<HTML>
<head><TITLE>PRIVACY Forum Archive Document - (priv.09.10) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr>
<td width=15%>
<center>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<tr>
<td>
<table border=1 cellspacing=0 cellpadding=0>
<tr>
<td bgcolor="#ffffcc">
<center>
<font face="Arial, Helvetica, sans-serif">
<a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b>
</font>
</center>
</td>
</tr>
<tr>
<td bgcolor="#ccffff">
<img src="/ipissues1.jpg" border=0>
<center>
<font size=-1 face="Arial, Helvetica, sans-serif">
<b>"CRIME or FAIR USE?"</b>
</font>
</center>
<table border=0 cellspacing=0 cellpadding=2 width=100%>
<tr>
<td bgcolor="#ffffff">
<table border=1 width=100%>
<tr>
<td>
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr>
<td>
<a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a>
</td>
<td>
<center>
<font size=-1>
<a href="/pfir-p.ram">Listen<br>RealAudio</a>
</font>
</center>
</td>
</tr>
</table>
</td>
<td>
<table border=0 cellpadding=1 cellspacing=0 width=100%>
<tr>
<td>
<a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a>
</td>
<td>
<center>
<font size=-1>
<a href="/pfir-p.mp3">Listen<br>MP3</a>
</font>
</center>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>
</td>
<td align=center>
<table border=1 cellpadding=0 cellspacing=0>
<tr>
<td bgcolor="#ffffcc">
<table border=0 cellpadding=0 cellspacing=4>
<tr>
<td>
<center>
<font face="Arial, Helvetica, sans-serif">
"<a href="/reality">REALITY RESET</a>"
</font>
</td>
<td>
<table border=1 cellpadding=1 cellspacing=2 width=100%>
<tr>
<td bgcolor="#ffffff">
Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a>
</td>
</tr>
</table>
</center>
</td>
</tr>
</table>
</td>
</tr>
</table>
<p>
<font size=+2><b>PRIVACY Forum Archive Document</b></font>
<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A>
<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A>
</font>
<p>
<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A>
</font>
<p>
<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A>
</font>
<p>
</td>
</tr>
</table>
<hr>
<PRE>
PRIVACY Forum Digest Wednesday, 8 March 2000 Volume 09 : Issue 10
(<A HREF="http://www.vortex.com/privacy/priv.09.10">http://www.vortex.com/privacy/priv.09.10</A>)
Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>)
Vortex Technology, Woodland Hills, CA, U.S.A.
<A HREF="http://www.vortex.com">http://www.vortex.com</A>
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by
the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy,
Cable & Wireless USA, Cisco Systems, Inc.,
and Telos Systems.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
DoubleClick Backs Down -- For the Moment...
(Lauren Weinstein; PRIVACY Forum Moderator)
Get Pregnant, Go to Prison!
(Lauren Weinstein; PRIVACY Forum Moderator)
UK DVLA releasing personal information (Andrew Wheatley)
ACT Proposing Most Repressive DNA Law To Date (Roger Clarke)
Fact Sheet on Strengthening Cyber Security (Monty Solomon)
ACLU on proposed Fed. med-privacy rules (Peter Marshall)
UK publishes "impossible" decryption law (Cyber Rights)
Privacy2000 Conference: Information & Security in the Digital Age
(Mike Zandpour)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>". Mailing list problems should be reported to
"<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system. Please follow the instructions above
for getting the list server "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 09, ISSUE 10
Quote for the day:
"The karma in here is so thick, you need an aqualung to breathe!"
-- "Beef" (Gerrit Graham)
"Phantom of the Paradise" (Harbor Productions; 1974)
----------------------------------------------------------------------
Date: Wed, 8 Mar 2000 10:06 PST
From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: DoubleClick Backs Down -- For the Moment...
Greetings. As you may have heard, the storm of criticism regarding
DoubleClick, Inc.'s plan (Abacus Alliance) to match up non-Web
identity and purchasing data with Web movements, has had some effect.
(See <A HREF="http://www.vortex.com/privacy/priv.09.06">http://www.vortex.com/privacy/priv.09.06</A> for a bit of background.)
The barrage of investigations, lawsuit activity, and general bad PR (and
perhaps the steep decline in its stock price) caused DoubleClick to announce
that they were suspending plans regarding such data linkages, until
government and industry develop privacy standards (whatever that means).
This change of heart apparently does not affect DoubleClick's so-called
"anonymous" cookie-based Web tracking (which I've strongly criticized here in
the PRIVACY Forum in the past), nor their data matching from purely
Web-based information sources.
While some observers are categorizing the DoubleClick announcement as a
major privacy victory, DoubleClick could change their mind at any time. In
fact, their move could set back efforts to establish legal protections for
consumers against abusive tracking and data matching from DoubleClick in the
future, or from other firms at any time. One could naturally speculate that
diverting the possibility of such legislation might well be a significant
factor behind their temporarily altered plans.
I am not impressed.
--Lauren--
Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy
------------------------------
Date: Wed, 8 Mar 2000 10:45 PST
From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Get Pregnant, Go to Prison!
Greetings. Nobody has ever said that judges can't be creative, but the
recent trend towards the imposition of privacy-invasive, humiliating, or
just plain bizarre sentences upon offenders seems to be accelerating. Since
such punishments are typically not specifically on the books, they are
usually implemented by means of a Faustian choice presented to the person
being punished--either accept the "unusual" sentence or spend more time in
jail. Coercive? Some might think so.
In this light, the sentence handed down recently by a Montana judge is
instructive for its privacy implications, though this aspect of the story
has seen remarkably little attention. A woman was convicted of endangering
her unborn child when testing after its birth found it to have amphetamines
in its system. The woman, who had violated probation by not paying fines,
not completing a chemical dependency program, and by testing positive for
drugs herself, was then sentenced to ten years under the supervision of the
Montana Department of Corrections (five years suspended, with some time to
be spent in "boot camp") <B>and</B> ordered by the judge not to become pregnant
for ten years.
It is the latter part of the sentence that I find most interesting. If she
"fails" a pregnancy test (to be given once every two months), she can be
jailed. In other words, get pregnant and off to prison you go.
Certainly anything <B>reasonable</B> that can be done to avoid babies being born
with drug contamination/addiction is worth considering--it's a terrible kind
of situation. But I have a serious problem with a judge deciding that she
has the power to play God in what is fundamentally a very private matter.
And if such a sentence is permissible in this case, what of all the other
situations where someone, somewhere, might believe that a fetus or newborn
would be put at risk by the mother's activities? Heavy smoker? Eats too
much junk food and won't get prenatal care? Engages in very strenuous
sporting activities? What of people convicted of child abuse who are still
free to have additional children? Should any such persons be prevented from
having more children? Where do we draw the line? Forced sterilization?
Chastity belt sentences?
I think it's obvious that this is a very risky area for the judiciary to be
meddling with. All too often, "the end justifies the means" is accepted by
society as a shortcut to goals that it deems desirable. The ethics of
this approach, however, are frequently highly questionable.
--Lauren--
Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy
------------------------------
Date: Mon, 21 Feb 2000 22:54:40 +0000
From: <A HREF="mailto:anw@tirana.freewire.co.uk">anw@tirana.freewire.co.uk</A>
Subject: UK DVLA releasing personal information
"Cowboy car wheel clampers are being given the names and
addresses of motorists so they can serve official-looking 'fines' on
them even though they might have parked legally..."
"...DVLA [Driver Vehicle Licensing Agency] in Swansea has admitted
supplying 300,000 details a year to outside sources upon request..."
"...DVLA spokesman said each individual case was considered..."
-- from <A HREF="http://cars.uk.yahoo.com/000221/65/a0hh6.html">http://cars.uk.yahoo.com/000221/65/a0hh6.html</A>
----
To put the above report into perspective, in the UK each vehicle has
a "registered keeper" which is intended to be the person who uses
the vehicle, not necessarily the owner. The DVLA, in Swansea;
South Wales, stores details of the vehicle and also the keeper's
name and address.
Personally, the above report and similar reports cause me some
concern, because of the potential for someone with malicious
intentions to make a request under false pretences.
I wrote to the DVLA requesting them to only release my records to
the Police and government agencies, and received a reply stating
that DVLA observes the Data Protection Act 1984 and considers
each application on its merits. However, the reply also stated that
they could not guarantee not to release my information but I could,
if I wanted, use a Post Office box as the vehicles' address. This I
intend to do.
I find it regrettable that I am forced to take the initiative to maintain
privacy of my personal data.
Regards to all
Andrew Wheatley
------------------------------
Date: Mon, 14 Feb 2000 17:48:21 +1100
From: Roger Clarke <<A HREF="mailto:Roger.Clarke@xamax.com.au">Roger.Clarke@xamax.com.au</A>>
Subject: ACT Proposing Most Repressive DNA Law To Date
[ This is referring to Australia -- PRIVACY Forum Moderator ]
The ACT under Attorney-General Gary Humphries has been a fairly sensible
player on matters such as net censorship (particularly in comparison with
his NSW and Commonwealth counterparts!); and what's more the ACT broke the
dam-wall with its medical data privacy legislation a couple of years ago.
Unfortunately, it appears that Humphries has been carried away with the
hype put forward by the law enforcement lobby, and is now in a bidding war
with NSW's Jeff Shaw and the Commonwealth's Amanda Vanstone for world's
most repressive DNA legislation.
The Canberra Times of Sunday 13 February carried as its top-of-page-one
item a report that the ACT Police (a service outsourced to the AFP) are to
have the power to "obtain swabs from the mouths of all suspects of
indictable offences as well as all sentenced offenders in custody".
On page 2 there's an accompanying article by Deputy Editor Crispin Hull.
It's much more thoughtful than most things that get published, although my
impression is that it's still insufficiently critical of the AFP's proposal.
(I couldn't find the items on the site, but Crispin has very helpfully
provided the text for both articles, for limited distribution).
This is a big issue, which needs the urgent attention of advocates. There
are some very nasty provisions in the Commonwealth A/G's discussion paper
of last year, e.g. heavy moral suasion on people in, say, the vicinity of a
rape, to 'voluntarily' submit to body-fluid or body-tissue sampling, with
the implied threat that they're a suspect if they refuse.
We must also show these politicians (not to mention the social control
machine behind them) to be either fatuous or devious for using terms like
'infallible' and 'exact' when referring to a process that is
<B>fundamentally</B> probabilistic.
------------------------------
Date: Tue, 15 Feb 2000 20:02:38 -0500
From: Monty Solomon <<A HREF="mailto:monty@roscom.com">monty@roscom.com</A>>
Subject: Fact Sheet on Strengthening Cyber Security
THE WHITE HOUSE
Office of the Press Secretary
__<U>__________________________________________________________________</U>__
For Immediate Release February 15, 2000
Fact Sheet
Strengthening Cyber Security through Public-Private Partnership
Today the President and members of his Cabinet met with leaders of
Internet and e-commerce companies, civil liberties organizations, and
security experts to jointly announce actions strengthening Internet and
computer network security. This meeting follows last month's release by
the President of the National Plan for Information Systems Protection,
which establishes the first-ever national strategy for protecting the
nation's computer networks from deliberate attacks.
During today's meeting, industry executives announced their intention to
join others to create an Internet industry mechanism to share
information on cyber attacks, vulnerabilities and security practices to
better respond to cyber-attacks and deliberate intrusions into computer
networks. Recently, other industries such as banking and finance, and
major telecommunications carriers, have created industry partnerships
for cyber-security.
The President also announced immediate steps the government will take to
strength security for our nation's computer systems:
Accelerated Spending on Cyber Security - A $9 million budget
supplemental for Fiscal Year 2000, jump-starting key initiatives for
cyber-security contained in the President's FY2001 $2 billion budget
request for cyber-security. The request will accelerate new programs to
educate Americans for cyber-security careers, build a system for
protecting Federal government computers, and create a new Institute for
Information Infrastructure Protection.
Research and Technology Development for Information Infrastructure
Development - President Clinton supports federal government research and
technology development for information infrastructure protection that
the private sector does not have sufficient market incentives to
generate on its own. The centerpiece of the federal government's
efforts in this area will be the Institute for Information
Infrastructure Protection (I3P), for which the President has requested
$50 million in his Fiscal Year 2001 budget. The President has also
requested a supplemental appropriation of $4 million for Fiscal Year
2000 to jumpstart the Institute's preparations. Science Advisor Neal
Lane and NSC National Coordinator Dick Clarke will meet this Friday with
members of the President's Committee of Advisors on Science and
Technology and other computer security experts, research specialists,
and industry leaders in an effort to help fill the gaps in the nation's
research agenda for computer network security.
Partnership for Critical Infrastructure Security - Secretary Daley will
participate in the first meeting of the Partnership for Critical
Infrastructure Security next week to maximize cooperation between
government and private sector initiatives for cyber-security. Since the
vast majority of the United States' critical infrastructures are owned
and operated by private industry, the Partnership recognizes and
acknowledges that the Federal government alone cannot protect these
infrastructures or assure the delivery of services over them. The
Partnership will explore ways in which industry and government can
jointly address the risks to the nation's critical infrastructures. It
will provide a forum in which the various infrastructure sectors can
meet to address issues relating to cross-sector interdependencies,
explore common approaches and experiences, and engage other key
professional and business communities that have an interest in
infrastructure assurance. By doing so, the Partnership hopes to raise
awareness, promote understanding, and, when appropriate, serve as a
catalyst for action.
Private sector membership in the Partnership is open to infrastructure
owners and operators; providers of infrastructure hardware, software,
and services; risk management and investment professionals; and other
members of the business community who are stakeholders in the critical
infrastructures. Government representation will include state and local
governments as well as Federal agencies and departments responsible for
working with the critical infrastructure sectors and for providing
functional support for the protection of those infrastructures.
###
------------------------------
Date: Mon, 21 Feb 2000 17:52:13 -0800
From: Peter Marshall <<A HREF="mailto:techdiff@ix.netcom.com">techdiff@ix.netcom.com</A>>
Subject: ACLU on proposed Fed. med-privacy rules
02-21-2000
ACLU Newsfeed -- ACLU News Direct to YOU!
-------------------------------------------------------------
Although Medical Privacy Regulations an
Important First Step, ACLU Also Criticizes Loopholes
Thursday, February 17, 2000
WASHINGTON -- The Clinton Administration's proposed medical privacy
regulations include several loopholes that threaten the Administration's
laudable premise that medical information is private and may not be
disclosed to third parties without prior consent, the American Civil
Liberties Union said today.
"The Administration's proposed regulations are an important first step
toward comprehensive federal privacy protections," said Ronald Weich, an
ACLU Legislative Consultant. "But there are so many loopholes to the
Administration's overall rule that medical records are private that the
exceptions threaten to become the rule."
While the proposed regulations do a good job of shielding medical
information from disclosure for commercial reasons, the ACLU said that they
provide a series of exceptions for government access to data, including for
law enforcement agencies and public health agencies.
"For many patients," the ACLU said, "the fear of government access to
private medical information is as chilling as the fear of commercial
access. In fact, many Americans regard the government as more of a threat
to liberty than the private sector."
The ACLU took particularly harsh aim at the Administration's plans to allow
law enforcement agencies virtually unlimited access to medical records.
This loophole is so large, the ACLU said, that it "permits computerized
medical records to become a vast centralized police database."
"Medical records of ordinary law-abiding Americans must not be treated like
mug shots, fingerprints or other current databases compiled from convicted
criminals," the ACLU said.
The ACLU's other primary concerns with the regulations include the broad
privacy exceptions for medical information collected by the government
itself and what the ACLU called a significant omission to the
Administration's proposal: there is no requirement that a doctor obtain a
patient's authorization before using the patient's medical records for
treatment, payment or health care operations.
"The ACLU believes that patients own their medical records," the ACLU said.
"It follows that those records cannot be used for any purpose without the
patient's consent."
The ACLU's formal comments came on the last day of the comments period. In
addition to filing its own suggested changes, the ACLU said that more than
11,000 people had visited its special medical records web site, filing
approximately 10,000 comments with the Administration.
The ACLU's comments can be found at:
<A HREF="http://www.aclu.org/congress/l021700a.html">http://www.aclu.org/congress/l021700a.html</A>
------------------------------
Date: Thu, 10 Feb 2000 08:38:05 -0500 (EST)
From: Cyber Rights <<A HREF="mailto:cyber-rights@cpsr.org">cyber-rights@cpsr.org</A>>
Subject: UK publishes "impossible" decryption law
(Note from [Cyber Rights] moderator: I'm including today's press release
first because it's relatively newsworthy, but it will be
hard to understand without some background. I recommend the
<A HREF="http://www.cyber-rights.org/crypto/">http://www.cyber-rights.org/crypto/</A> site or the second press
release in this message.--Andy)
FLASH - FOR IMMEDIATE USE
FOUNDATION FOR INFORMATION POLICY RESEARCH (<A HREF="http://www.fipr.org/">www.fipr.org</A>)
=========================================================
News Release Thurs 10th Feb 2000
=========================================================
Contact: Caspar Bowden
Director of FIPR
+44 (0)171 354 2333
<A HREF="mailto:cb@fipr.org">cb@fipr.org</A>
UK PUBLISHES "IMPOSSIBLE" DECRYPTION LAW
========================================
Today Britain became the only country in the world to publish a law which
could imprison users of encryption technology for forgetting or losing
their keys. The Home Office's "REGULATION OF INVESTIGATORY POWERS" (RIP)
bill has been introduced in Parliament: it regulates the use of
informers, requires Internet Service Providers to maintain "reasonable
interception capabilities", and contains powers to compel decryption
under complex interlocking schemes of authorisation.
Caspar Bowden, director of Internet policy think-tank FIPR said, "this law
could make a criminal out of anyone who uses encryption to protect their
privacy on the Internet."
"The DTI jettisoned decryption powers from its e-Communications Bill
last year because it did not believe that a law which presumes someone
guilty unless they can prove themselves innocent was compatible with the
Human Rights Act. The corpse of a law laid to rest by Stephen Byers
has been stitched back up and jolted into life by Jack Straw"
Decryption Powers: Comparison with Part.III of Draft E-Comms Bill (July 99)
------------------------------------------------------------------------
The Home Office have made limited changes that amount to window-dressing,
but the essential human rights issue remains:
(Clause 46): authorities must have "reasonable grounds to believe" the key
is in possession of a person (previously it had to "appear" to authorities
that person had a key). This replaces an subjective test with one requiring
objective evidence, but leaves unaffected the presumption of guilt if
reasonable grounds exist.
(Clause 49): to prove non-compliance with notice to decrypt, the prosecution
must prove person "has or has had" possession of the key. This satisfies the
objection to the case where a person may never have had possession of the
key ("encrypted e-mail out of the blue"), but leaves unchanged the essential
reverse-burden-of-proof for someone who has forgotten or irreplaceably lost
a key. It is logically impossible for the defence to show this reliably.
HUMAN RIGHT CHALLENGE "INEVITABLE"
==================================
As part of the consultation on the draft proposals last year FIPR and
JUSTICE jointly obtained a Legal Opinion from leading human rights
experts (<A HREF="http://www.fipr.org/ecomm99/pr.html">http://www.fipr.org/ecomm99/pr.html</A>) which found that requiring
the defence to prove that they do not possess a key was a likely breach of
the European Convention of Human Rights.
Mr.Bowden commented, "following the recent liberalisation of US export
laws, as tens of thousands of ordinary computer users start to use
encryption, a test-case looks inevitable after the Human Rights Act comes
into force in October."
R.I.P. RESURRECTS KEY ESCROW BY INTIMIDATION ?
==============================================
Bowden said: "after trying and failing to push through mandatory
key-escrow, then voluntary key-escrow, it now looks like the government
is resorting to key-escrow through intimidation."
Notes for editors
=================
1. Detailed analysis of the bill will be available on
the FIPR website (<A HREF="http://www.fipr.org/">www.fipr.org</A>) later today.
2. FIPR is an independent non-profit organisation that studies the
interaction between information technology and society, with special
reference to the Internet; we do not (directly or indirectly) represent the
interests of any trade-group. Our goal is to identify technical developments
with significant social impact, commission research into public policy
alternatives, and promote public understanding and dialogue between
technologists and policy-makers in the UK and Europe. The Board of Trustees
and Advisory Council (<A HREF="http://www.fipr.org/trac.html">http://www.fipr.org/trac.html</A>) comprise some of the
leading experts in the UK.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<A HREF="http://www.fipr.org/ecomm99/pr.html">http://www.fipr.org/ecomm99/pr.html</A>
Press Release
25 October 1999
ELECTRONIC COMMUNICATIONS BILL FAILS HUMAN RIGHTS AUDIT
JUSTICE, the legal human rights organisation, and the Foundation for
Information Policy Research today (Monday, 25 October) warn that those
aspects of the Government?s draft Electronic Communications Bill which deal
with police powers to unscramble encoded e-mail are likely to breach human
rights standards under the European Convention on Human Rights.
The Bill -- intended to encourage electronic commerce and on-line delivery
of government services -- allows the police to serve written notice to
demand either that a communication be decrypted or the private encryption
key be handed.
According to our Human Rights Audit of the draft Bill, which is based on an
Opinion obtained from two leading lawyers, the Government has wrongly opted
for the widest police powers enabling open-ended interception of encrypted
material. The Opinion says that this " will have the inevitable consequence
of compromising the affected individual's whole security and privacy
apparatus " and thereby likely contravene Article 8 of the European
Convention, on respect for private life.
In a detailed audit of Part III of the Bill, the Opinion identifies several
other potential human rights breaches:
* The presumption of innocence is reversed: failure to comply with a
decryption notice will be a criminal offence unless the individual
concerned can prove that s/he does not have the key, or does not have
access to it because, for instance, the password has been forgotten.
This contravenes the right to a fair trial guaranteed under Article 6
of the European Convention.
* The right to remain silent is likely to be breached: The police may
require the addressee of a "decryption notice" to produce a private key
when it "appears" that s/he has such a key; failure to produce it will
be a criminal offence. Disclosure of the key may lead to the discovery
of incriminating material. If used at trial, this is likely to infringe
Article 6 of the European Convention, which includes a privilege
against self-incrimination.
* There are inadequate safeguards against abuse: There is no provision
for independent judicial supervision of Part III as a whole, as
required by Article 8 of the European Convention. Instead, the proposed
Complaints Tribunal and Commissioner will only apply to those cases
where the interception warrant has been approved by the Secretary of
State under the 1985 Interception of Communications Act.
Peter Noorlander, Legal Policy Officer at JUSTICE, said:
"There are other, less intrusive ways of giving police access to
encrypted material when a crime is suspected. To ensure compliance
with human rights standards, the Government must re-think this
part of the Bill."
Caspar Bowden, Director of the Foundation for Information Policy Research,
said:
"The government is attempting to bolt decryption powers for the
internet onto existing interception laws. This legal analysis
demonstrates definitively why this approach is unsound and is
incompatible with basic human rights."
Note to Editors:
1. The Opinion is written by Professor Jack Beatson QC (formerly a Law
Commissioner) and Tim Eicke, barrister, from Essex Court Chambers. A
full copy of the Opinion is available on the internet, at
<A HREF="http://www.fipr.org/ecomm99/ecommaud.html">http://www.fipr.org/ecomm99/ecommaud.html</A>, or from the JUSTICE office.
2. The draft Electronic Communications Bill is included in a DTI
consultation document, Promoting Electronic Commerce. It is expected to
be introduced in the next parliamentary session.
3. JUSTICE is conducting human rights audits of current legislation.
Completed audits include the Immigration and Asylum Bill, Access to
Justice Bill, Youth Justice and Criminal Evidence Bill, Draft Freedom
of Information Bill and consultation papers on Anti-terrorism and the
Mental Health Review. In 1998, it published a major report on covert
policing, "Under Surveillance: Covert Policing and Human Rights
Standards".
4. The Foundation for Information Policy Research is the UK's leading
Internet policy think-tank, an independent non-profit organisation that
studies the interaction between information technology and society from
a broad perspective. FIPR monitors technical developments with
significant social impact, commissions research into public policy
alternatives, and promotes public understanding and dialogue between
technologists and policy-makers in the UK and Europe.
Further Information
For further information, contact Lib Peck, JUSTICE, on 0171 762 6419, or
Nicholas Bohm (FIPR legal officer) on 1279 871272.
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
CPSR Cyber Rights -- <A HREF="http://www.cpsr.org/cpsr/nii/cyber-rights/">http://www.cpsr.org/cpsr/nii/cyber-rights/</A>
To unsubscribe, e-mail: <A HREF="mailto:cyber-rights-unsubscribe@cpsr.org">cyber-rights-unsubscribe@cpsr.org</A>
To reach moderator, e-mail: <A HREF="mailto:cyber-rights-owner@cpsr.org">cyber-rights-owner@cpsr.org</A>
For additional commands, e-mail: <A HREF="mailto:cyber-rights-help@cpsr.org">cyber-rights-help@cpsr.org</A>
Materials may be reposted in their _entirety_ for non-commercial use.
~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
------------------------------
Date: Fri, 11 Feb 2000 14:01:30 -0500
From: Mike Zandpour <<A HREF="mailto:zandpour@osc.edu">zandpour@osc.edu</A>>
Subject: Privacy2000 Conference: Information & Security in the Digital Age
The Technology Policy Group at the Ohio Supercomputer Center will be
hosting a conference on Privacy in November 2000. The conference is
entitled Information & Security in the Digital Age. Privacy2000 is a
follow-up to last year's groundbreaking Ohio Business Privacy Forum, the
inaugural event in the TPG's Technology in Business
Series. The 1999 conference had over 100 attendees, with keynote
presentations given by Peter Swire, Chief Counselor of Privacy for the
Office of Management and Budget for the United States; Professor George
Trubow, Director, Center for Information Technology and Privacy Law, John
Marshall Law School; and United States Congressman Michael G. Oxley, (4th
District Ohio).
Industry participants included representatives from Nationwide, NCR, Bank
One, Sterling Commerce, BBB Online, Vorys, Sater, Seymour and Pease;
Squire, Sanders & Dempsey; Thompson, Hine & Flory; in addition to
nationally recognized academics.
For more on the 1999 privacy conference go to <A HREF="http://www.osc.edu/techseries/">http://www.osc.edu/techseries/</A>.
We are very excited about Privacy2000. Expected speakers include Professor
Peter P. Swire, Chief Counselor of Privacy for the Office of Management and
Budget for the United States; Jason Catlett, President Junkbusters; in
addition, we are putting together a moderated roundtable to be televised on
public television.
Through interactive workshops and panels, we seek to inform business,
industry, medical and legal personal,government, and the public on vital
privacy issues and possible solutions. We expect this year's attendance to
be between 250-300.
Privacy2000 is designed to be a regional conference with national players
and participation (note: among last year's attendees were the Director and
Deputy Director of the I.R.S. Privacy Advocate for the United States. We
consider Privacy2000 a prelude to taking our privacy conference national in
2001.
Feel free to contact me for more information on Privacy2000,
Mike Zandpour
Technology Policy Group--Legal Researcher
Ohio Supercomputer Center
<A HREF="mailto:Zandpour@osc.edu">Zandpour@osc.edu</A>
(614) 292-6477
------------------------------
End of PRIVACY Forum Digest 09.10
************************
</PRE>
<hr>
<center>
<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>
</center>
<p>
<font size=-2>Copyright © 2001 Vortex Technology. All Rights Reserved.</font>
</BODY>
</HTML>
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
