[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EPIC Alert 4.03

Hi all,

>X-Envelope: <wenning2@rz.uni-sb.de>
>Date: Thu, 27 Feb 1997 17:21:48 -0500
>From: "Global Internet Liberty Campaign" <gilc@privacy.org>
>Sender: "David L. Sobel" <sobel@epic.org>
>Subject: EPIC Alert 4.03
>To: gilc@privacy.org
>   =============================================================
>       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
>       @     @  @   @   @        @ @   @     @     @  @    @
>       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
>       @     @      @   @       @   @  @     @     @  @    @
>       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
>   ==============================================================
>   Volume 4.03                               February 27, 1997
>   --------------------------------------------------------------
>                            Published by the
>              Electronic Privacy Information Center (EPIC)
>                            Washington, D.C.
>                          http://www.epic.org/
>Table of Contents
>[1] New Report Details FBI/European Tapping Agreements
>[2] Airline Security Report Released
>[3] Briefs Filed in Reno v. ACLU Internet "Indecency" Challenge
>[4] Crypto Legislation Introduced
>[5] Clipper Upgrade at DOD/Litigation Update
>[6] State Department Reports Widespread Illegal Wiretapping Worldwide
>[7] New Medical Privacy Survey
>[8] Upcoming Conferences and Events
> [1] New Report Details FBI/European Tapping Agreements
>A report issued on Feb. 24 by Statewatch, a London-based advocacy
>organization, shows that the FBI has been working with its counterparts
>in the European Union for five years to create a "global tapping
>system."  The report reveals the existence of a Memorandum of
>Understanding to ensure that surveillance of all existing and new
>technologies is compatible and coordinated with the FBI's efforts to
>advance its "digital telephony" agenda within the United States.
>The FBI's plan is to facilitate wiretapping worldwide by pressuring
>countries to harmonize national laws on interception; increase
>cooperation of telecommunications providers; ensure equipment has
>interception standards incorporated; and create de facto global
>standards by persuading as many countries as possible to cooperate and
>by providing compatible equipment to non-participating countries.
>To achieve these goals, the FBI and its EU counterparts wrote a
>resolution adopted by the Council of the European Union on "the lawful
>interception of telecommunications."  The Council issued the resolution
>on Jan 17, 1995 (unpublished until November 1996) and a Memorandum of
>Understanding on the requirements that need to be adopted into all
>laws.  The MOU has been signed by the 15 member countries of the EU, and
>the US.  There have also been "expressions of support" from Australia,
>Canada, and Norway.  The FBI and EU have also pushed the requirements as
>standards before the international telecommunications standards bodies
>such as the ITU and pressured other countries to adopt them.
>The requirements are almost exactly the same as the FBI demands for
>digital telephony.  They include "real-time access" to the "entire
>telecommunication transmitted" sent to a "law enforcement monitoring
>facility", access to all associated call data, geographic location
>information for mobile phone users, decrypted information for all
>operator-provided encryption, and response times "in urgent cases within
>hours or minutes."
>The report notes that even countries that do not agree will be
>  The strategy appears to be to first get the "Western world" (EU, US
>  plus allies) to agree to "norms" and "procedures" and then to sell
>  these products to Third World countries -- who even if they do not
>  agree to "interception orders" will find their telecommunications
>  monitored ... the minute it hits the airwaves.
>The digital telephony proposal has received significant criticism in
>the United States since its adoption in 1994.  The FBI originally
>claimed that law provided a mandate to simultaneously monitor a
>significantly higher percentage of phone lines that is current practice
>in the US.  That interpretation was withdrawn after public protect.
>The FBI then claimed that the law would require the development of a
>global locator system based on the nation's telephone system. That
>interpretation was also withdrawn after public protect.  Several
>members of Congress have said that they will oppose future funding of
>the plan.
>A copy of the Statewatch report, the Council of Europe Resolution and
>more information is available at:
>     http://www.privacy.org/pi/activities/tapping/
> [2] Airline Security Report Released
>The White House Commission on Airline Safety and Security released its
>final recommendations for improving airline security on February 12.
>The recommendations include a call for the use of the controversial
>technique of "profiling" passengers to determine if they are security
>threats.  This would involve creating new databases of passengers and
>checking those systems each time a person flies.  If the person fits the
>profile, he or she would be subject to more intrusive searches and
>questioning before being permitted to board a flight.  The Commission
>also recommended the use of security profiles developed by the FBI or
>At about the same time that the Commission report was released, the
>Washington Post reported that Arab-Americans were often stopped at
>airports by security officers.
>EPIC has joined a coalition of 19 civil liberties, religious,
>Arab-American and conservative organizations that sent a letter to Vice
>President Gore addressing the privacy implications of the
>recommendations.  The letter urges that ID checks, profiling, and new
>intrusive x-ray technology be rejected, and that all decisions of the
>FAA that might affect civil liberties be open to public scrutiny.
>More information on the issue, including the final report and the
>coalition letter, are available at:
>     http://www.epic.org/privacy/faa/
> [3] Briefs Filed in Reno v. ACLU Internet "Indecency" Challenge
>The plaintiffs in the landmark case of Reno v. ACLU submitted their
>briefs to the U.S. Supreme Court on February 20. The case, which will
>be argued on March 19, presents the Court with its first opportunity to
>apply the First Amendment to the Internet and will thus have a lasting
>impact on the medium. The specific issue before the Court is whether a
>special three-judge court in Philadelphia was correct when it enjoined
>enforcement of the controversial Communications Decency Act (CDA) in a
>ground-breaking decision issued last June.
>The brief filed by the ACLU, EPIC and 18 other plaintiffs notes that
>the lower court judges made hundreds of detailed factual findings about
>the Internet to support their conclusion that the CDA is
>unconstitutional. The court's findings conclusively show that it is
>impossible for most speakers on the Internet to distinguish between
>adults and minors in their audience, and therefore they cannot comply
>with the CDA's prohibition against the dissemination of "indecent"
>material to minors. The CDA would thus reduce all Internet
>communication to a level that is suitable for children, a result that
>the Supreme Court has consistently condemned.
>The ACLU/EPIC brief also addresses the privacy implications of the CDA
>-- a point often overlooked in the censorship debate. By making it a
>crime to distribute certain information to minors, the CDA would
>destroy anonymity on the Internet and mandate the use of age and
>identity verification mechanisms to screen the online audience. The
>brief argues that "it is unconstitutional to require adults to
>'register' in order to gain access to constitutionally protected
>speech" and that "a registration requirement would also prevent
>Americans from exercising their First Amendment right to engage in
>communication anonymously on the Internet."
>Briefs were also submitted by the group of plaintiffs led by the
>American Library Association, and dozens of individuals and
>organizations who signed on to the eleven friend-of-the-court
>("amicus") briefs filed in opposition to the CDA.
>The ACLU/EPIC brief, as well as links to several of the other
>submissions, are available at:
>     http://www.epic.org/cda/
> [4] Crypto Legislation Introduced
>Several bills have been introduced in Congress to liberalize export
>control laws, protect the legal right to use all forms of encryption,
>and to prevent the imposition of mandatory key escrow encryption.  The
>proposals would effectively end the attempt by the White House to force
>the adoption of cryptographic techniques designed for third party
>On February 27, Senator Conrad Burns reintroduced the Pro-CODE
>legislation to promote commerce and privacy on the Internet.  Senator
>Burns said that "support has been building in Congress every year and
>will soon reach a critical mass as it becomes apparant that the
>administration policy could devastate our high-tech sector and a vital
>Internet."  The bill has gained the support of twenty Senators.
>However, one new provision in the bill would create a secret
>Information Security Board that would give law enforcement agencies
>special access to the development of new plans for privacy enhancing
>technologies.  EPIC has said that such a board should operate subject to
>the Federal Advisory Committee Act, which requires that government
>business be conducted in the open.  EPIC also recommended that the board
>be composed of a wide range of organizations, including users groups,
>technical experts, and consumer advocates.  At the same time that
>Senator Burns introduced Pro-CODE, Senator Patrick Leahy (D-VT)
>introduced the Encryption Communications Privacy Act.  The bill would
>protect the right to use encryption, but would criminalize the use of
>encryption in furtherance of a crime and also sets up a legal framework
>to promote key escrow.
>Earlier this month, Rep. Bob Goodlatte (R-VA) re-introduced the Security
>and Freedom Through Encryption (SAFE) Act (H.R. 695).  The bill, which
>has over 50 cosponsors, relaxes crypto export controls and prohibits
>mandatory key escrow.  It also creates new criminal penalties for using
>encryption to further a criminal act.
>More information on encryption policy is available from:
>     http://www.epic.org/crypto/
> [5] Clipper Upgrade at DOD/Litigation Update
>Federal Computer Week has reported that the Defense Department plans to
>modify the Fortezza encryption card to no longer generate a "Law
>Enforcement Access Field" or "LEAF."  Fortezza was introduced as a
>companion to the Clipper Chip and uses the same algorithm. Several
>commentators suggested that this development signal the "death of
>Clipper."  In fact, the revision to Fortezza signals its movement
>to Clipper 4.0.
>Sources tell EPIC that the NSA is likely to adopt the "key recovery"
>technology currently being promoted by the U.S. government for use in
>the revised Fortezza card.  The agency hopes that with the new cards, it
>will be able to pressure other government agencies to adopt the
>technology and expand the market for key recovery products, something
>that it was unable to do with Fortezza and the Clipper Chip.
>Meanwhile, the Federal court hearing the 1993 CPSR/EPIC FOIA case
>seeking information on the Clipper Chip has ordered the National
>Security Agency to submit additional information to the court.  The
>court found that the NSA failed to adequately explain why the documents
>it is withholding should not be released.  The agency must submit the
>additional information by March 5.
>And the U.S. Court of Appeals for the D.C. Circuit has modified its
>order remanding the Karn v. Department of State case back down to the
>District Court.  The appellate court has now suggested that the trial
>court examine the procedural and constitutional issues in more detail.
>The ruling is somewhat more favorable to Phil Karn than was the
>original order.
>More information on the Karn case is available at:
>     http://www.qualcomm.com/people/pkarn/export/index.html
>The EPIC Litigation Docket is available at:
>     http://www.epic.org/privacy/litigation/
> [6] State Department Reports Widespread Illegal Wiretapping Worldwide
>The U.S. State Department reports that privacy invasions and illegal
>wiretapping were widespread across the world in 1996.
>The "Country Reports for Human Rights Practices for 1996" find that
>most countries in the world have constitutional and legal guarantees of
>the right to privacy and the secrecy of mail and communications.
>However, in over 90 countries, the survey reports that police, defense
>and intelligence agencies routinely violate those rights to monitor
>political opponents, human rights workers and journalists.
>This report comes at the same time that the U.S. Justice Department
>continues to push international organizations such as the OECD, G-7,
>Council of Europe and others to promote wiretapping and to limit
>technical tools to prevent illegal electronic surveillance.
>Excerpts from the 1994, 1995 and 1996 State Department reports are
>available at the Privacy International web page at:
>     http://www.privacy.org/pi/reports/
> [7] New Medical Privacy Survey
>The Center for Disease Control has released a new report on privacy
>statutes in the United States.  "The Legislative Survey of State
>Confidentiality Laws, with Specific Emphasis on HIV and Immunization"
>was prepared by Professor Lawrence Gostin of Georgetown University Law
>Center, along with Zita Lazzarini of the Harvard School of Public
>Health and Kathleen M. Flaherty of the Georgetown/Johns Hopkins Program
>on Law and Public Health
>The report examines current state and federal laws protecting the
>confidentiality of health information.  It focuses on four specific
>areas: public health information held by government; privately held
>health care information; HIV and AIDS-related information; and
>immunization information.
>The report is available at:
>     http://www.epic.org/privacy/medical/cdc_survey.html
> [8] Upcoming Conferences and Events
>DIAC - Community Space and CyberSpace - What's the Connection? March 1-2,
>1997. Seattle, WA. Sponsored by CPSR. Contact:
>ACM'97 -- The Next 50 Years of Computing. March 3-5, 1997, San Jose,
>CA. Sponsored by the Association for Computing. Contact:
>CFP97: Commerce & Community. March 11-14, 1997. Burlingame, California.
>Sponsored by the Association for Computing Machinery. Contact:
>cfp97@cfp.org or http://www.cfp.org
>Privacy Summit. March 15, 1997, Burlingame, California. 8.30 am - 10.30
>am. Contact: akrause@igc.apc.org or dhurley@well.com
>Eurosec'97: the Seventh Annual Forum on Information Systems Quality and
>Security. March 17-19, 1997. Paris, France. Sponsored by XP Conseil.
>Contact: http://ourworld.compuserve.com/homepages/eurosec/
>CYBER://CON.97: Rules for Cyberspace?:Governance, Standards and
>Control. June 4-7, 1997. Chicago, Illinois. Sponsored by the John
>Marshall Law School. Contact: cyber97@jmls.edu.
>Ethics in the Computer Society: The Second Annual Ethics and Technology
>Conference. June 6-7, 1997. Chicago, Ill. Sponsored by Loyola
>University Chicago. http://www.math.luc.edu/ethics97
>INET 97 -- The Internet: The Global Frontiers. June 24-27, 1997. Kuala
>Lumpur, Malaysia. Sponsored by the Internet Society. Contact:
>inet97@isoc.org or http://www.isoc.org/inet97
>Privacy laws & Business 10th Anniversary Conference. July 1-3, 1997.
>St. John's College, Cambridge, England. Contact:
>AST3: Cryptography and Internet Privacy. Sept. 15, 1997. Brussels,
>Belgium. Sponsored by Privacy International and EPIC. Contact:
>pi@privacy.org. http://www.privacy.org/pi/conference/brussels/
>19th Annual International Privacy and Data Protection Conference. Sept.
>17-18, 1997. Brussels, Belgium. Sponsored by Belgium Data Protection
>and Privacy Commission.
>International Conference on Privacy. September 23-26, 1997. Montreal,
>Canada. Sponsored by the Commission d'Acces a l'information du Quebec.
>(Send calendar submissions to alert@epic.org)
>The EPIC Alert is a free biweekly publication of the Electronic Privacy
>Information Center. To subscribe, send email to epic-news@epic.org with
>the subject: "subscribe" (no quotes) or use the subscription form at:
>     http://www.epic.org/alert/subscribe.html
>Back issues are available at:
>     http://www.epic.org/alert/
>The Electronic Privacy Information Center is a public interest research
>center in Washington, DC. It was established in 1994 to focus public
>attention on emerging privacy issues such as the Clipper Chip, the
>Digital Telephony proposal, national ID cards, medical record privacy,
>and the collection and sale of personal information. EPIC is sponsored
>by the Fund for Constitutional Government, a non-profit organization
>established in 1974 to protect civil liberties and constitutional
>rights. EPIC publishes the EPIC Alert, pursues Freedom of Information
>Act litigation, and conducts policy research. For more information,
>email info@epic.org, HTTP://www.epic.org or write EPIC, 666
>Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240
>(tel), +1 202 547 5482 (fax).
>If you'd like to support the work of the Electronic Privacy Information
>Center, contributions are welcome and fully tax-deductible. Checks
>should be made out to "The Fund for Constitutional Government" and sent
>to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
>Individuals with First Virtual accounts can donate at
>Your contributions will help support Freedom of Information Act and
>First Amendment litigation, strong and effective advocacy for the right
>of privacy and efforts to oppose government regulation of encryption
>and funding of the National Wiretap Plan.
>Thank you for your support.
>---------------------- END EPIC Alert 4.03 -----------------------