Volume 3.19 November 21, 1996
[1] New Executive Order on Cryptography [2] CDA Plaintiffs Ask Supreme Court to Affirm Decision [3] Court Rules AOL Not Subject to First Amendment in Junk Mail Case [4] EPIC Files Brief in Support of Crypto Rights [5] FTC to Investigate Online Privacy [6] NY Censorship Law Goes Into Effect [7] Senators and Congress Criticize Clipper 4 Proposal [8] Upcoming Conferences and Events
[1] New Executive Order on Cryptography
The White House announced on November 15 a new Executive Order on cryptography. The Executive Order on the Administration of Controls on Encryption Products directs the issuance of new regulations governing export controls on cryptography. The provisions of the Order will take effect upon the promulgation of final regulations implementing the changes in the export regime. The new regulations will likely retain many of the restrictions on exporting cryptographic devices. The order finds that: "the export of encryption products described in this section could harm national security and foreign policy interests even where comparable products are or appear to be available from sources outside the United States." Under the Executive Order, control over exports of encryption products will be transferred from the Department of State to the Department of Commerce. At the same time, the Department of Justice will be given an expanded role in determining whether encryption products can be exported. A Justice Department representative will sit on all relevant review bodies and will be a voting member of the Export Administration Review Board. Export controls lawyers believe that this could result in fewer export approvals given the previous positions of the Justice Department on the public availability of strong encryption. Public disclosure or judicial review of decisions to grant an export license is precluded because it would purpertedely "reveal or implicate classified information that could harm United States national security and foreign policy interests." An accompanying memorandum also indicates that under the final implementing regulations, source code will be controlled in the same manner as finished products. Such restrictions may apply to books such as EPIC advisory board member Bruce Schneier's "Applied Cryptography." The final regulations will also require that any person who makes encryption software available by means of "electronic bulletin boards and Internet file transfer protocol sites" must "take precautions adequate to prevent the unauthorized transfer of such code outside the United States." This langauge is broader than the current provision in the International Trafficing in Arms Regulations and may leave Online Service Providers, bulletin board operators, and others subject to prosecution. In a separate announcement, Vice President Gore announced that David Aaron, the US Permanent Representative to the OECD, would be appointed Special Envoy for Cryptography Policy. It is anticipated that Mr. Aaron will attempt to promote key escrow encryption through bilateral and multilaterial negotation. The United States has beenpressuring the OECD to accept key escrow as an international standard. Previously, US lobbying efforts have been led by the Justice Department and the NSA. A detailed analysis by EPIC and more information on the Executive Order is available at: http://www.epic.org/crypto/export_controls/
[2] CDA Plaintiffs Ask Supreme Court to Affirm Decision
On October 31, the plaintiffs in ACLU v. Reno filed a motion asking the Supreme Court to affirm a lower court decision that rejected as unconstitutional a law that allowed the government to censor the Internet. The motion urged the Court to issue a "summary affirmance" -- a finding that the lower court decision issued in Philadelphia on June 12 was correct and therefore does not merit further examination. EPIC is participating as both a plaintiff and co-counsel in the landmark litigation. The Communications Decency Act (CDA) was enacted as part of the telecommunications reform legislation signed into law in February. It makes it a crime, punishable by up to two years in jail and/or a $250,000 fine, for anyone to engage in speech that is "indecent" or "patently offensive" on computer networks if the speech can be accessed or viewed by a minor. The plaintiffs argued -- and the three-judge lower court panel agreed -- that because there is no way to shield minors alone from online "indecency," the CDA amounts to a criminal ban on constitutionally protected communication among adults. The text of the plaintiffs' motion to affirm, and other material relevant to the litigation, is available at: http://www.epic.org/free_speech/CDA/
[3] Court Rules AOL Not Subject to First Amendment in Junk Mail Case
In an effort to provide some relief to subscribers besieged by unsolicited commercial e-mail (or "spam"), America Online blocked incoming mail originating from one of the biggest commercial spammers, Cyber Promotions, Inc. Cyberpromotions claimed that it had a right to provide information to AOL subscribers. Not surprisingly, the dispute ended up in court, with the mass-mailer arguing that AOL was violating its First Amendment right to free speech. A federal judge in Philadelphia issued a decision on November 4, upholding AOL's right to block unsolicited commercial e-mail addressed to its subscribers. Noting that the First Amendment's free speech protections apply only to governmental entities, the court examined AOL's activities and concluded that: Although AOL has technically opened its e-mail system to the public by connecting with the Internet, AOL has not opened its property to the public by performing any municipal power or essential public service and, therefore, does not stand in the shoes of the State. In other words, AOL operates a private forum and is thus subject to the First Amendment. Unlike the government, said the court, the online service can restrict speech within its borders. While many AOL subscribers will likely welcome the immediate effect of the decision -- relief from unwanted junk e-mail -- its long-term consequences could include increased censorship by AOL and other online services. The text of the decision in Cyber Promotions, Inc. v. America Online is available at: http://www.epic.org/free_speech/
[4] EPIC Files Brief in Support of Crypto Rights
EPIC has filed a friend-of-the-court brief in support of computer security expert Philip Karn's case against the State Department challenging crypto export controls. Karn is testing the constitutionality of export regulations that require a license before cryptographic source code can be sent out of the country. The brief argues that cryptographic source code is speech protected by the First Amendment. Secondly, it argues that the current system of licenses constitutes a prior restraint of speech prohibited by the First Amendment. The brief was also endorsed by the ACLU, the Internet Society and the U.S. Public Policy Committee of the Association for Computing (USACM). Oral Arguments in the case are scheduled to be heard on January 10, 1997, before the U.S. Court of Appeals for the District of Columbia Circuit. A copy of the brief and additional information is available at: http://www.epic.org/crypto/export_controls/
[5] FTC to Investigate Online Privacy
The Federal Trade Commission has been asked by three U.S. Senators to investigate online privacy and report back to Congress with recommendations. The senators, Richard Bryan (D-NV), Larry Pressler (R-SD) and Fritz Hollings (D-SC), who sit on the Senate Commerce Committee, sent the letter on October 8. The letter asks the FTC to conduct research into online privacy issues in the wake of the controversy over the LEXIS P-TRAK database. The FTC had originally requested legislation to address the issue. The letter requests that the FTC "investigate the compilation, sale, and usage of electronically transmitted data bases that include identifiable personal information of private citizens without their knowledge." The FTC will focus on the rights of users and possible abuses in online databases; its report is due in six months. A copy of the letter to the FTC and more information on P-TRAK is available at: http://www.epic.org/privacy/
[6] NY Censorship Law Goes Into Effect
A new law in New York State on Internet censorship went into effect on November 1. The new law bans the distribution of "indecent" speech that is "harmful to minors" if the person "intentionally uses any computer communications system allowing the input, output, examination or transfer, of computer data or computer programs from one computer to another, to initiate or engage in such communications with a person who is a minor." The law provides defenses if the recipient or audience to an allegedly obscene performance, consisted of persons or institutions having scientific, educational, governmental or other similar justification for possessing, disseminating or viewing the same." It also creates defenses for using filtering software and identification of users to verify their age. The law is similar to the Communications Decency Act that was struck down by two federal courts. New York Governor George Pataki signed into law on September 4. The ACLU is currently gathering information for a court challenge. More information on Internet censorship is available from: http://www.epic.org/free_speech/censorship/
[7] Senators and Congress Criticize Clipper 4 Proposal
A bi-partisan group of twenty-one Senators and Congressmen wrote the White House on October 15 criticizing the administration's Clipper 4 proposal. The group, led by Sen. Conrad Burns (R-MT) and Sen. Ron Wyden (D-OR) called the proposal "flawed" and stated, "We fear these defects will continue to leave U.S. companies at a disadvantage in the world market". The letter calls on the White House to work with Congress and public interest groups and states that oversight hearings on crypto policy will be held when Congress returns. A copy of the letter and more information on the administration's key escrow policy is available at: http://www.epic.org/crypto/key_escrow/
[8] Upcoming Conferences and Events
"1997 RSA Data Security Conference." January 28-31, 1997. San Francisco, CA. Contact: http://www.rsa.com "Financial Cryptography 1997 (FC97)." February 24-28, 1997. Anguilla, BWI. Sponsored by International Association for Cryptologic Research. http://www.cwi.nl/conferences/FC97 "CFP97: Commerce & Community." March 11-14, 1997. Burlingame, California. Sponsored by the Association for Computing Machinery. Contact: cfp97@cfp.org or http://www.cfp.org "Eurosec'97: the Seventh Annual Forum on Information Systems Quality and Security. "March 17-19. 1997. Paris, France. Sponsored by XP Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/ "Ethics in the Computer Society" The Second Annual Ethics and Technology Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola University Chicago. http://www.math.luc.edu/ethics97 INET 97 -- "The Internet: The Global Frontiers." June 24-27, 1997. Kuala Lumpur, Malaysia. Sponsored by the Internet Society. Contact: inet97@isoc.org or http://www.isoc.org/inet97 "AST3: Cryptography and Privacy." September 15, 1997. Brussels, Belgium. Sponsored by Privacy International and EPIC. Contact: pi@privacy.org. "International Conference on Privacy." September 23-26, 1997. Montreal, Canada. Sponsored by the Commission d'Acces a l'information du Quebec. (Send calendar submissions to Alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news@epic.org with the subject: "subscribe" (no quotes). Back issues are available via http://www.epic.org/alert/
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info@epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support.