[RRE]update on civil liberties

From: Phil Agre (pagreat_private)
Date: Tue Sep 25 2001 - 21:46:56 PDT

  • Next message: Phil Agre: "[RRE]attack"

    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    This message was forwarded through the Red Rock Eater News Service (RRE).
    You are welcome to send the message along to others but please do not use
    the "redirect" option.  For information about RRE, including instructions
    for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    
    Date: Tue, 25 Sep 2001 12:24:29 -0400
    From: EPIC News <alertat_private>
    To: epic_newsat_private
    Subject: EPIC Alert 8.19
    
    
        ==============================================================
    
            @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
            @     @  @   @   @        @ @   @     @     @  @    @
            @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
            @     @      @   @       @   @  @     @     @  @    @
            @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
    
        ==============================================================
        Volume 8.19                                 September 25, 2001
        --------------------------------------------------------------
    
                                 Published by the
                   Electronic Privacy Information Center (EPIC)
                                 Washington, D.C.
    
                  http://www.epic.org/alert/EPIC_Alert_8.19.html
    
    =======================================================================
    Table of Contents
    =======================================================================
    
    [1] Congress Urged to Carefully Consider Anti-Terrorism Proposals
    [2] In Defense of Freedom Coalition Launches
    [3] Judiciary Approves Limited Monitoring, Standards for Case Files
    [4] International Developments on Cybercrime and Terrorism
    [5] New Developments in Face Recognition Technology
    [6] Microsoft Opens Passport to Competition and More Web Profiling
    [7] EPIC Bookstore - Privacy & Human Rights 2001
    [8] Upcoming Conferences and Events
    
    =======================================================================
    [1] Congress Urged to Carefully Consider Anti-Terrorism Proposals
    =======================================================================
    
    As Congress prepares to consider the Administration's far-reaching
    Anti-Terrorism Act of 2001, the Electronic Privacy Information Center
    on Monday urged careful consideration of proposals that could
    significantly erode Internet privacy and constitutional rights.
    Included in the proposed legislation are provisions that would
    authorize and expand the use of the FBI's controversial Carnivore
    system, limit judicial oversight of government surveillance
    activities, erode the traditional separation of domestic law
    enforcement and foreign intelligence functions, and authorize
    surreptitious police entries in all criminal investigations.
    
    The House Judiciary Committee heard testimony yesterday from Attorney
    General John Ashcroft and other Justice Department officials.  In
    response to civil liberties concerns raised by members on both sides
    of the aisle, Committee Chair James Sensenbrenner (R-WI) postponed
    until next week a mark-up session on the proposed bill, which was
    initially scheduled for today.  The Senate Intelligence Committee also
    held a hearing on the proposal yesterday.  The Attorney General is
    appearing before the Senate Judiciary Committee today.
    
    David L. Sobel, EPIC's General Counsel, said, "This is a major piece
    of legislation that addresses complex issues involving rapidly
    developing technology.  While we all recognize the urgency of the
    situation our country now faces, we shouldn't rush to enact new laws
    that could jeopardize the freedoms that form the basis of our
    democracy."  Specifically, in a legislative analysis released on
    Monday, EPIC urged Congress to be guided by the following factors as
    it considers the anti-terrorism bill:
    
    - Law enforcement and intelligence agencies already possess broad
    authority to conduct investigations of suspected terrorist activity.
    
    - Any expansion of existing authorities should be based upon a clear
    and convincing demonstration of need.
    
    - Congress should assess the likely effectiveness of any proposed new
    powers in combating the threats posed by terrorist activity.
    
    - Any new authorities deemed necessary should be narrowly drawn to
    protect the privacy and constitutional rights of the millions of
    law-abiding citizens who use the Internet and other communications
    media on a daily basis.
    
    - The longstanding distinction between domestic law enforcement and
    foreign intelligence collection should be preserved to the greatest
    extent possible consistent with the need to detect and prevent
    terrorist activity.
    
    - Expanded investigative powers should be limited to the investigation
    of terrorist activity and should not be made generally applicable to
    all criminal investigations.
    
    EPIC's analysis of provisions of the Anti-Terrorism Act of 2001
    affecting communications and information privacy is available at:
    
         http://www.epic.org/privacy/terrorism/ata_analysis.html
    
    =======================================================================
    [2] In Defense of Freedom Coalition Launches
    =======================================================================
    
    A broad and diverse coalition of civil liberties, religious, consumer,
    and other advocacy groups has organized to defend American freedoms in
    the wake of terrorist attacks against the country.  At a National
    Press Club event on September 20, the coalition released a ten-point
    statement that urges legislators to consider new proposals calmly and
    deliberately and to protect the civil liberties that define the
    American way of life.
    
    The statement, "In Defense of Freedom," has already been endorsed by
    over 150 organizations, 300 law professors, and 40 computer
    scientists.  Members of the public are also encouraged to endorse the
    statement.  Individuals can show their support by sending e-mail to:
    
         endorseat_private
         (with the subject line "I Endorse")
    
    Organizations wishing to endorse the statement should e-mail
    sshinat_private for more information.
    
    The In Defense of Freedom statement is available online at:
    
         http://www.indefenseoffreedom.org/
    
    Endorse the In Defense of Freedom statement:
    
         http://www.indefenseoffreedom.org/endorse.html
    
    =======================================================================
    [3] Judiciary Approves Limited Monitoring, Standards for Case Files
    =======================================================================
    
    The Judicial Conference, the chief policymaking body for the federal
    courts, has approved policies relating to employee Internet monitoring
    and privacy protections for electronic case files.
    
    The new policy on Internet monitoring allows the Administrative
    Offices of the U.S. Courts to monitor employees' computers to detect
    transfers of pornography and large media files over the Internet.  In
    addition, certain services, such as Napster, will be blocked. However,
    the Administrative Office will be prohibited from monitoring the
    e-mail communications of judges and their staff.
    
    The Judicial Conference adopted the Internet use policy drafted by the
    federal Chief Information Officers Council as a minimum nationwide
    standard.  The policy will allow judicial employees limited access to
    the Internet for personal use.  In addition, a controversial portion
    of the use policy that eliminated employees' reasonable expectation of
    privacy has been tabled for more consideration in committee.
    
    Judges and commentators have raised objections to Internet monitoring
    of judicial networks recently.  EPIC sent a letter to the Judicial
    Conference urging the body to end the practice of monitoring, warning
    that the monitoring may violate the Electronic Communications Privacy
    Act (ECPA) and that merely giving employees notice of the monitoring
    would not cure the underlying Fourth Amendment issues.
    
    The Judicial Conference also approved a policy that will enhance
    privacy protections for public access to electronic to case files
    (ECF).  Electronic access to case files raises new risks of identity
    theft, harassment, and profiling, as they are becoming more easily
    accessible and contain detailed personal information.  The new rules
    provide notice to litigants, and place specific restrictions on the
    availability of personal information within civil case files.
    Electronic access to criminal case files will be delayed until safety
    concerns can be addressed.
    
    EPIC filed comments and testified to the Judicial Conference earlier
    this year in support of greater protections for ECF.  Many of EPIC's
    recommendations are embodied in the Judicial Conference policy.
    
    Judicial Conference Press Release on Internet Use and Electronic Case
    File Availability (PDF):
    
         http://www.uscourts.gov/Press_Releases/jc901a.pdf
    
    EPIC Letter to the Judicial Conference on Employee Monitoring:
    
         http://www.epic.org/privacy/workplace/judicialmonitoring.html
    
    Report on Privacy and Public Access to Electronic Case Files:
    
         http://www.uscourts.gov/Press_Releases/att81501.pdf
    
    EPIC's comments on electronic public access to case files:
    
         http://www.epic.org/open_gov/ecfcomments.html
    
    =======================================================================
    [4] International Developments on Cybercrime and Terrorism
    =======================================================================
    
    On September 19, the Council of Europe Convention on Cybercrime was
    approved by the Committee of Minister's Deputies.  It will be
    presented to the Committee of Ministers for formal adoption in
    November.  The Treaty will then be open for signature by the 43 member
    states of the Council of Europe and other countries, such as the
    United States, Canada and Australia, that contributed to the drafting
    process.  It will come into force as soon as five countries, including
    three of the member states, have ratified it.
    
    The Convention is the first international treaty to address crimes
    committed in "Cyberspace" including breach of copyright, computer-
    related fraud, child pornography and hacking.  The convention requires
    signatory countries to ensure that their laws meet uniform standards
    relating to a wide range of investigative powers, including electronic
    surveillance and access to user records maintained by communications
    operators.  During its negotiation, the Convention was strongly
    criticized by the Global Internet Liberty Campaign, a coalition of
    international privacy, security and civil liberties organizations, and
    the European Privacy Commissioners as disproportionately weighted in
    favor of law enforcement interests.
    
    In response to the terrorist attacks of September 11, the Council of
    Europe is also considering new anti-terrorist proposals.  On September
    21 a special meeting of the Committee of Ministers was held to discuss
    this issue and a request for "an urgent debate on democracies facing
    terrorism" has been presented to the Parliamentary Assembly.
    
    Terrorism is also high on the agenda at the European Union.  On
    September 20, the European Commission presented two important policy
    initiatives: a "Framework Decision on combating terrorism" and a
    "Framework Decision on an EU Arrest Warrant" to a special meeting of
    the European  Justice and Home Affairs Ministers in Brussels.  The
    main objective of these initiatives is to increase co-operation
    between police and intelligence services through the Europol network,
    to agree on a common definition of terrorism, to harmonize penalties
    and sanctions for terrorist acts to abolish formal extradition
    procedures among EU states and to introduce a common arrest warrant to
    cover all forms of crime, not just terrorism.  The EU Justice and Home
    Affairs Ministers approved the more than 30 measures contained in
    these documents and stressed the need for speed in their
    implementation. They vowed to secure agreement and support from their
    national governments by December.
    
    On September 24, Marc Rotenberg, Executive Director of EPIC, addressed
    these and other issues at the 23rd International Conference of Data
    Commissioners which is taking place in Paris, France.
    
    Council of Europe Press Release, "First International Treaty to Combat
    Crime in Cyberspace Approved by Ministers' Deputies,"
    
         http://press.coe.int/cp/2001/646a(2001).htm
    
    Council of Europe Press Release, "Democracies Facing Terrorism on the
    Agenda for the Autumn," September 21, 2001:
    
         http://press.coe.int/cp/2001/626a(2001).htm
    
    European Union Initiatives:
    
         http://www.europa.eu.int/comm/dgs/justice_home/index_en.htm
    
    Information on the 23rd International Data Commissioners' Conference:
    
         http://www.paris-conference-2001.org
    
    =======================================================================
    [5] New Developments in Face Recognition Technology
    =======================================================================
    
    Visionics Corporation, maker of the Face-It facial recognition
    technology currently used in the Ybor City district of Tampa, Florida,
    released on Monday a white paper entitled "Protecting Civilization
    >From The Faces Of Terror."  The document analyzes the role of facial
    recognition technology in airport security, and addresses the need for
    responsible use guidelines to prevent the abuse of the technology.  It
    identifies five key areas relating to the use of biometric
    technologies for airport security: Facial Screening and Surveillance,
    Automated Biometric-Based Boarding, Screening of Airport Employees,
    Physical Security, and Intelligence Data Mining.  While the document
    claims to be cognizant of privacy concerns, the introduction of data
    mining raises the important issue that information in face recognition
    databases could possibly be shared with third parties.
    
    In related news, the federal government is considering the
    installation of facial recognition technology at Washington's Reagan
    National Airport, among others, as a measure to increase security. 
    Cameras would be installed at security checkpoints and possibly linked
    to each other so that information about suspected terrorists could be
    transmitted to government officials via the Internet.  A government
    committee appointed by Transportation Secretary Norman Mineta was
    briefed on Thursday and told that equipment could be installed and
    operating within a few weeks.  Dr. Joseph Atick, president of
    Visionics, has said that the federal government should adopt rules to
    regulate face recognition databases and protect the privacy of the
    public.  Dr. Atick continued to say that Visionics was "not going to
    walk away from the privacy issues we've previously raised."
    
    EPIC Advisory Board member Phil Agre has written an essay entitled
    "Your Face is Not a Bar Code: Arguments Against Automatic Face
    Recognition in Public Places," which carefully examines privacy issues
    raised by the use of this technology.
    
    Visionics Corporation's white paper is available (PDF) at:
    
      http://www.visionics.com/newsroom/downloads/whitepapers/counterterrorism.pdf
         
    Phil Agre's essay, "Your Face is Not a Bar Code":
    
         http://dlis.gseis.ucla.edu/people/pagre/bar-code.html
         
    EPIC's Face Recognition Information Page:
    
         http://www.epic.org/privacy/facerecognition/
    
    =======================================================================
    [6] Microsoft Opens Passport to Competition and More Web Profiling
    =======================================================================
    
    In an attempt to create a single identity for all web users, Microsoft
    has opened its Passport system to allow competitors and others to
    employ the identification and authentication scheme.  As a result,
    e-commerce companies could employ the identification and
    authentication system by participating in a "federated" Passport
    network.
    
    While opening the Passport system is likely intended to allay
    antitrust concerns, it creates new privacy risks for Internet users.
    The opening of Passport is intended to facilitate the spread of
    personalization services that are dependent on identification.  It
    could result in more sites requiring that an individual reveal one's
    identity in order to view content or enjoy web services.  Microsoft
    has used Passport to require user identification before viewing
    support pages.
    
    In July, EPIC and fourteen other organizations filed a complaint with
    the Federal Trade Commission (FTC) alleging that Microsoft violated
    consumer protection law by tying Passport to the Windows XP operating
    system.  EPIC continues to pursue the complaint, and Commission action
    is likely to be announced after the new FTC chair, Timothy Muris,
    announces the agency's new approach to privacy in early October.
    
    EPIC's page on Microsoft Passport:
    
         http://www.epic.org/privacy/consumer/microsoft/
    
    =======================================================================
    [7] EPIC Bookstore - Privacy & Human Rights 2001
    =======================================================================
    
    * JUST PUBLISHED! *
    
    Privacy & Human Rights: An International Survey of Privacy Laws and
    Developments (EPIC 2001)
    
         http://www.powells.com/cgi-bin/biblio?partner_id=24075&cgi=biblio&show=trade+paper:new:1131377354:20.00
    
    This annual report by EPIC and Privacy International reviews the state
    of privacy in over fifty countries around the world.  It outlines
    legal protections for privacy, new challenges, and summarizes
    important issues and events relating to privacy and surveillance.
    Updated and expanded for 2001, the report includes new sections on
    genetic privacy, location tracking, authentication and identification
    requirements, electronic numbering, corporate sharing of information
    with governments, and the privacy implications of digital rights
    management schemes.
    
                       ================================
    
    EPIC Publications:
    
    "Privacy & Human Rights 2001: An International Survey of Privacy Laws
    and Developments," (EPIC 2001). Price: $20.
    http://www.epic.org/bookstore/phr2001/
    
    This survey, by EPIC and Privacy International, reviews the state of
    privacy in over fifty countries around the world.  The survey examines
    a wide range of privacy issues including, data protection, telephone
    tapping, genetic databases, ID systems and freedom of information
    laws.
    
                       ================================
    
    "The Privacy Law Sourcebook 2001: United States Law, International
    Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2001).
    Price: $40. http://www.epic.org/bookstore/pls2001/
    
    The "Physicians Desk Reference of the privacy world." An invaluable
    resource for students, attorneys, researchers and journalists who need
    an up-to-date collection of U.S. and International privacy law, as
    well as a comprehensive listing of privacy resources.
    
                       ================================
    
    "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
    Controls" (EPIC 2001). Price: $20.
    http://www.epic.org/bookstore/filters2.0/
    
    A collection of essays, studies, and critiques of Internet content
    filtering.  These papers are instrumental in explaining why filtering
    threatens free expression.
    
                       ================================
    
    "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
    Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
    http://www.epic.org/cls/
    
    The Consumer Law Sourcebook provides a basic set of materials for
    consumers, policy makers, practitioners and researchers who are
    interested in the emerging field of electronic commerce.  The focus is
    on framework legislation that articulates basic rights for consumers
    and the basic responsibilities for businesses in the online economy.
    
                       ================================
    
    "Cryptography and Liberty 2000: An International Survey of Encryption
    Policy," Wayne Madsen and David Banisar, authors (EPIC 2000).
    Price: $20. http://www.epic.org/crypto&/
    
    EPIC's third survey of encryption policies around the world. The
    results indicate that the efforts to reduce export controls on strong
    encryption products have largely succeeded, although several
    governments are gaining new powers to combat the perceived threats of
    encryption to law enforcement.
    
                       ================================
    
    Additional titles on privacy, open government, free expression,
    computer security, and crypto, as well as films and DVDs can be
    ordered through the EPIC Bookstore: http://www.epic.org/bookstore/
    
    =======================================================================
    [8] Upcoming Conferences and Events
    =======================================================================
    
    WorkSurv: A Seminar on the Technical, Legal & Business Issues of
    Workplace Surveillance. Privacy Foundation. September 25, 2001.
    Denver, CO. For more information:
    http://www.privacyfoundation.org/worksurv.asp
    
    Health Information Privacy: Dialogue with the Stakeholders. Riley
    Information Services, Inc. September 28, 2001. Ottawa, Canada. For
    more information: http://www.rileyis.com/seminars/
    
    Privacy2001: Information, Security & Ethics for the New Century.
    Technology Policy Group. October 3-4, 2001. Cleveland, OH. For more
    information: http://www.privacy2000.org/
    
    Consumers and Utilities. Residential Utilities Services: Meeting
    Consumer Energy and Communications Needs in a Dynamic Marketplace.
    Consumer Federation of America. October 4-5, 2001. Washington, D.C.
    For more information: http://www.consumerfed.org/
    
    Call for Proposals - October 15, 2001. CFP 2002: The Twelfth
    Conference on Computers, Freedom & Privacy. April 16-19, 2002. San
    Francisco, CA. For more information: http://www.cfp2002.org/
    
    Privacy: The New Management Imperative - Chief Privacy Officer
    Training Program. Southern Methodist University and Privacy Council.
    October 15-17, 2001. Dallas, TX. For more information:
    http://execdev.cox.smu.edu/
    
    Nurturing the Cybercommons, 1981-2021. Computer Professionals for
    Social Responsibility (CPSR) 20th Anniversary Conference and Wiener
    Award Dinner. October 19-21, 2001. Ann Arbor, MI. For more
    information: http://www.cpsr.org/
    
    The New HIPAA Privacy Rule: Guiding Your Clients Through the
    Implementation Process. Practising Law Institute. October 24, 2001.
    New York, NY. For more information: http://www.pli.edu/
    
    The Third National HIPAA Summit: From Theory to Practice - From
    Planning to Implementation. October 24-26, 2001. Washington, DC. For
    more information: http://www.hipaasummit.com/
    
    The 29th Research Conference on Communication, Information and
    Internet Policy. Telecommunications Policy Research Conference.
    October 27-29, 2001. Alexandria, VA. For more information:
    http://www.tprc.org/
    
    The 8th Annual Centre for Applied Cryptographic Research (CACR)
    Information Security Workshop: The Human Face of Privacy Technology.
    University of Waterloo and Information and Privacy Commission/Ontario.
    November 1-2, 2001. Toronto, Ontario. For more information:
    http://www.cacr.math.uwaterloo.ca/
    
    Symposium on Privacy and Security 2001. Foundation for Data Protection
    and Information Security. November 1-2, 2001. Zurich, Switzerland. For
    more information: http://www.privacy-security.ch/
    
    Workshop on Security and Privacy in Digital Rights Management 2001.
    Eighth Association for Computing Machinery (ACM) Conference on
    Computer and Communications Security. November 5, 2001. Philadelphia,
    PA. For more information: http://www.star-lab.com/sander/spdrm/
    
    Privacy: The New Management Imperative - Chief Privacy Officer
    Training Program. Cambridge University and Privacy Council. November
    5-8, 2001. Cambridge, England. For more information:
    kturnerat_private
    
    Learning for the Future. Business for Social Responsibility's Ninth
    Annual Conference. November 7-9, 2001. Seattle, WA. For more
    information: http://www.bsr.org/events/2001.asp
    
    Information Operations: Applying Power in the Information Age. Jane's
    Information Group. November 14-15, 2001. Washington, DC. For more
    information:
    http://www.janes.com/security/conference/info_op/info_op.shtml
    
    Information Gathering in the 21st Century. Seton Hall Law School.
    November 16, 2001. South Orange, NJ. For more information: ilstat_private
    
    Managing Privacy of Health Information. The Canadian Institute.
    November 19-20, 2001. Vancouver, British Columbia. For more
    information: http://www.CanadianInstitute.com/
    
    Call for Papers - December 1, 2001. 11th Annual EICAR & 3rd European
    Anti-Malware Conference. European Institute for Computer Anti-Virus
    Research (EICAR). June 8-11, 2002. Berlin, Germany. For more
    information: http://conference.eicar.org/
    
    Call for Papers - December 10, 2001. Workshop on Privacy Enhancing
    Technologies 2002. April 14-15, 2002. San Francisco, CA. For more
    information: http://www.pet2002.org/
    
    =======================================================================
    Subscription Information
    =======================================================================
    
    Subscribe/unsubscribe via Web interface:
    
          http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news/
    
    Subscribe/unsubscribe via email: epic_news-requestat_private
    subject line: "subscribe" or "unsubscribe"
    
    Back issues are available at:
    
          http://www.epic.org/alert/
    
    =======================================================================
    Privacy Policy
    =======================================================================
    
    The EPIC Alert mailing list is used only to mail the EPIC Alert and to
    send notices about EPIC activities.  We do not sell, rent or share our
    mailing list.  We also intend to challenge any subpoena or other legal
    process seeking access to our mailing list.  We do not enhance (link
    to other databases) our mailing list or require your actual name.
    
    In the event you wish to subscribe or unsubscribe your email address
    from this list, please follow the above instructions under
    "subscription information".  Please contact infoat_private if you have
    any other questions.
    
    =======================================================================
    About EPIC
    =======================================================================
    
    The Electronic Privacy Information Center is a public interest
    research center in Washington, DC.  It was established in 1994 to
    focus public attention on emerging privacy issues such as the Clipper
    Chip, the Digital Telephony proposal, national ID cards, medical
    record privacy, and the collection and sale of personal information.
    EPIC publishes the EPIC Alert, pursues Freedom of Information Act
    litigation, and conducts policy research.  For more information,
    e-mail infoat_private, http://www.epic.org or write EPIC, 1718
    Connecticut Ave., NW, Suite 200, Washington, DC 20009.
    +1 202 483 1140 (tel), +1 202 483 1248 (fax).
    
    If you'd like to support the work of the Electronic Privacy
    Information Center, contributions are welcome and fully
    tax-deductible.  Checks should be made out to "EPIC" and sent to
    1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
    Or you can contribute online at
    http://www.guidestar.org/aol/search/report/report.adp?ein=52-2225921
    
    Your contributions will help support Freedom of Information Act and
    First Amendment litigation, strong and effective advocacy for the
    right of privacy and efforts to oppose government regulation of
    encryption and expanding wiretapping powers.
    
    Thank you for your support.
    
       ---------------------- END EPIC Alert 8.19 -----------------------
    



    This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 09:09:28 PDT