EPIC logo
        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    Volume 8.23                                   December 3, 2001
                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
Table of Contents
[1] Supreme Court Hears Arguments on Internet Censorship
[2] Amicus Brief Filed in Defense of Anonymous Speech
[3] Cybercrime Treaty Signed and Other International Developments
[4] Privacy Legislation Passes Congress
[5] Second Briefing Held in "Security or Surveillance?" Series
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - Filters & Freedom 2.0
[8] Upcoming Conferences and Events
[1] Supreme Court Hears Arguments on Internet Censorship
The U.S. Supreme Court on November 28 heard oral argument on the
constitutionality of the Child Online Protection Act (COPA).  American
Civil Liberties Union attorney Ann Beeson, representing a coalition of
online companies and organizations, including EPIC, urged the Justices
to affirm the June 2000 decision of the U.S. Court of Appeals for the
Third Circuit, which upheld a lower court injunction against COPA.  In
that opinion, a unanimous three-judge panel expressed its belief that
the 1998 censorship law is fatally flawed.  U.S. Solicitor General
Theodore Olson argued for reversal of the appellate decision.
The legislation was introduced in Congress after an earlier effort to
regulate children's access to "indecent" material, the Communications
Decency Act (CDA), was held unconstitutional by a unanimous U.S.
Supreme Court in 1997.  To date, every federal judge to consider the
legality of either CDA or COPA has found that the Internet content
regulation laws violate the First Amendment.
COPA would make it a federal crime to "knowingly" communicate "for
commercial purposes" material considered "harmful to minors" to anyone
under the age of 17.  Penalties include fines of up to $50,000 for
each day of violation and up to six months in prison.  Compliance with
COPA would require websites to obtain identification and age
verification from visitors, a feature of the law that EPIC has argued
threatens online privacy and anonymity.
The Supreme Court is expected to issue a ruling by next June.
Complete information on the COPA litigation, including the text of the
briefs filed with the Supreme Court, is available at:
[2] Amicus Brief Filed in Defense of Anonymous Speech
On November 29, EPIC, the ACLU, and 14 legal scholars filed an amicus
curiae brief with the Supreme Court in Watchtower Bible v. Stratton,
Ohio, a case which implicates privacy rights, as well as the First
Amendment rights of anonymity, expression, and freedom of association.
The case concerns a Stratton city ordinance that requires those going
door-to-door to obtain a permit and to identify themselves prior to
and during petitioning.  The lower court found that neither
requirement violated the First Amendment freedom of expression or
right to anonymity.
Anonymity is a core First Amendment value that enables the expression
of political ideas, participation in the political process, membership
in political associations, and the practice of religious belief
without fear of government intimidation or public retaliation.  The
brief argues that the Stratton ordinance, in forcing people to
sacrifice their anonymity, chills activity protected by the First
The Supreme Court has long held anonymous speech to be "an honorable
tradition of advocacy and of dissent."  In Talley v. California, the
fountainhead case for anonymity protection, the Court struck down a
California law prohibiting anonymous leafletting on the grounds that
it "might deter perfectly peaceful discussions of public matters of
importance."  The Court has twice recently reaffirmed the nexus
between the freedoms of speech and association and the right of
anonymity by striking down statutes in Colorado and Illinois that
required speakers to sacrifice their anonymity.
The Court will hear arguments in the case next year.
The EPIC/ACLU amicus brief (in PDF) is available at:
Watchtower Bible v. City of Stratton, 240 F.3d 553 (6th Cir. 2001),
cert. granted, 2001 U.S. LEXIS 9772:
[3] Cybercrime Treaty Signed and Other International Developments
On November 23, thirty nations, including most European countries,
Canada, Japan, South Africa and the U.S., signed the Council of
Europe's Convention on Cybercrime at an official ceremony in Budapest,
The Convention, which has been under negotiation since 1997, is the
first international treaty to address crimes committed in
"cyberspace," including breach of copyright, computer-related fraud,
child pornography and hacking.  An optional protocol also criminalizes
publication of or linking to racist and xenophobic material on
computer networks.  The convention harmonizes penalties for these
crimes and requires signatory countries to provide each other with
mutual legal assistance in investigations.  It authorizes a wide range
of investigative powers, such as electronic surveillance and access to
user records maintained by communications providers.  The Convention
does not require "dual criminality," meaning that individuals can be
investigated by their national authorities for activities that are not
even crimes in their home countries.
The Convention has been consistently criticized by civil liberties,
privacy and security organizations as disproportionately weighted in
favor of law enforcement interests.  The Convention will enter into
force as soon as five countries, including three of the member states,
have ratified it.  In the U.S., ratification of the treaty will
require approval by the Senate.
Related measures to combat cybercrime are also being considered at the
EU level.  On November 27, the European Commission held a special
forum on cybercrime to discuss future EU policy making in this area.
The main focus of the meeting was the retention of electronic traffic
data for law enforcement purposes, an issue that was recently
condemned by an international coalition of consumer and privacy
organizations as in violation of the fundamental rights to privacy and
data protection, freedom of expression, and presumption of innocence.
(See EPIC Alert 8.22, "International Coalition Urges EU to Safeguard
Information about the Cybercrime treaty (including links to full text,
summary, and explanatory report) is available at:
[4] Privacy Legislation Passes Congress
Newly enacted legislation will prohibit federal government agencies
from snooping into individuals' web browsing habits.  The new privacy
protections, passed in H.R. 2590, an appropriations bill, apply to all
federal agencies.  Section 639 of the bill prohibits agencies from
collecting personally-identifiable information "relating to an
individual's access to or use of" any federal agency Internet sites.
The legislation also prohibits the purchase of personally-identifiable
information on visits to non-governmental websites.
There are notable exceptions to the prohibitions on collecting
information.  Agencies will be able to collect personally-identifiable
information on individuals who voluntarily submit data to government
web sites.  Additionally, there are law enforcement and security
exemptions that allow collection of personally-identifiable
H.R. 2590  -- Making appropriations for the Treasury Department, the
United States Postal Service, the Executive Office of the President,
and certain Independent Agencies, for the fiscal year ending September
30, 2002, and for other purposes (see section 639):
[5] Second Briefing Held in "Security or Surveillance?" Series
On Friday, November 30, EPIC hosted the second policy briefing
in the ongoing "Security or Surveillance?" event series at the
National Press Club in Washington, D.C.  Speakers included Simon
Davies, Director of Privacy International; Bruce Schneier, CTO and
co-founder of Counterpane Internet Security; and Chris Hoofnagle,
Legislative Counsel of EPIC.
Issues discussed included the technical reliability and privacy
implications of new security systems and legal measures being
considered both domestically and internationally since September 11.
Simon Davies spoke extensively on international developments in
anti-terrorism and surveillance provisions, especially in the United
Kingdom.  Bruce Schneier illustrated many unforeseen ways that a
national ID card system might fail.  He also examined computer
security scenarios that involve "real" terrorism, comparing them with
relatively trivial security problems such as the "ILOVEYOU" virus and
denouncing the use of the word "cyberterrorism" to describe minor
security breaches.  Chris Hoofnagle explained that a national ID card
is likely to become subject to "function creep," where narrowly
targeted regulation expands to other unintended areas. While ID cards
have initially been suggested for non-U.S. citizens entering the
country, their use could be extended to other groups, such as
convicts, welfare recipients, and children.  Davies added that a
national ID card for noncitizens would likely cause citizens to also
carry such a card, in order to prove that they were indeed citizens.
More panels in this series will be scheduled in the near future.
Visit http://www.epic.org/events/ for a current list of upcoming and
past events hosted by EPIC.
Audiocast of briefing (in RealAudio format):
For more information about the briefing, see:
EPIC's National ID Page:
[6] EPIC Bill-Track: New Bills in Congress
H.R.3266 To amend title 18, United States Code, to prohibit
unauthorized trafficking in personal DNA information, and for other
purposes. Sponsor: Rep Rivers, Lynn N.(D-MI). Latest Major Action:
11/8/2001 Referred to House committee: House Judiciary.
H.R.3285 Federal-Local Information Sharing Partnership Act of 2001. To
provide for the sharing of certain foreign intelligence information
with local law enforcement personnel, and for other purposes. Sponsor:
Rep Weiner, Anthony D. (D-NJ). Latest Major Action: 11/13/2001
Referred to House committees: House Judiciary; House Select Committee
on Intelligence; House Financial Services; House Education and the
H.R.3367 To amend title 10, United States Code, to require certain
contractors with the Department of Defense to perform background
investigations, psychological assessments, and behavioral
observations, and provide fingerprint cards, with respect to
individuals who perform work on military installations or facilities.
Sponsor: Rep Saxton, Jim (R-NJ). Latest Major Action: 11/28/2001
Referred to House committee: House Armed Services.
H.R.3368 To amend the Fair Credit Reporting Act with respect to
statute of limitations on actions. Sponsor: Rep Schakowsky, Janice D.
(D-IL). Latest Major Action: 11/28/2001 Referred to House committee:
House Financial Services; House Judiciary.
H.R.3369 To amend the Fair Credit Reporting Act to provide that the
statute of limitations begins to run when a violation is first
discovered by a consumer. Sponsor: Rep Shadegg, John B. (R-AZ). Latest
Major Action: 11/28/2001 Referred to House committee: House Financial
Services; House Judiciary.
H.R.3371 To amend the Federal Advisory Committee Act to establish
public disclosure requirements for working groups of advisory
committees. Sponsor: Rep Waxman, Henry A. (D-CA). Latest Major Action:
11/28/2001 Referred to House Committees: House Government Reform.
S.1684 A bill to provide a 1-year extension of the date for compliance
by certain covered entities with the administrative simplification
standards for electronic transactions and code sets issued in
accordance with the Health Insurance Portability and Accountability
Act of 1996. Sponsor: Sen Dorgan, Byron L.(D-ND). Latest Major Action:
11/14/2001 Referred to Senate committee: Senate Finance.
S.1723 Protect Victims of Identity Theft Act of 2001. A bill to amend
the Fair Credit Reporting Act with respect to the statute of
limitations on actions. Sponsor: Sen Leahy, Patrick J. (D-VT). Latest
Major Action: 11/16/2001 Referred to Senate committee: Senate Banking,
Housing, and Urban Affairs.
S.1733 Name Matching for Enforcement and Security Act of 2001. A bill
to develop and implement a unified electronic data system to enhance
access to information that is relevant to determine whether to issue a
visa or admit an alien to the United States, and for other purposes.
Sponsor: Sen Edwards, John (D-NC). Latest Major Action: 11/27/2001
Referred to Senate committee: Senate Judiciary.
S.1742 A bill to prevent the crime of identity theft, mitigate the
harm to individuals victimized by identity theft, and for other
purposes.Sponsor: Sen Cantwell, Maria (D-WA). Latest Major Action:
11/29/2001 Referred to Senate committee: Senate Judiciary.
EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:
[7] EPIC Bookstore - Filters & Freedom 2.0
Filters & Freedom 2.0: Free Speech Perspectives on Internet Content
Controls, edited by David L. Sobel (2001)
Originally proposed as a technological solution that would forestall
official censorship, content filtering has been shown to pose its own
significant threats to free expression on the Internet.  Often
characterized by their proponents as mere features or tools, filtering
and rating systems can also be viewed as fundamental architectural
changes that may, in fact, facilitate the suppression of speech far
more effectively than national laws alone ever could.
This revised edition addresses recent developments, including new
content control legislation in the United States, efforts within the
European Union to establish a uniform rating regime for online
material, and the growing controversy over the use of filtering in
public libraries.  Partly as a result of the writings contained in
this collection, the headlong rush toward the development and
acceptance of filtering and rating systems has slowed.  These critical
views must be considered carefully if we are to preserve freedom of
expression in the online world.
EPIC Publications:
"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information
"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events
** POSTPONED! ** First Privacy Expo 2001. Privacy & American Business
and Privacy Council. Was November 27-29, 2001; will be rescheduled for
February or March 2002. Washington, DC. For more information:
** POSTPONED! ** Eighth Annual National "Managing the NEW Privacy
Revolution" Conference. Privacy & American Business and Privacy
Council. Was November 28-29, 2001; will be rescheduled for February or
March 2002. Washington, DC. For more information: info@pandab.org
Privacy By Design 2001: Building Privacy for Better Business.
ZeroKnowledge. December 3-5, 2001. Montreal, Canada. For more
information: http://www.zeroknowledge.com/privacybydesign2001/
Get Noticed: Effective Financial Privacy Notices. Federal Trade
Commission. December 4, 2001. Washington, DC. For more information:
Call for Papers - December 10, 2001. Workshop on Privacy Enhancing
Technologies 2002. April 14-15, 2002. San Francisco, CA. For more
information: http://www.pet2002.org/
17th Annual Computer Security Applications Conference (ACSAC). Applied
Computer Security Associates. December 10-14, 2001. New Orleans, LA.
For more information: http://www.acsac.org/
Call for Content - December 15, 2001. INET 2002 - Internet Crossroads:
Where Technology and Policy Intersect. The Internet Society. June
18-21, 2002. Arlington, VA. For more information:
Future of Music Coalition Policy Summit. January 7-8, 2002.
Washington, DC. For more information:
Chief Privacy Officer Skills Development Workshop. PRIVA-C and Select
Knowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX.
For more information: http://www.priva-c.com/cpoworkshop/
Debating Privacy and ICT: Before and After September 11th. Rathenau
Instituut. January 17, 2002. Amsterdam, The Netherlands. For more
information: privacy@jcc-congress.nl
International Symposium on Freedom of Information and Privacy. Office
of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New
Zealand. For more information: Blair.Stewart@privacy.org.nz
CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:
Subscription Information
Subscribe/unsubscribe via Web interface:
Subscribe/unsubscribe via email:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe"
Back issues are available at:
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org/ or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:
**NEW!**  Drink coffee, support civil liberties, get a tax deduction,
and learn Latin at the same time!  Receive a free epic.org "sed quis
custodiet ipsos custodes?" coffee mug with donation of $75 or more.
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 8.23 -----------------------