============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 6.02 February 3, 1999 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents =======================================================================  Federal Judge Blocks New Internet Censorship Law  Excerpts from the Internet Censorship Decision  The Intel Controversy: Big Brother Inside  Clinton Announces Info-Warfare Plans  States Back Down From Plans to Sell Drivers' Photos  Know Your Customer? The Customers Say "No!"  EPIC Bill-Track: New Bills in Congress  Upcoming Conferences and Events =======================================================================  Federal Judge Blocks New Internet Censorship Law ======================================================================= Finding that a new Internet censorship law would restrict free speech in the "marketplace of ideas," a federal judge in Philadelphia blocked Congress' second attempt to regulate Internet content on February 1. The ruling enjoins enforcement of the Child Online Protection Act (COPA), the statutory successor to the Communications Decency Act (CDA), which the Supreme Court struck down in June 1997. The legal challenge to COPA was filed by the American Civil Liberties Union, the Electronic Privacy Information Center and the Electronic Frontier Foundation as co-counsel on behalf of 17 organizations publishing information on the World Wide Web. In granting a preliminary injunction against COPA, Judge Lowell A. Reed, Jr., held that the plaintiffs are likely to succeed on their claim that the law "imposes a burden on speech that is protected for adults." The ruling came after a six-day hearing which featured testimony from website operators who provide free information about fine art, news, gay and lesbian issues and sexual health for women and the disabled, and who all fear that COPA would force them to shut down their websites. In his 49-page opinion, Judge Reed listed 68 separate "findings of fact" to support his decision. The judge considered evidence that COPA imposed technological and economic burdens on speakers, but concluded that ultimately the relevant inquiry is the "burden imposed on the protected speech, not the pressure placed on the pocketbooks or bottom lines of the plaintiffs." On November 19 of last year, Judge Reed issued a temporary restraining order (TRO) against enforcement of COPA, which imposes criminal penalties against any "commercial" website that makes material that is "harmful to minors" available to anyone under 17 years of age. The TRO was set to expire on February 1. Within 60 days, the Justice Department must decide whether to proceed with a full trial or appeal the preliminary injunction. Any appeal would be heard by the Third Circuit Court of Appeals. Excerpts from the opinion are provided below. The full text of the court's decision, and complete information on the legal challenge, is available at: http://www.epic.org/free_speech/copa/ =======================================================================  Excerpts from the Internet Censorship Decision ======================================================================= American Civil Liberties Union, et al. v. Reno, Civil Action No. 98-5591, (E.D. Pa., February 1, 1999): The First Amendment to the United States Constitution provides that "Congress shall make no law . . . abridging the freedom of speech." Although there is no complete consensus on the issue, most courts and commentators theorize that the importance of protecting freedom of speech is to foster the marketplace of ideas. If speech, even unconventional speech that some find lacking in substance or offensive, is allowed to compete unrestricted in the marketplace of ideas, truth will be discovered. Indeed, the First Amendment was designed to prevent the majority, through acts of Congress, from silencing those who would express unpopular or unconventional views. . . . In the medium of cyberspace . . . anyone can build a soap box out of web pages and speak her mind in the virtual village green to an audience larger and more diverse than any the Framers could have imagined. In many respects, unconventional messages compete equally with the speech of mainstream speakers in the marketplace of ideas that is the Internet, certainly more than in most other media. . . . The plaintiffs are likely to establish at trial that under COPA, Web site operators and content providers may feel an economic disincentive to engage in communications that are or may be considered to be harmful to minors and thus, may self-censor the content of their sites. Further, the uncontroverted evidence showed that there is no way to restrict the access of minors to harmful materials in chat rooms and discussion groups, which the plaintiffs assert draw traffic to their sites, without screening all users before accessing any content, even that which is not harmful to minors, or editing all content before it is posted to exclude material that is harmful to minors. This has the effect of burdening speech in these fora that is not covered by the statute. I conclude that based on the evidence presented to date, the plaintiffs have established a substantial likelihood that they will be able to show that COPA imposes a burden on speech that is protected for adults. . . . The protection of children from access to harmful to minors materials on the Web, the compelling interest sought to be furthered by Congress in COPA, particularly resonates with the Court. This Court and many parents and grandparents would like to see the efforts of Congress to protect children from harmful materials on the Internet to ultimately succeed and the will of the majority of citizens in this country to be realized through the enforcement of an act of Congress. However, the Court is acutely cognizant of its charge under the law of this country not to protect the majoritarian will at the expense of stifling the rights embodied in the Constitution. . . . Despite the Court's personal regret that this preliminary injunction will delay once again the careful protection of our children, I without hesitation acknowledge the duty imposed on the Court and the greater good such duty serves. Indeed, perhaps we do the minors of this country harm if First Amendment protections, which they will with age inherit fully, are chipped away in the name of their protection. =======================================================================  The Intel Controversy: Big Brother Inside ======================================================================= Privacy groups are calling on computer users to boycott Intel Corporation products after the company announced last week that it planned to introduce a new function in its Pentium III chips that will identify users. Intel announced on January 20 that it was planning to include a unique ID number in each of its new Pentium III chips. The number, called a Processor Serial Number (PSN), would be accessible via software and is designed for use by software programs and web-based services to identify users. Privacy groups were critical of the announcement. If widely adopted, the identifier would facilitate tracking of web users for marketing, law enforcement and other purposes. Intel has already announced that 30 software vendors and web service providers are planning to use the PSN. EPIC, Junkbusters and Privacy International called for a boycott of Intel products until the company disables the PSN and recalls existing chips. Following the boycott announcement, Intel announced that it would offer a software patch to "turn off" the PSN. According to U.S. News and World Report, Intel officials admitted that "the concession was prepackaged -- a move that the company had held in readiness, in case of the very sort of protest that occurred." Security experts note that the patch must be installed by PC makers or users and can be disabled by other programs. Users can also be forced to turn off the patch as a condition of running particular software or accessing certain web sites. More information on the PSN and the Intel boycott is available at: http://www.bigbrotherinside.com/ =======================================================================  Clinton Announces Info-Warfare Plans ======================================================================= President Clinton announced on January 22 a new initiative on information warfare. The new program proposes expenditures of $1.46 billion to protect critical systems from cyber and other attacks -- an increase of 40 percent from two years ago. Of that amount, $500 million is slated for cyber-protections. The President announced a four-part plan including increased research to detect intruders; alerts to other agencies when a "critical computer system is invaded;" the creation of information centers in the private sector to encourage government-private sector cooperation; and a "Cyber Corps program" to train and recruit more people in computer security. In his speech announcing the proposal, Clinton said, "We already are seeing the first wave of deliberate cyber attacks -- hackers break into government and business computers, stealing and destroying information, raiding bank accounts, running up credit card charges, extorting money by threats to unleash computer viruses." But when asked later about those claims, Attorney General Reno downplayed the threat, stating, "I think it's a problem that we deal with and we trace and we, again, take appropriate action as based on prosecutions that have been successful to date." When asked about the civil liberties issues relating to the proposal, Reno noted that Justice Department lawyers have been consulted but admitted that they have not completed their work. More information on infowar, including EPIC's report on the civil liberties implications, is available at: http://www.epic.org/security/infowar/resources.html =======================================================================  States Back Down From Plans to Sell Drivers' Photos ======================================================================= Heeding an outcry from citizens concerned about their privacy, officials in three states are now seeking to prevent disclosure and use of digital drivers license photos by a private company. The governors of South Carolina, Florida and Colorado have reacted to citizens' complaints about a small New Hampshire company's efforts to build a national database of drivers photos and personal images for use in a new anti-fraud service for retailers. In Florida, Governor Jeb Bush canceled the sale of the photos and ordered the company to destroy the photos it had received. In South Carolina, where the first tests of the system are underway, authorities filed suit to halt the project and to retrieve the images and legislators submitted proposals to prohibit such sales in the future. In Colorado, the governor condemned the sale of drivers license photos and said he would to do whatever he could to stop the planned transfer. Other states such as New Hampshire rejected selling the photos to the company. A series of investigative reports in the Washington Post alerted residents that state motor vehicle officials sold the images without the permission of drivers. The newspaper reported that South Carolina and Florida officials had already sold license information and photos to the private firm, in some cases for a penny apiece. South Carolina had transferred 3.5 million digital photographs, while Florida had already sent 35,000 out of a total of 14 million. Colorado planned to sell 5 million photos. The company, Image Data LLC of Nashua, New Hampshire, planned to use the information to create an anti-fraud system for stores. Under the plan, a retail clerk could key in a person's driver license number and that person's picture would flash up on a small screen at the clerk's register for a few seconds. As the plan became known, Image Data was so swamped with calls that it added extra lines and hired temporary workers and still found lines busy and its voice-mail system full. Class action suits are being planned in South Carolina and Florida. =======================================================================  Know Your Customer? The Customers Say "No!" ======================================================================= The Federal Deposit Insurance Corporation's (FDIC) is backing away from its proposed "Know Your Customer" regulations after coming under heavy criticism from citizens and bankers. "It's evident to me personally that we are going to have to do something different than what was proposed," FDIC Chairman Donna A. Tanoue told the "American Banker" magazine. The proposed regulations would require banks to monitor customer accounts and report "suspicious" transactions to federal authorities. The rules were issued December 7, 1998, by the FDIC, Federal Reserve Board, Office of the Comptroller of the Currency, and Office of Thrift Supervision. (See EPIC Alert 5.20). Citizens concerned about their privacy have sent more that 14,000 e-mail messages and letters to the FDIC and several thousand more to the Office of Comptroller of the Currency and the Office of Thrift Supervision. The FDIC has received only about a dozen messages supporting the proposed rules. The American Bankers Association, reversing its previous support, has asked the FDIC to kill the controversial plan, stating, "given the widespread and growing negative perception, we are concerned about the prospect of having the public lose confidence in the banking industry." Smaller banks, led by the Independent Bankers Association of America, and America's Community Bankers have long opposed the rules, citing privacy concerns and the burdensome requirements. Congress is also stepping in. Several Republicans, including Majority Whip Tom DeLay (R-TX) introduced the "American Financial Institutions Privacy Act" on February 2. The bill would require a study of the rules' impact on privacy. Implementation of the rules would be delayed for a year after the study was delivered to Congress. Rep. Ron Paul (R-TX) is scheduled to introduce new legislation today that would prohibit the rules completely and repeal the Bank Secrecy Act. The House Banking Committee is planning to hold a hearing on April 15. Comments on the proposed rules may be sent to firstname.lastname@example.org. The comment period ends on March 8. Keep those e-mails coming in! The text of the FDIC proposal is available at: http://www.fdic.gov/banknews/know.html =======================================================================  EPIC Bill-Track: New Bills in Congress ======================================================================= * House Bills * H.R. 220. Freedom and Privacy Restoration Act of 1999. Limits use of SSN, prohibits creation of gov't IDs. Referred to the Committee on Ways and Means, and in addition to the Committee on Government Reform. Sponsor: Ron Paul (R-TX). H.R. 354. Collections of Information Antipiracy Act. Creates new property rights for owners of databases of public information. Sponsor: Howard Coble (R-NC). Referred to the Committee on the Judiciary. H.R. 358. Patients' Bill of Rights Act of 1999. Requires health plans and insurers to protect confidentiality of medical records and allow patient access. Sponsor: John Dingell (D-MI). Referred to the Committee on Commerce, and in addition to the Committees on Ways and Means, and Education and the Workforce. H.R. 367. Social Security On-line Privacy Protection Act of 1999. Limits disclosure of SSNs by interactive computer services. Sponsor: Rep Franks, Bob (R-NJ). Referred to the Committee on Commerce. H.R. 368. Safe Schools Internet Act of 1999. Required schools and libraries to install filters on Internet connected computers. Sponsor Bob Franks (R-NJ). Referred to the Committee on Commerce. H.R. 369. Children's Privacy Protection and Parental Empowerment Act of 1999. Prohibits the sale of personal information about children without their parents' consent. Sponsor: Bob Franks (R-NJ). Referred to the Committee on Judiciary. * Senate Bills * S. 6. Patients' Bill of Rights Act of 1999. Requires health plans and insurers to protect confidentiality of medical records and allow patient access. Sponsor: Tom Daschle (D-SD). Referred to the Committee on Health, Education, Labor, and Pensions. S. 22. Government Secrecy Reform Act of 1999. Sets new rules on classification. Sponsor: Daniel Patrick Moynihan (D-NY). S. 187. Financial Information Privacy Act of 1999. Requires FDIC to set privacy rules. Sponsor: Paul Sarbanes (D-MD). S. 300. Patients' Bill of Rights Plus Act. Sets privacy protections. Prohibits genetic discrimination. Sponsor: Trent Lott (R-MS). Referred to the Committee on Finance. S. 326. Patients' Bill of Rights Act. Sets privacy protections. Prohibits genetic discrimination. Sponsor: James Jeffords (R-VT). Referred to the Committee on Finance. =======================================================================  Upcoming Conferences and Events ======================================================================= Encryption Controls Workshop. February 8, 1999. San Jose, CA. Sponsored by the U.S. Dep't of Commerce. Contact: (202) 482-6031 FC '99: Third Annual Conference on Financial Cryptography. February 22-25, 1999. Anguilla, B.W.I. Contact: http://fc99.ai/ Electronic Commerce and Privacy Legislation -- Building Trust and Confidence. February 23, 1999. Ottawa, Canada. Sponsored by Riley Information Services. http://www.rileyis.com/seminars/Feb99/ Communitarian Summit. February 27-28, 1999. Arlington, Virginia. Contact: http://www.gwu.edu/~ccps 1999 ASAP Western Regional FOIA and Privacy Training Conference. February 28 - March 3, 1999. Portland, Oregon. Contact: http://www.podi.com/asap/ CYBERSPACE 1999: Crime, Criminal Justice and the Internet. March 29 & 30, 1999. York, UK. Sponsored by the British and Irish Legal Education Technology Association (BILETA). http://www.bileta.ac.uk/ Computers, Freedom and Privacy (CFP) '99. April 6-8, 1999. Washington, DC. Sponsored by ACM. Call for proposals available. Contact: http://www.cfp99.org/ Encryption Controls Workshop. May 13, 1999. Raleigh, NC. Sponsored by the US Dept of Commerce. Contact: (202) 482-6031 1999 EPIC Cryptography and Privacy Conference. June 14, 1999. Washington, DC. Sponsored by EPIC. Contact: email@example.com Cryptography & International Protection of Human Rights (CIPHR'99). August 9-13, 1999. Lake Balaton, Hungary. Contact: http://www.cryptorights.org/ ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe or unsubscribe, send email to firstname.lastname@example.org with the subject: "subscribe" (no quotes) or "unsubscribe". A Web-based form is available at: http://www.epic.org/alert/subscribe.html Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail email@example.com, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 6.02 ----------------------- .
Alert Home Page | EPIC Home Page