EPIC DIGEST 03.13.01

---------------------------------------------------------------
EPIC DIGEST AT PRIVACY.ORG

EPIC-DIGEST is a weekly update of news, information, and action
items posted on privacy.org.

February 28-March 13, 2001

TOC------------------------------------------------------------

NEWS
Justice Department Appeals COPA Decision  
Workplace Surveillance Increasing  
Medical Records, Marketing, and Privacy  
Radiate Settles Spyware Class Action  
Microsoft Biggest User of Web Bugs  
House Committee Holds Privacy Hearing  
WebMD Seeks to End Medical Data-Sharing Agreement  
Public Interest Advocate Pamela Samuelson Profiled in NYT  
Profilers Reject Profiling  
Medical Privacy Regs: No Consent Needed for Marketing  
Wireless Devices Raise Privacy Challenges  
Senator Nelson Introduces Privacy Legislation  
AOL Supports Anonymous Web Posters  
Web Bug Detection Software Developed  
Web Bug Detection Software Developed  
Big Brother Awards Awarded at CFP 2001  
Hotmail Email Service Posts Usersą Personal Information  
Privacy Next Target of Recording Industry  
Individuals Wary of Corporate, Government Privacy Protections  
NSF: Avoid Remote Internet Voting Systems  
Cyber Vandals Steal 1 Million Credit Card Numbers  
Public Interest Groups Challenge CIPA  
Opt-out is a 'Fraud and a Sham'  
New Cameras Increase Ease of Monitoring in UK  
Privacy and Copy Protection Systems  
Report Finds Government Privacy Abuses  
Industry Attacks Privacy Legislation  

ACTION
Support the Privacy Coalition's Privacy Pledge

NEWS-----------------------------------------------------------

Justice Department Appeals COPA Decision

The Justice Department has attempted to gain Supreme Court review of a
lower courtąs decision that held the Child Online Protection Act (COPA)
unconstitutional. COPA was designed to protect minors from "harmful
material" posted on commercial web sites as measured by "contemporary
community standards." In 2000, a federal appellate court found that COPA
impermissibly burdened free speech, and enjoined its enforcement.

Govt Asks Supreme Court To Reverse COPA's Death Warrant, Newsbytes,
February 28, 2001. 
http://www.newsbytes.com/news/01/162531.html

EPIC COPA archive, EPIC Web Site. 
http://www.epic.org/free_speech/copa/
---------------------------------------------------------------

Workplace Surveillance Increasing

According to several recent surveys, employers increasingly have engaged
in active monitoring of their employees.

Privacy at Work? Be Serious, Wired, March 1, 2001.
http://www.wired.com/news/business/0,1367,42029,00.html
---------------------------------------------------------------

Medical Records, Marketing, and Privacy

Patients and doctors are increasingly aware of the privacy problems
created by the collection and dissemination of medical information by
health providers and marketers. Patientsą medical information may be
used to deny insurance coverage or employment. Doctors report that a
loss of privacy will result in patients providing inaccurate or
incomplete information.

Privacy's Guarded Prognosis, New York Times, March 1, 2001 (registration
required). 
http://www.nytimes.com/2001/03/01/technology/01MEDI.html
---------------------------------------------------------------

Radiate Settles Spyware Class Action

Radiate, a company that creates advertising programs for shareware, has
settled a class action spyware suit. Radiate created programs that were
including in popular software such as CuteFTP. The programs, according
to the plaintiff attorneys, monitored the users without their knowledge
or permission.

Radiate Settles Spyware Class Action, InternetNews, February 28, 2001.
http://www.internetnews.com/bus-news/article/0,,3_701721,00.html
---------------------------------------------------------------

Microsoft Biggest User of Web Bugs

According to a recent web bug count report, Microsoftąs Link Exchange
has spread more web bugs on Internet sites than any other organization.

Web Bug Site Count Report, Security Space, February 2001.
http://www.securityspace.com/s_survey/data/man.200102/webbug_site.html

Microsoft: The Biggest Web Bugger, Slashdot, March 1, 2001.
http://slashdot.org/yro/01/03/01/2212233.shtml
---------------------------------------------------------------

House Committee Holds Privacy Hearing

The House Subcommittee on Commerce, Trade and Consumer Protection held a
hearing yesterday to examine privacy in the commercial world. EPIC
Executive Director Marc Rotenberg testified that privacy legislation has
historically been a component of American law, and that Congress has
consistently passed laws to protect privacy as new technologies emerge.

Privacy in the Commercial World, Subcommittee on Commerce, Trade, and
Consumer Protection, March 1, 2001
http://www.house.gov/commerce/hearings/0301200143/03012001.htm

Experts Raise Potential Legal Issues With Efforts to Protect Privacy
Online, Wall Street Journal, March 1, 2001 (subscription required).
http://interactive.wsj.com/articles/SB98347995139683728.htm

Privacy Hearing, Tech Law Journal Daily Report, March 2, 2001.
http://www.techlawjournal.com/alert/2001/03/02.asp

Lawmakers Examine Pros, Cons of Privacy Law, Silicon Valley News
(Reuters), March 2, 2001.
http://www.siliconvalley.com/docs/news/reuters_wire/911744l.htm

Privacy Laws: Not Gonna Happen, Wired, March 2, 2001.
http://www.wired.com/news/politics/0,1283,42123,00.html
---------------------------------------------------------------

WebMD Seeks to End Medical Data-Sharing Agreement

WebMD is seeking to end its agreement to provide medical information to
Quintiles. Since May 2000, WebMD has amassed data from its health care
information site and sold it to Quintiles. Quintiles uses the data for
marketing to drug companies. WebMD claims that the data could identify
individuals if combined with other available databases.

WebMD Asks Court to Back It In Denying Data to Quintiles, Wall Street
Journal, March 2, 2001.
http://interactive.wsj.com/articles/SB983488840511523149.htm

WebMD Curbs Quintiles's Access To Health Data on Privacy Issues, Wall
Street Journal, March 13, 2001 (subscription required).
http://interactive.wsj.com/articles/SB984446373666659261.htm
---------------------------------------------------------------

Public Interest Advocate Pamela Samuelson Profiled in NYT

The New York Times has published an article reviewing the work of
Professor Pamela Samuelson. Samuelson is a pioneer in public-interest
advocacy, and she recently made a donation with Robert Glushko to EPIC
to enable the development of the Internet Public Interest Opportunities
Program at EPIC.

Professor Finds Her Legacy in Internet Law, New York Times, March 2,
2001. 
http://www.nytimes.com/2001/03/02/technology/02CYBERLAW.html
---------------------------------------------------------------

Profilers Reject Profiling

Corporate executives who collect data from consumers oppose being
profiled themselves. Junkbusters recently asked executives involved in
consumer profiling whether they would mind being profiled for an
upcoming FTC workshop on consumer data gathering. The corporate
executives either didnąt reply to the request, or refused Junkbusters'
request.

Junkbustersą Profiling the Profilers, Junkbusters Web Site.
http://www.junkbusters.com/profiling.html

Online Business Leaders Duck U.S. Privacy Workshop, E-Commerce Times,
March 1, 2001. 
http://www.ecommercetimes.com/perl/story/7850.html
---------------------------------------------------------------

Medical Privacy Regs: No Consent Needed for Marketing

Although the implementation of the new HIPAA medical privacy regulations
has been delayed, controversy still follows certain provisions that
allow marketers to contact patients based on their medical records.
Under the rules, patients must opt-out of this marketing.

Do Marketers Know You're Sick?, Wired, March 2, 2001.
http://www.wired.com/news/politics/0,1283,42147,00.html?tw=wn20010303
---------------------------------------------------------------

Wireless Devices Raise Privacy Challenges

Wireless devices will soon have the ability to pinpoint usersą location
with a high degree of accuracy. The collection and use of this data
presents privacy challenges, as tracking technology may be implemented
to monitor employees, to send advertisements over wireless devices, and
to profile consumers based on their travels.

Locating Devices Gain in Popularity but Raise Privacy Concerns, New York
Times, March 4, 2001 (registration required).
http://www.nytimes.com/2001/03/04/technology/04LOCA.html?
---------------------------------------------------------------

Senator Nelson Introduces Privacy Legislation

Senator Bill Nelson (D-FL) has introduced two privacy bills. S. 450, the
Financial Institution Privacy Protection Act of 2001, would amend the
Gramm-Leach-Bliley Act (FSMA of 2000) to protect health information and
provide an opt-in standard for data sharing among financial
institutions. S. 451, the Social Security Number Protection Act of 2001,
establishes penalties for the sale or purchase of a Social Security
number.

S. 450, Financial Institution Privacy Protection Act of 2001, THOMAS
Database. 
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.00450:

S. 451, Social Security Number Protection Act of 2001, THOMAS Database.
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.00451:

New Bills, Tech Law Journal Daily Report, March 5, 2001.
http://www.techlawjournal.com/alert/2001/03/05.asp
---------------------------------------------------------------

AOL Supports Anonymous Web Posters

AOL Time Warner filed a brief in support of protecting the anonymity of
Internet users who post messages to web bulletin boards. In the brief,
the company argued that lawsuits against anonymous posters threaten free
speech rights.

AOL Brief, ACLU Web Site. 
http://www.aclu.org/court/melvin_AOLamicus.pdf

AOL Blasts Cybersmear Suits As a Threat to Free Speech, Wall Street
Journal, March 5, 2001 (subscription required).
http://interactive.wsj.com/articles/SB98356505635637430.htm
---------------------------------------------------------------

Web Bug Detection Software Developed

Several companies have developed new programs to detect web bugs. Web
bugs are imperceptible images placed on web sites used to track Internet
browsing habits. According to a recent report by Security Space,
DoubleClick, Excite, and Linkexchange are the most frequent users of web
bugs.

New tools hatch for sniffing out Web bugs CNET, March 5, 2001.
http://news.cnet.com/news/0-1005-200-5008849.html?tag=tp_pr
---------------------------------------------------------------

Big Brother Awards Awarded at CFP 2001

Privacy International unveiled the Big Brother and Brandeis Awards at
the 2001 Computers, Freedom, and Privacy Conference in Cambridge,
Massachusetts last week. The "winners" of the Big Brother Award included
the FBI, Choicepoint, and the National Security Agency. Evan Hendricks
and Julie Brill were honored with Brandeis Awards for their efforts to
protect privacy.

Big Brother 2001 Awards, Privacy International Web Site.
http://www.privacyinternational.org/bigbrother/us2001/

Computers, Freedom and Privacy Conference. http://www.cfp.org

Privacy forum to focus on crime, free speech, CNET, March 6, 2001.
http://news.cnet.com/news/0-1005-201-5032165-0.html?tag=mn_hd

Hail to Privacy at Confab, Wired, March 7, 2001.
http://www.wired.com/news/politics/0,1283,42238,00.html
---------------------------------------------------------------

Hotmail Email Service Posts Usersą Personal Information

Hotmail, a free e-mail service, has posted usersą e-mail addresses,
cities, and states to Infospace, a Internet white pages directory. The
combination of Hotmail user information with the Infospace directory
creates privacy risks, as the Infospace already directory contains
individualsą addresses and phone numbers. Users of the Hotmail service
must "opt-out" of this information sharing.

Technology: Hotmail's subscriber information shared with public Internet
directory, Nandotimes (AP), March 6, 2001.
http://www.nandotimes.com/technology/story/0,1643,500460213-500700956-
503814052-0,00.html
---------------------------------------------------------------

Privacy Next Target of Recording Industry

Online privacy faces new challenges as the recording industry may start
targeting individual users to stem the trade of pirated music. Experts
predict that the Napster decision will result in increased pressure on
ISPs to monitor networks and address individual users accused of trading
copyright protected files.

Napster Fallout: Privacy Loses?, Wired, March 6, 2001.
http://www.wired.com/news/politics/0,1283,42203,00.html
---------------------------------------------------------------

Individuals Wary of Corporate, Government Privacy Protections

A new poll to be released by Harris Interactive points to Americansą
distrust of corporate and governmental efforts to protect privacy.

Online insecurity: Firms aim to ease fears about personal data, privacy,
Boston Globe, March 6, 2001.
http://www.boston.com/dailyglobe2/065/business/Online_insecurity+.shtml
---------------------------------------------------------------

NSF: Avoid Remote Internet Voting Systems

A study commissioned by the National Science Foundation urged election
officials not to adopt remote Internet voting systems. Such systems
allow a voter to cast a ballot from any location with Internet access.
According to the report, these systems present significant security,
reliability, and social effect issues. However, Internet voting systems
deployed at polling sites could provide benefits and be implemented
soon.

Internet Voting Results, Internet Policy Institute Web Site.
http://www.internetpolicy.org/research/results.html

Report Pans Internet Voting, Wired (AP), March 6, 2001.
http://www.wired.com/news/politics/0,1283,42229,00.html
---------------------------------------------------------------

Cyber Vandals Steal 1 Million Credit Card Numbers

Exploiting a well-known hole in the Microsoft operating system, a group
of cyber vandals has stolen over one million credit card numbers from
commercial web sites.

Hackers Feast On Complacency, Security Holes Well Known, Washington
Post, March 8, 2001.
http://www.washingtonpost.com/wp-dyn/articles/A43993-2001Mar8.html
---------------------------------------------------------------

Public Interest Groups Challenge CIPA

The ACLU, EPIC, and several library associations will file suit to
challenge the Childrenąs Internet Protection Act (CIPA). CIPA requires
schools and libraries that receive federal funds to implement Internet
content filters for their web-connected computers. The groups will
challenge CIPA on First Amendment and Due Process grounds.

Child Net Protection Act Will Be Put to Legal Test, The Standard, March
9, 2001. 
http://www.thestandard.net/article/display/0,1151,22766,00.html
---------------------------------------------------------------

Opt-out is a 'Fraud and a Sham'

In an opinion-editorial in the New York Times, William Safire writes in
favor of an opt-in approach for the collection and use of consumer data.

Age of Consent, New York Times, March 12, 2001 (registration required).
http://www.nytimes.com/2001/03/12/opinion/12SAFI.html
---------------------------------------------------------------

New Cameras Increase Ease of Monitoring in UK

New wireless surveillance cameras in Britain will enable police to
monitor individuals with portable computers. Since the technology does
not require cable, it will allow police to increase monitoring of rural
and suburban areas. Currently, individuals in Britain are likely to be
monitored by up to 300 cameras a day.

New camera extends watch on crime, Sunday Times, March 11, 2001.
http://www.sunday-times.co.uk/news/pages/sti/2001/03/11/stinwenws02016.html

Even More Surveillance Cameras For England, Slashdot, March 13, 2001.
http://slashdot.org/article.pl?sid=01/03/13/020208&mode=thread
---------------------------------------------------------------

Privacy and Copy Protection Systems

Copy protection systems present challenges to privacy rights, as
authentication of ownership usually requires that the user reveal his or
her identity. A new copy-protection system called "InTether" illustrates
this problem. InTether has the ability to determine the identity of
potential recipients of a copy-protected file. If a user attempts to
circumvent InTether, the program destroys the copy-protected documents.

Copy This! Can 'Military' Technology Beat Digital Piracy?, Inside.com,
March 12, 2001. 
http://www.inside.com/jcs/Story?article_id=25476

Document-Destroying Copy Protection, Slashdot, March 12, 2001.
http://slashdot.org/article.pl?sid=01/03/12/1613223&mode=thread
---------------------------------------------------------------

Report Finds Government Privacy Abuses

A new report released by Privacilla claims that government agencies
routinely share personal information on citizens. The report recommends
that Congress make a comprehensive review of government information
practices

Privacy and Federal Agencies: Government Exchange and Merger of Personal
Information is Systematic and Routine, Privacilla Web Site.
http://www.privacilla.org/Government_Data_Merger.pdf

Group Charges Government Agencies Trade Personal Data, Newsbytes, March
12, 2001. 
http://www.newsbytes.com/news/01/163042.html

Privacy, Tech Law Journal Daily Report, March 13, 2001.
http://www.techlawjournal.com/alert/2001/03/13.asp
---------------------------------------------------------------

Industry Attacks Privacy Legislation

The Online Privacy Alliance, an industry group with membership including
Microsoft, AOL Time Warner, and IBM, has launched an attack on privacy
legislation. The group released four industry-funded reports yesterday
claiming that privacy legislation would impede business by imposing
billions in costs to consumers.

Industry Groups Launch Attack On Internet-Privacy Legislation, Wall
Street Journal, March 13, 2001 (subscription required).
http://interactive.wsj.com/articles/SB984446508732053549.htm

ACTION---------------------------------------------------------

Support the Privacy Coalition's Privacy Pledge

The Privacy Coalition, a nonpartisan coalition of consumer, civil
liberties, educational, library, labor, and family-based groups
unveiled the Privacy Pledge last week.  The Pledge calls upon
legislators to promulgate laws that effectively protection
personal privacy.

The Privacy Pledge 
http://www.privacypledge.org/
---------------------------------------------------------------

Privacy.org is a joint project of the Electronic Privacy
Information Center (http://www.epic.org) and Privacy
International (http://www.privacyinternational.org). For more
information, e-mail Chris Hoofnagle at digest-editor@privacy.org.
---------------------------------------------------------------

How to unsubscribe from EPIC-DIGEST:

You can leave the EPIC-DIGEST by entering the subscription e-mail
address at http://www.privacy.org/digest.php and selecting
"unsubscribe." Or, you can send a blank e-mail message to
EPIC-DIGEST@lists.epic.org from the subscribed address with the
following text in the subject line: unsubscribe

If you experience difficulty with subscription issues, send a
message to digest-editor@privacy.org.
---------------------------------------------------------------

EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php
---------------------------------------------------------------
END EPIC-DIGEST