EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 6.02	                                 February 3, 1999
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Federal Judge Blocks New Internet Censorship Law
[2] Excerpts from the Internet Censorship Decision
[3] The Intel Controversy: Big Brother Inside
[4] Clinton Announces Info-Warfare Plans
[5] States Back Down From Plans to Sell Drivers' Photos
[6] Know Your Customer?  The Customers Say "No!"
[7] EPIC Bill-Track: New Bills in Congress
[8] Upcoming Conferences and Events
[1] Federal Judge Blocks New Internet Censorship Law
Finding that a new Internet censorship law would restrict free speech
in the "marketplace of ideas," a federal judge in Philadelphia blocked
Congress' second attempt to regulate Internet content on February 1.
The ruling enjoins enforcement of the Child Online Protection Act
(COPA), the statutory successor to the Communications Decency Act
(CDA), which the Supreme Court struck down in June 1997.  The legal
challenge to COPA was filed by the American Civil Liberties Union,
the Electronic Privacy Information Center and the Electronic Frontier
Foundation as co-counsel on behalf of 17 organizations publishing
information on the World Wide Web.
In granting a preliminary injunction against COPA, Judge Lowell A.
Reed, Jr., held that the plaintiffs are likely to succeed on their
claim that the law "imposes a burden on speech that is protected for
adults."  The ruling came after a six-day hearing which featured
testimony from website operators who provide free information about
fine art, news, gay and lesbian issues and sexual health for women and
the disabled, and who all fear that COPA would force them to shut down
their websites.
In his 49-page opinion, Judge Reed listed 68 separate "findings of
fact" to support his decision.  The judge considered evidence that
COPA imposed technological and economic burdens on speakers, but
concluded that ultimately the relevant inquiry is the "burden imposed
on the protected speech, not the pressure placed on the pocketbooks
or bottom lines of the plaintiffs."
On November 19 of last year, Judge Reed issued a temporary restraining
order (TRO) against enforcement of COPA, which imposes criminal
penalties against any "commercial" website that makes material that is
"harmful to minors" available to anyone under 17 years of age.  The
TRO was set to expire on February 1.  Within 60 days, the Justice
Department must decide whether to proceed with a full trial or appeal
the preliminary injunction.  Any appeal would be heard by the Third
Circuit Court of Appeals.
Excerpts from the opinion are provided below.  The full text of the
court's decision, and complete information on the legal challenge, is
available at:
[2] Excerpts from the Internet Censorship Decision
American Civil Liberties Union, et al. v. Reno, Civil Action No.
98-5591, (E.D. Pa., February 1, 1999):
The First Amendment to the United States Constitution provides that
"Congress shall make no law . . . abridging the freedom of speech."
Although there is no complete consensus on the issue, most courts and
commentators theorize that the importance of protecting freedom of
speech is to foster the marketplace of ideas.  If speech, even
unconventional speech that some find lacking in substance or
offensive, is allowed to compete unrestricted in the marketplace of
ideas, truth will be discovered.  Indeed, the First Amendment was
designed to prevent the majority, through acts of Congress, from
silencing those who would express unpopular or unconventional views.
. . . In the medium of cyberspace . . . anyone can build a soap box
out of web pages and speak her mind in the virtual village green to
an audience larger and more diverse than any the Framers could have
imagined.  In many respects, unconventional messages compete equally
with the speech of mainstream speakers in the marketplace of ideas
that is the Internet, certainly more than in most other media.
. . . The plaintiffs are likely to establish at trial that under COPA,
Web site operators and content providers may feel an economic
disincentive to engage in communications that are or may be considered
to be harmful to minors and thus, may self-censor the content of their
sites.  Further, the uncontroverted evidence showed that there is no
way to restrict the access of minors to harmful materials in chat
rooms and discussion groups, which the plaintiffs assert draw traffic
to their sites, without screening all users before accessing any
content, even that which is not harmful to minors, or editing all
content before it is posted to exclude material that is harmful to
minors.  This has the effect of burdening speech in these fora that
is not covered by the statute.  I conclude that based on the evidence
presented to date, the plaintiffs have established a substantial
likelihood that they will be able to show that COPA imposes a burden
on speech that is protected for adults.
. . . The protection of children from access to harmful to minors
materials on the Web, the compelling interest sought to be furthered
by Congress in COPA, particularly resonates with the Court.  This
Court and many parents and grandparents would like to see the efforts
of Congress to protect children from harmful materials on the Internet
to ultimately succeed and the will of the majority of citizens in this
country to be realized through the enforcement of an act of Congress.
However, the Court is acutely cognizant of its charge under the law of
this country not to protect the majoritarian will at the expense of
stifling the rights embodied in the Constitution.
. . . Despite the Court's personal regret that this preliminary
injunction will delay once again the careful protection of our
children, I without hesitation acknowledge the duty imposed on the
Court and the greater good such duty serves.  Indeed, perhaps we do
the minors of this country harm if First Amendment protections, which
they will with age inherit fully, are chipped away in the name of
their protection.
[3] The Intel Controversy: Big Brother Inside
Privacy groups are calling on computer users to boycott Intel
Corporation products after the company announced last week that it
planned to introduce a new function in its Pentium III chips that will
identify users.
Intel announced on January 20 that it was planning to include a unique
ID number in each of its new Pentium III chips.  The number, called a
Processor Serial Number (PSN), would be accessible via software and is
designed for use by software programs and web-based services to
identify users.
Privacy groups were critical of the announcement.  If widely adopted,
the identifier would facilitate tracking of web users for marketing,
law enforcement and other purposes.  Intel has already announced that
30 software vendors and web service providers are planning to use the
PSN.  EPIC, Junkbusters and Privacy International called for a boycott
of Intel products until the company disables the PSN and recalls
existing chips.
Following the boycott announcement, Intel announced that it would
offer a software patch to "turn off" the PSN.  According to U.S. News
and World Report, Intel officials admitted that "the concession was
prepackaged -- a move that the company had held in readiness, in case
of the very sort of protest that occurred."  Security experts note
that the patch must be installed by PC makers or users and can be
disabled by other programs.  Users can also be forced to turn off the
patch as a condition of running particular software or accessing
certain web sites.
More information on the PSN and the Intel boycott is available at:
[4] Clinton Announces Info-Warfare Plans
President Clinton announced on January 22 a new initiative on
information warfare.  The new program proposes expenditures of $1.46
billion to protect critical systems from cyber and other attacks -- an
increase of 40 percent from two years ago.  Of that amount, $500
million is slated for cyber-protections.
The President announced a four-part plan including increased research
to detect intruders; alerts to other agencies when a "critical
computer system is invaded;" the creation of information centers in
the private sector to encourage government-private sector cooperation;
and a "Cyber Corps program" to train and recruit more people in
computer security.
In his speech announcing the proposal, Clinton said, "We already are
seeing the first wave of deliberate cyber attacks -- hackers break
into government and business computers, stealing and destroying
information, raiding bank accounts, running up credit card charges,
extorting money by threats to unleash computer viruses."  But when
asked later about those claims, Attorney General Reno downplayed the
threat, stating, "I think it's a problem that we deal with and we
trace and we, again, take appropriate action as based on prosecutions
that have been successful to date."  When asked about the civil
liberties issues relating to the proposal, Reno noted that Justice
Department lawyers have been  consulted but admitted that they have
not completed their work.
More information on infowar, including EPIC's report on the civil
liberties implications, is available at:
[5] States Back Down From Plans to Sell Drivers' Photos
Heeding an outcry from citizens concerned about their privacy,
officials in three states are now seeking to prevent disclosure and
use of digital drivers license photos by a private company.  The
governors of South Carolina, Florida and Colorado have reacted to
citizens' complaints about a small New Hampshire company's efforts to
build a national database of drivers photos and personal images for
use in a new anti-fraud service for retailers.
In Florida, Governor Jeb Bush canceled the sale of the photos and
ordered the company to destroy the photos it had received.  In South
Carolina, where the first tests of the system are underway,
authorities filed suit to halt the project and to retrieve the images
and legislators submitted proposals to prohibit such sales in the
future.  In Colorado, the governor condemned the sale of  drivers
license photos and said he would to do whatever he could to stop the
planned transfer.  Other states such as New Hampshire rejected selling
the photos to the company.
A series of investigative reports in the Washington Post alerted
residents that state motor vehicle officials sold the images without
the permission of drivers.  The newspaper reported that South Carolina
and Florida officials had already sold license information and photos
to the private firm, in some cases for a penny apiece.  South Carolina
had transferred 3.5 million digital photographs, while Florida had
already sent 35,000 out of a total of 14 million.  Colorado planned to
sell 5 million photos.
The company, Image Data LLC of Nashua, New Hampshire, planned to use
the information to create an anti-fraud system for stores. Under the
plan, a retail clerk could key in a person's driver license number and
that person's picture would flash up on a small screen at the clerk's
register for a few seconds.  As the plan became known, Image Data was
so swamped with calls that it added extra lines and hired temporary
workers and still found lines busy and its voice-mail system full.
Class action suits are being planned in South Carolina and Florida.
[6] Know Your Customer?  The Customers Say "No!"
The Federal Deposit Insurance Corporation's (FDIC) is  backing away
from its proposed "Know Your Customer" regulations after coming under
heavy criticism from citizens and bankers.  "It's evident to me
personally that we are going to have to do something different than
what was proposed," FDIC Chairman Donna A. Tanoue told the "American
Banker" magazine.
The proposed regulations would require banks to monitor customer
accounts and report "suspicious" transactions to federal authorities.
The rules were issued December 7, 1998, by the FDIC,  Federal Reserve
Board, Office of the Comptroller of the Currency, and Office of Thrift
Supervision. (See EPIC Alert 5.20).
Citizens concerned about their privacy have sent more that 14,000
e-mail messages and letters to the FDIC and several thousand more to
the Office of Comptroller of the Currency and the Office of Thrift
Supervision.  The FDIC has received only about a dozen messages
supporting the proposed rules.
The American Bankers Association, reversing its previous support, has
asked the FDIC to kill the controversial plan, stating, "given the
widespread and growing negative perception, we are concerned about the
prospect of having the public lose confidence in the banking
industry."  Smaller banks, led by the Independent Bankers Association
of America, and America's Community Bankers have long opposed the
rules, citing privacy concerns and the burdensome requirements.
Congress is also stepping in.  Several Republicans, including Majority
Whip Tom DeLay (R-TX) introduced the "American Financial Institutions
Privacy Act" on February 2.  The bill would require a study of the
rules' impact on privacy.  Implementation of the rules would be
delayed for a year after the study was delivered to Congress.  Rep.
Ron Paul (R-TX) is scheduled to introduce new legislation today that
would prohibit the rules completely and repeal the Bank Secrecy Act.
The House Banking Committee is planning to hold a hearing on April 15.
Comments on the proposed rules may be sent to comments@fdic.gov.  The
comment period ends on March 8.  Keep those e-mails coming in! The
text of the FDIC proposal is available at:
[7] EPIC Bill-Track: New Bills in Congress
* House Bills *
H.R. 220. Freedom and Privacy Restoration Act of 1999. Limits use of
SSN, prohibits creation of gov't IDs. Referred to the Committee on
Ways and Means, and in addition to the Committee on Government Reform.
Sponsor: Ron Paul (R-TX).
H.R. 354. Collections of Information Antipiracy Act. Creates new
property rights for owners of databases of public information. Sponsor:
Howard Coble (R-NC). Referred to the Committee on the Judiciary.
H.R. 358. Patients' Bill of Rights Act of 1999. Requires health plans
and insurers to protect confidentiality of medical records and allow
patient access. Sponsor: John Dingell (D-MI). Referred to the
Committee on Commerce, and in addition to the Committees on Ways and
Means, and Education and the Workforce.
H.R. 367. Social Security On-line Privacy Protection Act of 1999.
Limits disclosure of SSNs by interactive computer services. Sponsor:
Rep Franks, Bob (R-NJ). Referred to the Committee on Commerce.
H.R. 368. Safe Schools Internet Act of 1999. Required schools and
libraries to install filters on Internet connected computers. Sponsor
Bob Franks (R-NJ). Referred to the Committee on Commerce.
H.R. 369. Children's Privacy Protection and Parental Empowerment Act
of 1999. Prohibits the sale of personal information about children
without their parents' consent. Sponsor: Bob Franks (R-NJ).
Referred to the Committee on Judiciary.
* Senate Bills *
S. 6. Patients' Bill of Rights Act of 1999. Requires health plans and
insurers to protect confidentiality of medical records and allow
patient access. Sponsor: Tom Daschle (D-SD). Referred to the
Committee on Health, Education, Labor, and Pensions.
S. 22. Government Secrecy Reform Act of 1999. Sets new rules on
classification. Sponsor: Daniel Patrick Moynihan (D-NY).
S. 187. Financial Information Privacy Act of 1999. Requires FDIC to
set privacy rules. Sponsor: Paul Sarbanes (D-MD).
S. 300. Patients' Bill of Rights Plus Act. Sets privacy protections.
Prohibits genetic discrimination. Sponsor: Trent Lott (R-MS). Referred
to the Committee on Finance.
S. 326. Patients' Bill of Rights Act. Sets privacy protections.
Prohibits genetic discrimination. Sponsor: James Jeffords (R-VT).
Referred to the Committee on Finance.
[8] Upcoming Conferences and Events
Encryption Controls Workshop. February 8, 1999. San Jose, CA.
Sponsored by the U.S. Dep't of Commerce. Contact: (202) 482-6031
FC '99: Third Annual Conference on Financial Cryptography. February
22-25, 1999. Anguilla, B.W.I. Contact: http://fc99.ai/
Electronic Commerce and Privacy Legislation -- Building Trust and
Confidence. February 23, 1999.  Ottawa, Canada. Sponsored by Riley
Information Services. http://www.rileyis.com/seminars/Feb99/
Communitarian Summit. February 27-28, 1999. Arlington, Virginia.
Contact: http://www.gwu.edu/~ccps
1999 ASAP Western Regional FOIA and Privacy Training Conference.
February 28 - March 3, 1999. Portland, Oregon. Contact:
CYBERSPACE 1999: Crime, Criminal Justice and the Internet. March 29
& 30, 1999. York, UK. Sponsored by the British and Irish Legal
Education Technology Association (BILETA). http://www.bileta.ac.uk/
Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington,
DC. Sponsored by ACM. Call for proposals available. Contact:
Encryption Controls Workshop. May 13, 1999. Raleigh, NC.
Sponsored by the US Dept of Commerce. Contact: (202) 482-6031
1999 EPIC Cryptography and Privacy Conference. June 14, 1999.
Washington, DC. Sponsored by EPIC. Contact: info@epic.org
Cryptography & International Protection of Human Rights  (CIPHR'99).
August 9-13, 1999. Lake Balaton, Hungary. Contact:
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe or unsubscribe, send email
to epic-news@epic.org with the subject: "subscribe" (no quotes) or
"unsubscribe". A Web-based form is available at:
Back issues are available at:
About EPIC
The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information.  EPIC is sponsored
by the Fund for Constitutional Government, a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  EPIC publishes the EPIC Alert, pursues Freedom of Information
Act litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
(tel), +1 202 547 5482 (fax).
If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption
and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 6.02 -----------------------

Return to:

Alert Home Page | EPIC Home Page