---------------------------------------------------------------
EPIC DIGEST AT PRIVACY.ORG

EPIC-DIGEST is a weekly update of news, information, and action
items posted on privacy.org.

November 6-28, 2001

TOC------------------------------------------------------------

NEWS
House Questions FTC Chairman on Privacy Issues
Justice Department to Spy on Detainees' Attorney Phone Calls
Supreme Court Places Time Limits on Right to Sue in ID Theft Cases
EPIC Holds National ID Shred In
Successful FTC Enforcement of Privacy Policy
New FBI Keylogging Program Reported
Health Privacy Act : Not Enough Protection
ACTION
Oppose National ID

NEWS-----------------------------------------------------------

House Questions FTC Chairman on Privacy Issues

FTC Chairman Timothy Muris was the sole witness at a hearing organized
by the Subcommittee on Commerce, Trade, and Consumer Protection on
November 7, 2001. This was his first hearing before Congress and the
Subcommittee members questioned him closely on his proposals to protect
consumer privacy both online and offline.

While the hearings did not get too far into the specifics, the
Subcommittee did send a signal that consumer privacy is one of the top
items in their agenda. Muris told the subcommittee that his agency is
working hard to implement the major themes of the privacy agenda he
announced last month, including a national do-not-call telemarketing
list, and a crackdown on identity theft and on- and offline scams.

Hearing on Challenges Facing the Federal Trade Commission November 7,
2001
http://energycommerce.house.gov/107/hearings/11072001Hearing403/hearing.htm

FTC Chief Grilled On Privacy At 1st Congressional Hearing Newbytes,
November 7, 2001
http://www.newsbytes.com/cgi-bin/udt/im.display.printable?client.id=
newsbytes&story.id=171954

Protecting Consumers' Privacy: 2002 and Beyond Timothy Muris, October 4,
2001 http://www.ftc.gov/speeches/muris/privisp1002.htm
--------------------------------------------------------------- 

Justice Department to Spy on Detainees' Attorney Phone Calls

In a remarkable move, the Justice department announced that it would
listen in on the conversations of lawyers with clients in federal
custody, including people who have been detained but not charged with
any crime, whenever that is deemed necessary to prevent violence or
terrorism. The eavesdropping rule was adopted on an emergency basis last
week, without the usual waiting period for public comment. The rule
raises serious constitutional problems and will face a severe challenge.

U.S. Will Monitor Calls to Lawyers Washington Post, November 9, 2001
http://www.washingtonpost.com/ac2/wp-dyn/A64663-2001Nov8?language=printer

Power Grab Allows Government Eavesdropping on Inmate-Attorney
Conversations ACLU Press Release, November 9, 2001
http://www.aclu.org/news/2001/n110901a.html
--------------------------------------------------------------- 

Supreme Court Places Time Limits on Right to Sue in ID Theft Cases

The Supreme Court ruled in 9-0 decision that Federal law gives people
whose credit ratings have been damaged by a credit reporting company's
mistake only two years from the date of the mistake to file a lawsuit,
even if the mistake does not come to light until later.

The Bush Administration and consumer groups advocated that the statute
of limitations clock should start ticking when the victim becomes aware
of the theft, rather than when the theft occurs. The Court was unable to
find support for this view in their reading of the statute. It might be
time now for Congress to clarify their intentions. It also serves as a
reminder to all consumers to be vigilant about what goes on their credit
report.

Justices Uphold 2-Year Deadline on Suing Credit Raters New York Times,
November 14, 2001
http://www.nytimes.com/2001/11/14/national/14SCOT.html?pagewanted=print

TRW, Inc. v. Andrews, Findlaw
http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?court=US&navby=case&vol=000&invol=00-1045

Privacy Rights Clearinghouse ID Theft page
http://www.privacyrights.org/identity.htm
--------------------------------------------------------------- 

EPIC Holds National ID Shred In

EPIC is holding a public shredding of national ID cards on the East
House Lawn of the Capitol Building at 1 PM on Friday, November 16. EPIC
will be joined by Brad Jansen of Free Congress Foundation and Lori Cole
of Eagle Forum to discuss the threats to civil liberties posted by
National ID Systems. This shredding is being held in response to a House
Government Reform Committee Hearing on national ID cards.

EPIC Identity Cards Page. 
http://www.epic.org/privacy/id_cards/

Privacy International National ID Cards Page.
http://www.privacyinternational.org/issues/idcard/

---------------------------------------------------------------
Successful FTC Enforcement of Privacy Policy

The FTC has settled charges with an Internet operation RhinoPoint.com
owned by New Millenium Concepts, Inc. that misled consumers into paying
membership fees and turning over sensitive personal and financial
information by claiming that it would pay for the consumer's Internet
access. The company's privacy policy had stated that it would never
share information with third parties. As part of the settlement, the
company agreed to destroy all personally identifying information. The
FTC used its power under section 5 to pursue unfair and deceptive trade
practices to bring this case against the Operator. We hope we will see
more such aggressive enforcement of consumer privacy from the FTC in the
future.

FTC Press Release 
http://www.ftc.gov/opa/2001/11/newmillennium.htm

FTC Act, 15 U.S.C. § 45(a) 
http://www4.law.cornell.edu/uscode/15/45.html

Report Violations to FTC  FTC Complaint Form
https://rn.ftc.gov/dod/wsolcq$.startup?Z_ORG_CODE=PU01

--------------------------------------------------------------- 

New FBI Keylogging Program Reported

MSNBC is reporting that the FBI is developing software capable of
inserting a computer virus onto a suspect's machine and obtaining
encryption keys, The software, known as "Magic Lantern," enables agents
to read data that had been encrypted. The controversial software called
Carnivore (renamed DCS 1000), has been ineffective against suspects who
encrypt their files. Magic Lantern installs so-called "keylogging"
software on a suspect's machine that is capable of capturing keystrokes
typed on a computer and thereby getting the password that encrypts the
message.

Magic Lantern is supposedly one of a series of enhancements currently
being developed for the FBI's Carnivore project, under the umbrella
project name of Cyber Knight. MSNBC.com has filed a Freedom of
Information Act request with the bureau to get more information.

"Magic Lantern" part of new "Enhanced Carnivore Project" MSNBC.com,
November 21, 2001 
http://www.msnbc.com/news/660096.asp?cp1=1

EPIC Carnivore page 
http://www.epic.org/privacy/carnivore/

EPIC's Carnivore FOIA Documents
http://www.epic.org/privacy/carnivore/foia_documents.html

FBI's Carnivore site 
http://www.fbi.gov/hq/lab/carnivore/carnivore.htm
--------------------------------------------------------------- 

Health Privacy Act : Not Enough Protection

The Health Privacy Project released a report funded by the Pew Internet
& American Life Project that examines how the new federal health privacy
regulation covers - and does not cover - consumer-oriented health Web
sites and Internet-based health care.

The report found that: (1) the regulation does not apply to most health
Web sites; (2) different rules may to different sites offering the same
services; and (3) even at Web sites owned or operated by organizations
that are covered by the privacy regulation, it is not clear which
activities at those sites are subject to the regulation.

Pew Internet Project Report (pdf)
http://www.healthprivacy.org/usr_doc/PIP%5FHPP%5FHealthPriv%5Freport%2Epdf

Health Privacy Project 
http://www.healthprivacy.org

Privacy Act Doesn't Apply To Most Health Sites - Pew Newsbytes, November
19, 2001 
http://www.newsbytes.com/news/01/172291.html

ACTION---------------------------------------------------------

Oppose National ID

National ID systems historically have been used by repressive
governments to track citizens.  For instance, the South African
Government used national identification to enforce apartheid.  Now,
proposals in the US House and Senate would impose national ID systems on
all non-citizens.  Soon enough, those national ID systems will be
expanded to citizens.

Read more about National ID at the EPIC Identity Cards Page
http://www.epic.org/privacy/id_cards/

Privacy Internationalıs National ID Cards Page
http://www.privacyinternational.org/issues/idcard/

Read legislative proposals for national ID systems, including: Senator
Feinsteinıs (D-CA) S.1627 Visa Entry Reform Act of 2001
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.1627:

Senator Kennedyıs (D-MA) S.1618 Enhanced Border Security Act of 2001
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.1618:

Representative Greenıs (R-TX) Visa Information Security Act of 2001
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.3052:H.R.3052:

---------------------------------------------------------------

Privacy.org is a joint project of the Electronic Privacy
Information Center (http://www.epic.org) and Privacy
International (http://www.privacyinternational.org). For more
information, e-mail Chris Hoofnagle at digest-editor@privacy.org.
---------------------------------------------------------------

How to unsubscribe from EPIC-DIGEST:

You can leave the EPIC-DIGEST by entering the subscription e-mail
address at http://www.privacy.org/digest.php and selecting
"unsubscribe." Or, you can send a blank e-mail message to
EPIC-DIGEST@lists.epic.org from the subscribed address with the
following text in the subject line: unsubscribe

If you experience difficulty with subscription issues, send a
message to digest-editor@privacy.org.
---------------------------------------------------------------

EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php
---------------------------------------------------------------
END EPIC-DIGEST