|
Electronic Privacy Information Center (EPIC) Newsl
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
=============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
============================================================
Volume 1.06 October 28, 1994
------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, DC
([email protected])
=======================================================================
Table of Contents
=======================================================================
[1] FTC Orders Trans Union to Stop Selling Credit Reports to Marketers
[2] State Department Rules 1st Amendment Doesn't Apply to Disks
[3] FBI Director May Ask For Mandatory Key Escrow Legislation
[4] Clipper: Alive and Well
[5] EPIC on Compuserve
[6] New Files in the Archive
[7] Upcoming Conferences and Events
=======================================================================
[1] FTC Cracks down on Trans Union
=======================================================================
The Federal Trade Commission on October 18 ordered Trans Union, one of
the nation's largest credit bureaus, to stop selling consumer
credit information in its files to direct marketers in violation of
the Fair Credit Reporting Act (FCRA). This decision follows a year
after TRW, another large credit bureau, signed a consent decree with
the FTC to limit selling credit information. Equifax, the other
large credit bureau, also stopped voluntarily selling credit info
for marketing last year.
Trans Union, through its Transmark target marketing division, created
lists of individuals based on credit-related criteria and then sold
the information to companies to use for target marketing. The
Commission ruled that target marketing was illegal under the FCRA
because the law requires that the consumer initiate the transaction
before the information can be released. It also found that the
companies had full access to consumers' names and were aware of the
criteria under which the names had been chosen from the Trans Union
database, which is also an illegal disclosure of credit information.
Trans Union has said they will appeal and plan to continue selling the
information in the meanwhile. Under a newly passed law, Trans Union
must ask for a stay of the order after 60 days before they can
continue selling the information. Ed. Mierwizinski, Consumer Program
Director of US Public Interest Research Group's Washington Office
hailed the FTC's actions "its a good decision. I predict if they
try and appeal, they will loose."
=======================================================================
[2] State Dept: 1st Amendment Doesn't Apply to Disks
=======================================================================
The State Department ruled on October 7 that some forms of electronic
speech are not protected by the First Amendment and can be prohibited
from export. The decision raises questions about the protection of
free speech on the information superhighway.
The controversy arose over the export of an electronic version of
Applied Cryptography: Protocols, Algorithms, and Source Code in C
(John Wiley and Sons, 1994) by Bruce Schneier. The agency ruled that
electronic source code for computer programs that contains
cryptographic algorithms is not protected under the First Amendment
and thus is not exportable under current law. The ruling follows just
a few months after the same department OK'd the export of the same
code in printed form. Under current State Department rules, the export of
almost all
software with confidentiality and privacy features is prohibited
unless permission is granted by the National Security Agency prior to
export.
Earlier this year Schneier and San Diego engineer Phil Karn requested
and received permission to export the printed version, which contains
over 100 pages of source code for different cryptographic algorithms
in a type face easily converted to electronic form by a standard
computer scanner. The book has sold over 17,000 copies worldwide in
less than one year.
When Karn and Schneier requested permission to export the disks, which
have the exact same information as is contained in the book, William
Robinson, the director of the Office of Defense Trade Controls,
rejected the request stating "the text files on the subject disk are
not an exact representation of what is found in Applied
Cryptography...each source code listing has been partitioned into its
own file and has the capability of being easily compiled into an
executable subroutine . . . This is an added value to any end user
that wishes to incorporate encryption into a product."
Computer users and experts are critical of the distinction. Karn noted
"with the widespread availability of optical character recognition
(OCR) equipment and software, even printed information such as the
Book is easily turned into 'machine readable' disk files equivalent to
the diskette." Bob Stratton, a Senior Engineer at AlterNet "Whether
its in a book or on a disk, it doesn't matter. The technology [the
cryptography code] will flow no matter what."
When Karn and Schneier appealed the decision, Martha C. Harris, the
Deputy Assistant Secretary for Export Controls at the State Department
stated "We...have concluded that continued control over the export of
such material is consistent with the protections of the First
Amendment" She noted that a high level, interagency review had
resulted from the request. Bob Peck, a First Amendment lawyer with the
American Civil Liberties Union notes "any claim that the First
Amendment is inapplicable because of the medium is just not valid."
Karn plans to appeal the decision.
=======================================================================
[3] Clipper: Alive and Well
=======================================================================
Vice President Gore's July letter to Rep. Maria Cantwell led some
observers to to hail the "death of Clipper." Others (including EPIC
and Sen. Patrick Leahy) maintained that the Gore letter simply
re-stated earlier Administration pronouncements on the encryption
issue and did not represent a change in policy.
Any lingering doubts were laid to rest recently by Lynn McNulty, the
Associate Director for Computer Security at the National Institute of
Standards and Technology (NIST). Speaking at a conference sponsored
by the Electronic Messaging Association, McNulty gave a presentation
entitled "Clipper: Alive and Well." Noting that some media reports
had pronounced Clipper dead, McNulty said simply "that is not
correct." He reported that the government is "moving ahead to
implement key escrow," and that the designated escrow agents are, in
fact, escrowing keys. To date, 10,000 Clipper-equipped telephone
units have been purchased by the law enforcement community. And the
National Security Agency is continuing to aggressively market its key
escrow technology to private manufacturers.
=======================================================================
[4] FBI Director May Ask For Mandatory Key Escrow Legislation
=======================================================================
At a conference on Global Cryptography earlier this month, FBI
Director Louis Freeh suggested that if the administration's Clipper
key escrow encryption scheme was not widely adopted, he may ask
Congress for legislation making it mandatory. The FBI confirmed to
comments to reporters Brock Meeks and Steven Levy.
Excerpt from transcript of Freeh talk as faxed to MIchael Froomkin by
the FBI:
[note: bracked material is summary of earlier exchange]
Q: [If people pre-encrypt while using Clipper, would] the policy then
have to change?
A: The terms of encryption being a voluntary standard? Oh yea,
definitely, I mean if five years from now we solve the access problem
but what we are hearing is all encrypted I'll probably ah, if I am
still here, be talking about that in a very important way. Sure, I
mean the objective is the same. The objective is for us to get those
conversations whether they are by an alligator clipped or or [_sic_]
ones and zeros wherever they are, what ever they are, I need them.
=======================================================================
[5] EPIC on Compuserve
=======================================================================
EPIC has joined that National Computer Security Association and the
National Computer Ethics & Responsibilities Campaign in hosting a
forum on privacy, security and ethical issues on the Compuserve
Information System.
EPIC materials, including back issues of the Alert, program
description and reports are available in Library 2. Discussion of
privacy topics are in Section 2 (EPIC/Ethics).
To access the forum, use the keyword: NCSA.
=======================================================================
[6] New Files at the Archive
=======================================================================
OTA Report on Cryptography
/cpsr/privacy/ota_report_1994
Final Version of HR 4922/S 2375. - The Communications Assistance for
Law Enforcement Act of 1994
HR 5199 - Encryption Standards and Procedures Act of 1994
/cpsr/privacy/crypto/hr5199.txt
Files related to the Applied Cryptography Export Decision
/cpsr/privacy/crypto/export/applied_crypto/
The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy
International, the Taxpayers Assets Project and the Cypherpunks are
also archived. For more information, contact [email protected].
=======================================================================
[5] Upcoming Privacy Related Conferences and Events
=======================================================================
2nd ACM Conference on Computer and Communications Security, Fairfax,
Virginia. Nov 2-4, 1994. Sponsored by: ACM SIGSAC, Hosted by: Bell
Atlantic, George Mason University. Contact: [email protected]
Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November
11-13. Sponsored by ACM. Contact: [email protected]
The Technology for Information Security Conference '94 (TISC '94).
Galveston, Texas. Dec. 5-8, sponsored by: NASA Johnson Space Center
Mission Operations Directorate (MOD), MOD AIS Security Engineering
Team, and the ISSA. Contact: John D'Agostino
(dagostin@killerbee.jsc.nasa.gov).
Second International Conference on Information Warfare: "Chaos on the
Electronic Superhighway" Jan 18-19, Montreal, CA. January 18, 1995,
Sponsored by NCSA. Contact: Mich Kabay (75300.3232@compuserve.com).
(Send calendar submissions to [email protected])
=======================================================================
To subscribe to the EPIC Alert, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to [email protected]. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce.
Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org
/cpsr/alert and on Compuserve at Keyword: NCSA, Library 2 (EPIC/Ethics)
=======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data. EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email [email protected], or write
EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1
202 544 9240 (tel), +1 202 547 5482 (fax).
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: [email protected]
------------------------ END EPIC Alert 1.06 ------------------------
--- CPSR ANNOUNCE LIST END ---
To alter or end your subscription to this mailing list,
write to [email protected]. For general information send the message:
HELP
To unsubscribe, send the message:
UNSUBSCRIBE CPSR-ANNOUNCE
You need to do this from the same machine you subscribed from.
In both cases, leave the subject blank, or at least not resembling an
error message.
======================================================================
|
|
