EPIC logo


        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

    Volume 8.24                                  December 18, 2001

                             Published by the
               Electronic Privacy Information Center (EPIC)
                             Washington, D.C.


Table of Contents

[1] Intelligence Funding Bill Contains Wiretap Provisions
[2] FOIA Suit Challenges Secrecy of Post-9/11 Detentions
[3] Congress Urged to Examine Microsoft Passport
[4] Computer Experts Question National ID Schemes
[5] TRAC Terrorism Enforcement Report Released
[6] EPIC Bill-Track: New Bills in Congress
[7] EPIC Bookstore - The Security of Freedom
[8] Upcoming Conferences and Events

[1] Intelligence Funding Bill Contains Wiretap Provisions

Just weeks after passage of comprehensive anti-terrorism legislation,
Congress continues to tinker with the laws governing electronic
monitoring.  An appropriations bill awaiting the President's signature
provides for increased governmental surveillance capabilities under
the Foreign Intelligence Surveillance Act (FISA), increasing the
authorities recently broadened by the USA PATRIOT Act passed in
October (see EPIC Alert 8.21).

H.R. 2883 expands "roving wiretap" authority by amending the location
provision in FISA, which currently requires agents to identify the
location of the instrument to be monitored. The amendment requires
identification of location only "if known."  Roving wiretap authority
under FISA was established by the USA PATRIOT Act  to allow the
Foreign Intelligence Surveillance Court (FISC) to issue generic orders
to any communications provider, thereby permitting the government to
track the communications of a specific individual carried over a
variety of sources.  The new amendment permits the FISC to issue
orders permitting government surveillance of communications where
neither the provider nor the location of the communication device is

Under current law, the Attorney General may authorize electronic
surveillance or a search without a court order in an emergency.  In
such instances, the government must present a formal application to
the FISC within 24 hours of the Attorney General's authorization.  The
new legislation extends the time in which the government must present
a formal order to 72 hours.  It  also contains various technical
amendments to the USA PATRIOT Act.

The bill, which was the result of a House-Senate conference, specifies
four priority areas in the nation's intelligence capabilities:  (1)
revitalizing the National Security Agency; (2) correcting deficiencies
in human intelligence; (3) addressing the imbalance between
intelligence collection and analysis; and (4) rebuilding a robust
research and development program.

H.R. 2883, the Intelligence Authorization Act for Fiscal Year 2002, is
available at:

EPIC's Wiretap Page:


[2] FOIA Suit Challenges Secrecy of Post-9/11 Detentions

A coalition of civil liberties, civil rights and human rights
organizations filed suit against the Justice Department on December 5,
seeking the disclosure of basic information about more than 1000
individuals arrested and detained since September 11.  The government
has continually refused to disclose the data in response to Freedom of
Information Act (FOIA) requests, resulting in unprecedented secrecy
surrounding the status of the individuals.  EPIC is participating in
the case as both co-plaintiff and co-counsel.

Members of Congress, the news media and civil liberties groups have
all raised questions as to whether those jailed since September 11 are
being accorded applicable constitutional protections.  The FOIA
lawsuit asserts that the requested information involves a matter of
extraordinary public interest and that the secrecy surrounding the
detentions is at odds with longstanding principles of open judicial

On October 29, the plaintiff organizations requested disclosure of
detainee information under the FOIA from the Justice Department and
two of its components -- the Federal Bureau of Investigation and the
Immigration and Naturalization Service.  They specifically requested
the release of, among other things, the identity of the detainees,
where they are being held, the names of their lawyers, which courts
are involved, how long the detainees have been held and the nature of
any charges filed against them.  In late November, the Justice
Department released partial and fragmentary information about the
detainees but, for the most part, fell far short of satisfying the
FOIA request.

Under a court-approved schedule to expeditiously litigate the case,
the government will be filing its brief on January 11.

The text of the lawsuit is available (in PDF) at:


[3] Congress Urged to Examine Microsoft Passport

On December 11, EPIC sent a letter to members of the Senate Judiciary
Committee urging them to question witnesses at a recent hearing on the
Microsoft antitrust settlement about the role that the settlement can
play in addressing the security and privacy risks of Passport.  EPIC
warned committee members that Passport "could literally become the
tollbooth that controls Internet access for millions of consumers in
the United States."

EPIC suggested three issues that could be further explored in order to
protect consumers from Microsoft Passport.  First, Congress should
consider how Microsoft could be prevented from using its market
dominance to acquire more Passport users.  Second, the settlement
should be tailored to prevent Microsoft from conditioning access to
the Internet on Passport subscription.  Finally, the settlement should
prevent Microsoft from using its market dominance to profile
individuals and to share their personal information.

Currently, Microsoft claims to have 200 million users with Passport
accounts, and that number increases every time Microsoft ties a new
service to Passport.  Most recently, users of the Zone.com gaming
service were required to sign up for Microsoft Passport before
accessing services.

During the hearing, Chairman Patrick Leahy (D-VT) and Senator Orrin
Hatch (R-UT) issued statements criticizing the settlement as vague and
unenforceable.  A procedural rule was invoked during the hearing that
forced Chairman Leahy to end the proceeding early.  To date, the
hearing has not been rescheduled.  However, the record of the partial
hearing was forwarded to the judge overseeing the settlement matter.

EPIC Letter to Members of the Senate Judiciary Committee:


EPIC's Sign Out of Passport Page:


[4] Computer Experts Question National ID Schemes

Computer Professionals for Social Responsibility (CPSR), an
international association of computer experts, has released a
Frequently Asked Questions (FAQ) document explaining and critiquing
recent proposals to create national identification schemes (NIDS) in
the United States, Canada, and other countries.

CPSR says that a national ID scheme "could combine the functions of a
driver's license, social security registration, immigration documents,
and other government- issued identification."  Individuals would be
entered in a nationwide database and issued a "smart card" containing
personal information.  In some proposals, this smart card would
include fingerprints, retina scans, and/or other biometric data.

"CPSR doubts that national identification schemes can provide
additional security against terrorist attacks," said CPSR president
Coralee Whitcomb.  She added:

     These ideas have been around for a while, but after
     September 11 their proponents, including potential
     suppliers, who stand to profit handsomely from massive
     ID Card programs, used the climate of fear to dust them
     off in response to the public's desire for improved
     security.  National identification schemes instead would
     endanger civil liberties, allowing those with access to
     the data base to track the behavior, associations, and
     finances of innocent people.

Further, Whitcomb stated that a new ID system could "leave us relying
on the wrong approach to security, and create a false sense of
security that leaves us more vulnerable than before."

CPSR links to resources on National ID and related information
(including the National ID FAQ) can be found at:


EPIC's National ID Page:

EPIC's Biometrics Page:


[5] TRAC Terrorism Enforcement Report Released

The Transactional Records Access Clearinghouse (TRAC), a research
organization supported by the Knight Foundation, the Rockefeller
Family Fund, the Open Society Institute and others released a
Terrorism Enforcement Report on December 3.

Using extensive internal Justice Department data that TRAC recently
received under court order, the report shows that only a tiny fraction
of FBI terrorism investigations in the last five years resulted in the
Bureau actually requesting a prosecution.  Further, the report showed
that the number of investigations was inflated by the inclusion of
non-terrorist crimes, and that this practice continued even after the
events of September 11.

As reported in the Philadelphia Inquirer, some of the cases labeled as
terrorism involve convicts rioting to get better prison food, erratic
behavior by people with mental illnesses, and passengers getting drunk
on airplanes.  An Assistant U.S. Attorney in San Francisco asked the
District Judge to stiffen a sentence against an Arizona man who got
drunk on a United Airlines flight, repeatedly rang the call button,
demanded more alcohol, and touched a flight attendant.  Justice
Department records say the case falls under "domestic terrorism."  The
judge said that this was not terrorism; it was simply a man "being an
annoyance beyond belief."

The most recent Justice Department annual report says that FBI
investigations led to 236 terrorism convictions in fiscal year 2000.
That number is generated from an FBI computer system that follows
criminal cases from beginning to end.  The government would not
release details of the 236 cases identified as terrorism in the
Justice Department's annual report; however, Knight Ridder journalists
submitted requests under the Freedom of Information Act (FOIA) to find
out more about the cases, and deduced that only a handful of the cases
actually involved terrorist acts, such as the 1996 bombing of Khobar
Towers in Saudi Arabia.

Justice Department officials, both former and current, say that the
numbers in the reports are used to justify the department's $22
billion annual budget.

Details can be found in "U.S. Overstates Arrests in Terrorism," by
Mark Fazlollah and Peter Nicholas, Philadelphia Inquirer, December 16,


Transactional Records Access Clearinghouse (TRAC) -- click on What's
New (Terror Report):


[6] EPIC Bill-Track: New Bills in Congress


H.R.3387 Fair Credit Reporting Act Limitations on Actions Act of 2001.
To amend the Fair Credit Reporting Act to extend the limitation on
actions, and for other purposes. Sponsor: Rep Terry, Lee (R-NE).
Latest Major Action: 11/30/2001 Referred to House committee: House
Financial Services; House Judiciary.


S.1749 Enhanced Border Security and Visa Entry Reform Act of 2001. A
bill to enhance the border security of the United States, and for
other purposes. Sponsor: Sen Kennedy, Edward M. (D-MA) Latest Major
Action: 11/30/2001 Referred to Senate committee: Senate Judiciary.

S.1788 Use NICS in Terrorist Investigations Act. A bill to give the
Federal Bureau of Investigation access to NICS records in law
enforcement investigations, and for other purposes. Sponsor: Sen
Schumer, Charles E. (D-NY) Latest Major Action: 12/7/2001 Referred to
Senate committee: Senate Judiciary.

EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills
in the 107th Congress, is available at:


[7] EPIC Bookstore - The Security of Freedom

The Security of Freedom: Essays on Canada's Anti-Terrorism Bill,
ed., Ronald J. Daniels (University of Toronto 2001)


Law schools move slowly in matters of national policy.  Their
participation in public debate is oftentimes after the fact, once the
law is passed, once the case is decided.  Too few academic conferences
engage political leaders and political institutions.  Too many assume
that to present positions pro and con is to promote a meaningful
public dialogue.

All this is worth keeping in mind when reading this extraordinary
collection of essays prepared by the Faculty of Law at the University
of Toronto.  "The Security of Freedom: Essays on Canada's
Anti-Terrorism Bill" is based on a conference organized at the
University of Toronto in early in November, just as the Canadian
government began to consider legislative responses to the tragic
events of September 11.  That conference brought together legal
experts, government officials, and community leaders to evaluate the
specific provisions contained in C-36, Canada's proposed
Anti-terrorism Bill which is still pending before the Parliament.

Although most of the papers lean toward criticism of the expanded
police powers, the tone is restrained, the analysis proceeds in
measured steps.  Several authors note that the proposal of the
Minister of Justice Anne McLellan would probably pass court review
under the Canadian Charter of Rights and Freedoms, "Charter-proofing"
as several of the commentators say.  But this does answer the most
fundamental questions.  As the editor and dean of the Faculty of Law
Ronald Daniels observes, "the impact of expanded governmental powers
on individuals rights and liberties" transcends the question of
whether the measure passes judicial scrutiny.  "The question posed,"
writes Daniels, is "a more fundamental one of whether the enhanced
powers being sought for the state are congruent with our democratic
traditions and values, and consistent with bedrock ideas of the rule
of law."

A key problem, for example, with Canada's Anti-terrorism bill is
simply the definition of "terrorist activity."  The term in the
original draft could include all forms of public protest that are not
"lawful," i.e. approved by government.  At a time when there is real
debate about environment policy, the impact of globalization, and the
rights of native people, the risk that an anti-terror measure could
sweep up public protest is very real.

Several of the authors point to the impact that the proposed measure
would have on judicial oversight, legislative review of actions by the
executive, and public access to information about the conduct of
government.  These proposals also threaten to change the character of
democratic institutions.  Other essays touch upon criminal justice,
privacy, and profiling in a multi-cultural society.  Concluding
remarks from government officials note both the real challenges of
public safety and the real concern about preserving the freedoms in
the Charter.

At the time of this review, it is clear that the work of the
University of Toronto, as well as public officials, the Canadian Bar
Association, and NGO advocates has changed the debate in Canada.
Changes to the definition of terrorism have been adopted, as well as
new means of oversight.  Still, concerns remain about limitations on
the right to counsel, and the "preventive arrest" and "investigative
hearings" provisions in the  bill.

We come to the end of a difficult year.  The challenges of September
11 remain within us.  But "Security of Freedom" provides the best
publication to date on the role of law and the importance of
individual rights after September 11.  This collection helps us better
understand the political and legal dimensions of security and freedom,
and wisely suggests that the answer is not in the proverbial balance
of these two goals but in the recognition that without freedom there
can be no real security.

- Marc Rotenberg

Security of Freedom Conference web site:



EPIC Publications:

"Privacy & Human Rights 2001: An International Survey of Privacy Laws
and Developments," (EPIC 2001). Price: $20.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information


"The Privacy Law Sourcebook 2001: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
Price: $40. http://www.epic.org/bookstore/pls2001/

The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

     EPIC Bookstore

     "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

** POSTPONED! ** First Privacy Expo 2001. Privacy & American Business
and Privacy Council. Was November 27-29, 2001; will be rescheduled for
February or March 2002. Washington, DC. For more information:

** POSTPONED! ** Eighth Annual National "Managing the NEW Privacy
Revolution" Conference. Privacy & American Business and Privacy
Council. Was November 28-29, 2001; will be rescheduled for February or
March 2002. Washington, DC. For more information: info@pandab.org

Future of Music Coalition Policy Summit. January 7-8, 2002.
Washington, DC. For more information:

Chief Privacy Officer Skills Development Workshop. PRIVA-C and Select
Knowledge. January 14-16, 2002 and February 18-20, 2002. Dallas, TX.
For more information: http://www.priva-c.com/cpoworkshop/

Debating Privacy and ICT: Before and After September 11th. Rathenau
Instituut. January 17, 2002. Amsterdam, The Netherlands. For more
information: privacy@jcc-congress.nl

International Symposium on Freedom of Information and Privacy. Office
of the New Zealand Privacy Commissioner. March 28, 2002. Auckland, New
Zealand. For more information: Blair.Stewart@privacy.org.nz

CFP 2002: The Twelfth Conference on Computers, Freedom & Privacy.
April 16-19, 2002. San Francisco, CA. For more information:

Subscription Information

Subscribe/unsubscribe via Web interface:


Subscribe/unsubscribe via email:

     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe"

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.

Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription email address, or if you have any
other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).

**Last chance for an end-of-year tax break!**

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.  Or you can
contribute online at:


Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Drink coffee, support civil liberties, get a tax deduction, and learn
Latin at the same time!  Receive a free epic.org "sed quis custodiet
ipsos custodes?" coffee mug with donation of $75 or more.

Thank you for your support.

   ---------------------- END EPIC Alert 8.24 -----------------------