============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.08 August 2, 1995 ------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC info@epic.org WWW http://epic.org ======================================================================= Table of Contents ======================================================================= [1] Telecom Bill Update [2] New Bill Targets Crypto [3] 2600 FOIA Case on Appeal [4] National Security Surveillance Increases [5] New EPIC Reports Available [6] Upcoming Conferences and Events ======================================================================= [1] Telecom Bill Reaches House Floor ======================================================================= By the time you read this, the House of Representatives may or may not have begun consideration of HR 1555, the so-called "telecommunications reform" bill (the latest estimates are that consideration will begin on the evening of August 2). EPIC has joined with a coalition of public interest organizations in calling for the defeat of this legislation. The coalition includes the Center for Media Education, Computer Professionals for Social Responsibility, Consumer Federation of America, Media Access Project, People for the American Way Action Fund, and Taxpayer Assets Project/Consumer Project on Technology. In a joint statement issued on July 31, the coalition says of the legislation: Specific provisions will directly affect the Internet. Users have been actively opposing one Senate provision to ban all "indecent" communications on computer networks. Given the overwhelming Senate support for that measure, there is substantial risk that any version of the telecommunications bill will contain content restrictions of some sort. Not only will any version of this legislation probably regulate content on the Internet, it will certainly eliminate many important economic safeguards against market power and abuse. The very competitive market that exists for Internet service providers should be emulated for phone and cable companies. Yet the legislation encourages greater monopoly control over all communications services. Related developments: * In a statement released on July 31, President Clinton announced his intention to veto the current version of the telecommunications bill pending in the House. The White House statement noted that, "Instead of promoting open access and diversity of content and viewpoints, [the bill] would allow fewer people to control greater numbers of television, radio and newspaper outlets in every community." * The status of the "Communications Decency Act," which is included in the telecommunications bill passed by the Senate, is unclear in the House. Although the so-called "Exon amendment" language is not currently contained in the House legislation, it is anticipated that advocates of Internet censorship will attempt to attach the CDA to the telecom bill on the House floor. For updated information, check the Voters Telecommunications Watch (VTW) home page at http://www.panix.com/vtw/exon/exon.html. * The following materials are now available at the EPIC home page, http://www.epic.org/telecom_bill/ The full text of the public interest coalition statement, including an analysis of the legislation and Congressional contact information; The White House statement on the House legislation; The "managers' report" on the legislation, describing the current version of the bill; The latest version of the VTW alert on the Communications Decency Act Internet censorship provisions. ======================================================================= [2] New Bill Would Outlaw Non-Escrowed Encryption ======================================================================= On June 27, Sen. Charles Grassley (R-Iowa) introduced the "Anti-Electronic Racketeering Act of 1995." The legislation addresses a broad array of Internet-related issues, including encryption. Under the heading of "Racketeering-related crimes involving computers," the bill would, in effect, criminalize the distribution of all encryption software over the Internet or other computer networks unless "the software at issue used a universal decoding device or program that was provided to the Department of Justice prior to the distribution." Section 2(h)(1) of S.974 would amend Title 18 of the United States Code to make it unlawful to: distribute computer software that encodes or encrypts electronic or digital communications to computer networks that the person distributing the software knows or reasonably should know, is accessible to foreign nationals and foreign governments, regardless of whether such software has been designated as nonexportable. The legislation further provides that: [i]t shall be an affirmative defense to prosecution under this section that the software at issue used a universal decoding device or program that was provided to the Department of Justice prior to the distribution. The legislation is plainly an attempt to mandate the result the Administration sought to achieve with the failed Clipper Chip initiative -- ensuring law enforcement access to *all* encrypted communications through government-escrowed keys. Requiring "knowledge" of accessibility to foreign nationals or governments provides no meaningful protection in a global communications environment. Such knowledge can easily be imputed to any person making encryption software available on the Internet. Criminalizing such distribution "regardless of whether such software has been designated as nonexportable," would effectively outlaw the dissemination of any encryption software that does not provide the government with escrowed keys or some other backdoor. As drafted, the legislation would appear to prohibit the distribution of any program that contains security features, including Netscape Navigator, various digital cash applications and even PKZIP. The Grassley bill was drafted with input from the Department of Justice, suggesting that the Administration may be moving from the initial "voluntary" Clipper approach toward mandatory restrictions on the distribution and use of non-escrowed encryption. Indeed, FBI Director Louis Freeh has indicated on several occasions that domestic uses of encryption will eventually be curtailed. For instance, Freeh said in Congressional testimony on May 11, 1995, ... we're in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge's authority where we can get there if somebody is planning a crime. The text of the "Anti-Electronic Racketeering Act" can be obtained at http://www.epic.org/privacy/crypto/s974.txt EPIC will continue to monitor the progress of this legislation and will be posting analyses of its other draconian provisions, including those dealing with computer crime, distribution of copyrighted material and searches and seizures of computer systems. ======================================================================= [3] Appeals Court to Decide "2600" FOIA Case ======================================================================= The wheels of justice turn slowly ... In November 1992, a group of young people affiliated with the computer magazine "2600" were confronted by mall security personnel, local police officers and several unidentified individuals in the Pentagon City shopping mall in Virginia. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded and some of their property was confiscated. Computer Professionals for Social Responsibility (CPSR) filed suit in federal court in early 1993 seeking the release of relevant Secret Service records under the Freedom of Information Act. The litigation of the case is being handled by EPIC. In July 1994, U.S. District Judge Louis Oberdorfer ordered the Secret Service to release the vast majority of documents it maintains on the incident. The government appealed that decision and the appeal is now pending. In a recently filed brief, EPIC and CPSR argue that the withheld documents demonstrate Secret Service misconduct and that the FOIA exemptions cited by the agency do not apply. The Pentagon City incident has been described as an example of over-zealous law enforcement activities directed against so-called computer "hackers." The case raises significant issues of free speech and assembly, privacy and government accountability. Oral argument before the U.S. Court of Appeals for the District of Columbia Circuit is scheduled for September 14, 1995. A copy of the CPSR/EPIC brief can be found at: http://cpsr.org/cpsr/computer_crime/2600_brief_6_95.txt ======================================================================= [4] Secret Court Surveillance Orders Increase, New Chief Judge Chosen ======================================================================= According to Justice Department documents, orders for "national security" electronic surveillance increased in 1994 over the previous year. 576 orders for "national security" electronic surveillance were approved in 1994, an increase of 65 orders over the previous year but still lower than previous peak years of 1984 and 1991. No requests for surveillance were denied or modified. Since its inception in 1979, the Foreign Intelligence Surveillance Court (FISC) has never turned down a request for an electronic surveillance order. The secret court was created by the Foreign Intelligence Surveillance Act of 1977. Last year, the FISC's jurisdiction was expanded to include authorizing physical searches of premises in "national security" cases. FISA Orders 1979-1994 1979 - 207 1980 - 322 1981 - 433 1982 - 475 1983 - 549 1984 - 635 1985 - 587 1986 - 573 1987 - 512 1988 - 534 1989 - 546 1990 - 595 1991 - 593 1992 - 484 1993 - 509 1994 - 576 ------------- A new leader was recently named for the court. U.S. District Court Judge Royce C. Lamberth has been chosen to be the chief judge. Lamberth replaces US District Court Judge Joyce Hens Green, whose term expired earlier this year. Members of the FISC are chosen by Chief Justice William Rehnquist and serve seven year terms. Lamberth was originally appointed to the U.S. District Court by President Ronald Reagan in 1987. Prior to his appointment, he was Chief of the Civil Division of the U.S. Attorney's Office in Washington, D.C. In 1993, he ruled against CPSR in its attempt to obtain classified documents relating to the development of the Digital Signature Standard. Other court members are Wendell A. Miles, Western District of Michigan; Ralph Thompson, Western District of Oklahoma; Charles Schwartz, Eastern District of Louisiana; Earl H. Carroll, District of Arizona; James C. Cacheris, Eastern District of Virginia; and John Keenan, Southern District of New York. ======================================================================= [5] Updated EPIC Reports Available ======================================================================= EPIC has released updates of two of its reports: EPIC Online Guide to Privacy Resources. A comprehensive list of privacy organizations, publications, newsgroups, mailing lists, netsites and conferences related to privacy. Updated August 1, 1995. HTTP://www.epic.org/privacy/online_guide_faq.txt Text Version HTTP://www.epic.org/privacy/online_guide_faq.html HTML Version Overview of 104th Congress - Electronic Privacy and Civil Liberties Legislation. A comprehensive listing of all legislation currently pending in Congress that affects privacy and civil liberties. Includes a brief overview, bill number, and status of each bill. Updated August 1, 1995. HTTP://www.epic.org/privacy/legislative_update.txt ======================================================================= [6] Upcoming Privacy Related Conferences and Events ======================================================================= DEF CON III. August 4-6, 1995. Las Vegas. Major hacker conference. Contact: dtangent@defcon.org or http://dfw.net/~aleph1/defcon Surveillance Expo '95. August 8-10. Mclean, Virginia. Sponsored by Ross Engineering. Contact Jim Ross. 703-318-8600. Advanced Surveillance Technologies. Sept. 4, 1995. Copenhagen, Denmark. Sponsored by Privacy International and EPIC. Contact pi@privacy.org or HTTP://www.privacy.org/pi/conference/ 17th International Conference of Data Protection and Privacy Commissioners. September 6-8, 1995. Copenhagen, Denmark. Sponsored by the Danish Data Protection Agency. Contact Henrik Waaben, +45 33 14 38 44 (tel), +45 33 13 38 43 (fax). InfoWarCon '95. September 7-8, 1995. Arlington, VA. Sponsored by NCSA and OSS. Email: Winn@Infowar.Com. "Managing the Privacy Revolution." Privacy & American Business. Oct. 31 - Nov. 1, 1995. Washington, DC. Speakers include C.B. Rogers (Equifax). Contact Alan Westin 201/996-1154. 11th Annual Computer Security Applications Conference: The conference includes technical papers, panels, vendor presentations, and tutorials that address the application of computer security and safety technologies in the civil, defense, and commercial environments. December 11-15, 1995, New Orleans, Louisiana. Contact Vince Reed at (205)890-3323 or vreed@mitre.org. 1996 Computers, Freedom and Privacy Conference. March 27-30, 1996. Cambridge MA. Sponsored by MIT. Contact: cfp96-info@mit.edu or http://web.mit.edu/cfp96. (Send calendar submissions to Alert@epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send the message: SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname to listserv@cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce. Back issues are available via http://epic.org/alert/ or FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information, email info@epic.org, WWW at HTTP://epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax). The Fund for Constitutional Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization of people concerned about the impact of technology on society. For information contact: cpsr-info@cpsr.org If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan.. Thank you for your support. ------------------------ END EPIC Alert 2.08 ------------------------