Electronic Privacy Information Center (EPIC) Newsl
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Date: Tue, 28 Jun 1994 20:58:39 -0700
Subject: EPIC Alert 1.03
Subject EPIC Alert 1.03
From Dave Banisar
To CPSR Listserv
EPIC Alert 1.03
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
Volume 1.03 June 29, 1994
Published by the
Electronic Privacy Information Center (EPIC)
Table of Contents
 ACM to Release Crypto Report, Recommendations
 US House of Representatives Approve Credit Privacy Bill
 FCC Caller ID Decision Appealed
 NY Consumer Board Slams FCC Caller ID Decision
 SSN and Marketing List Privacy Bills Introduced
 New Files at the Internet Library
 Upcoming Conferences and Events
 ACM to Release Crypto Report, Recommendations
A press conference will be held at the U.S. Capitol on Thursday, June
30 at 10:30 am to announce the release of a new study on the
controversial Clipper cryptography proposal. The study was convened
by the Association for Computing Machinery (ACM) and sponsored by the
National Science Foundation.
The ACM cryptography panel was chaired by Dr. Stephen Kent, Chief
Scientist for Security Technology with the firm of Bolt, Beranek and
Newman. Dr. Susan Landau, Research Associate Professor in Computer
Science at the University of Massachusetts, co-ordinated the work of
the panel and did most of the writing. The panel members were Dr.
Clinton Brooks, Advisor to the Director, National Security Agency;
Scott Charney, Chief of the Computer Crime Unit, Criminal Division,
U.S. Department of Justice; Dr. Dorothy Denning, Computer Science
Chair, Georgetown University; Dr. Whitfield Diffie, Distinguished
Engineer, Sun Microsystems; Dr. Anthony Lauck, Corporate Consulting
Engineer, Digital Equipment Corporation; Douglas Miller, Government
Affairs Manager, Software Publishers Association; Dr. Peter Neumann,
Principal Scientist, SRI International; and David Sobel, Legal
Counsel, Electronic Privacy Information Center.
The final report of the panel will be made public at the Thursday
press conference. Also, the policy committee of the 85,000 member ACM
will release a statement on cryptography issues facing the Clinton
The conference will be held in the United States Capitol building,
room SC-5. For more information, please call the US ACM Washington
Office at 202-298-0842.
 US House of Representatives Approve Credit Privacy Bill
The US House of Representatives approved substantial revisions to the
Fair Credit Reporting Act on June 7. The passing of this bill,
following the Senate enactment of a similar bill in May, virtually
ensures that long-awaited revisions to the FCRA will finally happen
The bill contains a number of improvements over existing law. It
prohibits the use of credit reports for directing marketing and
unsolicited offers of credit unless the consumer is offered the
opportunity to prevent the disclosure of their information. In the
case of credit offers, the offer must also be irrevocable and not
contingent on obtaining more information from the consumer. Credit
agencies are also prohibited from transferring any medical information
for either employment or credit purposes without the prior consent of
Under the bill, consumers have an extended rights of access. Agencies
cannot charge more than $3 for one copy per year of a consumer report.
Additional reports cannot cost more than $8. After an adverse decision
is made based on information in a credit report or incorrect
information is found in a report, consumers can receive free reports.
To make it easier for consumers to obtain information, all
nationally-based agencies must operate toll-free 800 numbers.
In addition, the bill implements tougher standards on the accuracy of
information. Agencies must investigate all disputed information within
30 days. If information cannot be confirmed, it must be deleted from
the record and cannot be reinserted unless the source of the
information certifies that it is complete and accurate. Agencies must
take reasonable procedures to ensure that incorrect information does
not reappear. There is a general prohibition from furnishing
incomplete or inaccurate information to a credit agency and every
provider has a duty to update and correct any information that they
Civil and criminal penalties for willful or negligent use of incorrect
information are increased. Criminal penalties are increased to two
years and a $10,000 fine. Civil penalties are raised to at least
$1,000 and attorney fees.
There are several controversial provisions in the bill. Under the
bill, states a prohibited from enacting stronger protections until
2003. In addition, the FBI may access records by showing a judge that
there is a authorized foreign counterintelligence investigation and a
minimal showing of facts that there may be a violation of a criminal
The bill now goes to a House-Senate conference committee to work out
differences between the two bills. Areas of difference include
preemption, the duty of providers to furnish correct information, and
the FBI access provision.
 FCC Caller ID Decision Appealed
Several state utility commissions, including New York's and
California's, have petitioned the Federal Communications Commission to
reconsider its controversial Caller ID decision. The petitions ask the
FCC to reverse its decision mandating per-call blocking for interstate
calls and its preemption of state regulations. The commissions are
concerned that the federal regulation will limit consumer privacy
protection for intra-state calls.
It is uncertain if the FCC will take the unusual action of accepting
the petitions. Since the Caller ID decision was released in April, two
new commissioners have joined the FCC. A total of 48 parties,
including telephone companies who are concerned about which party is
charged the cost of transmitting the information, have filed petitions
asking the FCC to reconsider its decision.
Per-call blocking, which is favored by telephone companies, requires
that a caller to enter a series of numbers into their telephone before
each call to prevent their number from being distributed. Under
per-line blocking, privacy blocking is the default and the caller may
opt to release their number.
The New York Public Utility Commission's petition notes that "there is
no technological bar to enabling each state to designate per line or
per call blocking and have that privacy notation affixed to that
caller's phone calls both intra and interstate." The PUC calls on the
FCC, which did not hold a single hearing on Caller ID, to review the
decisions of the many states that did hold hearings.
Professor Rohan Samarajiva of Ohio State University, who also filed
for reconsideration, found that 46 states held hearings on Caller ID
before the FCC issued their final decision. He found that as
information became more available on Caller ID, the state utility
commissioners increasingly required that per-line blocking be offered
in addition to per-call. By 1994, 33 jurisdictions developed rules
with stronger privacy protection than the FCC decision. 18 states
require per-line blocking be offered to all consumers, including
Pennsylvania, Ohio, California and New York.
CPSR has also filed a petition asking the FCC to revise its decision.
CPSR calls for free per-line blocking and note the additional burden
of per call blocking will cost consumers who have unlisted telephone
numbers $1.2 billion each year through the disclosure of unlisted
numbers. They describe the FCCUs suggestion that consumers who wish
to ensure that their numbers remain private purchase equipment as
Runreliable and discriminatory.S
In addition, the California PUC has filed suit in the 9th Circuit
Court of Appeals, asking the court to overturn the ruling and prevent
The FCC decision on Caller ID and the CPSR Petition for
Reconsideration are available from cpsr.org. See below for details.
 NY PUC Letter to FCC on Caller ID
The following is a letter set by New York State Public Utility
Committee Chairman Peter Bradford to FCC Chairman Reed Hundt on the
FCC's Caller ID decision. For more information, contact Stacey Harwood
STATE OF NEW YORK
PUBLIC SERVICE COMMISSION
PETER A. BRADFORD THREE EMPIRE STATE PLAZA
June 1, 1994
Reed Hundt, Chairman
Federal Communications Commission
1919 M Street, N.W.
Washington, DC 20554
Dear Chairman Hundt:
I am writing to express My concern about the Federal Communications
Commission's recent decision (Docket #91-281) limiting the range of
privacy protections available to telephone callers in connection with
Call ID service. The potential preemptive features of this decision
undermine sensible allocation of responsibility between state and
federal jurisdictions, namely that the federal government preempt only
where issues of overriding national concern are clearly at stake and
then only after strong proof that no alternative approach will protect
the national concerns.
All of these essential elements (clear national concern, strong
proof, and the absence of other alternatives) are lacking here.
Instead, the casual reasoning and the destructive remedy mock stated
Clinton Administration eagerness to work with the states to assure
that telecommunications decisions are sensitive to important consumer
The FCC's decision appears to ignore the states' considerable
experience with Call ID. Prior to its authorization of Call ID, the
New York Public Service Commission (like many other states) conducted
extensive customer outreach and education programs to determine how
best to balance the privacy interests of the calling and called
parties. many witnesses, including psychiatrists, social workers,
police, other public safety officials, as well as family violence
crisis centers, saw danger and/or nuisance in Call ID without the
option of per line blocking.
These hearings established that privacy protection consisting only of
per call blocking represents the worst of all worlds. The harassing
caller is unlikely to forget to use per call blocking. It is the
customer who does not realize the implications of the availability of
Call ID to commercial number gatherers (or others who may abuse it)
who is likely to make his or her telephone number inadvertently
available. As a result, we concluded that in New York callers should
have the option of both per call and per line blocking. Since Call ID
service was approved with these options two years ago, no complaints
have been received from either Call ID subscribers or callers on the
issue of blocking. Furthermore, the market for Call ID does not seem
to be hurt by the availability of per line blocking, for subscription
rates are at least as high in states with per line blocking as
Nevertheless, the FCC decision contemplates preemption of state
requirements inconsistent with a federal per-call-blocking- only
regime. Since per line blocking only for intrastate calls does not
seem feasible, New York's standard (and those of some 40 other states)
will be preempted. Protracted litigation over the FCC decision is
certain and may impede the introduction of interstate Call ID service.
Several states, including New York are seeking reconsideration of the
FCC decision and California has challenged the FCC order in court.
Customer confusion and disappointment with limitations on privacy
options will spawn a host of complaints.
Furthermore, it will be hard for state regulators, to justify the
current surcharge for unpublished listings while telephone companies
market a service that compromises the value of those listings. I have
enclosed a recent New York notice raising this concern for parties in
two major cases. Telephone companies are not likely to go forward with
Call ID if they must forego tens of millions of dollars per year in
charges for unpublished numbers.
I hope that the FCC will think again about the impact of this
decision. It is likely to damage the prospects for Call ID, and it is
certain to damage federal-state relations in the communications area
at a time when much depends on our mutual trust and cooperation.
 SSN and Marketing Lists Privacy Bills Introduced
Rep. Dean Gallo (R-NJ) introduced on May 5 two bills to improve
consumer privacy. HR 4353 requires that companies that compile
personal information about consumers for the purpose of selling
marketing lists must notify the consumers about the potential sale of
the lists. Consumers may ask to be removed from the lists before they
are sold. The Federal Trade Commission is authorized to investigate
and enforce violations. The bill has been referred to Committee on
Energy and Commerce.
HR 4354 amends the Social Security Act to prohibit any person,
company, or government agency from transferring a persons SSN or any
derivative of it without the written consent of the person. It has
been referred to the Ways and Means Committee.
 Files Available for retrieval
The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy
International, the Taxpayers Assets Project and the Cypherpunks are
also archived. For more information, contact firstname.lastname@example.org.
Files on Caller ID: /privacy/communications/caller_id/
The FCC decision - fcc_caller_id_decision_94.txt.
CPSR Petition for Reconsideration - CPSR_RFR_on_FCC_Caller-ID_Order.txt
 Upcoming Privacy Related Conferences and Events
DEF CON ][ ("underground" computer culture) "Load up your laptop
Muffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July
22-24. Contact: email@example.com.
Hackers on Planet Earth: The First US Hacker Congress. Hotel
Pennsylvania, New York City, NY. August 13-14. Sponsored by 2600
Magazine. Contact: firstname.lastname@example.org.
Technologies of Surveillance; Technologies of Privacy. The Hague, The
Netherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (email@example.com).
16th International Conference on Data Protection. The Hague,
Netherlands. September 6-8. Contact: B. Crouwers 31 70 3190190
(tel), 31-70-3940460 (fax).
CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre <firstname.lastname@example.org>
Symposium: An Arts and Humanities Policy for the National Information
Infrastructure. Boston, Mass. October 14-16. Sponsored by the Center
for Art Research in Boston. Contact: Jay Jaroslav
Third Biannual Conference on Participatory Design, Chapel Hill, North
Carolina. October 27-28. Sponsored by CPSR. Contact:
Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November
11-13. Sponsored by ACM. Contact: email@example.com
(Send calendar submissions to Alert@epic.org)
To subscribe to the EPIC Alert, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to firstname.lastname@example.org. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data. EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email email@example.com, or write
EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1
202 544 9240 (tel), +1 202 547 5482 (fax).
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: firstname.lastname@example.org
------------------------- END EPIC Alert 1.03 -------------------------