Date: Fri, 03 Dec 93 13:25:21 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#002
Computer Privacy Digest Fri, 03 Dec 93 Volume 4 : Issue: 002
Today's Topics: Moderator: Leonard P. Levine
Single Topic Issue: CPSR Alert 2.06
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Monty Solomon <roscom!monty@think.com>
Date: Thu, 2 Dec 1993 12:05:31 -0500
Subject: Single Topic Issue: CPSR Alert 2.06
CPSR Alert 2.06
==============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@
@ @ @ @ @ @ @ @ @ @ @ @ @
@ @@@ @ @@@ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @
=============================================================
Volume 2.06 December 1, 1993
-------------------------------------------------------------
Published by
Computer Professionals for Social Responsibility
Washington Office
(Alert@washofc.cpsr.org)
-------------------------------------------------------------
Contents
[1] Sen. Simon Introduces Major Privacy Bill
[2] Senator Simon's Statement on Introduction
[3] Privacy Commission Bill Section Headings
[4] New Docs Reveal NSA Involvement in Digital Telephony Proposal
[5] Bill to Remove Crypto Export Controls Introduced in House
[6] Matching grant for CPSR FOIA Work Offered
[7] New Documents in the CPSR Internet Library
[8] Upcoming Conferences and Events
-------------------------------------------------------------
[1] Senator Simon Introduces Major Privacy Bill
Senator Paul Simon (D-IL) has introduced legislation to create a
privacy agency in the United States. The bill is considered the most
important privacy measure now under consideration by Congress.
The Privacy protection Act of 1993, designated S. 1735, attempts to
fill a critical gap in US privacy law and to respond to growing public
concern about the lack of privacy protection.
The Vice President also recommended the creation of a privacy agency
in the National Performance Review report on reinventing government
released in September.
The measure establishes a commission with authority to oversee the
Privacy Act of 1974, to coordinate federal privacy laws, develop model
guidelines and standards, and assist individuals with privacy matters.
However, the bill lacks authority to regulate the private sector, to
curtail government surveillance proposals, and has a only a small
budget for the commission.
Many privacy experts believe the bill is a good first step but does not
go far enough.
The Senate is expected to consider the bill in January when it returns
to session.
-------------------------------------------------------------
[2] Senator Simon's Statement on Introduction
(From the Congressional Record, November 19, 1993)
Mr. Simon. "Mr. President, I am introducing legislation today to
create a Privacy Protection Commission. The fast-paced growth in
technology coupled with American's increasing privacy concerns demand
Congress take action.
"A decade ago few could afford the millions of dollars necessary for a
mainframe computer. Today, for a few thousand dollars, you can purchase
a smaller, faster, and even more powerful personal computer. Ten years
from now computers will likely be even less expensive, more accessible,
and more powerful. Currently, there are "smart" buildings, electronic
data "highways", mobile satellite communication systems, and
interactive multimedia. Moreover, the future holds technologies that we
can't even envision today. These changes hold the promise of
advancement for our society, but they also pose serious questions about
our right to privacy. We should not fear the future or its technology,
but we must give significant consideration to the effect such
technology will have on our rights.
"Polls indicate that the American public is very concerned about this
issue. For example, according to a Harris-Equifax poll completed this
fall, 80 percent of those polled were concerned about threats to their
personal privacy. In fact, an example of the high level of concern is
reflected in the volume of calls received by California's Privacy
Rights Clearinghouse. Within the first three months of operation. The
California Clearinghouse received more than 5,400 calls. The
Harris-Equifax poll also reported that only 9 percent of Americans felt
that current law and organizational practices adequately protected
their privacy. This perception is accurate. The Privacy Act of 1974
was created to afford citizens broad protection. Yet, studies and
reviews of the act clearly indicate that there is inadequate specific
protection, too much ambiguity, and lack of strong enforcement.
"Furthermore, half of those polled felt that technology has almost
gotten out of control, and 80 percent felt that they had no control
over how personal information about them is circulated and used by
companies. A recent article written by Charles Piller for MacWorld
magazine outlined a number of privacy concerns. I ask unanimous consent
the article written by Charles Piller be included in the record
following my statement. These privacy concerns have caused the public
to fear those with access to their personal information. Not
surprisingly, distrust of business and government has significantly
climbed upwards from just three years ago.
"In 1990, the United States General Accounting Office reported that
there were conservatively 910 major federal data banks with billions of
individual records. Information that is often open to other
governmental agencies and corporations, or sold to commercial data
banks that trade information about you, your family, your home, your
spending habits, and so on. What if the data is inaccurate or no longer
relevant? Today's public debates on health care reform, immigration,
and even gun control highlight the growing public concern regarding
privacy.
"The United States has long been the leader in the development of
privacy policy. The framers of the Constitution and the Bill of Rights
included an implied basic right to privacy. More than a hundred years
later, Brandeis and Warren wrote their famous 1890 article, in which
they wrote that privacy is the most cherished and comprehensive of
all rights. International privacy scholar Professor David Flaherty has
argued successfully that the United States invented the concept of a
legal right to privacy. In 1967, Professor Alan Westin wrote privacy
and freedom, which has been described as having been of primary
influence on privacy debates world-wide. Another early and
internationally influential report on privacy was completed in 1972
by the United States Department of Health, Education, and Welfare
advisory committee. A Few years later in 1974, Senator Sam Ervin
introduced legislation to create a federal privacy board. The result
of debates on Senator Ervin's proposal was the enactment of the
Privacy Act of 1974. The United States has not addressed privacy
protection in any comprehensive way since.
"International interest in privacy and in particular data protection
dramatically moved forward in the late 1970's. In 1977 and 1978 six
countries enacted privacy protection legislation. As of September
1993, 27 countries have legislation under consideration. I ask
unanimous consent that a list of those countries be included in the
record following my statement. Among those considering legislation are
former Soviet Block countries Croatia, Estonia, Slovakia, and
Lithuania. Moreover, the European Community Commission will be adopting
a directive on the exchange of personal data between those countries
with and those without data or privacy protection laws.
"Mr. President, a Privacy Protection Commission is needed to restore
the public's trust in business and government's commitment to
protecting their privacy and willingness to thoughtfully and seriously
address current and future privacy issues. It is also needed to fill
in the gaps that remain in federal privacy law.
"The Clinton Administration also recognizes the importance for
restoring public trust. A statement the Office of Management and Budget
sent to me included the following paragraph:
[T]he need to protect individual privacy has become increasingly
important as we move forward on two major initiatives, Health
Care Reform and the National Information Infrastructure. The
success of these initiatives will depend, in large part, on the
extent to which Americans trust the underlying information
systems. Recognizing this concern, the National Performance
Review has called for a commission to perform a function similar
to that envisioned by Senator Simon. Senator Simon's bill
responds to an issue of critical importance.
"In addition, the National Research Council recommends the creation of
'an independent federal advisory body ...' In their newly released
study, Private Lives and Public Policies.
"It is very important that the Privacy Protection Commission be
effective and above politics. Toward that end, the Privacy Protection
Commission will be advisory and independent. It is to be composed of 5
members, who are appointed By the President, by and with the consent of
the Senate, with no more than 3 from the same political party. The
members are to serve for staggered seven year terms, and during their
tenure on the commission, may not engage in any other Employment.
"Mr. President, I am concerned about the creation of additional
bureaucracy; therefore the legislation would limit the number of
employees to a total of 50 officers and employees. The creation of an
independent Privacy Protection Commission is imperative. I have
received support for an independent privacy protection commission from
consumer, civil liberty, privacy, library, technology, and law
organizations, groups, and individuals. I ask unanimous consent that a
copy of a letter I have received be included in the record following my
statement.
"What the commission's functions, make-up, and responsibilities are
will certainly be debated through the Congressional process. I look
forward to hearing from and working with a broad range of individuals,
organizations, and businesses on this issue, as well as the
administration.
"I urge my colleagues to review the legislation and the issue, and join
me in support of a privacy protection commission. I ask unanimous
consent that the text of the bill be included in the record."
-------------------------------------------------------------
[3] Privacy Commission Bill Section Headings
Section 1. Short Title.
Section 2. Findings and Purpose.
Section 3. Establishment of a Privacy Protection Commission.
Section 4. Privacy Protection Commission.
Section 5. Personnel of The Commission.
Section 6. Functions of The Commission.
Section 7. Confidentiality of Information.
Section 8. Powers of the Commission.
Section 9. Reports and Information.
Section 10. Authorization of Appropriations.
A full copy of the bill, floor statement and other materials will
be made available at the CPSR Internet Library.
-------------------------------------------------------------
[4] New Docs Reveal NSA Involvement in Digital Telephony Proposal
A series of memoranda received by CPSR from the Department of
Commerce last week indicate that the National Security Agency was
actively involved in the 1992 FBI Digital Telephony Proposal. Two weeks
ago, documents received by CPSR indicated that the FBI proposal, code
named "Operation Root Canal," was pushed forward even after reports
from the field found no cases where electronic surveillance was
hampered by new technologies. The documents also revealed that the
Digital Signature Standard was viewed by the FBI as "[t]he first step
in our plan to deal with the encryption issue."
The earliest memo is dated July 5, 1991, just a few weeks after the
Senate withdrew a Sense of Congress provision from S-266, the Omnibus
Crime Bill of 1991, that encouraged service and equipment providers to
ensure that their equipment would "permit the government to obtain the
plain text contents of voice, data and other communications...." The
documents consist of a series of fax transmittal sheets and memos from
the Office of Legal Counsel in the Department of Commerce to the
National Security Agency. Many attachments and drafts, including more
detailed descriptions of the NSA's proposals, were withheld or
released with substantial deletions.
Also included in the documents is a previously released public
statement by the National Telecommunications and Information
Administration entitled "Technological Competitiveness and Policy
Concerns." The document was requested by Rep. Jack Brooks and states
that the proposal
could obstruct or distort telecommunications technology development
by limiting fiber optic transmission, ISDN, digital cellular services
and other technologies until they are modified, ... could impair the
security of business communications ... that could facilitate not
only lawful government interception, but unlawful interception by
others, [and] could impose industries ability to offer new services
and technologies.
CPSR is planning to appeal the Commerce Department's decision to
withhold many of the documents.
-------------------------------------------------------------
[5] Bill to Remove Crypto Export Controls Introduced in House
On November 22, 1993, Congresswoman Maria Cantwell (D-WA) introduced HR 3627
to transfer jurisdiction over the export of software with non-military
encryption to the Department of Commerce from the
Department of State. The State Department defers to the
National Security Agency on exports that contain cryptography.
The mandates that no export licenses are required for mass market
or public domain software but retains restrictions on countries "of
terrorist concern" and nations currently being embargoed. It also expands
licenses for financial institutions.
A full copy of the bill, press release and analysis is available
from the CPSR Internet Library. See below for retrieval information.
-------------------------------------------------------------
[6] CPSR Seeking Donors for Matching FOIA Grant
A CPSR member who wishes to remain anonymous has offered a $500
matching grant to support CPSR's Freedom of Information Act litigation.
If you are interested in supporting CPSR's FOIA work, please send a
message to rotenberg@washofc.cpsr.org
-------------------------------------------------------------
[7] The CPSR Internet Library
The CPSR Internet Library is currently undergoing renovation to make it
easier to use. File names are being revised, folders are being moved,
and a better Gopher front-end is being designed. We apologize for any
inconvience in finding files.
HR 3627 - Encryption Exports - cpsr/privacy/encryption/export_controls
Privacy International has added several more National Constitutions
including Japan's, Germany's and Hong Kong's. - /cpsr/privacy/privacy_
international/international_laws
The CPSR Internet Library is available via FTP/WAIS/Gopher from
cpsr.org /cpsr. Materials from Privacy International, the Taxpayers
Assets Project and the Cypherpunks are also archived. For more
information, contact Al Whaley (al@sunnyside.com)
-------------------------------------------------------------
[8] Upcoming Conferences and Events
"Cyberculture Houston 93." Houston, Tx. December 10-12, Contact:
cyber@fisher.psych.uh.edu.
Worldwide Electronic Commerce: Law, Policy and Controls Conference.
MultiCorp, Inc and American Bar Association. Waldorf Astoria Hotel,
New York City. January 17 - 18, 1994. Contact: Fred Sammet
(76520.3713@CompuServe.COM), Phone (214) 516-4900, fax at (214)
475-5917.
"Highways and Toll Roads: Electronic Access in the 21st Century" Panel
Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994
2:30 - 5:30pm. Sponsored by the Association for Computing Machinery
(ACM). Contact: Barbara Simons (simons@vnet.ibm.com)
"Computers, Freedom and Privacy 94." Chicago, Il. March 23-26.
Sponsored by ACM and The John Marshall Law School. Contact: George
Trubow, 312-987-1445 (CFP94@jmls.edu).
CPSR DIAC-94 "Developing an Effective, Equitable, and Enlightened
Information Infrastructure." Cambridge, MA. April 23 - 24, 1994.
Contact: Doug Schuler (doug.schuler@cpsr.org).
(Send calendar submissions to Alert@washofc.cpsr.org)
=======================================================================
To subscribe to the Alert, send the message:
"subscribe cpsr <your name>" (without quotes or brackets) to
listserv@gwuvm.gwu.edu. Back issues of the Alert are available at the
CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert
Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society. Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country. Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science. Membership is open to everyone.
For more information, please contact: cpsr@cpsr.org or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox
(phantom.com).
=======================================================================
CPSR MEMBERSHIP FORM
Name ______________________________________________________________
Address ___________________________________________________________
___________________________________________________________________
City/State/Zip ____________________________________________________
Home phone _____________________ Work phone _____________________
Company ___________________________________________________________
Type of work ______________________________________________________
E-mail address ____________________________________________________
CPSR Chapter
__ Acadiana __ Austin __ Berkeley
__ Boston __ Chicago __ Denver/Boulder
__ Los Angeles __ Madison __ Maine
__ Milwaukee __ Minnesota __ New Haven
__ New York __ Palo Alto __ Philadelphia
__ Pittsburgh __ Portland __ San Diego
__ Santa Cruz __ Seattle __ Washington, DC
__ Virtual Chapter (worldwide) __ No chapter in my area
CPSR Membership Categories
__ $ 75 REGULAR MEMBER __ $ 50 Basic member
__ $ 200 Supporting member __ $ 500 Sponsoring member
__ $1000 Lifetime member __ $ 50 Foreign subscriber
__ $ 20 Student/low income members
__ $ 50 Library/institutional subscriber
Additional tax-deductible contribution to support CPSR projects:
__ $50 __ $75 __ $100 __ $250
__ $500 __ $1000 __ Other
Total Enclosed: $ ________
Make check out to CPSR and mail to:
CPSR
P.O. Box 717
Palo Alto, CA 94301
------------------------ END CPSR Alert 2.06-----------------------
------------------------------
End of Computer Privacy Digest V4 #002
******************************
.