EPIC DIGEST 01.09.02

 
--------------------------------------------------------------- 
EPIC DIGEST AT PRIVACY.ORG

EPIC-DIGEST is an update of news, information, and action items 
posted 
on privacy.org.

January 9, 2002-February 12, 2002

TOC------------------------------------------------------------

NEWS
Gov. Davis Proposes New California Wiretap Law 
Eli Lilly Settles FTC Privacy Investigation 
FTC Proposes Changes to TSR 
EU Vice-President to Claim US Uses Echelon to spy on European Business 
Privacy Protection Pays 
Qwest Backs Down from Marketing Plan 
Airline Passenger Profiling System 
Trusted Passenger ID Cards 
FTC Launches New Program to Help ID Theft Victims 
BBBOnline Launches New Site 
Security Hole in Windows/MSN Messenger

ACTION 
Submit FTC Telemarketing Comments

NEWS-----------------------------------------------------------

Gov. Davis Proposes New California Wiretap Law 

Governor Davis of California has proposed new wiretap legislation 
modeled along the federal USA Patriot Act, which would give police 
officers the ability to spy on phone and email conversations without a 
search warrant.  The two op-ed columns linked below highlight the grave 
dangers of such a dramatic expansion of police power at the state 
level. 

Update:  Gov. Davis has withdrawn his wiretapping plan after California 
legal counsel advised him that the proposal would be illegal. 

A Wiretap In Every Home Washington Post, January 10, 2002
http://www.washingtonpost.com/wp-dyn/articles/A22888-2002Jan9.html 

Davis' Wiretap Plan Smells a Lot Like Reelection Insurance LA Times, 
January 10, 2002
http://latimes.com/news/printedition/la-000002028jan09.column 

Calif governor Davis can't get his wiretap wishlist, Declan McCullagh's 
Politechbot.com, January 18, 2002.
http://www.politechbot.com/p-03047.htmlWhoops! 
---------------------------------------------------------------

Eli Lilly Settles FTC Privacy Investigation 

Eli Lilly, a pharmaceutical company, has settled a privacy violation 
investigation with the FTC.  Last year, Lilly inadvertently exposed the 
e-mail addresses of individuals who had signed up for updates on a 
mental health drug.  Lilly had made prior guarantees of privacy and 
confidentiality in the e-mail addresses.  The settlement calls for 
remedial measures, however, Lilly will not pay monetary damages.

Eli Lilly Settles FTC Charges Concerning Security Breach, FTC Press 
Release, January 18, 2002.
http://www.ftc.gov/opa/2002/01/elililly.htm 

ACLU Letter to the FTC, July 3, 2001.
http://www.aclu.org/news/2001/n070501b.html
---------------------------------------------------------------

FTC Proposes Changes to TSR 

The Federal Trade Commission today proposed changes to the 
Telemarketing Sales Rule (TSR) to reduce the annoyance of unwanted 
telephone solicitations and protect consumers from unauthorized charges 
on their credit-card bills.  The proposal is a key component of the 
privacy initiative that FTC Chairman Timothy J. Muris announced in 
early October. Chief among the agency's proposals is the creation of a 
national "do-not-call" registry; consumers could make a single call to 
this registry to get their names removed from many telemarketing lists, 
and telemarketers could face a fine of up to $11,000 for calling homes 
that were on this list.  Additionally, the FTC proposed that 
telemarketers would be barred from exchanging, selling or buying any 
billing information about customers. In many cases, consumers are not 
aware that telemarketers already have their credit card number so 
consumers don't realize they've agreed to buy something.  The 
Commission is accepting public comments via e-mail and a web page.

EPIC Telemarketing Page.
http://www.epic.org/privacy/telemarketing/

FTC Proposes National "Do Not Call" Registry, FTC Press Release, 
January 22, 2002.
http://www.ftc.gov/opa/2002/01/donotcall.htm 

Your Opportunity to Comment, FTC Website.
http://www.ftc.gov/bcp/conline/edcams/donotcall/form.htm 

FTC Proposes New Rules To Restrict Telemarketers, Washington Post, 
January 22, 2002.
http://www.washingtonpost.com/wp-dyn/articles/A19272-2002Jan22.html 
---------------------------------------------------------------

EU Vice-President to Claim US Uses Echelon to spy on European Business 

Vice-President of the European Parliament, Gerhardt Schmid, is expected 
to argue that the Echelon system is used for industrial espionage next 
week.  Dr Schmid compiled the European Parliament's report on Echelon, 
which is believed to intercept millions of telephone calls, faxes, e-
mails and other electronic communications and pass confidential 
information to the US National Security Agency.  Although the US 
Government has denied the existence of Echelon, it is known to be 
shared with Canada, Australia, New Zealand and Britain. UK Government 
sources justify it as a means of gathering information on terrorist 
organizations and international drug cartels.  But Dr Schmid is 
expected to argue that Echelon is also used by the United States 
Government to gather sensitive economic data from European countries, 
which is allegedly being passed on to benefit industrial rivals across 
the Atlantic.

EU vice-president to claim US site spies on European business  
Yorkshire Post News, January 30, 2002
http://yorkshirepost.co.uk/scripts/editorial2.cgi?cid=4&aid=434459 

Echelon Watch a comprehensive site for news & information on Echelon
http://www.echelonwatch.org/ 
---------------------------------------------------------------

Privacy Protection Pays 

Two recently launched ventures underscores the growing commercial 
interest in protecting privacy.  Privacy seal group TRUSTe will 
announce the launch of a new service to help police unsolicited 
commercial e-mail, or spam. Under Truste's new program, participants 
can obtain an e-mail seal if they comply with four criteria. The sender 
must adhere to Truste's fair information practice principles and e-mail 
best practices, which include giving consumers notice and choice about 
receiving e-mail solicitations. The subject line of the e-mail must be 
accurate and the message text must always allow consumers to opt out of 
further communications.  And if any of these criteria are overlooked, 
the sender is accountable to Truste's dispute resolution program, in 
which consumers can complain about a company's e-mail practices.  In 
the other venture Hewlett-Packard Co. will preinstall privacy-
protection software from Zero-Knowledge Systems in its Pavilion 
personal computers sold in North America. Spurred by growing concerns 
about online privacy and security, the software will allow users 
control and block cookies used by Web sites to track surfing habits.  
They will also be able to activate a feature that scans outgoing 
Internet traffic for credit card numbers and other private information 
that might be sent unknowingly.  Other features include an ad blocker, 
a personal firewall to guard against hacking and anti-virus protection. 

Privacy seal to help identify spam CNET News, January 31, 2002
http://news.com.com/2100-1023-826747.html 

Canning the spam Financial Times, Feb. 6, 2002
http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT398YR1CXC
&live=true 

Why a Trusted Sender Program benefits all E-Mail Constituencies Ted 
Gavin
http://member.newsguy.com/~tedgavin/html/to_what_benefit.htm 

Hewlett-Packard to include privacy software on new Pavilion PCs  Nando 
Times, January 31, 2002
http://www.nando.net/technology/story/233577p-2243010c.html 
---------------------------------------------------------------

Qwest Backs Down from Marketing Plan 

In response to a national campaign led by EPIC and other consumer 
groups, with the support of state Attorneys General and consumers 
nationwide, Qwest Communications announced today that it is withdrawing 
plans for opt-out marketing with customer telephone records, or "CPNI." 
Citing numerous customer concerns, the company has stated that it will 
wait until the Federal Communications Commission (FCC) has proposed a 
final rule on the issue. 

Qwest Announcement
http://www.epic.org/privacy/cpni/qwest_press_release.html 

EPIC's CPNI page news & background information
http://www.epic.org/privacy/cpni 
---------------------------------------------------------------

Airline Passenger Profiling System to Be Developed

Federal aviation authorities and technology companies will soon begin 
testing a vast air security screening system designed to instantly pull 
together every passenger's travel history and living arrangements, plus 
a wealth of other personal and demographic information.  The 
government's plan is to establish a computer network linking every 
reservation system in the United States to private and government 
databases. The network would use data-mining and predictive software to 
profile passenger activity and intuit obscure clues about potential 
threats, even before the scheduled day of flight.  A profiling system 
of this size and range of applications has never been contemplated and 
is a dramatic departure from American values and traditions.  

Intricate Screening Of Fliers In Works Washington Post, Feb. 1, 2002
http://www.washingtonpost.com/wp-dyn/articles/A5185-2002Jan31.html 

Homeland Security New Focus of Siebel, Firm Altered Software After 
Sept. 11  Washington Post, Feb. 8, 2002
http://www.washingtonpost.com/ac2/wp-dyn/A42216-
2002Feb7?language=printer 
---------------------------------------------------------------

Trusted Passenger ID Cards 

A U.S. Department of Transportation task force is moving forward with 
plans for a national transportation-worker identity card intended as a 
first step toward "trusted-traveler" cards for airline passengers.  The 
trusted-traveler card is part of the Aviation and Transportation 
Security signed by President Bush Nov. 19 that authorized the 
Transportation Security Administration to "establish requirements to 
implement trusted passenger programs and use available technologies to 
expedite the security screening of passengers."  Trusted-traveler cards 
would authorize passengers to bypass extensive security screening at 
airport checkpoints.  The electronic card would have an encoded 
biometric description of the owner to ensure that the person using it 
is the same person identified on the card.  The Transportation 
Department task force wants the cards to be used throughout airports 
and transportation services internationally. The card is intended to 
shorten lines at airports for frequent fliers who will undergo FBI and 
foreign background checks.   Information the owners will also be 
shared  with  law enforcement agencies around the world.

ID Card for Air Passengers Washington Times, Jan. 31, 2002
http://www.washingtontimes.com/business/20020131-32817256.htm 

Loss of Privacy is Cost Barry Steinhardt, USA Today, Jan. 28, 2002
http://www.usatoday.com/news/comment/2002/01/28/ncoppf.htm 
---------------------------------------------------------------

FTC Launches New Program to Help ID Theft Victims 

The FTC is launching a program that should make it easier for victims 
of identity theft to alert creditors and merchants to fraudulent 
activity on their accounts.  The FTC hopes its ID Fraud Affidavit will 
simplify the reporting process by allowing victims to send the same 
form to dozens of credit issuers and merchants that have agreed to 
participate in the program.

FTC Launches Program To Ease ID Theft Reporting Newsbytes, Feb. 5, 2002
http://www.newsbytes.com/news/02/174206.html 

FTC Affidavit
http://www.consumer.gov/idtheft/affidavit.htm 

FTC ID Theft Site
http://www.consumer.gov/idtheft 
---------------------------------------------------------------

BBBOnline Launches New Site 

According to the Better Business Bureau "For consumers shopping on the 
Internet, privacy is a major concern. Almost three-quarters of Internet 
users are concerned about having control over the release of their 
private information when shopping online." They have launched new site, 
called the Safe Shopping Site, that lets consumers locate online 
companies that have met BBB standards for privacy in e-commerce. It 
also educates online shoppers about how to protect their privacy on the 
Internet. 

Better Business Bureau Debuts Privacy Site E-Commerce Times, Feb. 4, 
2002
http://www.ecommercetimes.com/perl/story/16149.html 

Safe Shopping Site
http://www.bbbonline.org/consumer/ 

Privacy Requirements for Privacy Seal
http://www.bbbonline.org/privacy/threshold.asp 
---------------------------------------------------------------

Security Hole in Windows/MSN Messenger 

A feature in MSN and Windows Messenger that apparently is intended to 
identify IE users (without their knowledge or consent) on Microsoft Web 
sites can easily be abused by any Webmaster with a bit of Javascript or 
VBscript. The feature allows anyone to obtain a surfer's Messenger 
username and those of his contacts, according to Richard Burton in a 
post Monday to the BugTraq mailing list.  Worse, if a username is not 
available, the e-mail address of the surfer and those of his contacts 
are displayed instead.

Major privacy hole in Windows/MSN Messenger The Register, Feb. 5, 2002
http://www.theregister.co.uk/content/4/23936.html 

Burton's Description of Hole
http://raburton.members.easyspace.com/msn/

Microsoft: We're patching MSN hole  ZDNet News, Feb. 11, 2002 Update  
http://zdnet.com.com/2100-1105-833293.html

ACTION---------------------------------------------------------

Submit FTC Telemarketing Comments 

The Federal Trade Commission is soliciting your comments on changes to 
the Telemarketing Sales Rule (TSR). The TSR governs how many 
telemarketers may make calls to your home. This is your opportunity to 
tell the FTC how to limit telemarketing calls and to increase your 
privacy!

It is important that members of the public comment. You can do so until 
March 29, 2002.

Visit the EPIC telemarketing page to learn more about telemarketing and 
how to comment. 
http://www.epic.org/privacy/telemarketing/
---------------------------------------------------------------

How to unsubscribe from EPIC-DIGEST:

You can leave the EPIC-DIGEST by entering the subscription e-mail 
address at 
http://www.privacy.org/digest.php and 
selecting "unsubscribe." There is also an administrative page for 
changes to 
your subscription at 
https://mailman.epic.org/cgi-bin/control/epic_digest Or, you can send a 
blank e-mail message to epic_digest-
request@mailman.epic.org from the subscribed address with the following 
text 
in the subject line: unsubscribe

If you experience difficulty with subscription issues, send a message 
to 
digest-editor@privacy.org.
---------------------------------------------------------------

Privacy.org is a joint project of the Electronic Privacy Information 
Center 
(http://www.epic.org) and Privacy International 
(http://www.privacyinternational.org). For more information, e-mail 
Chris 
Hoofnagle at digest-editor@privacy.org. 
---------------------------------------------------------------

EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php 
--------------------------------------------------------------- 
END EPIC-DIGEST