/


[8] Upcoming Conferences and Events


"Advanced Surveillance Technologies II." September 16, 1996. Ottawa, Canada. Sponsored by EPIC and Privacy International. Contact: http://www.privacy.org/pi/conference/ottawa/ or email pi@privacy.org. "Privacy Beyond Borders", 18th International Privacy and Data Protection Conference. September 18-20, 1996. Ottawa, Canada. Sponsored by the Privacy Commissioner of Canada. Contact: jroy@fox.nstn.ca or http://infoweb.magi.com/~privcan/ "Regulation or Private Ordering? The Future of the Internet." September 20, 1996. Washington, DC. Sponsored by the CATO Institute. Contact: R. Scott Wallis, (202) 789-5296. "The Public Voice and the Development of International Cryptography Policy." September 25, 1996. Paris, France. Sponsored by EPIC. Contact: rotenberg@epic.org. "The 2nd International Conference & Exhibit on Doing Business Securely on the Information Highway." September 30 - October 1, 1996. Montreal, Quebec, Canada. Contact: http://www.ecworld.org/Conferences/2nd_Security/ menu.html. "Managing Privacy in Cyberspace and Across National Borders." October 8-10, 1996. Washington, DC. Sponsored by Privacy and American Business. Contact: Lorrie Sherwood, (201) 996-1154. "The Information Society: New Risks & Opportunities in Privacy," October 17-18, 1996. Bruxelles, Belgium. Sponsored by the European Parliament. Contact: http://www.droit.fundp.ac.be/privacy96.html "Communications Unleashed - What's at Stake? Who Benefits? How to Get Involved!" October 19-20, 1996. Washington DC. Sponsored by CPSR and Georgetown University. Contact: phyland@aol.com. "19th National Information Systems Security Conference." October 22-25, 1996. Baltimore, MD. Sponsored by NSA & NIST. Contact: Tammy Grice (301) 948-2067. "Eurosec'97, the Seventh Annual Forum on Information Systems Quality and Security." March 17-19. 1997. Paris, France. Sponsored by XP Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/ (Send calendar submissions to Alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes). Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info@epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support.