Date: Fri, 03 Dec 93 13:25:21 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#002 Computer Privacy Digest Fri, 03 Dec 93 Volume 4 : Issue: 002 Today's Topics: Moderator: Leonard P. Levine Single Topic Issue: CPSR Alert 2.06 The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Monty Solomon Date: Thu, 2 Dec 1993 12:05:31 -0500 Subject: Single Topic Issue: CPSR Alert 2.06 CPSR Alert 2.06 ============================================================== @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@@ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @ @ @ @ @@@@ @@@@ @ @ @ ============================================================= Volume 2.06 December 1, 1993 ------------------------------------------------------------- Published by Computer Professionals for Social Responsibility Washington Office (Alert@washofc.cpsr.org) ------------------------------------------------------------- Contents [1] Sen. Simon Introduces Major Privacy Bill [2] Senator Simon's Statement on Introduction [3] Privacy Commission Bill Section Headings [4] New Docs Reveal NSA Involvement in Digital Telephony Proposal [5] Bill to Remove Crypto Export Controls Introduced in House [6] Matching grant for CPSR FOIA Work Offered [7] New Documents in the CPSR Internet Library [8] Upcoming Conferences and Events ------------------------------------------------------------- [1] Senator Simon Introduces Major Privacy Bill Senator Paul Simon (D-IL) has introduced legislation to create a privacy agency in the United States. The bill is considered the most important privacy measure now under consideration by Congress. The Privacy protection Act of 1993, designated S. 1735, attempts to fill a critical gap in US privacy law and to respond to growing public concern about the lack of privacy protection. The Vice President also recommended the creation of a privacy agency in the National Performance Review report on reinventing government released in September. The measure establishes a commission with authority to oversee the Privacy Act of 1974, to coordinate federal privacy laws, develop model guidelines and standards, and assist individuals with privacy matters. However, the bill lacks authority to regulate the private sector, to curtail government surveillance proposals, and has a only a small budget for the commission. Many privacy experts believe the bill is a good first step but does not go far enough. The Senate is expected to consider the bill in January when it returns to session. ------------------------------------------------------------- [2] Senator Simon's Statement on Introduction (From the Congressional Record, November 19, 1993) Mr. Simon. "Mr. President, I am introducing legislation today to create a Privacy Protection Commission. The fast-paced growth in technology coupled with American's increasing privacy concerns demand Congress take action. "A decade ago few could afford the millions of dollars necessary for a mainframe computer. Today, for a few thousand dollars, you can purchase a smaller, faster, and even more powerful personal computer. Ten years from now computers will likely be even less expensive, more accessible, and more powerful. Currently, there are "smart" buildings, electronic data "highways", mobile satellite communication systems, and interactive multimedia. Moreover, the future holds technologies that we can't even envision today. These changes hold the promise of advancement for our society, but they also pose serious questions about our right to privacy. We should not fear the future or its technology, but we must give significant consideration to the effect such technology will have on our rights. "Polls indicate that the American public is very concerned about this issue. For example, according to a Harris-Equifax poll completed this fall, 80 percent of those polled were concerned about threats to their personal privacy. In fact, an example of the high level of concern is reflected in the volume of calls received by California's Privacy Rights Clearinghouse. Within the first three months of operation. The California Clearinghouse received more than 5,400 calls. The Harris-Equifax poll also reported that only 9 percent of Americans felt that current law and organizational practices adequately protected their privacy. This perception is accurate. The Privacy Act of 1974 was created to afford citizens broad protection. Yet, studies and reviews of the act clearly indicate that there is inadequate specific protection, too much ambiguity, and lack of strong enforcement. "Furthermore, half of those polled felt that technology has almost gotten out of control, and 80 percent felt that they had no control over how personal information about them is circulated and used by companies. A recent article written by Charles Piller for MacWorld magazine outlined a number of privacy concerns. I ask unanimous consent the article written by Charles Piller be included in the record following my statement. These privacy concerns have caused the public to fear those with access to their personal information. Not surprisingly, distrust of business and government has significantly climbed upwards from just three years ago. "In 1990, the United States General Accounting Office reported that there were conservatively 910 major federal data banks with billions of individual records. Information that is often open to other governmental agencies and corporations, or sold to commercial data banks that trade information about you, your family, your home, your spending habits, and so on. What if the data is inaccurate or no longer relevant? Today's public debates on health care reform, immigration, and even gun control highlight the growing public concern regarding privacy. "The United States has long been the leader in the development of privacy policy. The framers of the Constitution and the Bill of Rights included an implied basic right to privacy. More than a hundred years later, Brandeis and Warren wrote their famous 1890 article, in which they wrote that privacy is the most cherished and comprehensive of all rights. International privacy scholar Professor David Flaherty has argued successfully that the United States invented the concept of a legal right to privacy. In 1967, Professor Alan Westin wrote privacy and freedom, which has been described as having been of primary influence on privacy debates world-wide. Another early and internationally influential report on privacy was completed in 1972 by the United States Department of Health, Education, and Welfare advisory committee. A Few years later in 1974, Senator Sam Ervin introduced legislation to create a federal privacy board. The result of debates on Senator Ervin's proposal was the enactment of the Privacy Act of 1974. The United States has not addressed privacy protection in any comprehensive way since. "International interest in privacy and in particular data protection dramatically moved forward in the late 1970's. In 1977 and 1978 six countries enacted privacy protection legislation. As of September 1993, 27 countries have legislation under consideration. I ask unanimous consent that a list of those countries be included in the record following my statement. Among those considering legislation are former Soviet Block countries Croatia, Estonia, Slovakia, and Lithuania. Moreover, the European Community Commission will be adopting a directive on the exchange of personal data between those countries with and those without data or privacy protection laws. "Mr. President, a Privacy Protection Commission is needed to restore the public's trust in business and government's commitment to protecting their privacy and willingness to thoughtfully and seriously address current and future privacy issues. It is also needed to fill in the gaps that remain in federal privacy law. "The Clinton Administration also recognizes the importance for restoring public trust. A statement the Office of Management and Budget sent to me included the following paragraph: [T]he need to protect individual privacy has become increasingly important as we move forward on two major initiatives, Health Care Reform and the National Information Infrastructure. The success of these initiatives will depend, in large part, on the extent to which Americans trust the underlying information systems. Recognizing this concern, the National Performance Review has called for a commission to perform a function similar to that envisioned by Senator Simon. Senator Simon's bill responds to an issue of critical importance. "In addition, the National Research Council recommends the creation of 'an independent federal advisory body ...' In their newly released study, Private Lives and Public Policies. "It is very important that the Privacy Protection Commission be effective and above politics. Toward that end, the Privacy Protection Commission will be advisory and independent. It is to be composed of 5 members, who are appointed By the President, by and with the consent of the Senate, with no more than 3 from the same political party. The members are to serve for staggered seven year terms, and during their tenure on the commission, may not engage in any other Employment. "Mr. President, I am concerned about the creation of additional bureaucracy; therefore the legislation would limit the number of employees to a total of 50 officers and employees. The creation of an independent Privacy Protection Commission is imperative. I have received support for an independent privacy protection commission from consumer, civil liberty, privacy, library, technology, and law organizations, groups, and individuals. I ask unanimous consent that a copy of a letter I have received be included in the record following my statement. "What the commission's functions, make-up, and responsibilities are will certainly be debated through the Congressional process. I look forward to hearing from and working with a broad range of individuals, organizations, and businesses on this issue, as well as the administration. "I urge my colleagues to review the legislation and the issue, and join me in support of a privacy protection commission. I ask unanimous consent that the text of the bill be included in the record." ------------------------------------------------------------- [3] Privacy Commission Bill Section Headings Section 1. Short Title. Section 2. Findings and Purpose. Section 3. Establishment of a Privacy Protection Commission. Section 4. Privacy Protection Commission. Section 5. Personnel of The Commission. Section 6. Functions of The Commission. Section 7. Confidentiality of Information. Section 8. Powers of the Commission. Section 9. Reports and Information. Section 10. Authorization of Appropriations. A full copy of the bill, floor statement and other materials will be made available at the CPSR Internet Library. ------------------------------------------------------------- [4] New Docs Reveal NSA Involvement in Digital Telephony Proposal A series of memoranda received by CPSR from the Department of Commerce last week indicate that the National Security Agency was actively involved in the 1992 FBI Digital Telephony Proposal. Two weeks ago, documents received by CPSR indicated that the FBI proposal, code named "Operation Root Canal," was pushed forward even after reports from the field found no cases where electronic surveillance was hampered by new technologies. The documents also revealed that the Digital Signature Standard was viewed by the FBI as "[t]he first step in our plan to deal with the encryption issue." The earliest memo is dated July 5, 1991, just a few weeks after the Senate withdrew a Sense of Congress provision from S-266, the Omnibus Crime Bill of 1991, that encouraged service and equipment providers to ensure that their equipment would "permit the government to obtain the plain text contents of voice, data and other communications...." The documents consist of a series of fax transmittal sheets and memos from the Office of Legal Counsel in the Department of Commerce to the National Security Agency. Many attachments and drafts, including more detailed descriptions of the NSA's proposals, were withheld or released with substantial deletions. Also included in the documents is a previously released public statement by the National Telecommunications and Information Administration entitled "Technological Competitiveness and Policy Concerns." The document was requested by Rep. Jack Brooks and states that the proposal could obstruct or distort telecommunications technology development by limiting fiber optic transmission, ISDN, digital cellular services and other technologies until they are modified, ... could impair the security of business communications ... that could facilitate not only lawful government interception, but unlawful interception by others, [and] could impose industries ability to offer new services and technologies. CPSR is planning to appeal the Commerce Department's decision to withhold many of the documents. ------------------------------------------------------------- [5] Bill to Remove Crypto Export Controls Introduced in House On November 22, 1993, Congresswoman Maria Cantwell (D-WA) introduced HR 3627 to transfer jurisdiction over the export of software with non-military encryption to the Department of Commerce from the Department of State. The State Department defers to the National Security Agency on exports that contain cryptography. The mandates that no export licenses are required for mass market or public domain software but retains restrictions on countries "of terrorist concern" and nations currently being embargoed. It also expands licenses for financial institutions. A full copy of the bill, press release and analysis is available from the CPSR Internet Library. See below for retrieval information. ------------------------------------------------------------- [6] CPSR Seeking Donors for Matching FOIA Grant A CPSR member who wishes to remain anonymous has offered a $500 matching grant to support CPSR's Freedom of Information Act litigation. If you are interested in supporting CPSR's FOIA work, please send a message to rotenberg@washofc.cpsr.org ------------------------------------------------------------- [7] The CPSR Internet Library The CPSR Internet Library is currently undergoing renovation to make it easier to use. File names are being revised, folders are being moved, and a better Gopher front-end is being designed. We apologize for any inconvience in finding files. HR 3627 - Encryption Exports - cpsr/privacy/encryption/export_controls Privacy International has added several more National Constitutions including Japan's, Germany's and Hong Kong's. - /cpsr/privacy/privacy_ international/international_laws The CPSR Internet Library is available via FTP/WAIS/Gopher from cpsr.org /cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact Al Whaley (al@sunnyside.com) ------------------------------------------------------------- [8] Upcoming Conferences and Events "Cyberculture Houston 93." Houston, Tx. December 10-12, Contact: cyber@fisher.psych.uh.edu. Worldwide Electronic Commerce: Law, Policy and Controls Conference. MultiCorp, Inc and American Bar Association. Waldorf Astoria Hotel, New York City. January 17 - 18, 1994. Contact: Fred Sammet (76520.3713@CompuServe.COM), Phone (214) 516-4900, fax at (214) 475-5917. "Highways and Toll Roads: Electronic Access in the 21st Century" Panel Discussion. 1994 AAAS Annual Meeting. San Francisco, CA. Feb. 21, 1994 2:30 - 5:30pm. Sponsored by the Association for Computing Machinery (ACM). Contact: Barbara Simons (simons@vnet.ibm.com) "Computers, Freedom and Privacy 94." Chicago, Il. March 23-26. Sponsored by ACM and The John Marshall Law School. Contact: George Trubow, 312-987-1445 (CFP94@jmls.edu). CPSR DIAC-94 "Developing an Effective, Equitable, and Enlightened Information Infrastructure." Cambridge, MA. April 23 - 24, 1994. Contact: Doug Schuler (doug.schuler@cpsr.org). (Send calendar submissions to Alert@washofc.cpsr.org) ======================================================================= To subscribe to the Alert, send the message: "subscribe cpsr " (without quotes or brackets) to listserv@gwuvm.gwu.edu. Back issues of the Alert are available at the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert Computer Professionals for Social Responsibility is a national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Our National Advisory Board includes a Nobel laureate and three winners of the Turing Award, the highest honor in computer science. Membership is open to everyone. For more information, please contact: cpsr@cpsr.org or visit the CPSR discussion conferences on The Well (well.sf.ca.us) or Mindvox (phantom.com). ======================================================================= CPSR MEMBERSHIP FORM Name ______________________________________________________________ Address ___________________________________________________________ ___________________________________________________________________ City/State/Zip ____________________________________________________ Home phone _____________________ Work phone _____________________ Company ___________________________________________________________ Type of work ______________________________________________________ E-mail address ____________________________________________________ CPSR Chapter __ Acadiana __ Austin __ Berkeley __ Boston __ Chicago __ Denver/Boulder __ Los Angeles __ Madison __ Maine __ Milwaukee __ Minnesota __ New Haven __ New York __ Palo Alto __ Philadelphia __ Pittsburgh __ Portland __ San Diego __ Santa Cruz __ Seattle __ Washington, DC __ Virtual Chapter (worldwide) __ No chapter in my area CPSR Membership Categories __ $ 75 REGULAR MEMBER __ $ 50 Basic member __ $ 200 Supporting member __ $ 500 Sponsoring member __ $1000 Lifetime member __ $ 50 Foreign subscriber __ $ 20 Student/low income members __ $ 50 Library/institutional subscriber Additional tax-deductible contribution to support CPSR projects: __ $50 __ $75 __ $100 __ $250 __ $500 __ $1000 __ Other Total Enclosed: $ ________ Make check out to CPSR and mail to: CPSR P.O. Box 717 Palo Alto, CA 94301 ------------------------ END CPSR Alert 2.06----------------------- ------------------------------ End of Computer Privacy Digest V4 #002 ****************************** .