--------------------------------------------------------------- EPIC DIGEST AT PRIVACY.ORG EPIC-DIGEST is a weekly update of news, information, and action items posted on privacy.org. January 5-12, 2001. TOC------------------------------------------------------------ NEWS Nominee for Attorney General May Support Privacy Few Businesses Have Joined EU Safe Harbor Agreement Canadian Privacy Act Offers Strong Protections Many Privacy Policies Fail to Inform of All Risks of Disclosure Rotenberg: Privacy Issues Are High on the Agenda in he Next Administration Airline's Entry to Private Website May Have Been Unlawful Egghead.com: Hacker Did Not Access Credit Cards Disney Offers $50,000 to Eliminate Toysmart.com Customer Database Privacy Protections Extended to Child Killers Michigan Secretary of State Sues Federal Government to Protect Privacy Microsoft Operating System Links Registration to Individual Computers Business Lobby to Oppose Privacy Legislation EBay Changes Users' Privacy Preferences Anti-Wireless Spam Bill Introduced Dutch Employees Can Monitor Workers EU Officials Consider Spam Ban Germany Establishes 'Virtual Privacy Office' INFORMATION DOJ Publishes Computer Crime Guidelines ACTION ENUM: A potential global unique identifier NEWS----------------------------------------------------------- Nominee for Attorney General May Support Privacy John Ashcroft, the Bush administration¹s nominee for Attorney General, has been a strong advocate of lifting export controls on encryption technology. This support for encryption may foreshadow his stand on the Carnivore system. US Attorney General nominee is pro-privacy, The Register, January 4, 2001. http://www.theregister.co.uk/content/6/15795.html --------------------------------------------------------------- Few Businesses Have Joined EU Safe Harbor Agreement Only 12 American businesses have joined the European Union Safe Harbor Agreement. The provision allows American businesses to make transfers of private data with EU citizens without violating the EU Privacy Directive. US Businesses Slow To Adopt EU Safe Harbor Agreement, Newsbytes.com, January 4, 2001. http://www.newsbytes.com/news/01/160069.html Safe Harbor Is a Lonely Harbor, Wired News, January 5, 2001. http://www.wired.com/news/politics/0,1283,41004,00.html European Union Directive on Data Protection, Privacy International website. http://www.privacy.org/pi/intl_orgs/ec/eudp.html Safe Harbor Provisions, Department of Commerce website. http://www.export.gov/safeharbor/ --------------------------------------------------------------- Canadian Privacy Act Offers Strong Protections Canada's Personal Information Protection and Electronic Documents Act took effect this month. The Act provides broad privacy protections for Canadians, including a requirement for express opt-in consent before businesses can collect, use, or transfer personal information and the right to access personal information held in private databases. New Year Resolutions - Your Privacy Responsibilities, TechnologyCanada.com, January 5, 2001. http://www.technologycanada.com/news.cfm?issuenumber=22&article=4 Tougher Laws Protect Privacy, The Toronto Star, December 26, 2000. http://www.thestar.com/apps/AppLogic+FTContentServer?pagename= thestar/Layout/Article_Type1&c=Article&cid=977805028011&call_page =TS_News&call_pageid=968332188492&call_pagepath=News/News The Personal Information Protection and Electronic Documents Act, Privacy Commissioner of Canada website. http://www.privcom.gc.ca/english/02_06_e.htm --------------------------------------------------------------- Many Privacy Policies Fail to Inform of All Risks of Disclosure Many privacy policies do not inform users that their information may be shared with third parties as a result of a subpoena or a business merger. This article discusses a number of services that may share information with third parties, including highway toll-collection systems, online discussion boards, enhanced 911 service, and supermarket membership cards. The privacy tradeoff: Many consumers sacrifice privacy for convenience. But they may eventually pay a price, Boston Globe, January 8, 2001. http://digitalmass.boston.com/news/daily/01/010801/privacy_tradeoff.html --------------------------------------------------------------- Rotenberg: Privacy Issues Are High on the Agenda in the Next Administration In the current issue of the American Lawyer, EPIC's Marc Rotenberg writes that privacy issues will be high on the agenda for the incoming Administration. Key issues will include privacy safeguards for electronic commerce, Carnivore, changes to the federal wiretap statute, a privacy commission, and international standards for privacy protection. Rotenberg concludes, "The first President of the twenty-first century is likely to have a big impact on the future of privacy in America." Can We Keep A Secret?: From consumer protections to FBI surveillance, privacy will be among the next president's most pressing issues, American Lawyer, January 2001. http://www.americanlawyer.com --------------------------------------------------------------- Airline's Entry to Private Website May Have Been Unlawful Hawaiian Airlines may have violated federal wiretap laws when an executive used a pilot's name to access a private web site that contained comments critical of the company. The 9th Circuit Court of Appeals ruled that accessing a private web site under false pretenses may constitute a violation of the Federal Wiretap Act and the Stored Communication Act. Airline may be held liable for accessing Web site, CNET (Bloomberg News), January 8, 2001. http://news.cnet.com/news/0-1005-200-4412743.html Konop v. Hawaiian Airlines, No. 99-55106, Findlaw.com. http://laws.lp.findlaw.com/9th/9955106.html --------------------------------------------------------------- Egghead.com: Hacker Did Not Access Credit Cards Egghead.com, an Internet merchant, reported last month that a hacker gained access to its system, and possibly to its database of 3.5 million customers. Egghead.com spokespersons now claim that the hacker did not access customers' credit card numbers. Egghead.Com: Credit Cards Are Safe, New York Times, January 8, 2001 (registration required). http://www.nytimes.com/aponline/business/AP-Egghead-Credit-Cards.html Egghead says hacker didn't get access to cards, CNET, January 8, 2001. http://news.cnet.com/news/0-1007-201-4403891-0.html?tag=st.ne.1007.thed.sf Egghead.com Says Hacker Did Not Nab Credit Card Numbers, Newsbytes.com, January 8, 2001. http://www.newsbytes.com/news/01/160173.html Egghead: No Evidence That Hacker Stole Credit Card Info, Mercury Center (via Reuters), January 8, 2001. http://www0.mercurycenter.com/svtech/news/breaking/internet/docs/822071l.htm --------------------------------------------------------------- Disney Offers $50,000 to Eliminate Toysmart.com Customer Database According to a bankruptcy settlement in the Toysmart.com case, a Disney subsidiary will offer $50,000 to Toysmart.com to eliminate its customer database. Toysmart.com's practices in regards to collecting personal identifying information from consumers were the focus of FTC privacy enforcement action in 2000. Toysmart.com case settled: Disney unit will pay $50K for defunct firm, which will destroy its own customer records, CNNFN, January 9, 2001. http://cnnfn.cnn.com/2001/01/09/technology/wires/toysmart_wg/ Settlement Made in Toysmart Case to Protect Customer Names, Mercury Center (AP), January 9, 2001.http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/047839.htm Disney Unit Is Offering $50,000 To Toysmart to Kill Customer List, Wall Street Journal, January 9, 2001 (subscription required). http://interactive.wsj.com/archive/retrieve.cgi?id=SB979010620710813099.djm FTC Announces Settlement With Bankrupt Website, Toysmart.com, Regarding Alleged Privacy Policy Violations, Federal Trade Commission Press Release, July 21, 2000. http://www.ftc.gov/opa/2000/07/toysmart2.htm --------------------------------------------------------------- Privacy Protections Extended to Child Killers The two British boys who killed a toddler in 1993 are now adults and are to be released from a detention center this year. As a result of publicity and public anger surrounding the killings, a British court has extended privacy protections to the boys, including issuing them new identities and placing restrictions on media coverage. British Court Grants Anonymity to Killers of Toddler, New York Times, January 9, 2001 (registration required). http://www.nytimes.com/2001/01/09/world/09BRIT.html --------------------------------------------------------------- Michigan Secretary of State Sues Federal Government to Protect Privacy Candice Miller, Michigan's Secretary of State, has filed suit against the federal government to block enforcement of a law that requires the State to collect social security numbers from seven million motorists. The federal requirement, part of a provision in the Welfare Reform Act of 1997, was intended to uncover citizens who owe child support payments. Secretary Miller files lawsuit to protect Michigan residents¹ privacy, Michigan Department of State Press Release, January 4, 2001. http://www.sos.state.mi.us/pressrel/active/010104-1n.html Suit claims invasion of privacy: State official wants to protect Social Security numbers, Detroit News, January 5, 2001. http://www.detnews.com/2001/metro/0101/05/c01-171994.htm --------------------------------------------------------------- Microsoft Operating System Links Registration to Individual Computers Windows Whistler will contain "Microsoft Product Activation for Windows" (WPA). WPA links the program to the machine, preventing subsequent installations on different computers. Activation of the program requires registration with a Microsoft-run license clearinghouse. Whistler build adds anti-piracy lock, MSNBC, January 8, 2001. http://www.msnbc.com/news/513345.asp?0nm=-13O New 'Whistler' build adds anti-piracy lock, Yahoo News (ZDNet), January 8, 2001. http://dailynews.yahoo.com/h/zd/20010108/tc/new_whistler_build_adds_ anti-piracy_lock_1.html --------------------------------------------------------------- Business Lobby to Oppose Privacy Legislation The U.S. Chamber of Commerce will oppose legislative efforts to implement federal standards for online privacy. Industry leaders say that legislation is unnecessary, and that the current self-regulatory scheme has not yet been given enough time to develop privacy protection. US Chamber Vows To Fight Privacy Legislation, Newsbytes, January 9, 2001. http://www.newsbytes.com/news/01/160268.html --------------------------------------------------------------- EBay Changes Users' Privacy Preferences EBay.com announced to customers that the company will change the privacy preferences of certain users who have opted out from receiving promotional materials. The company claims that the preference change will remedy a computer error that prevented new members from opting in to the receipt of promotional materials. When It Came to Privacy on EBay, No Became Yes, New York Times, January 11, 2000 (registration required). http://www.nytimes.com/2001/01/11/technology/11GEE2.html EBay warns glitch may bring unwanted e-mail, Washington Post, January 10, 2001. http://www.washingtonpost.com/wp-dyn/articles/A39734-2001Jan9.html EBay makes users 'bidder,' Wired News, January 9, 2001. http://www.wired.com/news/business/0,1367,41086,00.html Glitch annoys EBay Customers, Mercury Center (AP), January 9, 2001. http://www0.mercurycenter.com/svtech/news/breaking/ap/docs/826511l.htm --------------------------------------------------------------- Anti-Wireless Spam Bill Introduced Representative Holt (D-N.J.) has introduced legislation prohibiting the transmission of unsolicited commercial messages to wireless devices. H.R. 113 "would amend section 227 of the Communications Act of 1934 to prohibit the use of the text, graphic, or image messaging systems of wireless telephone systems to transmit unsolicited commercial messages." Bill aims to block wireless junk email, CNET, January 10, 2001. http://news.cnet.com/news/0-1004-200-4432707.html --------------------------------------------------------------- Dutch Employees Can Monitor Workers Under a new data protection ordinance, companies in the Netherlands can monitor their workers' e-mail and Internet activity. However, the ordinance requires employers to communicate details about monitoring with staff and labor unions. Dutch Employers Can Monitor Employees' Online Activities, Newsbytes, January 10, 2001. http://www.newsbytes.com/news/01/160295.html The Dutch Data Protection Authority http://www.registratiekamer.nl/bis/top_2.html --------------------------------------------------------------- EU Officials Consider Spam Ban European Union officials are considering an enforcement scheme and other challenges presented by legislation that would prohibit the sending of unsolicited commercial e-mail. The officials favor the establishment of an opt-in system for the receipt of spam. European Union ponders crackdown on spam, Nando Times, January 10, 2001. http://www.nandotimes.com/technology/story/0,1643,500298155- 500475648-503241131-0,00.html --------------------------------------------------------------- Germany Establishes 'Virtual Privacy Office' German officials have established a education-oriented "Virtual Privacy Office" for consumers. In addition to privacy officials from Canada, Switzerland, and the Netherlands, all eighteen German Privacy Officers are affiliated with the site. Do You Even Know Who's Watching?, Wired News, January 11, 2001. http://www.wired.com/news/politics/0,1283,40935,00.html Virtual Privacy Office http://www.datenschutz.parlanet.de/index2.xml INFORMATION---------------------------------------------------- The Department of Justice published guidelines this week for computer searches in computer crime cases. The guidelines are online at: http://www.cybercrime.gov/searchmanual.htm ACTION--------------------------------------------------------- "ENO to ENUM! We are not numbers!" Learn more about ENUM, a system that has the potential to become a global unique identifier. The working proposal is at: http://www.ietf.org/internet-drafts/draft-ietf-enum-rqmts-01.txt The ENUM working group is at: http://www.ietf.org/html.charters/enum-charter.html More information on ENUM is available at: http://www.enumworld.com/ You can make comments on ENUM to Patrik Faltstrom (paf@cisco.com) or Richard Shockey (rshockey@ix.netcom.com). --------------------------------------------------------------- Privacy.org is a joint project of the Electronic Privacy Information Center (http://www.epic.org) and Privacy International (http://www.privacyinternational.org). For more information, e-mail Chris Hoofnagle at digest-editor@privacy.org. --------------------------------------------------------------- How to unsubscribe from EPIC-DIGEST: You can leave the EPIC-DIGEST by entering the subscription e-mail address at http://www.privacy.org/digest.php and selecting "unsubscribe." Or, you can send a blank e-mail message to EPIC-DIGEST@lists.epic.org from the subscribed address with the following text in the subject line: unsubscribe If you experience difficulty with subscription issues, send a message to digest-editor@privacy.org. --------------------------------------------------------------- EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php --------------------------------------------------------------- END EPIC-DIGEST