EPIC logo
        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 8.22                                  November 13, 2001
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
Table of Contents
[1] International Coalition Urges EU to Safeguard Privacy
[2] Groups File Comments at FCC to Protect Telephone Privacy
[3] Consumer Privacy Figures Prominently at House Hearing
[4] Face Recognition Technology Under Scrutiny
[5] Feinstein Introduces Legislation, Will Hold Hearings on Biometrics
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Future of Ideas
[8] Upcoming Conferences and Events
[1] International Coalition Urges EU to Safeguard Privacy
An international coalition of consumer and privacy organizations,
organized by EPIC, wrote yesterday to Guy Verhofstadt, President of
the European Union Council of Ministers, expressing their concerns
about President Bush's recent letter requesting that the proposed EU
Directive on the protection of privacy in the electronic communi-
cations sector be altered to allow for data retention of telephone 
calls and Internet messages.  EU lawmakers were scheduled to vote 
today on the issue.
Bush's letter contains a list of measures that he wants the EU to
implement to fight terrorism.  One of them asks that EU law
enforcement authorities "permit the retention of critical data for a
reasonable period."  The proposed EU directive currently allows
telecommunications companies and Internet service providers to retain
data from phone calls and Internet communications for for billing
purposes, for a period of time no longer than necessary. Bush's
request is aimed at giving EU law enforcement authorities blanket
retention powers on all communications data for hypothetical criminal
The coalition's letter emphasizes that many members of the European
Parliament, EU Privacy commissioners, and the European Parliament
Committee on Citizens' Freedoms and Rights, Justice and Home Affairs,
had all condemned routine data retention as violating the fundamental
rights to privacy and data protection, freedom of expression, and
presumption of innocence.  It further notes that such a proposal would
be inconsistent with international conventions on human rights.
The letter also argues that Bush's request is a threat to the privacy
of Americans, since nothing would prevent U.S. law enforcement
authorities from obtaining data held in Europe that it could not
legally obtain domestically.  Current U.S. regulations do not require
data retention, even after the recent enactment of the sweeping
anti-terrorism legislation known as the USA PATRIOT Act.
EPIC has filed requests under the Freedom of Information Act seeking
the text of President Bush's letter, as well as other information
concerning U.S. efforts to erode privacy protections in Europe.
The coalition's letter is available at:
     http://www.gilc.org/verhofstadt_french.html (version française)
Information on EU lawmaker's vote (choose Strasbourg, "November 13"):
New York Times coverage of the issue is available at:
[2] Groups File Comments at FCC to Protect Telephone Privacy
On November 1, EPIC and seventeen other civil liberties and consumer
protection groups filed comments with the Federal Communications
Commission (FCC) urging it to protect the privacy of telephone
customers by adopting an opt-in policy towards use of customer
information by telecommunications carriers.
The FCC's request for public comments relates to the use by telecom-
munications carriers of "customer proprietary network information"
(CPNI), which includes the name, telephone number, call information
and services subscribed to by a telephone customer.  In 1998, the FCC
promulgated its initial rule regarding CPNI, which required telecom-
munication carriers to obtain explicit customer approval (opt-in)
before using such information in any manner inconsistent with
provision of services (for example, building detailed profiles based
on personal information obtained through private telephone calls).  An
alternative approach is opt-out, which enables the carrier to use CPNI
until a customer informs it otherwise. The FCC rejected an opt-out
approach as insufficiently protective of customer privacy, because
opting-out places the burden on the customer, many of whom are wholly
unaware of their right to opt-out.
In U.S. West v. FCC, the U.S. Court of Appeals for the 10th Circuit
ruled that the FCC's opt-in approach did not pass First Amendment
scrutiny because the decision to require "opt-in" was not adequately
considered or supported by existing facts.  In response to this 1999
court decision, the FCC in October 2001 issued a request for public
comments, seeking advice on, among other things, whether an opt-in
approach inherently violates the First Amendment.
EPIC's position, articulated in its comments, is that an opt-in
approach is the only method to adequately protect customers'
legitimate and constitutionally protected interest in privacy. Opt-out
methods do not protect privacy because they place the burden on the
customer to understand and reply to confusing notices.  EPIC's
comments note that 86 percent of consumers favor opt-in for
communications services.
EPIC's comments are available at:
For a history of the CPNI debate, see:
[3] Consumer Privacy Figures Prominently at House Hearing
Federal Trade Commission Chairman Timothy Muris was the sole witness
at a hearing before the House Energy & Commerce Subcommittee on
Commerce, Trade, and Consumer Protection on November 7.  The hearing,
the first for the new chairman, provided an opportunity for the
subcommittee members to question Muris on the Commission's agenda, and
to voice their concern for particular issues they would like to see
addressed. Consumer privacy -- both online and offline -- resoundingly
emerged as the leading bipartisan concern.  Muris informed the
subcommittee that his agency is working hard to implement the major
themes of the privacy agenda he announced last month, including a
national do-not-call telemarketing list, a crackdown on identity theft
and increasing enforcement efforts against privacy violators.
A number of members expressed their disappointment with Muris'
decision not to advance new privacy legislation to protect consumer
privacy online.  Rep. Anna Eshoo (D-CA) was particularly critical, as
was Rep. Billy Tauzin (R-LA), chairman of the Committee, who expressed
concern that in the absence of federal legislation a patchwork of
state laws on privacy might emerge that would make for a difficult
business environment.  Few comments dealt with specific issues in
Muris' privacy agenda, despite EPIC's efforts to direct members'
attention to Microsoft's Passport system and its threat to consumer
privacy.  The hearing instead appeared to be more of an opportunity to
air concerns and future plans.
In a related matter, EPIC Executive Director Marc Rotenberg testified
at a joint Congressional hearing on Social Security Numbers (SSNs) and
identity theft.  EPIC's testimony stressed the importance of limiting
the use of the SSN, rather than expanding its use and collection;
discussed problems with universal unique identifiers such as the SSN;
and called for legislation to limit the collection and use of the SSN,
arguing that if Congress fails to act, consumers will likely face many
more problems in the years to come.
Testimony from the hearing on challenges facing the Federal Trade
Commission is available at:
EPIC's Letter to Congress regarding Microsoft Passport is available at:
EPIC's testimony on SSNs and identity theft is available at:
[4] Face Recognition Technology Under Scrutiny
In light of September's terrorist attacks on the United States, there
has been much discussion about the possibility of using biometric
applications, such as face recognition technology, as a means of
security, especially in airports.  While some public officials and
companies that develop this technology claim that installing face
recognition software in cameras at airports is an effective means of
catching terrorists, civil liberties groups and members of the public
tend to disagree.
The ACLU released a statement on November 1 arguing that face
recognition technology is not effective as a security measure because
"the technology doesn't work."  The statement further stated:
     Facial recognition technology carries the danger that
     its use will evolve into a widespread tool for spying on
     American citizens as they move about in public places. 
     If the technology promised a significant increase in
     protection against terrorism, it would be important to
     evaluate its dangers and benefits in depth.  But that
     conversation is beside the point when face recognition
     has been shown to be so unreliable as to be useless for
     important security applications. . . . Face-recognition
     at the airport offers us neither order nor liberty.
Despite this opposition, officials plan to install face recognition
software in cameras at Boston's Logan Airport and at Oakland
International Airport in California.  The Senate Judiciary Committee
will hold a hearing on biometric technologies tomorrow, entitled
"Biometric Identifiers and the Modern Face of Terror: New Technologies
in the Global War on Terrorism," where privacy issues relating to
biometric technologies will be addressed.
To voice their opposition against face recognition software, the New
York Surveillance Camera Players (SCP) will be cutting into the sight
lines of a public web camera -- an Internet surveillance device --
operated by a privacy-insensitive company on Saturday, November 17, to
protest against face recognition software.  The performance will start
at exactly 4:30 P.M. Eastern Standard Time, will last about 10
minutes, and will be repeated twice if possible.
To view the protest (for browsers with Java):
(for browsers without Java - click "Reload" every 15 seconds or so):
"ACLU Opposes Use of Face Recognition Software in Airports Due to
Ineffectiveness and Privacy":
EPIC's Face Recognition Page:
[5] Feinstein Introduces Legislation, Will Hold Hearings on Biometrics
In response to the September 11 attacks, Senator Dianne Feinstein
(D-CA) has introduced the "Visa Entry Reform Act of 2001" and has
scheduled hearings on biometric identifiers.
The bill would require the issuance of a "SmartVisa" to all
non-citizens entering the country.  The Attorney General and Secretary
of State would develop the SmartVisa to be machine-readable and to
include a biometric identifier.  In order for other countries to gain
visa waiver status (that is, the ability for its citizens to travel to
the U.S. without being issued a SmartVisa) the foreign country must
implement its own identification system with machine-readable cards
and biometric identifiers.  The legislation does not specify what
specific biometric identifier would be used for SmartVisas.
Sen. Feinstein's legislation would create a central "lookout" database
that would provide information on non-citizens to law enforcement, INS
authorities, and others agencies as determined by the Attorney
General.  The lookout database would be a joint project of FBI, the
Office of Homeland Security, CIA, the Foreign Terrorist Tracking Task
Force, and private industry.
Non-immigrant students would also be closely tracked under the
Feinstein proposal.  Educational institutions would be required to
issue quarterly reports on students' course of study, the addresses of
parents, friends, and siblings, and work experience.  This information
would be included in the lookout database.
The text of S. 1627, the Visa Entry Reform Act of 2001, is available at:
EPIC's National ID Page:
[6] EPIC Bill-Track: New Bills in Congress
H.R.3162 Uniting and Strengthening America by Providing Appropriate
Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT)
Act of 2001. To deter and punish terrorist acts in the United States
and around the world, to enhance law enforcement investigatory tools,
and for other purposes. Sponsor: Rep Sensenbrenner, F. James, Jr.
(R-WI). Latest Major Action: 10/26/2001 Signed by President.
Committees: House Judiciary; House Select Committee on Intelligence;
House Financial Services; House International Relations; House Energy
and Commerce; House Education and the Workforce; House Transportation
and Infrastructure; House Armed Services
H.R.3181 To establish a temporary moratorium on the issuance of visas
for nonimmigrant foreign students and other exchange program
participants, to improve procedures for issuance of nonimmigrant
student visas. To establish a temporary moratorium on the issuance of
visas for nonimmigrant foreign students and other exchange program
participants, to improve procedures for issuance of nonimmigrant
student visas, and to enhance procedures for admission at ports of
entry to the United States. Sponsor: Rep Bilirakis, Michael (R-FL).
Latest Major Action: 10/30/2001 Referred to House committee: House
H.R.3205 Enhanced Border Security Act of 2001 To enhance the border
security of the United States, and for other purposes. Sponsor: Rep
Conyers, John, Jr. (D-GA) Latest Major Action: 11/1/2001 Referred to
House committee: House Judiciary; House Select Committee on
Intelligence; House International Relations; House Government Reform;
House Ways and Means; House Transportation and Infrastructure.
H.R.3221 To establish a temporary moratorium on the issuance of visas
for nonimmigrant foreign students and other exchange program
participants and to improve reporting requirements for universities To
establish a temporary moratorium on the issuance of visas for
nonimmigrant foreign students and other exchange program participants
and to improve reporting requirements for universities under the
foreign student monitoring program. Sponsor: Rep Roukema, Marge
(R-NJ). Latest Major Action: 11/1/2001 Referred to House committee:
House Judiciary.
S.1618 Enhanced Border Security Act of 2001 A bill to enhance the
border security of the United States, and for other purposes. Sponsor:
Sen Kennedy, Edward M. (D-MA). Latest Major Action: 11/1/2001 Referred
to Senate committee: Senate Judiciary.
S.1627 Visa Entry Reform Act of 2001 A bill to enhance the security of
the international borders of the United States.Sponsor: Sen Feinstein,
Dianne (D-CA). Latest Major Action: 11/1/2001 Referred to Senate
committee: Senate Judiciary.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - The Future of Ideas
The Future of Ideas: The Fate of the Commons in a Connected World, by
Lawrence Lessig.
"The Future of Ideas" is a highly readable and deeply engaging sequel
to Stanford Law professor Lawrence Lessig's "Code and Other Laws of
Cyberspace."  In this book, Lessig, who is perhaps most famous for his
brief tenure as a court-appointed "special master" in the Microsoft
antitrust trial, also sees dominant players exercising control through
the law, technical standards and political might to resist the change
that might otherwise take place.  He urges the Internet generation not
to forget what made the last 10 years exciting: an open platform that
did not discriminate among applications or content, an environment for
creativity and innovation, a public commons for an information age. In
a word: the Internet.  And instead of calling for the removal of
regulation to encourage freedom, he recommends that there is a place
for some regulation, if we want to preserve liberty.
Lessig's argument is compelling at many levels.  It is as good a
history of the development of Internet architecture as one is likely
to find in a book without pictures.  It is also an extraordinarily
skillful interweaving of technical characterization and legal
argument.  And it is a story well told, with a fair balance of clever
aside and clear purpose.
In time, companies such as Microsoft either acquired or drove out many
of the smaller players.  But while the software industry shakedown
moved forward, the public was transfixed by the rapid emergence of the
Internet and a new era of creativity.  It could be that in the steady
march today toward the cable companies' "walled garden" and the
software giant's ".NET platform," there are the early indicators of a
new revolution, what the business folks sometimes call "disruptive
technologies."  But there is also reason to believe that the cycle of
innovation and consolidation may not continue endlessly.  As more of
the commons -- as more of the intellectual material of innovation --
is controlled, the opportunity for new forms of production is
diminished.  The monopolies of today sweep more broadly than the
monopolies of the past.  Mr. Ford may have controlled the auto
industry, but he did not control the nation's roads.  This is the
warning in Lessig's masterly exploration of the history of the
Internet and the future of innovation.
EPIC Publications:
"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events
Fifth Annual Cato Institute/Forbes ASAP Technology & Society
Conference: The Future of Intellectual Property in the Information
Age. November 14, 2001. Washington, DC. For more information:
Information Operations: Applying Power in the Information Age. Jane's
Information Group. November 14-15, 2001. Washington, DC. For more
Information Gathering in the 21st Century. Seton Hall Law School.
November 16, 2001. South Orange, NJ. For more information:
The 2001 Freedom of Information and Privacy Awards. BC Freedom of
Information and Privacy Association. November 19, 2001. Vancouver,
British Columbia. For more information: http://www.fipa.bc.ca/
Managing Privacy of Health Information. The Canadian Institute.
November 19-20, 2001. Vancouver, British Columbia. For more
information: http://www.CanadianInstitute.com/
CPO and Privacy Practitioners Workshop. Privacy & American Business
and Privacy Council. November 27, 2001. Washington, DC. For more
information: info@pandab.org
First Privacy Expo 2001. Privacy & American Business and Privacy
Council. November 27-29, 2001. Washington, DC. For more information:
Eighth Annual National "Managing the NEW Privacy Revolution"
Conference. Privacy & American Business and Privacy Council. November
28-29, 2001. Washington, DC. For more information: info@pandab.org
Privacy Law: New Developments & Issues in a Security-Conscious World.
Practising Law Institute. November 29, 2001. Satellite Viewing
Locations. For more information: http://www.pli.edu/
Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd European
Anti-Malware Conference. European Institute for Computer Anti-Virus
Research (EICAR). June 8-11, 2002. Berlin, Germany. For more
information: http://conference.eicar.org/
Privacy By Design 2001: Building Privacy for Better Business.
ZeroKnowledge. December 3-5, 2001. Montreal, Canada. For more
information: http://www.zeroknowledge.com/privacybydesign2001/
Get Noticed: Effective Financial Privacy Notices. Federal Trade
Commission. December 4, 2001. Washington, DC. For more information:
Call for Papers - December 10, 2001. Workshop on Privacy Enhancing
Technologies 2002. April 14-15, 2002. San Francisco, CA. For more
information: http://www.pet2002.org/
17th Annual Computer Security Applications Conference (ACSAC). Applied
Computer Security Associates. December 10-14, 2001. New Orleans, LA.
For more information: http://www.acsac.org/
Call for Content - December 15, 2001. INET 2002 - Internet Crossroads:
Where Technology and Policy Intersect. The Internet Society. June
18-21, 2002. Arlington, VA. For more information:
Future of Music Coalition Policy Summit. January 7-8, 2002.
Washington, DC. For more information:
Chief Privacy Officer Skills Development Workshop. PRIVA-C and Select
Knowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX.
For more information: http://www.priva-c.com/cpoworkshop/
CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:
Subscription Information
Subscribe/unsubscribe via Web interface:
Subscribe/unsubscribe via email:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe"
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at
**NEW!**  Drink coffee, support civil liberties, get a tax deduction,
and learn Latin at the same time!  Receive a free epic.org "sed quis
custodiet ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 8.22 -----------------------