PRIVACY Forum Digest Sunday, 5 May 1996 Volume 05 : Issue 10 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Call for bad arguments against privacy (Phil Agre) Wiretap concerns in terrorism bill (Audrie Krause) Crypto Legislation (David Sobel) Open Letter to Internet Community From Senator Burns (Audrie Krause) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 05, ISSUE 10 Quote for the day: "That's what this country needs--more Nathan Hales!" -- Uncle Victor (Charles Tyner) "Harold and Maude" (Paramount; 1972) ---------------------------------------------------------------------- Date: Sun, 21 Apr 1996 15:58:03 -0700 (PDT) From: Phil Agre Subject: Call for bad arguments against privacy In my online newsletter, The Network Observer, I periodically summarize and rebut bad arguments against a broad right to privacy. At the end of this message I've included a partial list of the arguments I have discussed so far. I would like to gather another batch of arguments, probably for the July 1996 issue of TNO, and I am hoping that you can help me. Please send me any bad arguments against privacy rights that you have encountered, even if you can't quite figure out what's wrong with them, and even if you don't have a specific example ready to hand. Arguments concerning specific issues such as government records, medical privacy, and video surveillance are particularly welcome. Once I finish this next set of arguments and rebuttals, I'll gather the whole set into a "handbook" that can be distributed freely on the Internet. Thanks very much. Phil Agre Encl: The Network Observer can be found on the Web at: http://communication.ucsd.edu/pagre/tno.html The privacy articles can be found indexed a little ways down the page. Here are most of the arguments that I have discussed in past issues: * "We've lost so much of our privacy anyway." * "Privacy is an obsolete Victorian hang-up." * "Ideas about privacy are culturally specific and it is thus impossible to define privacy in the law without bias." * "We have strong security on our data." * "National identity cards protect privacy by improving authentication and data security." * "Informational privacy can be protected by converting it into a property right." * "We have to balance privacy against industry concerns." * "Privacy paranoids want to turn back the technological clock." * "Most people are privacy pragmatists who can be trusted to make intelligent trade-offs between functionality and privacy." * "Our lives will inevitably become visible to others, so the real issue is mutual visibility, achieving a balance of power by enabling us to watch the people who are watching us." * "Once you really analyze it, the concept of privacy is so nebulous that it provides no useful guidance for action." * "People *want* these systems, as indicated by the percentage of them who sign up for them once they become available." * "Concern for privacy is anti-social and obstructs the building of a democratic society." * "Privacy regulation is just one more category of government interference in the market, which after all is much better at weighing individuals' relative preferences for privacy and everything else than bureaucratic rules could ever be." * "There's no privacy in public." * "We favor limited access." * "Privacy in these systems has not emerged as a national issue." [ Submissions that would be interesting to the general readership of the PRIVACY Forum would also be very welcome here. -- MODERATOR ] ------------------------------ Date: Mon, 22 Apr 1996 23:31:02 -0700 From: akrause@Sunnyside.COM (Audrie Krause) Subject: Wiretap concerns in terrorism bill To CPSR members and friends, The following post to CPSR's Cyber-Rights discussion list concerns the wiretap provisions in the terrorism bill that just passed Congress. This and other important issues regarding our rights in cyberspace are discussed regularly on the Cyber-Rights discussion list. * * * * * To subscribe to cyber-rights, send a message to: listserv@cpsr.org The body of the message should say: subscribe cpsr-cyber-rights (your name) To unsubscribe from cpsr-announce, send a message to: listserv@cpsr.org The body of the message should say: unsubscribe cpsr-announce * * * * * (Introduction from moderator: cyber-rights intersect with other rights, and the terrorism bill that President Clinton is pushing so hard for definitely affects cyber-rights issues like wiretapping. So I am taking a news item from the ACLU News 04-17-96. Incidentally, the EFF newsletter I posted yesterday also commented briefly on the bill.--Andy) *ACLU Alerts House That Significant Wiretap Provisions* *Remain in Conference Report on Terrorism Legislation* WASHINGTON -- The American Civil Liberties Union today alerted members of the House of Representatives that significant wiretap provisions remain in the terrorism legislation now making its way through Congress. Despite assurances to the contrary by House and Senate leadership, the ACLU said that the current conference version of the terrorism bill includes two significant expansions of wiretap powers for government law enforcement agents while also removing prohibitions on eavesdropping by private parties. In their desire to hide the wiretap provisions from concerned members of the House, the conference leaders went to such extremes as to subtly change wording in the conference report, the ACLU said. Section 731 of the House Bill, for example, was titled "Exclusion of Certain Types of Information from Wiretap-Related Definitions." While the conference committee deleted the words "wiretap-related," it left the wiretap provisions unchanged, the ACLU said. The ACLU also pointed to another provision deeply buried in the conference report that would require banks to freeze assets of domestic groups and U.S. citizens if there is any reason, however vague, to believe that the organization or individual is an "agent" of a designated foreign terrorist organization. In addition, the ACLU said that the terrorism conference report includes yet another provision added at the last minute that would federalize state law to an even greater extent than either version of the corresponding sections of the House and Senate bills sent to conference. "Taken together, these provisions should cause members of the House to have deep concerns about the terrorism bill as they face a final vote," said Gregory T. Nojeim, an ACLU Legislative Counsel. "Dangerous and largely hidden changes have been made in this bill. We ask that members of the House vote against this legislation to protect our nation's liberties well into the next century. "This bill," Nojeim added, "would do nothing to make safer, but would, in effect, add the Bill of Rights and our nation's liberty to the list of casualties of the tragic bombing in Oklahoma City." Posted by Andrew Oram - andyo@ora.com - Moderator: CYBER-RIGHTS (CPSR) Cyber-Rights: http://www.cpsr.org/cpsr/nii/cyber-rights/ ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/ CyberJournal: (WWW or FTP) --> ftp://ftp.iol.ie/users/rkmoore Materials may be reposted in their _entirety_ for non-commercial use. -- Audrie Krause CPSR Executive Director PO Box 717 * Palo Alto, CA * 94302 Phone: (415) 322-3778 * Fax: (415) 322-4748 * * E-mail: akrause@cpsr.org * * * Web Page: http://www.cpsr.org/home.html * ------------------------------ Date: 1 May 1996 18:17:10 -0500 From: "David Sobel" Subject: Crypto Legislation FOR RELEASE: CONTACT: Thursday, May 2, 1996 David Sobel 8:00 a.m. EDT Dave Banisar (202) 544-9240 EPIC APPLAUDS PROPOSED CRYPTO LEGISLATION: "NECCESSARY STEP" FOR SECURE INTERNET WASHINGTON, DC -- The Electronic Privacy Information Center (EPIC) today applauded the introduction of legislation designed to relax export controls on privacy-enhancing encryption technology. The "Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act," introduced by Sen. Conrad Burns (R-MT), would place export control authority in the Commerce Department, rather than the State Department and the National Security Agency (NSA) -- the agencies currently charged with that responsibility. The proposed bill would remove out-dated barriers to the development and dissemination of software and hardware with encryption capabilities. According to EPIC Legal Counsel David Sobel, "This is a necessary step to ensure the development of a secure Global Information Infrastructure that promotes on-line commerce and preserves individual privacy. EPIC has long advocated adoption of encryption policies that emphasize the protection of personal data and encourage the widespread dissemination of privacy-enhancing technologies." The proposed legislation comes in the midst of an ongoing debate concerning U.S. encryption policy and at a time when the need for secure electronic communications is becoming widely recognized. The explosive growth of the Internet underscores the need for policies that encourage the development and use of robust security technologies to protect sensitive personal and commercial information in the digital environment. EPIC recently joined with other organizations to create the Internet Privacy Coalition (IPC). The mission of the IPC is to promote privacy and security on the Internet through widespread public availability of strong encryption and the relaxation of export controls on cryptography. The IPC has launched the "Golden Key Campaign" to raise public awareness of these issues. Additional information is available at the IPC website: http://www.privacy.org/ipc/ EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. Additional information about EPIC is available at http://www.epic.org. ------------------------------ Date: Fri, 3 May 1996 00:16:36 -0700 From: akrause@Sunnyside.COM (Audrie Krause) Subject: Open Letter to Internet Community From Senator Burns CPSR Members and Supporters, U.S. Senator Conrad Burns is asking the Internet community to support legislation that would promote the development and use of encryption technology. CPSR is a member of the Internet Privacy Coalition (IPC), which supports this legislation. For more information on IPC, visit the CPSR web page at: http://www.cpsr.org/home/html To receive alerts about encryption legislation, send a message to: IPC-announce@privacy.org The body of the message should say: subscribe IPC-announce To unsubscribe to *this* cpsr-announce list, send a message to: listserv@cpsr.org The body of the message should say: unsubscribe cpsr-announce ------------------------------------------- Sender: Conrad_Burns@burns.senate.gov OPEN LETTER TO THE INTERNET COMMUNITY May 2, 1996 Dear friends: As an Internet user, you are no doubt aware of some of the hurdles the federal government has put up that limit the growth and full potential of exciting, emerging technologies. One of the most egregious of these has been the governmentally set limits on so-called "encryption" technologies. Today I am introducing a bill to address this major problem for businesses and users of the Internet. If the telecommunications law enacted this year is a vehicle to achieve real changes in the ways we interact with each other electronically, my bill is the engine that will allow this vehicle to move forward. The bill would promote the growth of electronic commerce, encourage the widespread availability to strong privacy and security technologies for the Internet, and repeal the out-dated regulations prohibiting the export of encryption technologies. This legislation is desperately needed because the Clinton administration continues to insist on restricting encryption exports, without regard to the harm this policy has on American businesses' ability to compete in the global marketplace or the ability of American citizens to protect their privacy online. Until we get the federal government out of the way and encourage the development of strong cryptography for the global market, electronic commerce and the potential of the Internet will not be realized. The last thing the Net needs are repressive and outdated regulations prohibiting the exports of strong privacy and security tools and making sure that the government has copies of the keys to our private communications. Yet this is exactly the situation we have today. My new bill, the Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act of 1996, would: - Allow for the unrestricted export of "mass-market" or "public-domain" encryption programs, including such products as Pretty Good Privacy and popular World Wide Web browsers. - Require the Secretary of Commerce to allow the unrestricted export of other encryption technologies if products of similar strength are generally available outside the United States. - Prohibit the federal government from imposing mandatory key-escrow encryption policies on the domestic market and limit the authority of the Secretary of Commerce to set standards for encryption products. Removing export controls will dramatically increase the domestic availability of strong, easy-to-use privacy and security products and encourage the use of the Internet as a forum of secure electronic commerce. It will also undermine the Clinton Administration's "Clipper" proposals which have used export restrictions as leverage to impose policies that guarantee government access to our encryption keys. The Pro-CODE bill is similar to a bill I co-authored with Senator Patrick Leahy of Vermont, except that it highlights the importance of encryption to electronic commerce and the need to dramatically change current policy to encourage its growth. My bill does not add any new criminal provisions and does not establish legal requirements for key-escrow agents. Over the coming months, I plan to hold hearings on this bill and encourage a public debate on the need to change the Clinton Administration's restrictive export control policies. I will need your support as we move forward towards building a global Internet that is good for electronic commerce and privacy. I look forward to working with the Internet community, online activists, and the computer and communications industry as this proposal moves through Congress. I'd like to hear from you, so please join me on two upcoming online events to talk about the new bill. The first is on America Online in the News Room auditorium at 9 p.m. Eastern Daylight Time on May 6. The second will be on Hotwired's Chat at 9 p.m. EDT on May 13. In the meantime, I need your help in supporting the effort to repeal cryptography export controls. You can find out more by visiting my web page http://www.senate.gov/~burns/. There you will find a collection of encryption education resources that my Webmaster has assembled. I trust that the entire Internet community, from the old-timers to those just starting to learn about encryption, will find this information useful. This bill is vital to all Americans, from everyday computer users and businesses to manufacturers of computer software and hardware. I very much look forward to working with you on this issue. Conrad Burns United States Senator ------------------------------------------- (The following program announcement comes from a CDT Policy Post. Email me if you want the whole newsletter, which discusses the current attempts to legalize encryption export.--Andy) * SENATORS TO GO ONLINE TO DISCUSS BILLS, TAKE COMMENTS FROM NETIZENS In an effort to bring the Internet Community into the debate and encourage members of Congress to work with the Net.community on vital Internet policy issues, Senator Burns and Senator Leahy will participate in live, online discussions of the new legislation. CDT and VTW, who are helping to coordinate these events, will publish the transcripts of the sessions and encourage Netizens to participate. Please join Senator Burns live online to discuss the Pro-CODE bill on: * MONDAY, MAY 6 AT 9:00 PM ET IN AMERICA ONLINE'S NEWS ROOM AUDITORIUM Note that you will have to join AOL participate in this chat. (If you aren't currently an AOL member, you can obtain the software by either a) finding one of those pervasive free floppy disks, or b) by using ftp to get it from ftp.aol.com (ftp://www.aol.com/) * MONDAY, MAY 13 AT 9:00 ET AT HotWired's CLUB WIRED Visit http://www.hotwired.com/ for more information. Senator Leahy will also conduct sessions on America Online and HotWired in the next several weeks, dates and times are TBA (visit http://www.crypto.com for updates) -- Audrie Krause CPSR Executive Director PO Box 717 * Palo Alto, CA * 94302 Phone: (415) 322-3778 * Fax: (415) 322-4748 * * E-mail: akrause@cpsr.org * * * Web Page: http://www.cpsr.org/home.html * ------------------------------ End of PRIVACY Forum Digest 05.10 ************************