=============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 5.10 July 20, 1998 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents =======================================================================  Groups Write Senate on Pending Net Censorship Bills  FBI Asks Congress to Enhance Wiretap Powers  Proposed Rules Issued for National Identity Card  HHS Proposes New Health Care Identifier  House Committee Approves Copyright Bill  Encryption Policy Update  New Bills and Action in Congress  Upcoming Conferences and Events =======================================================================  Groups Write Senate on Pending Net Censorship Bills ======================================================================= EPIC joined with a dozen other free speech and civil liberties groups on July 14 in a letter sent to the U.S. Senate concerning two pending Internet censorship bills, saying they violate the First Amendment. The groups contend that the bills -- one requiring Internet content filters and the other setting criminal penalties for providing "inappropriate" online material to minors) -- would severely restrict free expression on the Internet. The Senate may soon vote on both bills. Sen. John McCain's "Internet School Filtering Act" (S. 1619) would require schools and libraries receiving federal Internet subsidies to install filtering software designed to prevent children from accessing "inappropriate" material. Sen. Dan Coats' bill (S. 1482) would criminalize the "commercial" distribution on websites of material that is "harmful to minors." The Coats bill, in adopting a criminalization approach to online content, is similar to the Communications Decency Act (CDA) struck down last year by the Supreme Court. The bill, which has been dubbed "CDA II," could come to the Senate floor as early as this week. "One year ago, the Supreme Court unanimously ruled that the Communications Decency Act of 1996, which made it a crime to transmit 'indecent' materials on the Internet, violated the First Amendment," the coalition letter states. "The two pending bills ignore the central holding of the Court; expression on the Internet is entitled to the highest degree of First Amendment protection. "We share the concern of Sens. McCain and Coats that the Internet remain a safe and rewarding medium for young people," the letter continues. "However, we strongly believe that these bills embrace approaches -- filtering and criminalization -- that are both constitutionally suspect and ultimately ineffective in providing our children with positive online experiences." EPIC is supporting an online campaign to raise Congressional awareness of the implications of these Internet censorship bills. Faxes can be sent -- free of charge -- to your Senators by visiting the EPIC Free Speech Action page: http://www.epic.org/free_speech/action/ If you sent faxes to the Senate earlier, you helped keep these bills off the floor. Please reiterate your concerns once again and let your Senators know that these measures remain controversial. The text of the coalition letter to the Senate is available at the Internet Free Expression Alliance website: http://www.ifea.net/joint_ltr_7_14.html =======================================================================  FBI Asks Congress to Enhance Wiretap Powers ======================================================================= Last week, the FBI sought support from the Senate Appropriations Committee for an amendment to the FY 1999 Justice Department funding bill that would substantially amend the Communications Assistance for Law Enforcement Act of 1994 (CALEA). The provision would grant the Bureau new powers to conduct wiretaps and demand changes to the nation's telephone system. The amendment would limit the role of the Federal Communications Commission (FCC) in mediating the current dispute between the FBI, industry and public interest groups over the technical standards implementing CALEA. It would require the FCC to adopt the current draft standard and approve the controversial "punch list" of additional features surveillance demanded by the FBI. Industry and public interest groups would be precluded from commenting on the standard. The FBI proposal also would require phone companies to disclose information on the "exact physical location" of cell phone subscribers if a court finds that "there is a reason to believe that the location information is relevant to a legitimate law enforcement objective." Under this standard, no crime would be necessary for judicial authorization. The proposal would also permit law enforcement to obtain location information without a warrant for any felony offense if they apply for a court order within 48 hours. EPIC and five other privacy groups wrote to Senator Ted Stevens (R-AZ), Chairman of the Senate Appropriations Committee, on July 17 urging him to reject the FBI proposal. More information on the letter and CALEA is available at: http://www.epic.org/privacy/wiretap/ =======================================================================  Proposed Rules Issued for National Identity Card ======================================================================= The U.S. Department of Transportation (DOT) issued a notice on June 17 that would effectively turn state drivers' licenses into national identity cards. The proposed rule would require that all states modify their drivers' licenses to create a uniform national drivers' license. It would prohibit government agencies from accepting any identification besides the authorized identity card. The proposed rule would also encourage states to include the persons' Social Security Number either in written form on the face of the license or in electronic form of all drivers' licenses. If a state does not wish to include the SSN on the license, it must minimally require every license applicant to provide the number. State agencies would be required to send every such SSN to the Social Security Administration for review. The DOT is basing its rule on provisions in the Illegal Immigration Reform and Immigrant Responsibility Act of 1996. Reps. Ron Paul (R-TX) and Bob Barr (R-GA) have introduced H. R. 4217, the Freedom and Privacy Restoration Act of 1998, which would repeal the immigration act's provisions on identification. It would also prohibit federal agencies from "accept[ing] for any identification-related purpose an identification document, if any other Federal agency accepts such document for any such purpose." More information on the proposed rule is available at: http://www.epic.org/privacy/id-cards/ =======================================================================  HHS Proposes New Health Care Identifier ======================================================================= The U.S. Department of Health and Human Services (HHS) issued a white paper on July 2 to discuss the development of a single national identification number for every person in the United States for health care purposes. The identifier is designed to facilitate the sharing of medical information. Under the 1996 Health Insurance Portability and Accountability Act (commonly known as the Kennedy-Kassebaum Act), the Secretary of HHS is required to adopt standards for an identification number for all patients to be used for every health care encounter. An advisory committee to the Department recommended that no identification number be chosen before the enactment of a medical privacy law. The white paper examines possible identity systems, including the Social Security Number (in its existing form or in a modified form), a new number, a system based on a master patient index, cryptography, biometric identification, and other possibilities. The paper proposes that all systems be analyzed against a set of 30 criteria developed by the American Society for Testing and Materials that include the requirement that the number be: public, accessible, linkable, unique, universal, focused and governed. The adoption of the number is considered to be politically sensitive. Any universal number would facilitate the sharing and abuse of medical information. A number based on the SSN could be used to link medical records with other information such as employment and financial information currently indexed with the SSN. A new number that is deployed without any additional privacy protections could be universally adopted by other agencies and private businesses and become a new de facto national identity number. HHS is holding a series of hearings on the choice of identification numbers. The text of the proposal and more information on medical privacy is available at: http://www.epic.org/medical/ =======================================================================  House Committee Approves Copyright Bill ======================================================================= On July 17, the House Commerce Committee approved H.R. 2281, the Digital Millennium Copyright Act, by a unanimous vote. Intended to protect copyrighted works from piracy, the bill would outlaw devices used to circumvent technological protection measures, such as encryption, which could be used to protect copyrighted works. Additionally, opponents of the legislation are concerned that the blanket prohibition on the simple act of circumventing such technologies could stifle fair use rights for copyrighted works, resulting in a pay-per-use world. Of the eight amendments introduced in the Commerce Committee, six were adopted and two were withdrawn. The first amendment adopted permitted the circumvention of technological protection measures in the course of an act of "good faith encryption research." Good faith in this case means that the person lawfully obtained the encrypted work, the act of circumvention was necessary to conduct the research, and the person made a good faith effort to obtain authorization before the circumvention. Another adopted amendment focused on the privacy rights of the consumer. This privacy amendment permits the circumvention of technological protection measures for the purposes of preventing the collection or dissemination of personally identifying information. An amendment defining a "technological protection measure" was vigorously debated, but ultimately withdrawn. Supporters of the amendment argued that it was necessary to preserve the constitutionality of the bill. Without a clear definition of a "technological protection measure," courts may be more likely to invalidate the law due to the vague term. While opponents of the amendment conceded that a precise definition was necessary, they argued that the amendment as drafted provided a poor definition. Ultimately, the amendment was withdrawn with the provision that members would work together to perfect the definition in the legislative history. As a result of the Commerce Committee action, there are now two House versions of the bill; one approved by the Commerce Committee and another by the Judiciary Committee. The two versions are inconsistent and must ultimately be reconciled before the bill can be considered on the House floor. EPIC Director Marc Rotenberg testified before the Commerce Committee on June 5 in support of changes to H.R. 2281 that would protect consumer privacy and limit the anti-circumvention provision. The testimony is available at: http://www.epic.org/privacy/copyright/epic-wipo-testimony-698.html More information on the WIPO bill is available from the Digital Futures Coalition page at: http://www.dfc.org/ =======================================================================  Encryption Policy Update ======================================================================= High-powered DES Cracker Developed The Electronic Frontier Foundation announced on July 17 that it has produced a DES cracking supercomputer, capable of brute forcing a 56-bit DES key in four days or less. John Gilmore, leader of the project, has published the source code, hardware diagrams, and schematics in a book to encourage others to duplicate his work. The Data Encryption Standard, developed in 1974 by IBM and the NSA, is possibly the most widely implemented encryption algorithm in the world. The U.S. government has long maintained that 56-bit DES offers adequate protection for sensitive data. Junger Decision On July 7, a federal judge ruled in a closely followed encryption case that source code does not enjoy First Amendment free speech protection. Judge James Gwin of the U.S. District Court for the Northern District of Ohio ruled that law professor Peter Junger can not challenge encryption export restrictions on the ground that they abridge his right to free speech on the Internet. In his decision, Judge Gwin stated that "... exporting source code is conduct that can occasionally have communicative elements. Nevertheless, merely because conduct is occasionally expressive does not necessarily extend First Amendment protection to it." Professor Junger is expected to appeal the decision. "ClearZone" Proposal A group of 13 companies lead by Cisco Systems announced on July 13 that they would develop a product called ClearZone, which would enable routers to capture e-mail, URLs, and other data before they are encrypted and sent over the network that could then be given to law enforcement agencies. The proposal has serious implications for personal privacy on the Internet, and many are skeptical of Cisco's assertion that it will meet law enforcement's demands and gain export approval. New Crypto Export Guidelines Secretary of Commerce William Daley announced on July 7 a new set of guidelines for crypto exports for financial institutions such as banks and credit card companies. U.S.-manufactured encryption systems of any key length may be exported to a specified set of 45 countries by the financial firms once the products have been subjected to a one-time examination by the Bureau of Export Administration (BXA). More information on encryption policy is available at: http://www.crypto.org/ =======================================================================  New Congressional Bills and Upcoming Hearings ======================================================================= H.R. 4124. E-Mail User Protection Act of 1998. Anti-Spam bill. Introduced by Cook (R-UT) on June 24, 1998. Referred to the Committee on Commerce. H.R. 4151. Identity Theft and Assumption Deterrence Act of 1998. Creates new federal law against ID theft. Creates central bureau for victims of id theft. Introduced by Shadegg (R-AZ).Referred to the Committee on Judiciary. H.R. 4176. Digital Jamming Act of 1998. Anti-spam bill. Introduced by Markey (D-MA) on June 25, 1998. Referred to the Committee on Commerce. H.R. 4217. Freedom and Privacy Restoration Act of 1998. Repeals immigration law requirements on national id. Introduced by Paul (R-TX) on July 15, 1998. Referred to the Committee on Government Reform and Oversight. S.2291. Collections of Information Antipiracy Act. Creates new form of intellectual property for databases. Introduced by Grams (R-MN). Referred to the Committee on the Judiciary. =======================================================================  Upcoming Conferences and Events ======================================================================= INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by Internet Society. Contact: http://www.isoc.org/inet98/ Online Privacy: The Role of Government and Industry in Ensuring Individual Privacy on the Internet. Friday, July 24,1998, 12:00-1:30 p.m. Room 902 Hart Senate Building. Washington, DC. Sponsored by the Congressional Internet Caucus. "Law Enforcement and the March of Technology: The Erosion of Privacy in the Information Age," American Bar Association Annual Meeting. Sunday August 2, 1998, from 2:00 pm to 3:15 pm, Toronto, Canada. Sponsored by the ABA. Contact: Andrew Grosso
Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16, 1998. Sponsored by the Association for Information Systems Contact: http://info.cwru.edu/rlamb/ais98cfp.htm Fifth Annual Privacy Issues Forum. 2 - 3 September 1998, Wellington, New Zealand. Sponsored by the NZ Privacy Commissioner. Contact: email@example.com The Outlook for Freedom, Privacy and Civil Society on the Internet in Central and Eastern Europe. Budapest, Hungary. 4-6 September 1998. Sponsored by Global Internet Liberty Campaign. Contact: http://www.gilc.org/events/budapest/ Telecommunications Policy Research Conference. October 3-5, 1998 Alexandria, Virginia. Contact: http://www.si.umich.edu/~prie/tprc/ The Public Voice in the Development of Internet Policy. Ottawa, Canada. October 7, 1998. Sponsored by GILC and Privacy International. Contact: firstname.lastname@example.org CPSR Annual Conference - Internet Governance. Boston, Mass, Oct. 10-11. Sponsored by CPSR. contact: email@example.com PDC 98 - the Participatory Design Conference, "Broadening Participation" November 12-14, 1998. Seattle, Washington. Sponsored by Computer Professionals for Social Responsibility in cooperation with ACM and CSCW 98. Contact: http://www.cpsr.org/conferences/pdc98 Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December 1998 London, UK. Sponsored by ACMSIGCAS and London School of Economics. http://is.lse.ac.uk/lucas/cepe98.htm 1999 RSA Data Security Conference. San Jose, California, January 18-21, 1999. Sponsored by RSA. Contact: http://www.rsa.com/conf99/ FC '99 Third Annual Conference on Financial Cryptography, Anguilla, B.W.I., February 22-25 1999 (submissions due: September 25, 1998). (Send calendar submissions to firstname.lastname@example.org) ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to email@example.com with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail firstname.lastname@example.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax- deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Individuals with First Virtual accounts can donate at http://www.epic.org/epic/support.html Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the digital wiretap law. Thank you for your support. ---------------------- END EPIC Alert 5.10 ----------------------- .
Alert Home Page | EPIC Home Page