EPIC logo
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 4.06	                                   April 17, 1997
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Germany Indicts CompuServe Official
[2] House & Senate Approve IRS Browsing Bills
[3] Supreme Court Strikes Down Drug Testing Law
[4] SSN Bills Introduced in House and Senate
[5] Commission Recommends Genetic Privacy Law
[6] SSA Drops Web Page
[7] EPIC Submits Comments to FTC on Consumer Privacy
[8] Upcoming Conferences and Events
[1] Germany Indicts CompuServe Official
Prosecutors in Bavaria, Germany announced on April 16 that they had
indicted Felix Somm, the Managing Director of CompuServe operations in
Germany and Central Europe, on February 26 for allegedly distributing
illegal pornography and other materials.
Somm is charged with being an accessory to the dissemination of
pornography because CompuServe provided access to Internet newsgroups
that contained sexually explicit materials in 1995 and 1996.  He is
also being charged for CompuServe's distribution of computer games
that are excessively violent and a game which contained swastikas and
images of Adolf Hitler, which are banned in Germany.
This appears to be the first case in which an Internet service
provider has been indicted for merely providing access to materials
available on the Internet.  The Bavarian prosecutors assert that
CompuServe could have configured its system to block individual
In December 1995, CompuServe blocked worldwide access to 200
newsgroups after Bavarian authorities claimed that they contained
child pornography.  The online service later reinstated access to all
but a few of the groups and offered a commercial filtering program for
members to use.
More information on global censorship issues is available at:
and the Global Internet Liberty Campaign at:
[2] House & Senate Approve IRS Browsing Bills
The House and the Senate approved bills on April 15 that create
criminal penalties for Internal Revenue Service employees who access
the records of individual taxpayers without authorization.  The bills
criminalize "unauthorized willful inspection of tax returns and return
information." They also provide for civil damages and require that
taxpayers be notified if their records have been improperly accessed.
In a report issued on April 8, the General Accounting Office found
that the "IRS does not effectively monitor employee activity,
accurately record browsing violations, consistently punish offenders,
or widely publicize reports of incidents detected and penalties
imposed."  The IRS told a Senate committee that it had investigated
over 4500 incidents of browsing since 1993.   As a result, 285
employees had left the agency through firings, resignations and
Under current law, unauthorized use or disclosure of IRS records is a
felony, but the U.S. Court of Appeals for the First Circuit recently
ruled that "[u]nauthorized browsing of taxpayer files, although
certainly inappropriate conduct, cannot, without more, sustain this
federal felony conviction."
The new measure now goes to President Clinton for signature.  At a
hearing on April 15, IRS and Treasury Department officials expressed
their support for the legislation and said that they would recommend
that the President sign the measure.
More information is available at:
[3] Supreme Court Strikes Down Drug Testing Law
The Supreme Court on April 15 struck down a Georgia statute that
required candidates for public office to take drug tests.  It is the
first time that the Supreme Court has found that drug testing law
violated the Fourth Amendment's prohibition on unreasonable search and
While noting that several recent cases allowed drug tests based on
"special needs," such as for railway employees, customs officials, and
high school athletes, the Court found that there is no precedent
suggesting that a State's authority to establish qualifications for
state office "diminishes the constraints on state action imposed by
the Fourth Amendment."
The Supreme Court said further that Georgia had failed to show a
special need that was important enough to override the individual's
privacy interest. The Court emphasized that the Fourth Amendment
normally requires individualized suspicion before a search may be
conducted.  The Court concluded that the Fourth Amendment shields
society from state action that "diminishes personal privacy for a
symbol's sake."
The decision in Chandler v. Miller may have an impact on at least one
proposal now under consideration at the White House.  The Clinton
administration, which submitted a brief to the Supreme Court in
support of the Georgia drug testing program, was prepared to introduce
a new drug testing program that would have required teenagers to
submit to a drug test before they could receive  a driver's license.
The Court's decision in the Georgia case now calls into question the
constitutionality of such a requirement.
The text of the decision is available at:
[4] SSN Bills Introduced in House and Senate
Rep. Bob Franks (R-NJ) has introduced HR 1287, the Social Security
On-line Privacy Protection Act of 1997. The bill prohibits
"interactive computer services," such as Lexis-Nexis, from disclosing
SSNs or using the SSN as an identifier to disclose personal
information without an individual's prior informed consent. The bill
would give the FTC the authority to investigate companies to determine
whether they are engaged in any practice prohibited by the act and
then to issue cease and desist orders were violations are found. Civil
penalties may also be granted. The bill has been referred to the
Committee on Commerce.
Senator Feinstein (D-CA) and Senator Grassley (R-IA) have introduced
S. 600, The Personal Information Privacy Act of 1997. A bill to
protect the privacy of the individual with respect to the social
security number, motor vehicle records and credit reports. The bill
has been referred to the Committee on Finance.
Both bills and accompanying materials are available at:
[5] Gov't Committee Recommends Genetic Privacy Protections
The Committee on Genetic Information in the Workplace of the National
Action Plan on Breast Cancer (NAPBC) has recommended limitations on
the collection and use of genetic data by employers.
The recommendations advocate strong state and national legislation
that would bar employers from using genetic information to
discriminate against potential or current employees unless the
employer can "prove that this information is job-related and
consistent with business necessity."  Written and informed consent
should be required for any request or disclosure.
Moreover, the NAPBC recommends that employers should not have access
to genetic information contained in disclosed medical records.  If
they are allowed access to the information by the employee, then they
should also be required to obtain prior written consent from the
employee before releasing the genetic data to any other party.
Finally, employers who violate these principles should be subject to
"strong enforcement mechanisms, including a private right of action."
The committee is coordinated by the National Institutes of Health -
Department of Energy Working Group on Ethical, Legal, and Social
Implications of Human Genome Research (ELSI).   The report was
published in the March 21 issue of Science magazine.
There are also a number of proposals pending in Congress that would
ban the use of genetic information.  Some states have already enacted
legislation covering the use of genetic information, incorporating
various combinations of these privacy principles.  No state, however,
has incorporated all of the provisions, which are essential to
protecting individual privacy and protecting against workplace
discrimination. More information on medical privacy issues is
available at:
[6]  SSA Drops Web Page
The Social Security Administration has temporarily suspended online
access to part of its earnings records system.  The system allowed
individuals to obtain their  Personal Earnings and Benefit Estimate
Statement (PEBES) directly over the Internet. The system came under
fire from critics who said that the database lacked adequate
safeguards to prevent illegal access by third parties.
Several members of Congress asked the SSA to turn-off the feature that
allowed direct access to PEBES records so that the security concerns
could be sorted out. Congressman Paul Kanjorski (R-PA) announced
legislation to prohibit the Social Security Administration and the
Internal Revenue Service from providing online access to any
individual's tax records, earnings history, or other Social Security
information without a specific written request from the individual.
The bill would also create a Commission on Privacy of Government
Records, with the mandate to make recommendations on privacy issues to
the President and the Congress by April 15, 1998.
Privacy groups, including EPIC, called for the creation of an
independent privacy office in the federal government to promote
privacy and to monitor agency compliance with applicable laws and
The SSA said it will spend the next 60 days soliciting comments from
experts and interested persons. Individuals can still request their
PEBES data online, but the report will be sent by postal mail.
More information on the SSA PEBES project is available at:
[7] EPIC Submits Comments to FTC on Consumer Privacy
The Electronic Privacy Information Center has submitted comments to
the Federal Trade Commission for the upcoming Public Workshop on
Consumer Privacy to be held June 10-13 in Washington, DC.  The Public
workshop will explore look-up services such as P-TRAK, on-line
privacy, and the collection and sale of information about children.
EPIC wrote to the FTC in December, 1995 and urged the Commission to
"begin a serious and substantive inquiry into the development of
appropriate privacy safeguards for consumers in the information age."
While commending the FTC for arranging the public workshop on privacy,
EPIC said that current polices will not protect important privacy
interests because industry self-regulation has failed to work and also
because users have too little control over how their personal
information is collected and used.
EPIC recommended the development of enforceable Codes of Fair
Information Practice that would make clear the responsibilities of
organizations that collect personal information and the rights of
individuals whose information is collected. EPIC also recommended the
promotion of "Privacy Enhancing Technologies," such as anonymous
payment schemes, that would limit or eliminate the collection of
personal information. EPIC does not endorse techniques that would
require individuals to disclose "privacy preferences" and said that
such methods would undermine privacy safeguards and lead to
discrimination against users of on-line services.
EPIC Comments to FTC:
[8] Upcoming Conferences and Events
Culture and Democracy revisited in the Global Information Society. May
8 - 10, 1997. Corfu, Greece. Sponsored by IFIP-WG9.2/9.5. Contact:
Can Trusted Third Parties Be Trusted?: A Public Debate on The UK DTI
Crypto Proposal. May 19, 1997. London, UK. Sponsored by Privacy
International and the London School of Economics. Contact:
CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and
Control. June 4 - 7, 1997. Chicago, Illinois. Sponsored by the John
Marshall Law School. Contact: cyber97@jmls.edu.
Ethics in the Computer Society: The Second Annual Ethics and
Technology Conference. June 6 - 7, 1997. Chicago, Ill. Sponsored by
Loyola University Chicago. http://www.math.luc.edu/ethics97
Public Workshop on Consumer Privacy. June 10-13, 1997. Washington, DC.
Sponsored by the Federal Trade Commission. Contact:
Cyberpayments 97. June 19-20, 1997. Washington, DC. Sponsored by
NACHA. Contact: http://www.nacha.org
INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
inet97@isoc.org or http://www.isoc.org/inet97
Privacy Laws & Business 10th Anniversary Conference. July 1-3, 1997.
St. John's College, Cambridge, England. Contact:
Communities, Culture, Communication, and Computers (C**5): On the Role
of Professionals in the Information Age.  August 20-22, 1997,
Paderborn, Germany. Sponsored by FIFF. Contact: c5@uni-paderborn.de
AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
Belgium. Sponsored by Privacy International. Contact: pi@privacy.org.
19th Annual International Privacy and Data Protection Conference.
Sept. 17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data
Protection and Privacy Commission.
International Conference on Privacy. September 23-26, 1997. Montreal,
Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
Managing the Privacy Revolution '97. October 21-23, 1997. Washington,
DC. Sponsored by Privacy and American Business. Contact:
             (Send calendar submissions to alert@epic.org)
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or use
the subscription form at:
Back issues are available at:
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, email info@epic.org, HTTP://www.epic.org or
write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC
20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtual
accounts can donate at http://www.epic.org/epic/support.html
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and funding of the National Wiretap Plan.
Thank you for your support.
---------------------- END EPIC Alert 4.06 -----------------------

Return to:

Alert Home Page | EPIC Home Page