TUCoPS :: Privacy :: priv0910.txt

Privacy Digest 09.10

<head><TITLE>PRIVACY Forum Archive Document - (priv.09.10) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<td width=15%>


<table border=0 cellspacing=0 cellpadding=0 width=100%>

<table border=1 cellspacing=0 cellpadding=0>
<td bgcolor="#ffffcc">

<font face="Arial, Helvetica, sans-serif">
<a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b>



<td bgcolor="#ccffff">
<img src="/ipissues1.jpg" border=0>

<font size=-1 face="Arial, Helvetica, sans-serif">
<b>"CRIME or FAIR USE?"</b>

<table border=0 cellspacing=0 cellpadding=2 width=100%>

<td bgcolor="#ffffff">

<table border=1 width=100%>

<table border=0 cellpadding=0 cellspacing=0 width=100%>
<a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a>
<font size=-1>
<a href="/pfir-p.ram">Listen<br>RealAudio</a>



<table border=0 cellpadding=1 cellspacing=0 width=100%>
<a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a>
<font size=-1>
<a href="/pfir-p.mp3">Listen<br>MP3</a>








<td align=center>

<table border=1 cellpadding=0 cellspacing=0>
<td bgcolor="#ffffcc">

<table border=0 cellpadding=0 cellspacing=4>


<font face="Arial, Helvetica, sans-serif">
"<a href="/reality">REALITY RESET</a>"


<table border=1 cellpadding=1 cellspacing=2 width=100%>
<td bgcolor="#ffffff">
&nbsp;Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a>




<font size=+2><b>PRIVACY Forum Archive Document</b></font>

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A>


PRIVACY Forum Digest      Wednesday, 8 March 2000      Volume 09 : Issue 10

                (<A HREF="http://www.vortex.com/privacy/priv.09.10">http://www.vortex.com/privacy/priv.09.10</A>)

            Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         <A HREF="http://www.vortex.com">http://www.vortex.com</A> 
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable &amp; Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        DoubleClick Backs Down -- For the Moment...
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Get Pregnant, Go to Prison! 
           (Lauren Weinstein; PRIVACY Forum Moderator)
        UK DVLA releasing personal information (Andrew Wheatley)
        ACT Proposing Most Repressive DNA Law To Date (Roger Clarke)
        Fact Sheet on Strengthening Cyber Security (Monty Solomon)
        ACLU on proposed Fed. med-privacy rules (Peter Marshall)
        UK publishes "impossible" decryption law (Cyber Rights)
        Privacy2000 Conference: Information &amp; Security in the Digital Age
           (Mike Zandpour)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>".  Mailing list problems should be reported to
"<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "The karma in here is so thick, you need an aqualung to breathe!"

           -- "Beef" (Gerrit Graham)
              "Phantom of the Paradise" (Harbor Productions; 1974)


Date:    Wed, 8 Mar 2000 10:06 PST
From:    <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: DoubleClick Backs Down -- For the Moment...

Greetings.  As you may have heard, the storm of criticism regarding
DoubleClick, Inc.'s plan (Abacus Alliance) to match up non-Web
identity and purchasing data with Web movements, has had some effect.
(See <A HREF="http://www.vortex.com/privacy/priv.09.06">http://www.vortex.com/privacy/priv.09.06</A> for a bit of background.)

The barrage of investigations, lawsuit activity, and general bad PR (and
perhaps the steep decline in its stock price) caused DoubleClick to announce
that they were suspending plans regarding such data linkages, until
government and industry develop privacy standards (whatever that means).
This change of heart apparently does not affect DoubleClick's so-called
"anonymous" cookie-based Web tracking (which I've strongly criticized here in
the PRIVACY Forum in the past), nor their data matching from purely
Web-based information sources.

While some observers are categorizing the DoubleClick announcement as a
major privacy victory, DoubleClick could change their mind at any time.  In
fact, their move could set back efforts to establish legal protections for
consumers against abusive tracking and data matching from DoubleClick in the
future, or from other firms at any time.  One could naturally speculate that
diverting the possibility of such legislation might well be a significant
factor behind their temporarily altered plans.

I am not impressed.

Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy


Date:    Wed, 8 Mar 2000 10:45 PST
From:    <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Get Pregnant, Go to Prison!

Greetings.  Nobody has ever said that judges can't be creative, but the
recent trend towards the imposition of privacy-invasive, humiliating, or
just plain bizarre sentences upon offenders seems to be accelerating.  Since
such punishments are typically not specifically on the books, they are
usually implemented by means of a Faustian choice presented to the person
being punished--either accept the "unusual" sentence or spend more time in
jail.  Coercive?  Some might think so.

In this light, the sentence handed down recently by a Montana judge is
instructive for its privacy implications, though this aspect of the story
has seen remarkably little attention.  A woman was convicted of endangering
her unborn child when testing after its birth found it to have amphetamines
in its system.  The woman, who had violated probation by not paying fines,
not completing a chemical dependency program, and by testing positive for
drugs herself, was then sentenced to ten years under the supervision of the
Montana Department of Corrections (five years suspended, with some time to
be spent in "boot camp") <B>and</B> ordered by the judge not to become pregnant
for ten years.

It is the latter part of the sentence that I find most interesting.  If she
"fails" a pregnancy test (to be given once every two months), she can be
jailed.  In other words, get pregnant and off to prison you go.

Certainly anything <B>reasonable</B> that can be done to avoid babies being born
with drug contamination/addiction is worth considering--it's a terrible kind
of situation.  But I have a serious problem with a judge deciding that she
has the power to play God in what is fundamentally a very private matter.
And if such a sentence is permissible in this case, what of all the other
situations where someone, somewhere, might believe that a fetus or newborn
would be put at risk by the mother's activities?  Heavy smoker?  Eats too
much junk food and won't get prenatal care?  Engages in very strenuous
sporting activities?  What of people convicted of child abuse who are still
free to have additional children?  Should any such persons be prevented from
having more children?  Where do we draw the line?  Forced sterilization?
Chastity belt sentences?

I think it's obvious that this is a very risky area for the judiciary to be
meddling with.  All too often, "the end justifies the means" is accepted by
society as a shortcut to goals that it deems desirable.  The ethics of
this approach, however, are frequently highly questionable.

Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy


Date:    Mon, 21 Feb 2000 22:54:40 +0000
From:    <A HREF="mailto:anw@tirana.freewire.co.uk">anw@tirana.freewire.co.uk</A>
Subject: UK DVLA releasing personal information

"Cowboy car wheel clampers are being given the names and 
addresses of motorists so they can serve official-looking 'fines' on 
them even though they might have parked legally..."
"...DVLA [Driver Vehicle Licensing Agency] in Swansea has admitted 
supplying 300,000 details a year to outside sources upon request..."
"...DVLA spokesman said each individual case was considered..."

        -- from <A HREF="http://cars.uk.yahoo.com/000221/65/a0hh6.html">http://cars.uk.yahoo.com/000221/65/a0hh6.html</A> 


To put the above report into perspective, in the UK each vehicle has 
a "registered keeper" which is intended to be the person who uses 
the vehicle, not necessarily the owner. The DVLA, in Swansea; 
South Wales, stores details of the vehicle and also the keeper's 
name and address.

Personally, the above report and similar reports cause me some 
concern, because of the potential for someone with malicious 
intentions to make a request under false pretences.

I wrote to the DVLA requesting them to only release my records to 
the Police and government agencies, and received a reply stating 
that DVLA observes the Data Protection Act 1984 and considers 
each application on its merits. However, the reply also stated that 
they could not guarantee not to release my information but I could, 
if I wanted, use a Post Office box as the vehicles' address. This I 
intend to do.

I find it regrettable that I am forced to take the initiative to maintain 
privacy of my personal data.

Regards to all
Andrew Wheatley


Date:    Mon, 14 Feb 2000 17:48:21 +1100
From:    Roger Clarke &lt;<A HREF="mailto:Roger.Clarke@xamax.com.au">Roger.Clarke@xamax.com.au</A>&gt;
Subject: ACT Proposing Most Repressive DNA Law To Date 

   [ This is referring to Australia -- PRIVACY Forum Moderator ]

The ACT under Attorney-General Gary Humphries has been a fairly sensible
player on matters such as net censorship (particularly in comparison with
his NSW and Commonwealth counterparts!);  and what's more the ACT broke the
dam-wall with its medical data privacy legislation a couple of years ago.

Unfortunately, it appears that Humphries has been carried away with the
hype put forward by the law enforcement lobby, and is now in a bidding war
with NSW's Jeff Shaw and the Commonwealth's Amanda Vanstone for world's
most repressive DNA legislation.

The Canberra Times of Sunday 13 February carried as its top-of-page-one
item a report that the ACT Police (a service outsourced to the AFP) are to
have the power to "obtain swabs from the mouths of all suspects of
indictable offences as well as all sentenced offenders in custody".  

On page 2 there's an accompanying article by Deputy Editor Crispin Hull.
It's much more thoughtful than most things that get published, although my
impression is that it's still insufficiently critical of the AFP's proposal.

(I couldn't find the items on the site, but Crispin has very helpfully
provided the text for both articles, for limited distribution).

This is a big issue, which needs the urgent attention of advocates.  There
are some very nasty provisions in the Commonwealth A/G's discussion paper
of last year, e.g. heavy moral suasion on people in, say, the vicinity of a
rape, to 'voluntarily' submit to body-fluid or body-tissue sampling, with
the implied threat that they're a suspect if they refuse.

We must also show these politicians (not to mention the social control
machine behind them) to be either fatuous or devious for using terms like
'infallible' and 'exact' when referring to a process that is
<B>fundamentally</B> probabilistic.


Date:    Tue, 15 Feb 2000 20:02:38 -0500
From:    Monty Solomon &lt;<A HREF="mailto:monty@roscom.com">monty@roscom.com</A>&gt;
Subject: Fact Sheet on Strengthening Cyber Security

                            THE WHITE HOUSE

                     Office of the Press Secretary
For Immediate Release                                  February 15, 2000

                               Fact Sheet

    Strengthening Cyber Security through Public-Private Partnership

Today the President and members of his Cabinet met with leaders of
Internet and e-commerce companies, civil liberties organizations, and
security experts to jointly announce actions strengthening Internet and
computer network security.  This meeting follows last month's release by
the President of the National Plan for Information Systems Protection,
which establishes the first-ever national strategy for protecting the
nation's computer networks from deliberate attacks.

During today's meeting, industry executives announced their intention to
join others to create an Internet industry mechanism to share
information on cyber attacks, vulnerabilities and security practices to
better respond to cyber-attacks and deliberate intrusions into computer
networks.  Recently, other industries such as banking and finance, and
major telecommunications carriers, have created industry partnerships
for cyber-security.

The President also announced immediate steps the government will take to
strength security for our nation's computer systems:

Accelerated Spending on Cyber Security - A $9 million budget
supplemental for Fiscal Year 2000, jump-starting key initiatives for
cyber-security contained in the President's FY2001 $2 billion budget
request for cyber-security. The request will accelerate new programs to
educate Americans for cyber-security careers, build a system for
protecting Federal government computers, and create a new Institute for
Information Infrastructure Protection.

Research and Technology Development for Information Infrastructure
Development - President Clinton supports federal government research and
technology development for information infrastructure protection that
the private sector does not have sufficient market incentives to
generate on its own.  The centerpiece of the federal government's
efforts in this area will be the Institute for Information
Infrastructure Protection (I3P), for which the President has requested
$50 million in his Fiscal Year 2001 budget.  The President has also
requested a supplemental appropriation of $4 million for Fiscal Year
2000 to jumpstart the Institute's preparations.  Science Advisor Neal
Lane and NSC National Coordinator Dick Clarke will meet this Friday with
members of the President's Committee of Advisors on Science and
Technology and other computer security experts, research specialists,
and industry leaders in an effort to help fill the gaps in the nation's
research agenda for computer network security.

Partnership for Critical Infrastructure Security - Secretary Daley will
participate in the first meeting of the Partnership for Critical
Infrastructure Security next week to maximize cooperation between
government and private sector initiatives for cyber-security.  Since the
vast majority of the United States' critical infrastructures are owned
and operated by private industry, the Partnership recognizes and
acknowledges that the Federal government alone cannot protect these
infrastructures or assure the delivery of services over them. The
Partnership will explore ways in which industry and government can
jointly address the risks to the nation's critical infrastructures.  It
will provide a forum in which the various infrastructure sectors can
meet to address issues relating to cross-sector interdependencies,
explore common approaches and experiences, and engage other key
professional and business communities that have an interest in
infrastructure assurance.  By doing so, the Partnership hopes to raise
awareness, promote understanding, and, when appropriate, serve as a
catalyst for action.

Private sector membership in the Partnership is open to infrastructure
owners and operators; providers of infrastructure hardware, software,
and services; risk management and investment professionals; and other
members of the business community who are stakeholders in the critical
infrastructures.  Government representation will include state and local
governments as well as Federal agencies and departments responsible for
working with the critical infrastructure sectors and for providing
functional support for the protection of those infrastructures.



Date:    Mon, 21 Feb 2000 17:52:13 -0800
From:    Peter Marshall &lt;<A HREF="mailto:techdiff@ix.netcom.com">techdiff@ix.netcom.com</A>&gt;
Subject: ACLU on proposed Fed. med-privacy rules

ACLU Newsfeed -- ACLU News Direct to YOU!
     Although Medical Privacy Regulations an
     Important First Step, ACLU Also Criticizes Loopholes

Thursday, February 17, 2000

WASHINGTON -- The Clinton Administration's proposed medical privacy 
regulations include several loopholes that threaten the Administration's 
laudable premise that medical information is private and may not be 
disclosed to third parties without prior consent, the American Civil 
Liberties Union said today.

"The Administration's proposed regulations are an important first step 
toward comprehensive federal privacy protections," said Ronald Weich, an 
ACLU Legislative Consultant. "But there are so many loopholes to the 
Administration's overall rule that medical records are private that the 
exceptions threaten to become the rule."

While the proposed regulations do a good job of shielding medical 
information from disclosure for commercial reasons, the ACLU said that they 
provide a series of exceptions for government access to data, including for 
law enforcement agencies and public health agencies.

"For many patients," the ACLU said, "the fear of government access to 
private medical information is as chilling as the fear of commercial 
access. In fact, many Americans regard the government as more of a threat 
to liberty than the private sector."

The ACLU took particularly harsh aim at the Administration's plans to allow 
law enforcement agencies virtually unlimited access to medical records. 
This loophole is so large, the ACLU said, that it "permits computerized 
medical records to become a vast centralized police database."

"Medical records of ordinary law-abiding Americans must not be treated like 
mug shots, fingerprints or other current databases compiled from convicted 
criminals," the ACLU said.

The ACLU's other primary concerns with the regulations include the broad 
privacy exceptions for medical information collected by the government 
itself and what the ACLU called a significant omission to the 
Administration's proposal: there is no requirement that a doctor obtain a 
patient's authorization before using the patient's medical records for 
treatment, payment or health care operations.

"The ACLU believes that patients own their medical records," the ACLU said. 
"It follows that those records cannot be used for any purpose without the 
patient's consent."

The ACLU's formal comments came on the last day of the comments period. In
addition to filing its own suggested changes, the ACLU said that more than 
11,000 people had visited its special medical records web site, filing 
approximately 10,000 comments with the Administration.

The ACLU's comments can be found at: 
<A HREF="http://www.aclu.org/congress/l021700a.html">http://www.aclu.org/congress/l021700a.html</A>


Date: Thu, 10 Feb 2000 08:38:05 -0500 (EST)
From: Cyber Rights &lt;<A HREF="mailto:cyber-rights@cpsr.org">cyber-rights@cpsr.org</A>&gt;
Subject: UK publishes "impossible" decryption law

(Note from [Cyber Rights] moderator: I'm including today's press release
first because it's relatively newsworthy, but it will be
hard to understand without some background. I recommend the
<A HREF="http://www.cyber-rights.org/crypto/">http://www.cyber-rights.org/crypto/</A> site or the second press
release in this message.--Andy)


FOUNDATION FOR INFORMATION POLICY RESEARCH (<A HREF="http://www.fipr.org/">www.fipr.org</A>)
News Release                          Thurs 10th Feb 2000

Contact:        Caspar Bowden
                Director of FIPR
                +44 (0)171 354 2333
                <A HREF="mailto:cb@fipr.org">cb@fipr.org</A>

Today Britain became the only country in the world to publish a law which
could imprison users of encryption technology for forgetting or losing
bill has been introduced in Parliament: it regulates the use of
informers, requires Internet Service Providers to maintain "reasonable
interception capabilities", and contains powers to compel decryption
under complex interlocking schemes of authorisation.

Caspar Bowden, director of Internet policy think-tank FIPR said, "this law
could make a criminal out of anyone who uses encryption to protect their
privacy on the Internet."

"The DTI jettisoned decryption powers from its e-Communications Bill
last year because it did not believe that a law which presumes someone
guilty unless they can prove themselves innocent was compatible with the
Human Rights Act. The corpse of a law laid to rest by Stephen Byers
has been stitched back up and jolted into life by Jack Straw"

Decryption Powers: Comparison with Part.III of Draft E-Comms Bill (July 99)
The Home Office have made limited changes that amount to window-dressing,
but the essential human rights issue remains:

(Clause 46): authorities must have "reasonable grounds to believe" the key
is in possession of a person (previously it had to "appear" to authorities
that person had a key). This replaces an subjective test with one requiring
objective evidence, but leaves unaffected the presumption of guilt if
reasonable grounds exist.

(Clause 49): to prove non-compliance with notice to decrypt, the prosecution
must prove person "has or has had" possession of the key. This satisfies the
objection to the case where a person may never have had possession of the
key ("encrypted e-mail out of the blue"), but leaves unchanged the essential
reverse-burden-of-proof for someone who has forgotten or irreplaceably lost
a key. It is logically impossible for the defence to show this reliably.

As part of the consultation on the draft proposals last year FIPR and
JUSTICE jointly obtained a Legal Opinion from leading human rights
experts (<A HREF="http://www.fipr.org/ecomm99/pr.html">http://www.fipr.org/ecomm99/pr.html</A>) which found that requiring
the defence to prove that they do not possess a key was a likely breach of
the European Convention of Human Rights.

Mr.Bowden commented, "following the recent liberalisation of US export
laws, as tens of thousands of ordinary computer users start to use
encryption, a test-case looks inevitable after the Human Rights Act comes
into force in October."

Bowden said: "after trying and failing to push through mandatory
key-escrow, then voluntary key-escrow, it now looks like the government
is resorting to key-escrow through intimidation."

Notes for editors
1.      Detailed analysis of the bill will be available on
the FIPR website (<A HREF="http://www.fipr.org/">www.fipr.org</A>) later today.

2.      FIPR is an independent non-profit organisation that studies the
interaction between information technology and society, with special
reference to the Internet; we do not (directly or indirectly) represent the
interests of any trade-group. Our goal is to identify technical developments
with significant social impact, commission research into public policy
alternatives, and promote public understanding and dialogue between
technologists and policy-makers in the UK and Europe. The Board of Trustees
and Advisory Council (<A HREF="http://www.fipr.org/trac.html">http://www.fipr.org/trac.html</A>) comprise some of the
leading experts in the UK.


<A HREF="http://www.fipr.org/ecomm99/pr.html">http://www.fipr.org/ecomm99/pr.html</A>

                                Press Release

                               25 October 1999


JUSTICE,  the  legal  human  rights  organisation, and  the  Foundation  for
Information  Policy  Research today  (Monday,  25 October)  warn that  those
aspects of the Government?s  draft Electronic Communications Bill which deal
with police  powers to unscramble encoded e-mail  are likely to breach human
rights   standards  under   the   European  Convention   on  Human   Rights.

The Bill  -- intended to encourage  electronic commerce and on-line delivery
of  government services  --  allows the  police to  serve written  notice to
demand either  that a  communication be decrypted or  the private encryption
key be handed.

According to our Human  Rights Audit of the draft Bill, which is based on an
Opinion obtained from two  leading lawyers, the Government has wrongly opted
for the  widest police powers enabling  open-ended interception of encrypted
material. The  Opinion says that this " will have the inevitable consequence
of  compromising  the  affected  individual's  whole  security  and  privacy
apparatus "  and  thereby  likely  contravene  Article  8  of  the  European
Convention, on respect for private life.

In a detailed audit  of Part III of the Bill, the Opinion identifies several
other potential human rights breaches:

   * The presumption of innocence is reversed: failure to comply with a
     decryption notice will be a criminal offence unless the individual
     concerned can prove that s/he does not have the key, or does not have
     access to it because, for instance, the password has been forgotten.
     This contravenes the right to a fair trial guaranteed under Article 6
     of the European Convention.
   * The right to remain silent is likely to be breached: The police may
     require the addressee of a "decryption notice" to produce a private key
     when it "appears" that s/he has such a key; failure to produce it will
     be a criminal offence. Disclosure of the key may lead to the discovery
     of incriminating material. If used at trial, this is likely to infringe
     Article 6 of the European Convention, which includes a privilege
     against self-incrimination.
   * There are inadequate safeguards against abuse: There is no provision
     for independent judicial supervision of Part III as a whole, as
     required by Article 8 of the European Convention. Instead, the proposed
     Complaints Tribunal and Commissioner will only apply to those cases
     where the interception warrant has been approved by the Secretary of
     State under the 1985 Interception of Communications Act.

Peter Noorlander, Legal Policy Officer at JUSTICE, said:

     "There are other, less intrusive ways of giving police access to
     encrypted material when a crime is suspected. To ensure compliance
     with human rights standards, the Government must re-think this
     part of the Bill."

Caspar Bowden,  Director of the Foundation  for Information Policy Research,

     "The government is attempting to bolt decryption powers for the
     internet onto existing interception laws. This legal analysis
     demonstrates definitively why this approach is unsound and is
     incompatible with basic human rights."

Note to Editors:

  1. The Opinion is written by Professor Jack Beatson QC (formerly a Law
     Commissioner) and Tim Eicke, barrister, from Essex Court Chambers. A
     full copy of the Opinion is available on the internet, at
     <A HREF="http://www.fipr.org/ecomm99/ecommaud.html">http://www.fipr.org/ecomm99/ecommaud.html</A>, or from the JUSTICE office.
  2. The draft Electronic Communications Bill is included in a DTI
     consultation document, Promoting Electronic Commerce. It is expected to
     be introduced in the next parliamentary session.
  3. JUSTICE is conducting human rights audits of current legislation.
     Completed audits include the Immigration and Asylum Bill, Access to
     Justice Bill, Youth Justice and Criminal Evidence Bill, Draft Freedom
     of Information Bill and consultation papers on Anti-terrorism and the
     Mental Health Review. In 1998, it published a major report on covert
     policing, "Under Surveillance: Covert Policing and Human Rights
  4. The Foundation for Information Policy Research is the UK's leading
     Internet policy think-tank, an independent non-profit organisation that
     studies the interaction between information technology and society from
     a broad perspective. FIPR monitors technical developments with
     significant social impact, commissions research into public policy
     alternatives, and promotes public understanding and dialogue between
     technologists and policy-makers in the UK and Europe.

Further Information

For further  information, contact  Lib Peck, JUSTICE,  on 0171 762  6419, or
Nicholas Bohm (FIPR legal officer) on 1279 871272.

   CPSR Cyber Rights -- <A HREF="http://www.cpsr.org/cpsr/nii/cyber-rights/">http://www.cpsr.org/cpsr/nii/cyber-rights/</A>
      To unsubscribe, e-mail: <A HREF="mailto:cyber-rights-unsubscribe@cpsr.org">cyber-rights-unsubscribe@cpsr.org</A>
       To reach moderator, e-mail: <A HREF="mailto:cyber-rights-owner@cpsr.org">cyber-rights-owner@cpsr.org</A>
     For additional commands, e-mail: <A HREF="mailto:cyber-rights-help@cpsr.org">cyber-rights-help@cpsr.org</A>
 Materials may be reposted in their _entirety_ for non-commercial use.


Date:    Fri, 11 Feb 2000 14:01:30 -0500
From:    Mike Zandpour &lt;<A HREF="mailto:zandpour@osc.edu">zandpour@osc.edu</A>&gt;
Subject: Privacy2000 Conference: Information &amp; Security in the Digital Age

The Technology Policy Group at the Ohio Supercomputer Center will be
hosting a conference on Privacy in November 2000. The conference is
entitled Information &amp; Security in the Digital Age. Privacy2000 is a
follow-up to last year's groundbreaking Ohio Business Privacy Forum, the
inaugural event in the TPG's Technology in Business
Series.  The 1999 conference had over 100 attendees, with keynote
presentations given by Peter Swire, Chief Counselor of Privacy for the
Office of Management and Budget for the United States; Professor George
Trubow, Director, Center for Information Technology and Privacy Law, John
Marshall Law School; and United States Congressman Michael G. Oxley, (4th
District Ohio).

Industry participants included representatives from Nationwide, NCR, Bank
One, Sterling Commerce, BBB Online,  Vorys, Sater, Seymour and Pease;
Squire, Sanders &amp; Dempsey; Thompson, Hine & Flory; in addition to
nationally recognized academics.  

For more on the 1999 privacy conference go to <A HREF="http://www.osc.edu/techseries/">http://www.osc.edu/techseries/</A>.

We are very excited about Privacy2000.  Expected speakers include Professor
Peter P. Swire, Chief Counselor of Privacy for the Office of Management and
Budget for the United States; Jason Catlett, President Junkbusters; in
addition, we are putting together a moderated roundtable to be televised on
public television.

Through interactive workshops and panels, we seek to inform business,
industry, medical and legal personal,government, and the public on vital
privacy issues and possible solutions.  We expect this year's attendance to
be between 250-300.

Privacy2000 is designed to be a regional conference with national players
and participation (note: among last year's attendees were the Director and
Deputy Director of the I.R.S. Privacy Advocate for the United States.  We
consider Privacy2000 a prelude to taking our privacy conference national in

Feel free to contact me for more information on Privacy2000,

Mike Zandpour
Technology Policy Group--Legal Researcher 
Ohio Supercomputer Center
<A HREF="mailto:Zandpour@osc.edu">Zandpour@osc.edu</A>
(614) 292-6477


End of PRIVACY Forum Digest 09.10

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>

<font size=-2>Copyright &copy; 2001 Vortex Technology.  All Rights Reserved.</font> 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH