============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 6.04 March 4, 1999 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents =======================================================================  Intel ID Plan Under Fire: Competitors Critical, Advocates Protest  Reno Proposes National DNA Database  CFP 99 - Early Registration Deadline Approaching  GAO Releases Two Reports on Privacy  Crypto Export Relaxation Bill Introduced  EPIC Bookstore - The End of Privacy  EPIC Bill-Track: New Bills in Congress  Upcoming Conferences and Events =======================================================================  Intel ID Plan Under Fire: Competitors Critical, Advocates Protest ======================================================================= Even in the face of continued public opposition and government investigations, Intel announced plans to move forward with the controversial Processor Serial Number at the Intel Developers Forum last week. According to ZDNN, Michael Glancy, general manager of Intel's platform security division, told developers to expect the chip ID in all the company's products soon including Internet appliances and portable devices based on Intel's StrongARM processor. Intel is also working with several Australian content providers on developing web sites that can only be accessed if the user releases the PSN. Meanwhile, other chip manufacturers have declined to adopt the PSN. Wired News reported that Brian Halla, CEO of National Semiconductor was also dismissive of the PSN, "We personally think security belongs in your wallet. It's personal, not a CPU-centric thing. It doesn't make any sense to have an ID in information appliances." Advanced Micro Designs (AMD), the major competitor of Intel has also not introduced a PSN. Privacy groups wrote to the heads of socially responsible mutual funds on February 26 asking that they divest Intel from their portfolios. Amy Domini, president of the Domini Social Equity Fund, issued a prepared statement: "We take the situation very seriously. Privacy on the Internet is more than simply an issue of personal choice. Without privacy our every political view, personal interest, contact of an old friend or checking on the weather becomes trackable for uses ranging >from selling soap to monitoring segments of the populationÉ We have begun our evaluation, and will include communication with Intel and will make a decision once it is complete." Meanwhile, a European Union recommendation, adopted in late February and announced by EU Internal Market Commission Mario Monti indicates that EU privacy officials will be looking more closely at Internet- based identity schemes. The recommendation cites problems with Web browsers and programming technologies, as well as 'cookies.' More information on the PSN controversy is available at: http://www.bigbrotherinside.com/ =======================================================================  Reno Proposes National DNA Database ======================================================================= Attorney General Janet Reno has asked a federal commission to study the possibility of requiring that a DNA sample be collected from every person arrested in the United States and permanently kept in a national database. Reno asked the National Commission on the Future of DNA Evidence to look into the plausibility of genetic sampling on everyone arrested, including for minor traffic violations, at a meeting of the Commission in Dallas last week. If the proposal is adopted, the DNA database would be quite large. In 1997, over 15 million people were arrested in the US. Currently, the law allows only individuals convicted for a few crimes including sex offenders to have their DNA collected. The FBI Combined Index DNA Indexing System (CODIS) currently contains information on 38,000 people. Another 450,000 samples are awaiting processing. Reno suggested at a press conference in January that in the future police could verify the identity of a detained motorist by means of an onsite DNA test and advanced police computers. Civil libertarians argued against the increased collection at the meeting, saying that mass collection of DNA would be an illegal search with little purpose in most cases, especially for minor crimes. There are concerns that the DNA samples collected could also be used for other purposes, such as research into genetic issues, or be released to others such as insurance companies. The US Defense Department has began to collect samples of all persons in the military and plans to keep the samples indefinitely for other uses such as research. Some states are already moving forward on testing. Louisiana will begin testing all persons arrested in September and New York and North Carolina are considering doing the same. New York City Mayor Rudolf Guiliani went one step further and suggested last month that all children should have a sample of their DNA taken at birth for use in future criminal investigations. The Commission is planning to respond to Reno's request in August. =======================================================================  CFP 99 - Early Registration Deadline Approaching ======================================================================= Register now for the cyber event of the year: C COMPUTERS, FREEDOM, AND PRIVACY F THE GLOBAL INTERNET P 9 WASHINGTON, DC 9 Omni Shoreham Hotel . April 6-8, 1999 O R G ** Early Registration Deadline - March 15, 1999 ** For almost a decade, the conference on Computers, Freedom and Privacy has shaped the public debate on the future of privacy and freedom in the online world. Register now for the number one Internet policy conference. Join a diverse audience from government, industry, academics, the non-profit sector, the hacker community and the media. Enjoy the U.S. Capital in the spring at one of Washington's premier hotels. * Keynote speakers include Tim Berners-Lee (Director, World Wide Web Consortium), Vint Cerf (President, Internet Society), Congressman Ed Markey (sponsor of "The Electronic Bill of Rights Act"), Congressman Ron Paul (sponsor of the Freedom and Privacy Restoration Act), Henrikas Yushkiavitshus (Associate Director, UNESCO). * Lively and thought-provoking panels on -- "the Creation of a Global Surveillance Network," "Access and Equity on the Global Internet," "Anonymity and Identity in Cyberspace," "Free Speech and Cyber Censorship," "Is Escrow Dead? And what is Wassenaar?", "Self-Regulation Reconsidered" and more. * Tutorials -- "The Electronic Communications Privacy Act" (Mark Eckenwiler); "Cryptography: Basic Overview & Nontraditional Uses" (Matt Blaze and Phil Zimmermann), "Free Speech, The Constitution and Privacy in Cyberspace" (Mike Godwin), "Techniques for Circumventing Internet Censorship" (Bennett Haselton and Brian Ristuccia). * Other Events -- Privacy International's Big Brother Awards to the worst privacy violators in the US, EFF's Pioneer Awards to those who have done the most to promote the net. Early Registration Deadline - March 15, 1999 -------------------------------------------- Register on-line at http://www.regmaster.com/cfp99.html or call +1 407 628 3602. Registration inquiries may also be sent to firstname.lastname@example.org. For more information about CFP99, visit http://www.cfp99.org/ or call +1 401 628 3186 =======================================================================  GAO Releases Two Reports on Privacy ======================================================================= The General Accounting Office has released reports on the use of the Social Security Number and medical privacy and research. Medical Records Privacy: Access Needed for Health Research, but Oversight of Privacy Protections is Limited (GAO/HEHS-99-55), Feb. 1999. This report reviews privacy protections of identifiable medical information used for research purposes. It finds that many organizations have internal procedures governing use of medical information including requiring that an institutional review Board (IRB) review all proposals. However, it found that IRBs have limited oversight abilities and frequently waive confidentiality requirements for records. http://www.epic.org/privacy/medical/gao-medical-privacy-399.pdf Social Security: Government and Commercial Use of the Social Security Number is Widespread (GAO/HEHS-99-28), February 1999. The report reviews uses of the SSN by state agencies and commercial organizations including information brokers, financial services and health care organizations. Not suprisingly, the SSN is widely used as either a primary or secondary identifier and the lack of federal laws limiting its use or disclosure is encouraging more uses. These organizations oppose restrictions on their uses of the SSN. However, some states are pulling back from making it available in public records due to privacy concerns. http://www.epic.org/privacy/ssn/gao_ssn_2_99.html =======================================================================  Crypto Export Relaxation Bill Introduced ======================================================================= Congressman Bob Goodlatte (R-VA) has re-introduced legislation in the House of Representatives to relax export controls on encryption products. His bill The Security And Freedom through Encryption (SAFE). H.R. 850, Act marks the 5th consecutive Congress in which legislation to reduce controls has been introduced. The bill limits export license requirements for encryption products that are generally available such as sold on the Internet or though retail outlets, in the public domain, or used in commercial products such as DIVX machines to a one-time 15 day technical review. More specialized products can be sold if the country is one of 45 that manufacturers can currently send strong encryption to financial institutions or if the Secretary of Commerce finds that a foreign producers without export limitations is making a similar product available. The bill makes it lawful to use and sell encryption in the US and prohibits the federal government or state governments from requiring key escrow. It also contains the controversial provision that creates a new federal crime for the use of encryption to conceal criminal conduct. The bill has widespread support in the House but it faces an uphill battle. The bill has 204 co-sponsors including House Majority Leader Dick Armey (R-TZ), Whip Tom Delay (R-TX), Minority Leader Dick Gephardt (D-MO) and Whip David Bonior (D-MI). However, new Speaker of the House Dennis Hastert (R-IL) was an opponent of SAFE in the 105th Congress and the White House remains opposed to any substantial relaxation and would likely veto any bill that was approved. More information on encryption policy is available at: http://www.crypto.org/ =======================================================================  EPIC Bookstore - The End of Privacy ======================================================================= Now available at the EPIC Bookstore [http://www.epic.org/bookstore/]: The Limits of Privacy by Amitai Etzioni http://www.amazon.com/exec/obidos/ASIN/0465040896/electronicprivacA "Etzioni continues his elucidation and defense of 'communitarianism' begun in such previous works as The New Golden Rule: Community and Morality in a Democratic Society (1997). Communitarianism holds that a good society must maintain a balance between individual rights and the common good. Since the 1960s or so, concern for the common good has given way in the US to 'excessive deference to privacy.' Etzioni believes its time to correct the balance. Certainly aware of the importance of privacy, Etzioni lays out specific criteria to be met and stringent processes to be followed when rights are to be curtailed. There must be a real, not hypothetical, danger to the common good. The danger must first be dealt with, without restricting privacy rights if possible. When rights are curtailed the action should be minimally intrusive, and undesired side effects must be guarded against, e.g., if widespread HIV testing is found necessary, efforts must be made to enhance the confidentiality of medical records. Taking this framework, Etzioni examines five areas of public policy, among them mandatory HIV testing of infants, [key escrow], the public listing of sex offenders ('Megan's Laws'), and medical- records privacy. Predictably, in all but the last, where he argues that there should be more protection, he finds a minimal diminution in individual rights justifiable. Sex offenders, for instance, do have their rights curtailed when their presence in a community is made public, but the benefit to the community is worth it. These substantive chapters are intriguing, yet overall there is not much new here. Etzioni has plowed this field often, and the basic premises of his argument are not improved upon. Curiously, he continues to paint privacy with broad strokes, with too little regard for the nuances of that term. Is it hedonism he decries, or selfishness? Are demands for rights all symptomatic of a disregard for the public good? Such issues remain unexplored. (Kirkus Reviews, February 15, 1999, Copyright ©1999, Kirkus Associates, LP) Privacy and Human Rights 1998 - An International Survey of Privacy Laws and Developments http://www.epic.org/bookstore/epic_books.html Now available is the Global Internet Liberty Campaign's comprehensive survey of privacy laws in fifty countries around the world. Among the report's key findings is that there is a growing trend in almost all jurisdictions to enact comprehensive privacy and data protection acts, either to address past government abuses, to promote electronic commerce, or to ensure compatibility with international standards developed by the European Union, the Council of Europe, and the Organization for Economic Cooperation and Development. Less positive is the finding that new technologies are increasingly eroding privacy rights, and that surveillance authority is regularly abused, even in many democratic countries. Price: $15 plus shipping. Available directly from EPIC. These and other titles are available for purchase online at the EPIC Bookstore: http://www.epic.org/bookstore/ =======================================================================  EPIC Bill-Track: New Bills in Congress ======================================================================= EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 106th Congress http://www.epic.org/privacy/bill_track.html * Approved * H.R. 438. Wireless Communications and Public Safety Act of 1999. Mandates location information for cellular phones for 911. Limits use of information. Sponsor Rep Shimkus, John (R-IL). Referred to the House Committee on Commerce on 2/2/99. Subcommittee Hearings Held on 2/3/99. Ordered to be Reported (Amended) by Voice Vote on 2/11/99. Measure passed House, roll call #24 (415-2) on 2/24/99. H.R. 514. Wireless Privacy Enhancement Act of 1999. Prohibits interception of wireless communications, scanners. Sponsor Rep Wilson, Heather. Referred to the Committee on Commerce. Referred to the House Committee on Commerce on 2/2/99. Subcommittee Hearings Held on 2/3/99. Ordered to be Reported (Amended) by Voice Vote on 2/11/99. Measure passed House, roll call #28 (403-3) on 2/25/99. * New House Bills * H.R. 850. Security And Freedom through Encryption (SAFE) Act. Relaxes export controls on encryption, prohibits mandatory key escrow, creates criminal penalty for using crypto in a crime. Sponsor Rep Goodlatte, Bob (R-VA) 204 co-sponsors. Referred to the Committee on the Judiciary, and in addition to the Committee on International Relations. H.R. 852. Freedom to E-File Act. require the Department of Agriculture to establish an electronic filing and retrieval system to enable the public to file all required paperwork electronically with the Department and to have access to public information on farm programs, quarterly trade, economic, and production reports, and other similar information. Sponsor Rep LaHood, Ray. Referred to the House Committee on Agriculture. H.R. 896. Childrens' Internet Protection Act. Require the installation and use by schools and libraries of a technology for filtering or blocking material on the Internet on computers with Internet access to be eligible to receive or retain universal service assistance. Sponsor Rep Franks, Bob (R-NJ). Referred to the House Committee on Commerce. * New Senate Bills * S. 411. Clone Pager Authorization Act of 1999. Expands legal authority to authorize broader use of clone pagers. Sponsor Sen DeWine, Michael (R-OH). Referred to the Committee on Judiciary. S. 466. American Financial Institutions Privacy Act of 1999. Prohibits implementation of "Know your Customer" rules unless approved by Act of Congress, requires study on privacy issues. Sponsor Jeffords, James (R-VT). Referred to the Committee on Banking, Housing, and Urban Affairs. =======================================================================  Upcoming Conferences and Events ======================================================================= Access to Information: Strategies and Solutions. March 16, 1998. Arlington, VA. Sponsored by the Freedom Forum and American Library Association. http://www.freedomforum.org/first/1999/2/ombudevents.asp CYBERSPACE 1999: Crime, Criminal Justice and the Internet. March 29 & 30, 1999. York, UK. Sponsored by the British and Irish Legal Education Technology Association (BILETA). http://www.bileta.ac.uk/ "Computers, Freedom and Privacy: The Global Internet," April 6-8, 1999. Washington, DC. Sponsored by ACM. Early registration deadline: March 15. Online registration: http://www.cfp99.org/ Encryption Controls Workshop. May 13, 1999. Raleigh, NC. Sponsored by the U.S. Dep't of Commerce. Contact: (202) 482-6031 Cryptography & International Protection of Human Rights (CIPHR'99). August 9-13, 1999. Lake Balaton, Hungary. Contact: http://www.cryptorights.org/ ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to email@example.com with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail firstname.lastname@example.org, http://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 6.04 ----------------------- .
Alert Home Page | EPIC Home Page