On Thu, 3 Aug 2000 17:43:53 -0400 EPIC News <[EMAIL PROTECTED]> wrote: ============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 7.15 August 3, 2000 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_7.15.html ======================================================================= Table of Contents ======================================================================= [1] Federal Judge Orders Fast FBI Action on Carnivore Material [2] Flashback: It's the Clipper Chip All Over Again [3] Report on Online Profiling Analyzes Recent FTC Agreement [4] NGOs to Hold Public Voice Meeting on Emerging Privacy Issues [5] Study Examines Children's Privacy and "Free" Internet Access [6] Administration Seeks Public Comment on Privacy and Bankruptcy [7] EPIC Bookstore - Privacy in the Information Age [8] Upcoming Conferences and Events ======================================================================= [1] Federal Judge Orders Fast FBI Action on Carnivore Material ======================================================================= In response to a lawsuit filed by EPIC, a federal judge in Washington has ordered the Federal Bureau of Investigation to establish a timetable for the expedited release of information about the "Carnivore" system no later than August 16. The ruling came during an emergency hearing convened by U.S. District Judge James Robertson on August 2, only hours after EPIC filed an application for the immediate public disclosure of information concerning the FBI's controversial surveillance system. EPIC's lawsuit charges that the Department of Justice and the FBI have violated the law by failing to act on a request to expedite the processing of a Freedom of Information Act request EPIC submitted to the FBI on July 12. The Carnivore system monitors traffic at the facilities of Internet service providers (ISPs) in order to intercept information contained in the electronic mail of criminal suspects. Carnivore can reportedly scan millions of e-mails each second and is capable of providing law enforcement agents the ability to intercept all of an ISP's customers' digital communications. Serious questions have been raised in Congress, in the media and in the privacy community concerning the legality of Carnivore and its potential for abuse. In response to the public uproar over Carnivore, Attorney General Janet Reno announced on July 27 that the technical specifications of the system would be disclosed to a "group of experts" to allay public concerns. But according to EPIC General Counsel David L. Sobel, "There is no substitute for a full and open public review of the Carnivore system. The only way that the privacy questions can be resolved is for the FBI to release all relevant information, both legal and technical." EPIC's FOIA request, which is the subject of the federal court order, seeks the disclosure of "all records" concerning Carnivore, including the underlying software and legal analyses addressing the limitations, if any, that have been placed on the use of the system. A similar request for access to Carnivore material was filed by the American Civil Liberties Union. In a detailed submission to the Justice Department shortly after it transmitted its request to the FBI, EPIC asserted that its Carnivore request concerns "a matter of widespread and exceptional media interest in which there exist possible questions about the government's integrity which affect public confidence" -- one of the legal standards that qualifies a request for "expedited processing." Despite a ten-day time limit to answer requests for accelerated processing, the Department failed to respond to EPIC's request until a little more than an hour before the emergency court hearing. In a fax sent to EPIC, the FBI finally conceded that the Carnivore request requires expedited treatment. EPIC is a frequent FOIA requester and litigant, and previously sought the disclosure of information from the FBI on the Communications Assistance to Law Enforcement Act (CALEA) and from the National Security Agency on the Clipper Chip (see below) and U.S. encryption policy, among other subjects. The legal memorandum in support of EPIC's motion for a temporary restraining order is available in HTML at: http://www.techlawjournal.com/courts/epicvdoj/20000802mem.asp and in PDF at: http://www.epic.org/privacy/litigation/carnivore_TRO.pdf ======================================================================= [2] Flashback: It's the Clipper Chip All Over Again ======================================================================= Longtime readers of the EPIC Alert might feel a sense of deja vu when they read about the current controversy over the FBI's Carnivore surveillance system. That's probably because official statements on the matter bear a striking resemblance to statements made in the early days of the Clipper Chip controversy. The Clipper Chip used classified technology developed by the National Security Agency that, according to the initial White House announcement on April 16, 1993, "preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals." Clipper was an encryption system that deposited a spare decryption key with the federal government. Not surprisingly, the proposal was met with a great deal of public mistrust and concern about potential abuse. In an effort to address the public concerns over the Clipper Chip, the White House announced that "respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings." Although the reviewers eventually stated their satisfaction with the technical specifications, the secrecy surrounding the Clipper Chip was never lifted. In fact, EPIC went to court seeking the release of the underlying SKIPJACK algorithm, and lost. Today, the FBI steadfastly refuses to disclose the source code or technical specifications of Carnivore. Attorney General Reno addressed the issue on July 27 and announced the Justice Department's plan: The first step will be to have an individual expert or a group of experts, probably from an academic community, conduct a detailed review of the source code. Those experts will report their findings to a panel of interested parties, people from the telecommunications and computer industries, as well as privacy experts. . . . I think it's a matter of explaining and trying to bring in experts that will give people additional confidence . . . The Clipper Chip experience suggests that there's no real substitute for full public disclosure. While keeping the actual details under wraps, various agencies posted reassuring statements and "Frequently Asked Questions" files. After several years of unsuccessfully trying to promote the technology, the government eventually dropped the initiative. Today, a search for "Clipper Chip" at the Justice Department's website yields a "no records" response. For more background information on the Clipper Chip see: http://www.epic.org/crypto/clipper/ ======================================================================= [3] Report on Online Profiling Analyzes Recent FTC Agreement ======================================================================= On July 28, EPIC, in conjunction with Junkbusters, released a report on the recent agreement between the Federal Trade Commission (FTC) and the Network Advertising Initiative (NAI) on a set of self-regulatory guidelines. The NAI is a consortium of Internet advertising companies representing roughly ninety percent of the growing industry and includes companies such as DoubleClick and Engage. Entitled "Network Advertising Initiative: Principles not Privacy," the report examines the year-long controversy of online profiling, the shortcomings of the NAI guidelines, and proposes principles that would offer an adequate level of privacy protection. Online profiling, currently a common practice of Internet advertisers, entails the collection of information about Internet behavior for the creation of a profile or a representation about an Internet user's interests and preferences. Recent controversies have erupted around not only the practice of online profiling, but also the linking of these profiles to personal data. The report argues that the self-regulatory guidelines endorsed by the FTC and negotiated without significant involvement from consumer and privacy groups, do not provide an adequate level of privacy protection. The guidelines will allow companies to collect online profiling data on the basis of notice and opt-out, which provides no assurances that consumers will know that their behavior is being tracked and recorded. The principles will also permit companies to link online profiling data with personal data on the basis of a "robust" notice and opt-out with little guidance as to what "robust" procedures will be. Similarly, provisions about access, the ability to view and edit information collected, and the transfer of personal data to third parties are vague and indeterminate. In light of the inadequacy of the FTC-NAI agreement, the report recommends that legislation built on Fair Information Practices will better protect privacy and conform to the standards that consumers prefer. Such legal standards would also spur the development of more innovative Internet advertising practices that do not rely on the tracking of Internet users. "Network Advertising Initiative: Principles not Privacy": http://www.epic.org/privacy/internet/NAI_analysis.html The recommendation of the Federal Trade Commission and materials related to the Network Advertising Initiative guidelines: http://www.ftc.gov/opa/2000/07/onlineprofiling.htm ======================================================================= [4] NGOs to Hold Public Voice Meeting on Emerging Privacy Issues ======================================================================= On September 27, EPIC and Privacy International will host a conference, "The Public Voice in Privacy Policy," in Venice, Italy. The meeting will be held in conjunction with the annual meeting of the Data Protection and Privacy Commissioners to take place on September 28. The conference will bring together leading academic experts, NGO leaders, and privacy officials from around the world to explore current issues in privacy protection. Panel discussions will focus on the globalization of surveillance; copyright protection and privacy; the EU-US negotiations on transborder data flows (Safe Harbor); and the need for an international convention on data protection. The first of these conferences was organized by Privacy International and held in Sydney in 1992. Subsequent meetings have taken place in Manchester (1993), The Hague (1994), Copenhagen (1995), Ottawa (1996), Brussels (1997), and Hong Kong (1999). For program and registration details see: http://www.epic.org/events/publicvoice_venice/ For details on the Data Protection Commissioner's conference visit the homepage of the Italian Data Protection Commission: http://www.dataprotection.org/ ======================================================================= [5] Study Examines Children's Privacy and "Free" Internet Access ======================================================================= The Center for Advanced Technology at the University of Oregon has produced a study, "Capturing the Eyeballs and E-Wallets of Captive Kids in School: Dot.com Invades Dot.edu," examining companies that offer "free" Internet access to schools in exchange for the collection of marketing information from their students. Schools faced with an increasing amount of pressure to provide Internet access to students are being lured into these deals by companies like Zapme! and HiFusion. Companies looking for an opportunity to reach younger audiences have found that by offering free or reduced prices for computer equipment or Internet access, they can start creating online profiles - information about their interests and preferences - of children while they are at school. Some of these companies collect personal information as well as information about Internet surfing behavior. The study goes on to say that far too often, school administrators approve partnerships with such companies without being fully aware of the invasive practices of these companies. In addition, parents who trust the judgment of school officials are easily persuaded to consent these practices. Most importantly, the study argues that allowing online profiling companies to begin collecting information on younger kids will likely mold the expectation of privacy they may have as they become older. If this practice becomes widespread, in the future, many children may have a diminished sense of the proper boundaries of personal privacy. "Capturing the Eyeballs and E-Wallets of Captive Kids in School: Dot.com Invades Dot.edu" is available at: http://netizen.uoregon.edu/documents/eyeballs.html ======================================================================= [6] Administration Seeks Public Comment on Privacy and Bankruptcy ======================================================================= Following up on a proposal made earlier this year by the Clinton Administration, the Department of Justice, the Department of the Treasury and the Office of Management and Budget, in conjunction with the Administrative Office of U.S. Courts, will be conducting a study on the privacy of financial information disclosed to the public through bankruptcy filings. The agencies are currently soliciting public comments on the issue. The study will also discuss other controversial issues such as the ability to sell personal information or customer lists as assets when companies go bankrupt. Recently, bankrupt online retailer Toysmart.com has drawn criticism for attempting to sell its customer lists to the highest bidder (see EPIC Alert 7.13). The public comment period will end on September 8, 2000. For more information on the study or to submit comments: http://www.usdoj.gov/ust/privacy/privacy-study.htm ======================================================================= [7] EPIC Bookstore - Privacy in the Information Age ======================================================================= Privacy in the Information Age (Library in a Book) by Harry Henderson http://www.amazon.com/exec/obidos/ISBN=0816038708/electronicprivacA Privacy in the Information Age examines the growing controversy of diminishing privacy as advancements in computer technology facilitate the monitoring and collection of information from people's daily lives. Everything from medical records to e-mail correspondence and financial statements can be reviewed by other people without the knowledge or consent of those whose information it is. These records can also be stored in database files. Eventually, all aspects of an individual's life may be gathered in a single computer file. While this could be a powerful and useful tool, it raises many questions. Who has the right to this information? How can one control what sort of information is being collected and whether or not that information is accurate? Author Harry Henderson examines the history of how technology has created this dilemma and discusses the current status of privacy laws. ================================ EPIC Publications: "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, editors, (EPIC 2000). Price: $20. http://www.epic.org/crypto&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ "The Privacy Law Sourcebook: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 1999). Price: $50. http://www.epic.org/pls/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom - Free Speech Perspectives on Internet Content Controls," David Sobel, editor (EPIC 1999). Price: $20. http://www.epic.org/filters&freedom/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "Privacy and Human Rights 1999: An International Survey of Privacy Laws and Developments," David Banisar, Simon Davies, editors, (EPIC 1999). Price: $15. http://www.epic.org/privacy&humanrights99/ An international survey of the privacy and data protection laws found in 50 countries around the globe. This report outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. ================================ Additional titles on privacy, open government, free expression, computer security, and crypto, as well as films and DVDs can be ordered through the EPIC Bookstore: http://www.epic.org/bookstore/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= CPSR Meeting on Privacy & Security. August 15, 2000. Toronto Cypherpunks/Webgrrls. Toronto, Canada. For more information: http://toronto.cypherpunks.ca/ First International Hackers Forum. The Green Planet. August 18-20, 2000. Zaporozhye, Ukraine. For more information: http://www.geocities.com/hack_forum Surveillance Expo 2000. August 28-30, 2000. Arlington, VA. For more information: http://www.surveillance-expo.com Financial Privacy: Guaranteeing the Integrity of Your Customers Information. International Communications for Management. September 7-8, 2000. New York, NY. For more information: http://www.icmworldwide.com/EventIndex.asp?EventID=973 Health Information Privacy: A Dialogue with the Stakeholders. September 21, 2000. Westin Hotel. Ottawa, Canada. For more information: http://www.rileyis.com/seminars KnowRight 2000 - InfoEthics Europe. Austrian Computer Society and UNESCO. September 26-29, 2000. Vienna, Austria. For more information: http://www.ocg.at/KR-IE2000.html The Public Voice in Privacy Policy. EPIC and Privacy International. September 27, 2000. Venice, Italy. For more information: http://www.epic.org/events/publicvoice_venice/ One World, One Privacy: 22nd Annual International Conference on Privacy and Personal Data Protection. September 28-30, 2000. Venice, Italy. For more information: http://www.dataprotection.org/ Drawing the Blinds: Reconstructing Privacy in the Information Age. CPSR's Annual Conference and Wiener Award Dinner. October 14, 2000. Philadelphia, PA. For more information: http://www.cpsr.org. Privacy: A Social Research Conference. New School University. October 5-7, 2000. New York, NY. For more information: http://www.newschool.edu/centers/socres/privacy/ Privacy2000: Information and Security in the Digital Age. October 31- November 1, 2000. Columbus, Ohio. Adam's Mark Hotel. For more information: http://www.privacy2000.org ======================================================================= Subscription Information ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. A Web-based form is available for subscribing or unsubscribing at: http://www.epic.org/alert/subscribe.html To subscribe or unsubscribe using email, send email to [EMAIL PROTECTED] with the subject: "subscribe" (no quotes) or "unsubscribe". Back issues are available at: http://www.epic.org/alert/ ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail [EMAIL PROTECTED], http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your email address from this list, please follow the above instructions under "subscription information". Please contact [EMAIL PROTECTED] if you have any other questions. ---------------------- END EPIC Alert 7.15 ----------------------- . *** NOTICE: In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. Feel free to distribute widely but PLEASE acknowledge the source. *** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The end is in the means as the tree is in the seed. - Mahatma Ghandi ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Abraham Lincoln, letter to Wm. F. Elkins Nov. 21 1864 Arthur Shaw ed. The Lincoln Encyclopedia 40 {1950} "We may congratulate ourselves that this cruel war is nearing it's nd. It has cost a vast amount of treasure and blood.........It has indeed been a trying hour for the Republic, but I see in the near future a crisis approaching that unnerves me and causes me to tremble for the safety of my country. As a result of the war, corporations have been enthroned and an era of corruption in high places will follow, and the money power of the country will endeavor to prolong it's reign by working on the prejudices of the people until all wealth is aggregated in a few hands and the Republic is destroyed. I feel at this moment more anxiety for the safety of my country than ever before, even in the midst of war." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.angelfire.com/mi/smilinks/thirdeye.html <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om