1995-10-23 - EPIC Alert 2.12 (Wiretap regs, funding, FLIR)

Header Data

From: banisar@epic.org (Dave Banisar)
To: cypherpunks@toad.com
Message Hash: 678f739b164ccc892e3658591c34b2d773efca2afc853c606009ac064719becd
Message ID: <v02130501acb1932a30a3@[204.91.138.69]>
Reply To: N/A
UTC Datetime: 1995-10-23 17:47:52 UTC
Raw Date: Mon, 23 Oct 95 10:47:52 PDT

Raw message

From: banisar@epic.org (Dave Banisar)
Date: Mon, 23 Oct 95 10:47:52 PDT
To: cypherpunks@toad.com
Subject: EPIC Alert 2.12 (Wiretap regs, funding, FLIR)
Message-ID: <v02130501acb1932a30a3@[204.91.138.69]>
MIME-Version: 1.0
Content-Type: text/plain



     =============================================================

        @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
        @     @  @   @   @        @ @   @     @     @  @    @
        @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
        @     @      @   @       @   @  @     @     @  @    @
        @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

     =============================================================
     Volume 2.12                                   October 23, 1995
     -------------------------------------------------------------

                         Published by the
           Electronic Privacy Information Center (EPIC)
                          Washington, DC
                          info@epic.org
                      http://www.epic.org/

            * Special Edition: National Wiretap Plan *

=======================================================================
Table of Contents
=======================================================================

 [1] FBI Wiretap Plan Exceeds Legislative Authority
      (and what you can do)
 [2] Illegal Bugging by US Agencies Continues
 [3] Status of Wiretap Funding
 [4] Court Rules Against Hi-tech Spy Devices
 [5] NTIA to Release Privacy "Policy"
 [6] Privacy Success -- Marketry Drops Plan to Sell Net Data
 [7] ACLU Civil Liberties Update / Privacy Rights Clearinghouse
 [8] Upcoming Conferences and Events

=======================================================================
[1] FBI Wiretap Plan Exceeds Legislative Authority
      (and what you can do)
=======================================================================

The FBI has released a dramatic "reinterpretation" of the Communications
Assistance for Law Enforcement Act (the "Digital Telephony" bill or
"CALEA"). In a Federal Register notice which outlines "capacity
requirements" for surveillance of the nation's communications
infrastructure, the FBI is claiming that compliance with CALEA requires
that telephone companies and other service providers in some regions of
the country build in enough surveillance capacity so that *one percent*
of all phone lines could be *simultaneously* wiretapped, calls isolated,
and forwarded to the FBI. This would permit wiretapping at a level at
least a thousand time greater than currently occurs in the United
States.  This level of surveillance is also far in excess of what
Congress intended when it enacted the CALEA. The rule, if adopted, will
lead to a radical change in the surveillance capabilities of the
government.

The methodology used to determine capacity requirements is also deeply
flawed. Wiretapping reports, as required by law, have always been based
on actual taps authorized, actual conversations intercepted, and actual
lines surveilled. These numbers are reported annually by the
Administrative Office of the U.S. Courts. The Bureau's proposed rule
attempts to shift from the analytic approach required by current wiretap
law to one that is based on percentages of total communications
activity. It is similar (in purpose and magnitude) to a government
agency that had received an annual appropriation of $12 m to argue by
regulation that it was now entitled to 1% of the federal budget (roughly
$18 b).

EPIC has filed a Freedom of Information Act request seeking all
documents relating to the development of this proposed rule.

WHAT YOU CAN DO:

 (a) Submit comments to the FBI.  Object to the "percentage approach" to
     wiretap capacity.  Urge the FBI to follow the current measurement
     of wiretapping, as reported annually by the Administrative
     Office of the U.S. Courts, which considers the actual number of
     wiretaps authorized. If you are a telephone customer, ask
     the FBI to address the privacy risks of unauthorized, illegal, or
     excessive wire surveillance. Comments should be submitted in
     triplicate to the Telecommunications Industry Liaison Unit
     (TILU), Federal Bureau of Investigation, P.O. Box 220450,
     Chantilly, VA 22022-0450. For further information, contact TILU
     at (800) 551-0336. Refer to your question as a "capacity notice"
     inquiry.

       ** Comments must be received by November 15, 1995.**

  (b) If you represent or work for a telecommunications company,
     equipment manufacturer, or service provider, assess carefully the
     cost and liability that this proposed federal regulation may impose
     on your company and the risk that it may expose your customers to
     illegal wiretapping. If you are interested in challenging the
     final FBI rule, contact EPIC and send us a copy of your comments.
     We are prepared to assist individuals and companies with a legal
        challenge.

The FBI Federal Register notice (October 16, 1995, Volume 60, Number
199, Pages 53643 - 53646) is available at:

   http://www.epic.org/wiretap/calea_notice_10_95.txt

EPIC will soon post a copy of its FOIA request and its comments on the
regulation to implement a national wiretap plan.

=======================================================================
[2] Illegal Bugging by U.S. Agencies Continues
=======================================================================

Reports of illegal wiretapping by U.S. agencies are on the rise. Last
week Japanese officials expressed concern over a report of CIA spying
during automotive trade talks earlier this year, and said they would ask
the United States to investigate, according to an October 16 Reuters
report. "This is certainly not a very pleasant matter," said Trade
Minister Ryutaro Hashimoto.  Ichiro Fujisaki, political minister at the
Japanese embassy "expressed the Japanese government's concern that
should the report be true, it could hurt our national sentiment and
U.S.-Japanese friendship and mutual trust."

The New York Times reported earlier that the Central Intelligence Agency
conducted electronic surveillance in the course of preparing reports for
American negotiators prior to an accord reached in June. The Times also
reported that U.S. Trade Representative Mickey Kantor "was regularly
supplied with information gathered about the Japanese negotiation
position by the CIA's Tokyo station and the National Security Agency,
which operates electronic eavesdropping equipment." (NYT, Oct. 14,
1995). The Washington Post confirmed the incident and noted that the
"eavesdropping reflected the U.S. intelligence community's increasing
involvement in economic and commercial information gathering since the
end of the Cold War."

The illegal wiretapping report follows an incident earlier this year
when French officials charged that the United States intelligence
agencies engaged in clandestine monitoring of trade negotiations.

Meanwhile, the President of Estonia was forced to resign following news
that he had engaged in secret wiretapping of political opponents.
According to the New York Times, residents of Estonia wondered whether
the days of Soviet police agents spying on citizens had returned. Newly
chosen President Lennart Mei called the scandal "a crisis of democracy."
 He said, "We must ask ourselves: Does power belong to the people if
surveillance equipment is in the hands of others?"  (NYT, Oct. 18)

Estonia is the most recent country to see its government fall after
public disclosure of illegal wiretapping. In the last few years, Greece
and France have replaced political leaders because of wiretapping
scandals.

=======================================================================
[3] Status of Wiretap Funding
=======================================================================

In 1995 the Communications Assistance for Law Enforcement Act authorized
the expenditure of $500,000,000 over four years to reimburse companies
to design wiretap-ready communications technologies.  But opposition to
the "Digital Telephony" proposal forced the FBI and the White House to
find a creative way to fund the unpopular program.  Now the
Administration is proposing that the $500 M be gathered from a special
fund which authorizes the surcharge of 40 percent on all civil fines
levied by the United States after October 1, 1995, excluding fines
levied by the Internal Revenue Service. [The specific legislative
provision may be found in Title IV of the Counterterrorism Bill, HR 1710
(Civil Monetary Penalty Surcharges and Telecommunications Carrier
Compliance Payments).  The terrorism bill is now under consideration by
Congress and will be the subject of an upcoming EPIC Alert].

But even the "slush" fund may not generate enough money to reimburse
companies to design wiretap capabilities, which some industry experts
estimate may run in excess of $2 billion.  The House appropriations bill
for the Department of Justice sets aside only $50 M for the Telephone
Carrier Compliance program.

The U.S. Telephone Association earlier recommended that the government
follow traditional funding methods for the program rather than the
slush fund approach taken in the Counter-terrorism bill. The benefits
of such a budget, said the USTA, include the fact that "it brings the
process into the sunshine, making government surveillance expenditures
an issue for public scrutiny." (USTA Wiretap Workshop, May 1995). The
Office of Technology Assessment, before its demise, also prepared a
useful overview of the bill and discussed the funding issues --
"Electronic Surveillance in a Digital Age" (OTA 1995).

Further information about wiretapping is available at the EPIC web page:

   http://www.epic.org/privacy/wiretap/

=======================================================================
[4] Court Rules Against Hi-tech Spy Toys
=======================================================================

In a case that illustrates that the protections provided by the Fourth
Amendment against the intrusiveness of modern technologies are still
very much alive, the U.S. Court of Appeals for the 10th Circuit ruled on
October 4 that police must obtain a warrant before using Forward Looking
Infrared Radar (FLIR) devices to examine private residences. FLIR
measures heat differentials on surfaces of as little as 0.5 degrees
Celsius to determine activities inside homes. Police use FLIR devices to
scan neighborhoods an detect houses that emanate heat which may be
caused by "grow" lamps.

In U.S. v. Cusumano, No 94-8056, No 94-8057, Oct. 4, 1995, the court
ruled that new technologies do not eliminate the normal expectation of
privacy that individuals have in their homes. Echoing the words of
Justice Brandeis' opinion in a 1928 wiretap case, the court said:

   the Defendants need not have anticipated and guarded against
   every investigative tool in the government's arsenal. To hold
   otherwise would leave the privacy of the home at the mercy of the
   government's ability to exploit technological advances: the
   government could always argue that an individual's failure (or
   inability) to ward off the incursions of the latest scientific
   innovation forfeits the protection of the Fourth Amendment ... [T]he
   government would allow the privacy of the home to hinge upon the
   outcome of a technological race of measure/counter-measure between
   the average citizen and the government -- a race, we expect, that
   the people will surely lose.

Other courts have split on this question. Recently, the Washington State
Supreme Court ruled that a warrant is required before FLIR can be used
(State v. Young, 867 P.2d 593 (Wash. 1994), while several other federal
appeals courts have ruled that the heat is "waste" not protected by the
Fourth Amendment.  The 10th Circuit opinion rejected the waste argument
"because the interpretation of that data allows the government to
monitor those domestic activities that generate a significant amount of
heat. It . . . strips the sanctuary of the home of one vital dimension
of its security: the 'right to be let alone' from the arbitrary and
discretionary monitoring of our actions by government officials."


=======================================================================
 [5] NTIA to Release Privacy "Policy"
=======================================================================

The National Telecommunications and Information Administration is
expected to release today (October 23) a white paper entitled "Privacy
and the NII: Safeguarding Telecommunications-Related Personal
Information." In an agency press release, NTIA administrator Larry
Irving said, "We hope to contribute to the effort of addressing the
public's concerns regarding the protection of their personal
information." NTIA says the paper will focus on "privacy concerns
associated with an individual's subscription to or use of a
telecommunications or information service."

But if the final NTIA report is at all similar to a privacy policy
discussed by an NTIA official at a conference earlier this month in
Brehmen, Germany there is little that will reassure the public about
this policy. Ignoring mounting evidence that voluntary codes have
failed and that new technologies of privacy should be promoted, the
NTIA recommends a "be careful out there" strategy, in effect saying that it
is better to post warning signs along the information highway than to
make the road safer to travel.

The NTIA proposal specifically recommends the "contract" approach to
privacy that was rejected by European officials earlier this year as
an inadequate safeguard for consumers using advanced communications
services.

NTIA officials, and other members of this Administration, have claimed
that with changing technology it is too difficult to legislative
effectively.  But a different group of public officials, facing a
similar challenge 20 years ago did not make such excuses. *Records,
Computers, and the Rights of Citizens* (1973) was a ground-breaking
report that spoke clearly of the need to protect citizens rights, led to
passage of the Privacy Act of 1974, and established firmly the
importance of Fair Information Practices.  NTIA's report, like the other
privacy "policies" of this administration, will occupy no similar place
in history. The spirit of Clipper has infused this government.

Copies of the report are available from NTIA at 202/482-3999 and will
soon be posted at the EPIC web site with a complete critique.  EPIC has
also prepared a detailed review of an earlier administration privacy
code:

   http://www.epic.org/privacy/internet/epic_nii_privacy.txt


=======================================================================
[6] Privacy Success -- Marketry Drops Plan to Sell Net Data
=======================================================================

In a notable victory for consumer privacy and on-line activism, a
Bellevue, Washington company has backed off plans to sell personal
information gathered from the Internet following reports in the
Washington Post and a call to action in the EPIC Alert.  Marketry
President Norm Swent announced last week "Marketry's resignation as
manager of the email Internet Interest Selector list." However, Marketry
was not the compiler of the data. Another agent could still be found.

Washington Post reporter John Schwartz broke the Marketry story in the
paper's Business section following news of the proposal in the industry
trade publication The Friday Report. The Marketry data was to be
gathered from newsgroup posts, website visits, and chat room comments.

=======================================================================
 [7] ACLU Civil Liberties Alert / Privacy Rights Clearinghouse
=======================================================================

An excellent civil liberties on-line newsletter is the ACLU
Cyber-Liberties Update/

   To subscribe to the ACLU Cyber-Liberties Update, send an e-mail
   message to infoaclu@aclu.org with "subscribe ACLU" in the subject
   line of your message.  For more information about the newsletter,
   contact editor Ann Beeson, beeson@aclu.org.

One of the leading consumer privacy organizations in the country is
the Privacy Rights Clearinghouse in San Diego.  Formed in 1992, the
Clearinghouse has produced many consumers fact sheets on common privacy
concerns, and maintains a toll free hotline to provide advice to
consumers about their rights.

   More information about the Privacy Rights Clearinghouse is available
   at http://www.manymedia.com/prc/. 5998 Alcala Park, San Diego, CA
   92110. (619) 260-4806 (tel). 800-773-7748 (in Cal. only)
   prc@teetot.acusd.edu (email) Director: Beth Givens.

For a comprehensive guide to online privacy resources, check out:

    http://www.epic.org/privacy/privacy_resources_faq.html

=======================================================================
[8] Upcoming Privacy Related Conferences and Events
=======================================================================

SPECIAL: Ram Avrahami will discuss efforts to strengthen consumer
  privacy this week on NPR's Morning Edition and then on CNN Today. For
  more information, check out http://www.epic.org/privacy/junk_mail/)

Smithsonian Institution, "Frontiers in Cyberspace: Encryption, Privacy,
and Cybercodes. October 25, 1995.  Marc Rotenberg, Director, Electronic
Privacy Information Center (EPIC), Philip Zimmermann, Creator, Pretty
Good Privacy (PGP); Stewart Baker, Attorney, Steptoe & Johnson, former
General Counsel, National Security Agency. Contact: Melody Curtis
(CurtisM@aol.com)

Managing the Privacy Revolution. October 31 - November 1, 1995.
Washington, DC. Sponsored by Privacy & American Business. Speakers
include Mike Nelson (White House) C.B. Rogers (Equifax). Contact Alan
Westin 201/996-1154.

Innovation and the Information Environment.  November 3-4. University
of Oregon School of Law in Eugene,  Oregon.  Contact: Keith Aoki
KAOKI@law.uoregon.edu.

National Privacy and Public Policy Symposium.  November 2-4., Hartford,
Cosponsored by the Connecticut Foundation for Open Government. Contact
Richard Akeroyd, rakeroyd@csunet.ctsateu.edu 203/566-4301 (tel),
203/566-8940 (fax)

22nd Annual Computer Security Conference and Exhibition. November 6-8,
Washington, DC. Sponsored by the Computer Security Institute.
Contact: 415-905-2626.

Global Security and Global Competitiveness: Open Source Solutions.
November 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert Steele
oss@oss.net.

"The Right to Privacy," November 9.  Authors Caroline Kennedy and Ellen
Alderman discuss their new book on privacy.  Lizner Auditorium, George
Washington University, Washington, DC.  Contact 202/357-3030.

11th Annual Computer Security Applications Conference: Technical
papers, panels, vendor presentations, and tutorials that address the
application of computer security and safety technologies in the civil,
defense, and commercial environments. December 11-15, 1995, New Orleans,
Louisiana. Contact Vince Reed at (205)890-3323 or vreed@mitre.org.

RSA 6th Annual Data Security Conference:  Cryptography Summit.
Focus on the commercial applications of modern cryptographic technology,
with an emphasis on Public Key Cryptosystems. January 17-19, 1996.
Fairmont  Hotel, San Francisco.  Contact Layne Kaplan Events, at (415)
340-9300, e-mail at info@lke.com, or register at http://www.rsa.com/.

Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact cfp96@mit.edu or
http://www-swiss.ai.mit.edu/~switz/cfp96

Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers should
be submitted by February 1, 1996. Contact Wade Robison privacy@rit.edu,
by FAX at (716) 475-7120, or by phone at (716) 475-6643.

Australasian Conference on Information Security and Privacy June
24-26, 1996. New South Wales, Australia. Sponsored by Australasian
Society for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (jennie@cs.uow.edu.au).

Visions of Privacy for the 21st Century: A Search for Solutions.
May 9-11, 1996.  Victoria, British Columbia. Sponsored by The Office
of Information and Privacy Commissioner for the Province of British
Columbia and the University of Victoria. Program at
http://www.cafe.net/gvc/foi

18th International Conference of Data Protection and Privacy
Commissioners. Sponsored by the Privacy Commissioner of Canada.
September 18-20, 1996. Ottawa, Canada.

Advanced Surveillance Technologies II. Sponsored by EPIC and Privacy
International. September 17, 1995. Ottawa, Canada. Contact
pi@privacy.org

International Colloquium on the Protection of Privacy and Personal
Information. Commission d'acces a l'information du Quebec. May 1997.
Quebec City, Canada.

             (Send calendar submissions to Alert@epic.org)

=======================================================================

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center.  To subscribe, send the message:

    SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname

to listserv@cpsr.org.  You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce.

Back issues are available via http://www.epic.org/alert/ or
FTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (Go
NCSA), Library 2 (EPIC/Ethics).


=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information, email info@epic.org, WWW at
HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).

The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights.  Computer Professionals for Social Responsibility is a
national membership organization of people concerned about the impact
of technology on society.  For information contact: cpsr-info@cpsr.org

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act
litigation, strong and effective advocacy for the right of privacy and
efforts to oppose government regulation of encryption and funding of
the National Wiretap Plan.

Thank you for your support.

------------------------ END EPIC Alert 2.12 ------------------------







Thread