--------------------------------------------------------------- EPIC DIGEST AT PRIVACY.ORG EPIC-DIGEST is a weekly update of news, information, and action items posted on privacy.org. July 3-17, 2001 TOC------------------------------------------------------------ NEWS Casinos Amass Data, Profile Customers Product Activation Mandatory in MS Windows XP ACLU Requests FTC Investigation of Eli Lily Profit Purpose Behind Red-Light Cameras HHS Issues Guidelines for HIPAA Privacy Compliance Mueller to Head FBI PF Finds 1/3 of Employers Monitor E-Mail Former Census Chief Proposes Privacy Protection OxyContin Recipients to be Fingerprinted Representative Reintroduces FOIA Exemption Bill Key Senators Express Support for Privacy Protection House to Hold Hearings on Whois Privacy NJ Court Protects Anonymous Net User MS Using Monopoly to Invade Privacy Recording Encounter With Police Violates State Wiretapping Law Police Adopt Facial Recognition, Regional Information Sharing in CA ACTION Promote the Privacy of Domain Name Registrants NEWS----------------------------------------------------------- Casinos Amass Data, Profile Customers Gambling casinos have developed extensive profiling techniques to amass data on their customers. One casino maintains a six-terabyte database of consumer information. Casinos hit jackpot with customer data, CNN, July 3, 2001. http://www.cnn.com/2001/TECH/industry/07/03/casinos.crm.idg/index.html Casinos Hit the Data Jackpot, Slashdot, July 4, 2001. http://slashdot.org/articles/01/07/05/0048245.shtml --------------------------------------------------------------- Product Activation Mandatory in MS Windows XP Microsoft Windows XP will require users to authenticate their ownership of the operating system online. The authentication protocol will store a profile of the userıs system configuration in order to bind each copy of XP to a specific computer. Microsoft Cracks Down On Sharing Windows XP, Wall Street Journal, July 5, 2001 (subscription required). http://interactive.wsj.com/articles/SB994210620680803497.htm --------------------------------------------------------------- ACLU Requests FTC Investigation of Eli Lily The ACLU sent a letter to the Federal Trade Commission asking the agency to investigate Eli Lilly for privacy violations. Eli Lilly, a major drug manufacturer, accidentally disclosed the e-mail addresses of hundreds of patients using Prozac, an antidepressant. ACLU Urges FTC to Investigate Medi-Messenger Privacy Breach, ACLU Press Release, July 5, 2001. http://www.aclu.org/news/2001/n070501a.html ACLU Letter to FTC Chair Timothy Muris, ACLU Web Site, July 3, 2001. http://www.aclu.org/news/2001/n070501b.html Eli Lilly Has Privacy Lapse, Washington Post, July 4, 2001. http://www.washingtonpost.com/wp-dyn/articles/A14311-2001Jul3.html --------------------------------------------------------------- Profit Purpose Behind Red-Light Cameras A former employee of Lockheed Martin IMS testified in a San Diego court that red-light cameras developed by the company were designed to increase profit revenue rather than safety. The employee testified on behalf of 290 drivers who challenged citations issued by red-light cameras in San Diego. The company receives $70 each time a $271 citation is paid by a citizen. Ex-worker says firm puts profits over safety, San Diego Union-Tribune, July 6, 2001. http://www.uniontrib.com/news/metro/20010706-9999_7m6cameras.html After Motorists race to court to challenge red-light cameras Photos called privacy threat, USA Today, July 7, 2001 http://www.usatoday.com/usatonline/20010706/3462035s.htm Most red-light camera cases voided, San Diego Union-Tribune, July 4, 2001. http://www.uniontrib.com/news/metro/20010703-9999_1m3tickets.html --------------------------------------------------------------- HHS Issues Guidelines for HIPAA Privacy Compliance The Department of Health and Human Services (HHS) issued guidelines to clarify privacy regulations that were developed pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The agency likely will change the privacy rule to allow parents more access to their childrenıs medical records. Standards for Privacy of Individually Identifiable Health Information, HHS Web Site. http://www.hhs.gov/ocr/hipaa/finalmaster.html Changes Coming to the Federal Medical Privacy Rule, The Standard, July 6, 2001. http://www.thestandard.com/article/0,1902,27736,00.html --------------------------------------------------------------- Mueller to Head FBI Robert S. Mueller, a U.S. Attorney from San Francisco, has been nominated by the Bush Administration to head the Federal Bureau of Investigation. Mueller is reported to have expertise in prosecution of technology crimes. Ex-Marine Is Praised as Tough, Skilled, Washington Post, July 6, 2001. http://www.washingtonpost.com/wp-dyn/articles/A23522-2001Jul5.html FBI: From G-Men to G4-Men?, Wired, July 7, 2001. http://www.wired.com/news/politics/0,1283,45071,00.html --------------------------------------------------------------- PF Finds 1/3 of Employers Monitor E-Mail The Privacy Foundation (PF) reports in a recent study that one-third of employers are continuously monitoring employeesı e-mail usage. One-Third of U.S. Online Workforce under Internet/E-Mail Surveillance, Privacy Foundation Report, July 9, 2001. http://www.privacyfoundation.org/workplace/job_loss/index.asp Privacy Foundation Workplace Surveillance Project. http://www.privacyfoundation.org/workplace/index.asp Study: Web, e-mail monitoring spreads, CNET, July 8, 2001. http://news.cnet.com/news/0-1003-200-6477633.html?tag=mn_hd --------------------------------------------------------------- Former Census Chief Proposes Privacy Protection Kenneth Prewitt, the former director of the Census Bureau, has urged the Office of Management and Budget to withhold data that links responses to small geographic areas. The Census Bureau is required by law not to release data that can be "re-identified" by others. Recent developments in profiling and statistical programs, however, can link individual citizens to their Census data. Ex-Census chief proposes new privacy protection, Government Executive, July 10, 2001. http://www.govexec.com/dailyfed/0701/071001td1.htm --------------------------------------------------------------- OxyContin Recipients to be Fingerprinted Patients in Pulaski, Virginia will be fingerprinted before receiving OxyContin from local pharmacies. Police in Pulaski are implementing the fingerprint requirement to stem the illegal sale of the drug. Town's OxyContin Buyers to Be Fingerprinted, Washington Post, July 11, 2001. http://washingtonpost.com/ac2/wp-dyn/A44111-2001Jul10? --------------------------------------------------------------- Representative Reintroduces FOIA Exemption Bill Representative Tom Davis (R-VA) reintroduced a bill that would create a new exemption to the Freedom of Information Act (FOIA) regarding "cybersecurity incidents." The new exemption would allow the government to deny FOIA requests for information relating to cybersecurity lapses in the private sector. Davis-Moran Cybersecurity Bill, THOMAS Database. http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.2435: Davis revives cyberthreat bill, Federal Computer Week, July 11, 2001. http://www.fcw.com/fcw/articles/2001/0709/web-davis-07-11-01.asp --------------------------------------------------------------- Key Senators Express Support for Privacy Protection At a hearing on Internet Privacy in the Senate Commerce Committee, several key Senators expressed support for strong privacy protections in law. At the hearing, Chairman Hollings (D-SC), former Chair McCain (R-AZ), and Senator Kerry (D-MA) announced their intention to introduce Internet privacy legislation. In addition, Senator Edwards (D-NC) announced the introduction of a new bill that would require notice and opt-in consent for the commercial use of location information harvested from wireless devices. EPIC Executive Director Marc Rotenberg testified at the hearing in support of privacy legislation that incorporates Fair Information Practices. Testimony of Marc Rotenberg, Hearing on Information Privacy, US Senate Committee on Commerce, Science and Transportation, July 11, 2001. http://www.epic.org/privacy/internet/testimony_0701.html Senators promise action to boost Internet privacy, Siliconvalley.com (Reuters), July 11, 2001. http://www.siliconvalley.com/docs/news/svfront/073524.htm Senate Panel Takes Up Internet Privacy Issue, Washington Post, July 11, 2001. http://www.washtech.com/news/regulation/11091-1.html Senators Shift Toward Opt-In Privacy Legislation, Newsbytes, July 11, 2001. http://www.newsbytes.com/news/01/167850.html Senate Still Keen on Net Privacy, Wired News (AP), July 11, 2001. http://www.wired.com/news/politics/0,1283,45172,00.html S. 1164, Location Privacy Bill, THOMAS Database. http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.1164: Senator Edwards Proposes Location Privacy Law, Press Release, Senator Edwards Web Site, July 11, 2001. http://www.senate.gov/~edwards/press/2001/jul11-pr.html --------------------------------------------------------------- House to Hold Hearings on Whois Privacy A House Judiciary Subcommittee is holding hearings on the privacy implications of the Whois database. The Whois database contains the personal contact information of persons who have registered a domain name. Marketers who use the contact information for spam and direct mail advertisements frequently mine the database. In addition, VeriSign, a leading domain name registrar, sells Whois information to marketers. EPIC Letter in Support of Voluntary Submission of Information to the Whois Database, EPIC Web Site, July 12, 2001. http://www.epic.org/privacy/internet/whois_0701.html Testimony of Dr. Jason Catlett on the Whois Database: Privacy and Intellectual Property Issues, Subcommittee on the Courts, the Internet, and Intellectual Property of the Committee on the Judiciary, July 12, 2001. http://www.junkbusters.com/testimony.html#whois Whois at heart of congressional hearings, CNET, July 11, 2001. http://news.cnet.com/news/0-1005-200-6549227.html?tag=mn_hd --------------------------------------------------------------- NJ Court Protects Anonymous Net User A New Jersey Superior Court has held that a corporation can not use court process to identify an anonymous Internet board poster without first demonstrating harm. In future cases, companies wishing to identify anonymous Internet posters will have to comply with specific guidelines to protect speech. Public Citizen and the ACLU participated in the case as amici. Dendrite International v. John Does, New Jersey Superior Division Appellate Court Decision, July 11, 2001. http://www.judiciary.state.nj.us/opinions/A2774-00.htm New Jersey Court Upholds Anonymity On Net Bulletin Board, Newsbytes, July 11, 2001. http://www.newsbytes.com/news/01/167851.html Court Limits Discovery Regarding Identity of Anonymous Posters, Tech Law Journal Daily Report, July 12, 2001. http://www.techlawjournal.com/alert/2001/07/12.asp Appeals Court Protects Anonymous Internet Critics of New Jersey Company, Public Citizen Press Release, July 11, 2001. http://www.citizen.org/Press/pr-lit38.htm --------------------------------------------------------------- MS Using Monopoly to Invade Privacy Stewart Alsop argues in Fortune that Microsoft is using its monopoly power to collect data on users. Users of Microsoft Reader, for instance, must first register with Microsoftıs Passport service before accessing e-books. Microsoft also requires registration with Passport when purchasing new software such as Microsoft Office. The Monopoly Has Just Begun Insidiously, incrementally, Microsoft is getting more and more of me. That has me worried, Fortune, July 23, 2001. http://www.fortune.com/indext.jhtml;jsessionid=HRAVOGGQO5DZYQAMEHT SFFKABQQ4KIV2?channel=print_article.jhtml&doc_id=203359 --------------------------------------------------------------- Recording Encounter With Police Violates State Wiretapping Law The Supreme Judicial Court of Massachusetts has held that secretly recording an encounter with a police officer violates the stateıs electronic surveillance law. In the case, a driver secretly recorded a conversation with a police officer and presented it to police headquarters alleging harassment. The driver was charged with violation of state wiretapping laws and ultimately sentenced to six months of probation. SJC upholds conviction of man who secretly taped police, Boston Globe (AP), July 13, 2001. http://www.boston.com/news/daily/13/police_recording.htm --------------------------------------------------------------- Police Adopt Facial Recognition, Regional Information Sharing in CA Police in Huntington Beach, California have contracted with biometric companies to purchase imaging-based law enforcement technology that includes facial recognition and regional data-sharing capabilities. The system will enable police to receive wireless transmissions of mug shots and arrest records. Imagis and ORION Chosen to Install Biometric Solutions in Huntington Beach, Biometric Digest, July 10, 2001. http://webusers.anet-stl.com/~wrogers/biometrics/hot/story.cgi/010710-02.html ACTION--------------------------------------------------------- The Internet Corporation for Assigned Names and Numbers (ICANN) is conducting a survey on the Whois database. The Whois database contains contact information of all persons who have registered domain names. In its current form, the database prevents the anonymous registration of domain names and it exposes registrants1 personal information to the public where it is often either sold or "mined" for commercial purposes. Tell ICANN to limit the amount of information required by the Whois database and to promote the ability to register a domain name anonymously! ICANN Whois Survey. http://www.icann.org/dnso/whois-survey-en-10jun01.htm EPIC Letter on Privacy of Domain Name Registration Data. http://www.epic.org/privacy/internet/ICANN_privacy.html --------------------------------------------------------------- Privacy.org is a joint project of the Electronic Privacy Information Center (http://www.epic.org) and Privacy International (http://www.privacyinternational.org). For more information, e-mail Chris Hoofnagle at digest-editor@privacy.org. --------------------------------------------------------------- How to unsubscribe from EPIC-DIGEST: You can leave the EPIC-DIGEST by entering the subscription e-mail address at http://www.privacy.org/digest.php and selecting "unsubscribe." Or, you can send a blank e-mail message to EPIC-DIGEST@lists.epic.org from the subscribed address with the following text in the subject line: unsubscribe If you experience difficulty with subscription issues, send a message to digest-editor@privacy.org. --------------------------------------------------------------- EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php --------------------------------------------------------------- END EPIC-DIGEST