EPIC logo

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
   Volume 8.11                                      June 15, 2001
                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.
Table of Contents
[1] Supreme Court Rules on Thermal Imaging Case
[2] Court of Appeals Asks: Is Computer Code Speech?
[3] ICANN Conducts Survey on Whois Policy
[4] Experts Discuss Internet Issues at National Press Club
[5] Groups Urge FTC to Pursue Privacy Protection
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Invasion of Privacy
[8] Upcoming Conferences and Events
[1] Supreme Court Rules on Thermal Imaging Case
In a 5-4 opinion written by Justice Scalia, the U.S. Supreme Court
held in Kyllo v. United States that the warrantless use of a thermal
imaging device to detect heat emanating from a person's residence
constituted an illegal search under the Fourth Amendment.
In 1992, Danny Lee Kyllo was arrested after Oregon police searched his
home and found more than 100 marijuana plants growing inside.  The
search warrant was obtained after the police scanned the roofs and
walls of Kyllo's home with a thermal imager to detect the infrared
rays radiating from the halide lamps typically used to grow marijuana.
Kyllo pleaded guilty to the charges, conditioned on his ability to
challenge the constitutionality of the search.  Although the District
Court and Ninth Circuit rejected his Fourth Amendment claim, the
Supreme Court reversed, stating that "[w]here, as here, the government
uses a device that is not in general public use, to explore details of
the home that would previously have been unknowable without physical
intrusion, the surveillance is a 'search' and is presumptively
unreasonable without a warrant."
In an unusual, ideologically diverse faction, Justices Thomas, Souter,
Ginsburg and Breyer joined Scalia's opinion.  Upholding classic Fourth
Amendment jurisprudence, the majority found that the Fourth Amendment
protects that over which an individual has a subjective expectation of
privacy that society would deem reasonable.  Rejecting the dissent's
proposition that the scan was not a search because the device did not
penetrate the walls of the home but instead merely read "off the
wall," Scalia asserted that any and all details about one's home -
including so mundane a detail as the infrared rays emitted from within
- are intimate not because they are important but because they are
private, and thus are protected by the Fourth Amendment.
Chief Justice Rehnquist and Justices O'Connor and Kennedy joined
Justice Stevens's dissent, which characterized the majority opinion as
both too narrow and too broad.  Making the traditional distinction
between information kept within the home and that which escapes the
home and is exposed to "plain view," over which there is no further
expectation of privacy, the dissent found Kyllo's privacy interest to
be "trivial," especially given that he made no attempt to prevent the
heat from escaping his home.  Further, Stevens found the majority's
emphasis on protection of the home to be a misconstruction of Fourth
Amendment jurisprudence, in which the protection is generally granted
more broadly to "people, not places."
On June 14, House Majority Leader Dick Armey (R-TX) sent a letter to
Attorney General John Ashcroft drawing a parallel between the Supreme
Court's majority opinion in Kyllo v. United States and the FBI's
controversial continued use of the Carnivore Internet surveillance
system.  In the letter, Rep. Armey asks whether, similar to thermal
imaging, Carnivore "undermines the minimum expectation that
individuals have that their personal electronic communications will
not be examined by law enforcement devices unless a specific court
warrant has been issued."  According to news reports, Attorney General
Ashcroft is reviewing the FBI's use of Carnivore and will soon respond
to Rep. Armey directly.
Kyllo v. United States, Certiorari to the United States Court of
Appeals for the Ninth Circuit, No. 99-8508:
June 14 Letter from House Majority Leader Armey to Attorney General
Ashcroft regarding Carnivore (DCS-1000):
For more information about thermal imaging devices, visit the website
of FLIR Systems, Inc.:
[2] Court of Appeals Asks: Is Computer Code Speech?
The Second Circuit Court of Appeals is considering the question of
whether computer code is protected speech under the First Amendment.
At issue is a case brought by eight motion picture companies against
2600 Magazine to enjoin it from publishing or linking to DeCSS, a
computer program used to circumvent the encryption used in DVDs.
The movie studios contend that DeCSS is an unlawful circumvention
device and that, as such, the defendants are prohibited by the
anti-trafficking provisions of the Digital Millennium Copyright Act
(DMCA) from distributing it.
The Court heard oral arguments in Universal City Studios, Inc. v.
Reimerdes on May 1.  A week later it sent written requests to both
parties for further clarification on the question of whether DeCSS is
itself a form of speech.  This question will determine the level of
scrutiny the Court will apply when examining the DMCA's restrictions
on its dissemination and use.
In its reply brief, the Electronic Frontier Foundation, on behalf of
the defendant, argues that "DeCSS itself has no non-speech elements"
and similarly that its "dissemination .. by a member of the media
covering an issue of public concern is pure speech."  They liken the
computer program to "blueprints and instructions for a photocopier,
recipes, books about fixing cars, and videos on baby care" and argue
that just because somebody "might use [it] to do something" does not
mean that it is any less protected as speech.
The movie studios, on the other hand, deny that DeCSS involves any
form of speech referring to it as a "digital crowbar" designed to
deliberately circumvent copyright protection technologies.  They
continue that the prohibition on its distribution is just the same as
measures prohibiting "the provision of gambling devices, trafficking
in satellite theft devices, and trafficking in cable signal theft
devices" and is not a content based restriction on speech.
Courts have previously ruled that computer source code can be
considered speech.  Last year, in the case of Junger v. Daley, the
Sixth Circuit Court of Appeals held that encryption source code was
protected by the Constitution as "an expressive means for the exchange
of information and ideas about computer programming" (see EPIC Alert
The movie studios' brief is available at:
The Electronic Frontier Foundation (EFF) brief is available at:
The Sixth Circuit decision in Junger v. Daley is available at:
[3] ICANN Conducts Survey on Whois Policy
The Internet Corporation for Assigned Names and Numbers (ICANN) is
currently conducting a survey of the Internet community's views on
the Whois database and related data protection issues.  ICANN is the
international organization charged with the management of the Domain
Name System (DNS) and other technical functions related to Internet
The Whois database provides contact information, through publicly-
accessible websites, for all Internet users who have registered domain
names.  The contact information required for the domain name
registration process includes names, mailing addresses, email
addresses, fax numbers and telephone numbers.  The original and most
important purpose of the Whois database is to provide contact
information for Internet users in case of network or security
Earlier this year, EPIC sent a letter to Congress urging members to
closely examine the privacy issues implicated in the Whois database
and other privacy practices of registrars, companies that register
domain names for individuals and companies.  The letter highlights
three privacy issues affected by registrar data handling practices.
The first is the Whois database that makes contact information
publicly available for all domain name registrants.  The letter points
out that many people who now register domain names do so for personal
use or for use in a small business setting and thus may reveal home
addresses and phone numbers.  The second privacy issue is the current
ability of registrars to sell bulk access to domain name registrant
data for a fee; thus resulting in the aggressive marketing of such
information by registrars like Network Solutions, Inc. (NSI).  The
third privacy issue is that requirements to provide contact
information eliminate the possibility of anonymous registration of
domain names.  As the letter discusses, anonymous speech is an
important element of free expression and should be fostered on the
The letter concludes by urging ICANN and registrars to limit the
amount of information required and displayed through domain name
registration, to end the sale of domain name registrant data and to
promote anonymous registration of domain names.
The survey distributed by ICANN is open to the entire Internet
community and provides an opportunity to establish a higher level of
privacy protection than currently available.  The survey is currently
only available in English and Spanish but more translations should be
forthcoming.  Responses will be accepted until July 31st.
ICANN Whois Survey:
EPIC Letter on Privacy of Domain Name Registration Data:
[4] Experts Discuss Internet Issues at National Press Club
On June 4, EPIC and the Harvard Information Infrastructure Project
(HIIP) held an event at the National Press Club titled "Policy
Briefing: Emerging Cyberspace Issues."  Bringing together legal and
technical experts, the event examined Internet Jurisdiction and Global
Privacy Protection.
The first panel on Internet Jurisdiction included: Professor Julie E.
Cohen of Georgetown University Law Center, Professor James Boyle of
the Duke University School of Law, Professor David J. Farber of the
University of Pennsylvania Computer and Information Science
Department, Professor Michael Geist of the University of Ottawa Law
School, Professor Pamela Samuelson of the University of California at
Berkeley School of Information Management and Systems and School of
Law, and Dr. Barbara Simons, Fellow of the American Association for
the Advancement of Science.
Many of the speakers on the first panel challenged the notion that
jurisdiction does not apply to the Internet and said that existing
legal standards have not kept up with changes in technology.
Professor Geist argued that other factors (such as the use of
contracts, geographic-identifying technology and knowledge of parties
involved in a dispute that their actions would impact people in a
certain forum) should be considered when establishing jurisdiction.
Professor Farber added that policy makers should consider the entire
communications system rather than just focusing on the Internet.  Dr.
Simons urged more policy makers to examine the impact and implications
of new technology.
The second panel on Global Privacy Protection included: Simon Davies
of Privacy International, Dr. Whitfield Diffie of Sun Microsystems,
Professor Oscar H. Gandy Jr. of the Annenberg School of Communications
at the University of Pennsylvania, Austin Hill of Zero-Knowledge
Systems, Professor Paul M. Schwartz of Brooklyn Law School and Robert
Ellis Smith, publisher of Privacy Journal.
Many speakers on the second panel agreed that U.S. privacy laws would
have to be strengthened in order to meet the standards set by other
countries around the world.  Mr. Davies provided an overview of new
emerging technologies, such as biometrics and smart cards, that would
likely impact privacy in the future.  Professor Schwartz discussed
recent developments in the Safe Harbor arrangement that provides a
framework for data transfers between the European Union and the United
More information about the event and speakers is available at:
[5] Groups Urge FTC to Pursue Privacy Protection
Privacy Coalition members have called upon Federal Trade Commission
to make privacy protection a top priority for the agency in the Bush
Administration.  In a letter addressed to the new FTC Chairman,
Timothy Muris, Privacy Coalition members wrote that the FTC failed to
take action in cases where major companies either unilaterally
changed their privacy policies or engaged in improper collection of
individuals' data.  In light of these lapses, the FTC should take
affirmative steps to strengthen privacy protection.  Specific steps
outlined by Privacy Coalition members include: improving the
processing of privacy complaints, submitting an annual FTC report to
Congress on the number and nature of privacy complaints received by
the agency, entering complaints in the Consumer Sentinel database,
reevaluating the protection of consumer privacy under the "unfair and
deceptive trade practices" regime, meeting regularly with privacy
groups on policy issues, and encouraging the development of Privacy
Enhancing Technologies.
In recent years, former FTC Chairman Robert Pitofsky increased the
agency's involvement in privacy protection.  Under Pitofsky's
direction, FTC held several public workshops on privacy but has only
pursued a handful of privacy cases under its authority to prosecute
unfair and deceptive trade practices.  These efforts culminated in a
May 2000 report to Congress where a majority of FTC Commissioners
recommended the adoption of legislation to protect individuals'
In related privacy news, on June 12, Sen. Tom Harkin (D-IA) and Sen.
Jim Bunning (R-KY) introduced the Social Security Number Privacy and
Identity Theft Prevention Act "to ban the sale or unauthorized
publication of an individual's Social Security number."  The press
release accompanying the introduction of the bill cites the need for
protections given the growing incidence of identity theft and promises
future hearings on Social Security number privacy.
Privacy Coalition Letter to FTC Chair Muris:
EPIC's May 2001 Testimony before the House Subcommittee on Social
Security on privacy issues:
EPIC Social Security Numbers and Privacy Page:
[6] EPIC Bill-Track: New Bills in Congress
H.R.1971 Voting Rights Protection Act of 2001. To amend the National
Voter Registration Act of 1993 to require States to give notice and an
opportunity for review prior to removing individuals from the official
list of eligible voters in elections for Federal office by reason of
criminal conviction, and for other purposes. Sponsor: Rep Meek, Carrie
P. (D-FL). Latest Major Action: 5/23/2001 Referred to House committee:
House Administration.
H.R.2031 Consumer Credit Report Accuracy and Privacy Act of 2001. To
amend the Fair Credit Reporting Act to allow any consumer to receive a
free credit report annually from any consumer reporting agency.
Sponsor: Rep Roybal-Allard, Lucille (D-CA). Latest Major Action:
5/25/2001 Referred to House committee: House Financial Services.
H.R.2036 Social Security Number Privacy and Identity Theft Prevention
Act of 2001. To amend the Social Security Act to enhance privacy
protections for individuals, to prevent fraudulent misuse of the
Social Security account number, and for other purposes. Sponsor: Rep
Shaw, E. Clay, Jr. R-FL). Latest Major Action: 5/25/2001 Referred to
House committee: House Financial Services; House Energy and Commerce;
House Ways and Means.
H.RES.159. Expressing the sense of the House of Representatives that
machine-readable privacy policies and the Platform for Privacy
Preferences Project specification, commonly known as the P3P
specification, are important tools in protecting the privacy of
Internet users, and for other purposes. Sponsor: Rep Smith, Adam
(D-WA). Latest Major Action: 6/7/2001 Referred to House committee:
House Government Reform; House Administration; House Energy and
S.918 Child Support Distribution Act of 2001. A bill to provide more
child support money to families leaving welfare, to simplify the rules
governing the assignment and distribution of child support collected
by States on behalf of children, to improve the collection of child
support, and for other purposes. Sponsor: Sen Snowe, Olympia J.
(R-ME). Latest Major Action: 5/21/2001 Referred to Senate committee:
Senate Finance.
S.1014 Social Security Number Privacy and Identity Theft Prevention
Act of 2001. A bill to amend the Social Security Act to enhance
privacy protections for individuals, to prevent fraudulent misuse of
the  Social Security account number, and for other purposes. Sponsor:
Sen Bunning, Jim (R-KY). Latest Major Action: 6/12/2001 Referred to
Senate committee: Senate Finance.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - Invasion of Privacy
Invasion of Privacy: How to Protect Yourself in the Computer Age by
Michael Hyatt
From best-selling author and leading consumer advocate Michael Hyatt
comes a startling report of how the government, industry, individuals,
and interest groups have access to personal information about you.
Fortunately, "Invasion of Privacy: How to Protect Yourself in the
Digital Age" contains valuable information about what you can do to
protect yourself.
For other books recommended by EPIC, browse the EPIC Bookshelf at:
EPIC Publications:
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls," (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
[8] Upcoming Conferences and Events
ETHICOMP 2001: Systems of the Information Society. Telecommunications
and Informatics Technical University of Gdansk, Poland. June 18-20,
2001. Gdansk, Poland. For more information:
Computer System Security and Privacy Advisory Board (CSSPAB) Public
Meeting. John Marshall Law School. June 19-21, 2001. Chicago, IL.
For more information: http://csrc.nist.gov/csspab/
ACS/IEEE International Conference on Computer Systems and Applications
2001: Taking Stock of Existing Technology, Charting Future Trends.
Lebanese American University. June 25-29, 2001. Beirut, Lebanon. For
more information:
Democracy Forum 2001: Democracy and the Information Revolution.
International Institute for Democracy and Electoral Assistance. June
27-29, 2001. Stockholm, Sweden. For more information:
Call for Papers - June 30, 20001. CEPE2001: Computer Ethics,
Philosophical Enquiries. Lancaster University (UK). Centre for Study
of Technology in Organizations, Institute for Environment, Philosophy
and Public Policy. December 14-16, 2001. For more information:
Re-shaping the Culture of Research: People, Participation,
Partnerships & Practical Tools - Fourth Annual Community Research
Network Conference. The Loka Institute. July 6-8, 2001. Austin, TX.
For more information: http://www.loka.org/
The Online Privacy Conference: Integrating Security and Privacy for
Data Protection. MIS Training Institute. July 17-18, 2001, Optional
Workshops July 16, 2001. Chicago, IL.  For more information:
Privacy: The New Management Imperative - Chief Privacy Officer
Training Program. Southern Methodist University and Privacy Council.
July 17-19 and October 15-17, 2001. Dallas, TX. For more information:
Health Information Privacy: Dialogue with the Stakeholders. Riley
Information Services, Inc. September 28, 2001. Ottawa, Canada. For
more information: http://www.rileyis.com/seminars/
Call For Submissions - August 3, 2001. Workshop on Security and
Privacy in Digital Rights Management 2001. Eighth Association for
Computing Machinery (ACM) Conference on Computer and Communications
Security. November 5, 2001. For more information:
ICSC 2001: International Conference on Social Computing. University of
Bremen. October 1-3, 2001. Bremen, Germany. For more information:
Privacy2001: Information, Security & Ethics for the New Century.
Technology Policy Group. October 3-4, 2001. Cleveland, Ohio. For more
information: http://www.privacy2000.org/
Nurturing the Cybercommons, 1981-2001. Computer Professionals for
Social Responsibility (CPSR) 20th Annual Meeting. October 19-21, 2001.
Ann Arbor, MI. For more information:
Privacy: The New Management Imperative - Chief Privacy Officer
Training Program. Cambridge University and Privacy Council.
November 5-8, 2001. Cambridge, England. For more information:
Learning for the Future. Business for Social Responsibility's Ninth
Annual Conference. November 7-9, 2001. Seattle, WA. For more
information: http://www.bsr.org/events/2001.asp
Subscription Information
The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:
To subscribe or unsubscribe using email, send email to
epic-news@epic.org with the subject: "subscribe" (no quotes) or
Back issues are available at:
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you have
any other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
  ---------------------- END EPIC Alert 8.11 -----------------------