============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 7.11 June 14, 2000 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org ======================================================================= Table of Contents =======================================================================  Gore Offers Protections for Social Security Numbers, Genetic Data  EPIC Renews Call for Baseline Privacy Standards Legislation  EPIC Urges Rejection of Online Age Verification Systems  Terrorism Commission Recommendations Could Threaten Privacy  Commerce Committee Hears from FTC on Internet Privacy  EPIC Event Addresses Privacy and the Free Software Movement  EPIC Bookstore - New Publications on Privacy  Upcoming Conferences and Events =======================================================================  Gore Offers Protections for Social Security Numbers, Genetic Data ======================================================================= Responding to widespread public support for privacy protection, Vice President Al Gore recently presented two proposals governing the use of Social Security numbers and genetic data. The policy initiatives suggest that privacy could emerge as a major issue in this fall's presidential campaign. Last week, the Vice President introduced his proposal to protect Social Security numbers (SSNs), the Social Security Protection Act of 2000. Gore's proposal is sponsored by Sen. Dianne Feinstein (D-CA) and Rep. Ed Markey (D-MA). The proposal would limit the sale or purchase of SSNs to instances in which an individual has voluntarily and affirmatively given his or her consent to that disclosure. Currently, SSNs -- often an important identifier for financial, credit and health records -- can simply be bought from "lookup services" without an individual's permission. The proposal would require the Federal Trade Commission and state attorneys general to jointly enforce the protections. The proposal is an important first step in responding to the growing problems with the misuse of the Social Security number. However, other issues could be addressed as the proposal goes forward. For example, outlawing the sale and purchase of the Social Security number has been previously proposed in studies of SSNs. In addition, consumers should be assured that they would not lose the opportunity to receive a benefit or conduct business if a private company unjustly requires a SSN. Many individuals can be compelled to provide a SSN that they might otherwise not want to disclose. Also, while consent is a key step before dislosing a SSN, it is preferable that the data collector specify and limit future uses of that data. Lastly, the proposal could include provisions so that the individual would have an independent ability to pursue what he or she thinks are infractions of the law and seek the appropriate remedies. As reported in the press, the Vice President is also formulating restrictions on the use of genetic data. Following up on President Clinton's executive order barring government agencies from using genetic data in hiring and promotion decisions (see EPIC Alert 7.03), Vice President Gore would seek to extend such protections to workers in the private sector. The issue at hand in both proposals is the possibility of discrimination against employees who may have genetic predispositions for cancer or other diseases. For more information about Social Security numbers is available at: http://www.epic.org/privacy/ssn/ EPIC's recent testimony on the "Use and Misuse of the Social Security Number" before the House Committee on Ways and Means: http://www.epic.org/privacy/ssn/testimony_0500.html =======================================================================  EPIC Renews Call for Baseline Privacy Standards Legislation ======================================================================= EPIC director Marc Rotenberg testified before the Senate Commerce Committee on June 13, arguing that there is a current need for legislation to establish baseline privacy standards for electronic commerce. The committee hearing focused on online data collection practices and profiling by third party advertising companies such as DoubleClick. EPIC renewed the warning that self-regulation would fail to protect privacy, citing pending litigation and a Federal Trade Commission (FTC) inquiry growing out of DoubleClick's practices. Rotenberg told the committee, "We think the lesson is clear that legislation is necessary. Even good models for online advertising can quickly change without baseline privacy rules." Richard Smith, an Internet consultant who examines privacy issues, told the committee that "The data collection systems that the Internet ad companies are currently running are getting personal and sensitive information that almost everyone will agree is none of the business of these companies." He said that, "It's almost like they have put hidden microphones in our homes and our offices and they are listening to what we do all day long." The New York Times reported that all six senators who participated in the hearing hearing said legislation is needed to ensure that Americans are protected from unwittingly disclosing private information. "Absent legislation, meaningful enforcement and airtight coverage, online profiling will eviscerate personal privacy," said Commerce Committee Chairman John McCain (R-AZ). Privacy advocates have long maintained that industry "self-regulation" is inadequate to prevent invasions of privacy, especially in the online advertising business. The FTC recently released a report on the results of its latest survey of website privacy policies. The survey documented that only 20 percent of a random sample of websites addressed basic elements of Fair Information Practices. Based on the findings of the survey, a majority of the FTC Commissioners have recommended that legislation is needed to protect privacy on the Internet (see item 5 below). The text of EPIC's testimony is available at: http://www.epic.org/privacy/internet/senate-testimony.html The FTC report on Fair Information Practices on Electronic Commerce is available at: http://www.ftc.gov/reports/privacy2000/privacy2000text.pdf =======================================================================  EPIC Urges Rejection of Online Age Verification Systems ======================================================================= In testimony before the Commission on Child Online Protection on June 9, EPIC General Counsel David Sobel urged the rejection of age verification requirements as a condition of access to Internet content, noting that the privacy implications of such requirements are inseparable from the free speech implications. He told the Commission that rather than focusing on approaches that seek to block access to information and compromise privacy, it should emphasis and support educational initiatives that will help young people learn to responsibly and safely navigate the Internet. The Commission is seeking to "identify technological or other methods that . . . will help reduce access by minors to material that is harmful to minors on the Internet," including the deployment of "age verification" systems. Given the inherent subjectivity of terms such as "harmful to minors" or "indecent," Sobel first told the Commission that EPIC believes efforts to mandate restrictions on access to such material are prohibited by the First Amendment, particularly in a medium like the Internet, which makes content available in every community in the nation. He noted that First Amendment considerations, as well as privacy issues, are an important aspect of the Commission's inquiry, because "any requirement that Internet users identify themselves in some way as a condition of access to online content necessarily chills free speech." Sobel said that a new regime for the collection of personal data in the name of "child online protection" would impose yet another burden on the privacy of Internet users. The American people, when they go online, are already acutely aware of the fact that they are being over-monitored and over-profiled. For that reason, he said, such requirements would introduce a troubling new component into the Internets architecture, one that would hasten the demise of both personal privacy and freedom of expression. The Commission on Child Online Protection was established by Congress in the Child Online Protection Act (COPA). The criminal provisions of COPA have been enjoined by a federal judge in a constitutional challenge brought by EPIC and the ACLU. A decision on the government's appeal of that ruling is pending from the U.S. Court of Appeals for the Third Circuit. EPIC's testimony on Internet age verification is available at: http://www.epic.org/free_speech/copa/statement_6_00.html Information on Internet content controls is available at the Internet Free Expression Alliance website: http://www.ifea.net =======================================================================  Terrorism Commission Recommendations Could Threaten Privacy ======================================================================= The National Commission on Terrorism recently released its report, "Countering the Changing Threat of International Terrorism." The Commission was established shortly after U.S. embassies were attacked in 1998. The report puts forth several proposals that could threaten the legal rights and privacy of Americans. One of the more troubling proposals would be the streamlining of procedures required before law enforcement agencies can begin surveillance as set by the Foreign Intelligence Surveillance Act (FISA). Despite claims that "under ordinary circumstances, the FISA process can be slow and burdensome," USA Today recently reported that the number of wiretaps used in spying and terrorism investigations last year hit an all-time of 880. The process for authorizing this category of wiretap requests proceeds through a secret court with little public accountability. Many of the other proposals in the report may also impact personal privacy. The Commission recommended the formation of a joint task force composed of representatives from all government agencies possessing information or authority relevant to possible fundraising for terrorist groups. The list of agencies that would fall under this broad recommendation include the National Security Agency, Central Intelligence Agency, Federal Bureau of Investigation, Financial Crimes Enforcement Network, Department of State, U.S. Customs Service, Office of Foreign Assets Control and Internal Revenue Service. Other recommendations include closer monitoring of foreign students studying in the United States, new laws and international agreements to prevent "cyber crime" and the development of new sensors and detection devices to be used at entry points into the country. The National Commission on Terrorism's report is available online at: http://www.fas.org/irp/threat/commission.html More information on FISA and wiretaps is available at: http://www.epic.org/wiretap/ =======================================================================  Commerce Committee Hears from FTC on Internet Privacy ======================================================================= The Senate Commerce Committee convened on May 25 to hear testimony regarding the Federal Trade Commission's report on Internet privacy (see EPIC Alert 7.10). According to the Commission's surveys, approximately 42 percent of the busiest Web sites and only 20 percent of the random sample have privacy policies which address Fair Information Practices. The report, approved by a 3-2 vote from the Commissioners, also recommended legislation in order to protect consumer privacy on the Internet. At the Commerce Committee hearing, all five FTC Commissioners presented testimony and spoke about the recent report. Also speaking were Jason Catlett, President of Junkbusters; Christine Varney, Senior Partner at Hogan and Hartson; Jerry Berman, Executive Director of the Center for Democracy and Technology; Jill Lesser, Vice-President of Domestic Public Policy at America Online; Daniel Weitzner, Technology and Society Domain Leader of the World Wide Web Consortium. The full hearing is available over the web for the next few weeks at: http://www.cspan.org/ The testimony of the FTC Commissioners is available at: http://www.ftc.gov/opa/2000/05/privacytestimony.htm The testimony of Jason Catlett, President of Junkbusters is available at: http://www.junkbusters.com/ht/en/testimony.html =======================================================================  EPIC Event Addresses Privacy and the Free Software Movement ======================================================================= On June 5, EPIC held a symposium at the National Press Club on the future of the Internet, and in particular the state of privacy protection and the rise of the free software movement. Exploring the future of privacy were Deborah Hurley, Executive Director, Harvard Information Infrastructure Project, Kennedy School of Government; Professor Anita Allen-Castellito, University of Pennsylvania Law School; Professor David Flaherty, former Information and Privacy Commissioner, British Columbia; Professor Gary Marx, Massachusetts Institute of Technology; Professor Jeffrey Rosen, George Washington University Law School, author "The Unwanted Gaze: The Destruction of Privacy in America"; and Robert Ellis Smith, publisher, Privacy Journal, author "Ben Franklin's Web Site: Privacy and Curiousity from Plymouth Rock to the Internet". Speaking about the rise of the free software movement were Professor James Boyle, American University Law School; Professor Julie Cohen, Georgetown University Law Center; Whitfield Diffie, Distinguished Engineer, Sun Microsystems; Austin Hill, President, Zero Knowledge Systems; Barbara Simons, President, Association for Computing Machinery; and Peter Wayner, author "Free For All: How Linux and the Software Movement Undercut the High-Tech Titans". Video coverage of the symposium is archived at: http://www.exbtv.com/index7.jhtml?subsectionId=6451 More information about the three new books highlighted at the event and EPIC publications is available at: http://www.epic.org/bookstore/ =======================================================================  EPIC Bookstore - New Publications on Privacy ======================================================================= The Unwanted Gaze : The Destruction of Privacy in America by Jeffrey Rosen http://www.amazon.com/exec/obidos/ISBN=0679445463/electronicprivacA As thinking, writing, and gossip increasingly take place in cyberspace, the part of our life that can be monitored and searched has vastly expanded. E-mail, even after it is deleted, becomes a permanent record that can be resurrected by employers or prosecutors at any point in the future. On the Internet, every website we visit, every store we browse in, every magazine we skim--and the amount of time we skim it--create electronic footprints that can be traced back to us, revealing detailed patterns about our tastes, preferences, and intimate thoughts. In this pathbreaking book, Jeffrey Rosen explores the legal, technological, and cultural changes that have undermined our ability to control how much personal information about ourselves is communicated to others, and he proposes ways of reconstructing some of the zones of privacy that law and technology have been allowed to invade. Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet by Robert Ellis Smith http://www.amazon.com/exec/obidos/ISBN=0930072146/electronicprivacA This new book explores the hidden niches of American history to discover the tug between Americans' yearning for privacy and their insatiable curiosity. The book describes Puritan monitoring in Colonial New England, then shows how the attitudes of the founders placed the concept of privacy in the Constitution. This panoramic view continues with the coming of tabloid journalism in the Nineteenth Century, and the reaction to it in the form of a new right - the right to privacy. The book includes histories of wiretapping, of credit reporting, of sexual practices, of Social Security numbers and ID cards, of modern principles of privacy protection, and of the coming of the Internet and the new challenges to personal privacy it brings. "Robert Ellis Smith's expose of privacy invasion will be one of the sleeper best-selling books in the year 2000," wrote columnist William Safire in The New York Times, December 1999. "His numerous books are required reading for anyone concerned about the ongoing threats," said Simson Garfinkel in Database Nation. ================================ EPIC Publications: "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom - Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments," David Banisar, Simon Davies, editors, (EPIC 1999). Price: $15. http://www.epic.org/privacy&humanrights99/ An international survey of the privacy and data protection laws found in 50 countries around the globe. This report outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ =======================================================================  Upcoming Conferences and Events ======================================================================= First Annual Institute on Privacy Law: Strategies for Legal Compliance in a High Tech and Changing Regulatory Environment. Practicing Law Institute. June 22-23, 2000. New York, NY. PLI Conference Center. For more information: http://www.pli.edu Telecommunications: The Bridge to Globalization in the Information Society. Biennial Conference of the International Telecommunications Society. July 2-5, 2000. For more information: http://www.its2000.org.ar Successfully Managing the New Data Protection Laws. Privacy Laws & Business. July 3-5, 2000. Cambridge, England. For more information: http://www.privacylaws.com/ INET 2000: Internet Global Summit. Internet Society. July 18-20, 2000. Yokohama, Japan. For more information: http://www.isoc.org/inet2000 Infomediaries: Leveraging Consumer Profile Data on the Web. Institute for International Research. July 20-21, 2000. San Francisco, CA. Hyatt Regency Embarcadero Center. For more information: http://www.iir-ny.com/conference.cfm?EventID=M1185 First International Hackers Forum. The Green Planet. August 18-20, 2000. Zaporozhye, Ukraine. For more information: http://www.geocities.com/hack_forum Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more information: http://www.surveillance-expo.com KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and UNESCO. September 26-29, 2000. Vienna, Austria. For more information: http://www.ocg.at/KR-IE2000.html One World, One Privacy: 22nd Annual International Conference on Privacy and Personal Data Protection. September 28-30, 2000. Venice, Italy. For more information: http://www.dataprotection.org/ Privacy: A Social Research Conference. New School University. October 5-7, 2000. New York, NY. For more information: http://www.newschool.edu/centers/socres/privacy/ Privacy2000: Information and Security in the Digital Age. October 31- November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For more information: http://www.privacy2000.org ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to firstname.lastname@example.org with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail email@example.com, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 7.11 ----------------------- . .