[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EPIC Alert 2.02

       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

   Volume 2.02                                   February 6, 1995
                        Published by the
           Electronic Privacy Information Center (EPIC)
                         Washington, DC
                          [email protected]

Table of Contents

 [1] IRS Backs Off Compliance 2000 Program
 [2] New Secrecy Order Needs Work
 [3] Caller ID Blocking Fails in New York
 [4] Post Office Partially Limits Access to Addresses
 [5] Clinton Announces National ID Registry
 [6] Correction: EU Directive Still Under Consideration
 [7] Overview of New Congressional Privacy Legislation
 [8] Upcoming Conferences and Events

[1] IRS Backing Off of Compliance 2000 Program

The Internal Revenue Service announced on Friday, January 20, that it
was delaying implemention of the controversial Compliance 2000 program
after heated opposition to the proposal from the Electronic Privacy
Information Center (EPIC) and other privacy advocates appeared in over
two dozen newspapers across the country.  The proposal also drew sharp
criticism from Senator David Prior.  The plan called for IRS
collection and use of personal information from commercial databases.
This data would not be subject to the requirements of the Privacy Act.

IRS officials told the EPIC Alert that the Compliance 2000 notice
published in the Federal Register was going to be revised in the next
few weeks and then reissued.  IRS Privacy Advocate Robert Veeder said
that the notice had been drafted more than a year ago and that the
program had been revised substantially since then.

EPIC has filed a Freedom of Information Act request with the IRS,
asking for more information about the types of data that would be
collected if Compliance 200 goes forward, the sources of the
information and the proposed uses.

[2] Draft Secrecy Order Still Needs Work

The White House recently circulated the latest draft of the
President's long-awaited revised Executive Order on the classification
of national security information.  The current version back-pedals on
favorable proposed reforms of the classification system, retreating
from an earlier proposal that prohibited secrecy when the "public
interest in keeping the information unclassified outweighs the need
for classification."  Such a standard would permit the public and the
news media to challenge classification decisions in court.  The draft
also fails to go far enough in opening the government's civilian
cryptographic activities to public scrutiny.

Efforts to revise the current Executive Order (issued by President
Reagan in 1982) began almost two years ago, soon after the Clinton
Administration assumed office.  Several drafts have circulated since
then, and the issuance of a final revision was anticipated more than a
year ago.  The Center for National Security Studies, the Federation of
American Scientists, the National Security Archive, and EPIC have all
urged the relaxation of classification authority.

EPIC has specifically recommended that classification be removed for
cryptographic information.  In comments submitted to the Information
Security Oversight Office in July 1993, EPIC staff urged removal of
"cryptology" from the categories of information presumed to be
classifiable.  The statement said that the "designation of a routine
privacy-enhancing technology as presumptively a national security
matter is inconsistent with the end of the Cold War and the dramatic
growth of commercial and civilian telecommunications networks.  ...
[Cryptographic] technology today plays an essential role in assuring
the security and privacy of a wide range of communications affecting
finance, education, research, and personal correspondence."

The recent Clinton proposal does indeed narrow the government's
classification authority for "cryptology", although the final order
should go further.  Under the original Reagan Order, "cryptology" was
singled out as a separate and independent category. The recent draft
drops cryptology as an independent category and instead refers
generally to "intelligence activities (including special operations),
intelligence sources or methods, or cryptology."

This formulation suggests a recognition that information concerning
encryption technology should only be classified if it relates to
intelligence uses of the technology, as opposed to the increasing use
of encryption in civilian applications.  The language, however, leaves
open the possibility that the government might still attempt to
classify information relating to cryptography.  This position  does
not comport with the overwhelming opinion outside of government that
cryptography  should never be presumptively classified.

The classification of cryptographic information has already hampered
the public's ability to monitor the government's activities in the
area of civilian communications security.  Information relating to the
Digital Signature Standard (intended for the authentication of
unclassified electronic transmissions) has been withheld from
disclosure under the Reagan Executive Order.  Likewise, key
information concerning the Clipper encryption initiative (including
the underlying Skipjack algorithm) has been classified and placed
beyond public review.

Congress sought to prevent such secrecy when it enacted the Computer
Security Act of 1987, which limited the civilian role of the National
Security Agency (NSA).  Congress noted that NSA's "natural tendency to
restrict and even deny access to information that it deems important
would disqualify that agency from being put in charge of the
protection of non-national security information."  The Clinton
Administration, through further revision of its draft Executive Order,
has an opportunity to build upon the openness and accountability that
Congress envisioned.

[3] Caller ID Blocking Fails in New York

NYNEX has admitted that the personal phone numbers of at least 30,000
of its customers who requested per-line blocking of Caller ID have
been improperly disclosed.  The problem resulted from a failure to
correctly implement the blocking feature. The New York Times reports
that NYNEX had known of the problem for at least a year before any
action was taken.

The Rhode Island Public Utilities Commission has ordered NYNEX not to
allow customers in that state to order new Caller ID services or per
line blocking until the problem is resolved.  NYNEX must also run ads
telling customers about the problem and provide an 800 number for
consumers to call.

EPIC has received several calls from individuals in New York who have
had their phone numbers disclosed.  The individuals work in sensitive
jobs and have already received threatening phone calls as a result of
the disclosures.

[4] Post Office Partially Limits Access to Addresses

The U.S. Postal Service announced on December 28 its final rule on
access to names and addresses.  The agency announced it was
eliminating the service that allows anyone to obtain the new address
of any individual for a $3.00 fee.  The Postal Service, however, left
intact its service that provides the addresses of all postal customers
to large mailers such as direct marketers.

The notice states "Congress has not given the Postal Service the
function of serving as a national registration point for the physical
whereabouts of individuals."

HR 434, The Postal Privacy Act of 1995, (introduced by Rep. Gary
Condit) requires that the Postal Service inform individuals of the
uses of information contained in Change of Address cards and mandates
that customers be offered an option to not have their names and
addresses forwarded.

[5] Clinton Announces National ID Worker Registry

In the annual State of the Union address on January 25, President
Clinton announced his support for the creation of a national registry
of all citizens and resident aliens to enforce immigration laws.  The
idea was recommended the U.S. Commission on Immigration Reform, headed
by former Rep. Barbara Jordan.

The proposal would create a national database of all employees based
on Social Security Numbers that every employer would be required to
check before hiring.  Civil liberties groups believe that this
database, once in place, would then be used for other purposes, such
as law enforcement, and would eventually lead to the development of a
national ID card.  The Commission has previously considered requiring
the creation of an ID card but backed off in the face of public

Senator Alan Simpson (R-WY) has introduced a bill (S. 269) to
implement the registry.  Sen. Barbara Boxer (D-CA) told USA Today that
Congress was planning to address the issue and that the system is the
only way to provide accurate citizenship information and protect

[6] Overview of New Congressional Privacy Legislation Available

EPIC has produced an overview of current privacy legislation in the
104th Congress.  Bills that improve privacy protections or negatively
affect privacy are summarized.  The summary will be updated regularly
as new legislation is introduced or pending bills are revised. A
summary will appear in the next issue of the EPIC Alert.

Copies of the new bills are available for retrieval from the EPIC
Archive at cpsr.org.  Also included are floor statements on the
legislation when available and updates on the status of the bills.

To obtain the overview and copies of the house and Senate bills,
ftp/gopher/wais to cpsr.org /cpsr/privacy/epic/104th_congress_bills/

[7] Upcoming Privacy Related Conferences and Events

AAAS Annual Meeting & Science Innovation Expo.  Atlanta. Feb 16-21. A
special full-day session on cryptography and privacy will take place
on Tuesday, Feb. 21. Contact: Alex Fowler 202/326-7016 or
[email protected]

Cryptography: Technology, Law and Economics. New York City. Mar. 3,
1995. Sponsored by CITI, Columbia University. Contact:
[email protected]

Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926

Access, Privacy, and Commercialism:  When States Gather Personal
Information. College of William and Mary, Williamsburg, VA, March 17.
Contact:  Trotter Hardy  804 221-3826.

Computers, Freedom and Privacy '95. Palo Alto, Ca. Mar. 28-31, 1995.
Sponsored by ACM. Contact: [email protected]

ETHICOMP95:  An international conference on the ethical issues of
using Information Technology. DeMontfort University, Leicester,
ENGLAND, March 28-30, 1995.  Contact: Simon Rogerson [email protected] 44
533 577475 (phone)  44 533 541891 (Fax).

"Quality of Life in the Electronic Village," March 30, 1995. Live
teleconference, broadcast nationally from Virginia Tech, featuring
eminent presenters from the fields of ethics, law, education,
anthropology, medicine, and government.  Contact 703/231-6476 or
[email protected]

National Net '95: Reaching Everyone. Washington, DC.  Apr. 5-7, 1995.
Sponsored by EDUCOM.  Contact: [email protected] or call 202/872-4200.

Information Security and Privacy in the Public Sector. Herndon, VA.
Apr. 19-20, 1995. Sponsored by AIC Conferences.  Contact:

1995 IEEE Symposium on Security and Privacy. Oakland, CA, May 8-10.
Contact:  [email protected]

INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the Internet
Society. Contact [email protected]

Key Players in the Introduction of Information Technology: Their
Social Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: [email protected]

Advanced Surveillance Technologies. Sept. 4-5, 1995. Copenhagen,
Denmark. Sponsored by Privacy International and EPIC. Contact
[email protected]

          (Send calendar submissions to [email protected])

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. To subscribe, send the message:


to [email protected] You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce.

Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org
/cpsr/alert and on Compuserve (Go NCSA), Library 2 (EPIC/Ethics). An
HTML version of the current issue is available from


The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility.  EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues.  For more information, email [email protected], WWW at
HTTP://epic.digicash.com /epic or write EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington, DC 20003. (202) 544-9240 (tel), (202)
547-5482 (fax).

The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  Computer Professionals for Social Responsibility is a
national membership organization of people concerned about the impact
of technology on society.  For information contact: [email protected]

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act
litigation, strong and effective advocacy for the right of privacy and
efforts to oppose Clipper and Digital Telephony wiretapping proposals.

------------------------ END EPIC Alert 2.02 ------------------------

Subject: EPIC Alert 2.02
David Banisar ([email protected])       * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301  * ftp/gopher/wais cpsr.org 
Washington, DC 20003                * HTTP://epic.digicash.com/epic