________________ _______________ _______________
/_______________/\ /_______________\ /\______________\
\\\\\\\\\\\\\\\\\/ ||||||||||||||||| / ////////////////
\\\\\________/\ |||||________\ / /////______\
\\\\\\\\\\\\\/____ |||||||||||||| / /////////////
\\\\\___________/\ ||||| / ////
\\\\\\\\\\\\\\\\/ ||||| \//// e c t o r
_________________________________________________________________________
EFFector Vol. 10, No. 05 June 18, 1997 editor@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
ALERT: Senate vote on mandatory key escrow as early as Thu June 19!
Intro - Bernstein Case News
ALERT - Senate Committee Set to Vote on Key Escrow
What's Happening Now
What YOU CAN DO NOW!
Background On The Encryption Issue
How to start or stop receiving crypto-news
About This Alert
NICB Crime Database Raises Privacy Concerns & Congressional Hackles
Congress Takes Action
Background
What YOU Can Do
Upcoming Events
Quote of the Day
What YOU Can Do
Administrivia
* See http://www.eff.org/hot.html for more information
on current EFF activities and online activism alerts! *
----------------------------------------------------------------------
Subject: ALERT: Senate vote on mandatory key escrow; Bernstein crypto case
---------------------------------------------------------------------------
* Intro - Bernstein Case News
June 18, San Francisco: The final District-level arguments were heard in
Bernstein v. Dept. of State, an EFF-sponsored case challenging the US
encryption export restrictions as unconstitutional. As in previous
the ITAR restrictions on encryption software, which treat PGP, word
from Judge Marilyn Hall Patel, against the ITAR crypto restrictions, very
yet another piece of encryption legislation, this one aimed at making the
legal case moot (or at least weaker) and at generating a mood of
Congressional compromise. We urge all EFF members to respond to the alert
below and urge defeat of this new anti-crypto, anti-privacy legislation.
*************************************************************************
[begin crypto.com alert]
SENATE COMMERCE COMMITTEE SET TO VOTE ON MANDATORY KEY ESCROW
LEGISLATION AS EARLY AS THURSDAY JUNE 19TH! CALL NOW!
Date: June 17, 1997 Expires July 1, 1997
URL:http://www.crypto.com/ crypto-news@panix.com
Redistribution of crypto-news is allowed in its entirety.
Table of Contents
ALERT - Senate Committee Set to Vote on Key Escrow
What's Happening Now
What YOU CAN DO NOW!
Background On The Encryption Issue
How to start or stop receiving crypto-news
About This Alert
* ALERT - SENATE COMMITTEE SET TO VOTE ON BILL TO GUARANTEE GOVERNMENT
ACCESS TO YOUR PRIVATE ONLINE COMMUNICATIONS
On Tuesday June 17, Senators John McCain (R-AZ) and Bob Kerrey (D-NE)
ntroduced legislation which would all but mandate that Americans provide
The bill, known as "The Secure Public Networks Act of 1997" (S.909)
confidentiality of your online communications. Please take a moment to read
the instructions below and, if your Senator is a member of the Commerce
Committee, please take a moment to call your Senator TODAY!
Though offered on Capitol Hill as a compromise, the McCain-Kerrey bill is
virtually identical to draft legislation proposed earlier this year by the
Clinton Administration while doing nothing to protect the privacy and
Specifically, the bill would:
* Compel Americans to Use Government-Approved Key Recovery Systems
* Make Key Recovery a Condition Of Participation in E-Commerce
* Allow Government Carte Blanche Access to Sensitive Encryption Keys
Without a Court Order
* Create New Opportunities for Cybercrimes
* Codify a low 56-bit Key Length Limit on Encryption Exports
* Create Broad New Criminal Penalties for the Use of Encryption
The full text of the bill, along with a detailed analysis, is available
online at http://www.cdt.org/crypto/
* WHAT'S HAPPENING NOW
On Thursday June 19, the Senate Commerce Committee is scheduled to hold a
vote on S. 377, the Promotion of Commerce Online in the Digital Era
(Pro-CODE) Act - an Internet-friendly encryption reform bill sponsored by
Senators Burns (R-MT) and Leahy (D-VT).
Senator McCain, the Commerce Committee Chairman, is expected to try and
________________________________________________________________________
* WHAT YOU CAN DO NOW
** THE COMMITTEE IS EXPECTED TO VOTE AT 9:30 AM Eastern JUNE 19 **
** IT IS CRITICAL THAT YOU CALL YOUR SENATOR TODAY **
A list of Senate Commerce Committee members is printed below. If your
Senator is on the list, please call TODAY.
NOTE - If your Senator is not on the list, please visit
http://www.crypto.com/adopt and ADOPT YOUR LEGISLATOR. You will
receive targeted alerts next time your Representatives or
Senators are poised to vote on this and other critical Internet
Related issues.
call them at 202-224-3121. Ask for your Senator's office.
Order: Frist, Abraham, Snowe, Stevens, Browe, Bryan.
* = has publicly stated opposition to the McCain-Kerrey bill.
+ = has publicly stated support to the McCain-Kerrey bill.
William Harrison Bill Frist, R-TN
Spencer Abraham, R-MI ALL THESE SENATORS ARE
Olympia Snowe, R-ME TELEPHONABLE AT 202-224-3121
Ted Stevens, R-AK
John B. Breaux, D-LA
Richard H. Bryan, D-NV
+John McCain, R-AZ, Chairman
*Conrad R. Burns, R-MT
Slade Gorton, R-WA
*Trent Lott, R-MS
Kay Bailey Hutchison, R-TX
*John Ashcroft, R-MO
*Sam Brownback, R-KS
+Ernest F. Hollings, D-SC, Ranking minority member
Daniel K. Inouye, D-HI
Wendell H. Ford, D-KY
+John D. Rockefeller, IV, D-WV
+John F. Kerry, D-MA
*Byron L. Dorgan, D-ND
*Ron Wyden, D-OR
at the Commerce Committee Markup on June 19:
SAY
THIS -> I am a constituent calling to urge the Senator to oppose the
McCain-Kerrey "Secure Public Networks Act" at the Committee
markup on June 19.
The bill all but mandates key-recovery encryption and represents
a grave threat to privacy and electronic commerce on the
Internet.
We need a solution to this issue that protects privacy and
security on the Internet, and the solution being offered by
Senators McCain and Kerrey isn't it. I hope you will take a
strong stand on this important issue.
Go to the feedback page for your member of Congress at
http://www.crypto.com/feedback/ and let us know how it went. This
will help us coordinate our strategy on the ground in DC.
who live in your congressional district (do not forward after
June 25)
security on the Internet in 5 minutes than most people do in a year!
We appreciate your support!
* BACKGROUND ON THE ENCRYPTION POLICY ISSUE
Complete background information, including:
* A down-to-earth explanation of why this debate is important to
Internet users
* Analysis and background on the issue
* An analysis of the Risks of Key-Recovery by leading cryptographers
* Text of the Administration draft legislation
* Text of Congressional proposals to reform US encryption policy
* Audio transcripts and written testimony from recent Congressional
Hearings on encryption policy reform
* And more!
are all available at http://www.crypto.com/
* WHAT'S AT STAKE
Encryption technologies are the locks and keys of the Information age,
enabling individuals and businesses to protect sensitive information
as it is transmitted over the Internet. As more and more individuals
and businesses come online, the need for strong, reliable, easy-to-use
encryption technologies has become a critical issue to the health and
viability of the Net.
Current US encryption policy, which limits the strength of encryption
the global market must either conform to US encryption export limits or
complicated alternative.
The export controls, which the NSA and FBI argue help to keep strong
encryption out of the hands of foreign adversaries, are having the
opposite effect. Strong encryption is available abroad, but because of
the export limits and the confusion created by nearly four years of
net" here in the US.
A recently discovered flaw in the security of the new digital telephone
network exposed the worst aspects of the Administration's encryption
This incident underscores the larger policy problem: US companies are
at a competitive disadvantage in the global marketplace when competing
against companies that do not have such hindrances. And now, for the first
time in history, the Clinton Administration and members of the US Senate
their privacy and security online.
All of us care about our national security, and no one wants to make it
any easier for criminals and terrorists to commit criminal acts. But we
must also recognize encryption technologies can aid law enforcement
and protect national security by limiting the threat of industrial
espionage and foreign spying, promote electronic commerce and protecting
What's at stake in this debate is nothing less than the future of
commerce, education, and political discourse.
* HOW TO START OR STOP RECEIVING CRYPTO-NEWS
To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com)
or send mail to majordomo@panix.com with "subscribe crypto-news" in the
body of the message. To unsubscribe, send a letter to majordomo@panix.com
Requests to unsubscribe that are sent to shabbir@vtw.org will be ignored.
* ABOUT THIS ALERT
This message was brought to you by the Center for Democracy and
Technology (http://www.cdt.org) and the Voters Telecommunications Watch
(http://www.vtw.org/), who have joined together to create the Adopt Your
Legislator Campaign - a unique and effective way of creating dialogue
between members of Congress and their Constituents on critical
For more information on the Adopt Your Legislator Campaign, please visit
end alert 06.17.97
------------------------------
Subject: NICB Crime Database Raises Privacy Concerns & Congressional Hackles
----------------------------------------------------------------------------
* Congress Takes Action
This year, bi-partisan legislation has been introduced by Rep. Ed
Towns (D-NY) to preclude a commercial insurance "crime bureau" from
establishing an "all-claims" database to which law enforcement officers
have easy access for privacy-invasive "fishing expeditions" in which
data on all insurance claimants is treated as if it belonged to crime
suspects. This legislation is H.R.1029, the Insurance Claims Privacy
Protection Act (ICPPA).
Bill text: ftp://ftp.loc.gov/pub/thomas/c105/h1029.ih.txt
Following Rep. Towns's invitation, 20 co-sponsors have signed up to
back the legislation, and a Senate version of the bill is expected to
be introduced soon.
Towns and ICPPA co-sponsors Rep. John Duncan (R-TN) and Rep. John Mica
(R-FL) have asked selected state insurance commissioners/superintendants
for input, in several letters, available from the WWW version of this
article at:
http://www.eff.org/Privacy/Medical/ICPPA/HTML/icppa./html
EFF commends Rep. Towns and other other ICPPA co-sponsors for
introducing such timely and well-considered legislation. Though EFF
would prefer to see disclosure by data support organizations be
permissible only in response to court orders, not subpoenas, we
otherwise support this legislation as a much-needed loophole closure
in American privacy law.
* Background
The National Insurance Crime Bureau (NICB) has started to build an
"all-claims" database to hold all property and casualty insurance
claims, without appropriate privacy protections.
Originally, this NICB data base only held "suspicious" claims, to be
examined closely for possible fraud. Because of this history, federal,
state and local law enforcement officials have rapid, direct, and
nearly unlimited access to the NICB database. This easy law
enforcement access can lead to privacy-invasive "fishing expeditions"
in the files of innocent policyholders, even where there is no
suspicion of fraud or illegal activity.
The federal Fair Credit Reporting Act (FCRA), Title 15 of the US Code
(Chap. 41, Subchap. III) Sect. 1681, places strict limits on law
enforcement access (in recently added Sect. 1681u), and requires
procedures to be in place to permit persons to see their own files,
and, if they are inaccurate, correct them.
FCRA text: http://www.law.cornell.edu/uscode/15/1681.html
Sect. 1681u: http://www.eff.org/pub/Privacy/Surveillance/15usc1681u.law
The American Insurance Services Group (AISG), which operates an
"all-claims" property and casualty insurance claims database, and the
Medical Information Bureau (MIB), which operates a large database of
health and medical insurance information, both follow the requirements
of the FCRA.
The NICB claims that it is not subject to the FCRA, and does not
follow its requirements.
The new legislation's sponsors note also that NICB does not follow the
requirements of the Insurance Information and Privacy Protection Model
Act (IIPPMA) advanced by the National Association of Insurance
Commissioners (NAIC), and adopted in only 15 states.
A close examination of the IIPPMA, which was drafted ca. 1980, shows
that, despite its name, its privacy protections are woefully
inadequate. [Text of the IIPPMA not available online as of this
writing.]
* For instance, the requirements for law enforcement access to files
are not very strict, and the NICB's interpretation of the IIPPMA
permits too easy access to files by law enforcement authorities.
* Further, the IIPPMA permits consumer access to "personal
information that is not privileged"; however, "privileged
information" is separately defined as "information supplied in
relation to claims". Since most or all of the information
collected by the NICB for their "all-claims" data base is in
relation to claims, and therefore could be considered
"privileged", the NICB could block consumer's access to their own
files.
NAIC has responded to queries from Rep. Towns regarding such matters,
but not substantively.
NAIC response:
http://www.eff.org/Privacy/Medical/ICPPA/musser_towns_19970414.letter
Finally, it is offensive to innocent policy holders to have routine
claims made in good faith (i.e. in relation to losses incurred under
the insurance policy for which they have made premium payments) to be
placed in a "Crime Bureau" database.
* What YOU Can Do
If you are troubled by the NICB's "all-claims" database, please write
to or email one or more of the following Senators and Representatives
stating your concerns and supporting the Towns legislation:
US Senators (Mailing Address: [Name], U.S. Senate, Washington, D.C.
10510)
* Senator Orrin Hatch (R-UT), Chairman, Senate Judiciary Cmte.
Email: senator_hatch@hatch.senate.gov
* Senator Patrick J. Leahy (D-VT), Ranking Member, Senate Judiciary
Cmte.
Email: senator_leahy@leahy.senate.gov
* Senator John McCain (R-AZ), Chairman, Senate Commerce Cmte.
Email: senator_mccain@mccain.senate.gov
* Senator Ernest F. Hollings (D-SC),Ranking Member, Senate Commerce
Cmte.
Email: senator@hollings.senate.gov
* Senator Dianne Feinstein (D-CA),Member, Senate Judiciary Cmte.
Email: senator@feinstein.senate.gov
* Senator Barbara Boxer (D-CA), Member, Appropriations Cmte.
Email: senator@boxer.senate.gov
US Representatives (Mailing Address: [Name], U.S. House of
Representatives, Washington, D.C. 10515)
* Representative Henry Hyde (R-IL) Chairman, House Judiciary
Committee
Email: (not yet on system; use WriteRep)
* Representative John Conyers, Jr. (D-MI) Ranking Member, House
Judiciary Cmte.
Email: jconyers@hr.house.gov
* Representative Thomas Bliley, Jr. (R-VA) Chairman, House Commerce
Cmte.
Email: (not yet on system; use WriteRep)
* Representative John Dingell (D- MI) Ranking Member, House Commerce
Cmte.
Email: (not yet on system; use WriteRep)
* Representative Ed Towns (D-NY), Member, Commerce Cmte. (Sponsor of
H.R. 1029)
Email: (not yet on system; use WriteRep)
WriteRep System: http://www.house.gov/writerep/
For an fully-linked HTML version of this article, see:
http://www.eff.org/pub/Privacy/Medical/ICPPA/HTML/icppa.html
------------------------------
Subject: Upcoming Events
------------------------
This schedule lists EFF events, and those we feel might be of interest to
our members. EFF events (those sponsored by us or featuring an EFF speaker)
are marked with a "*" instead of a "-" after the date. Simlarly, government
events (such as deadlines for comments on reports or testimony submission,
or conferences at which government representatives are speaking) are marked
ndicates a non-USA event. If it's a foreign EFF event with govt. people,
t'll be "*!+" instead of "-". You get the idea. To let us know about an
event, please send details to Dennis Derryberry, dennis@eff.org, with a
The latest version of the full EFF calendar is available from:
ftp: ftp.eff.org, /pub/EFF/calendar.eff
See also our new Now-Up-to-Date HTML calendar at:
June 19-
20 - WASHINGTON, DC - CyberPayments '97
Conference will investigate issues of online commerce including
electronic cash and checks, credit cards, encryption systems
and security products; Sheraton Washington Hotel, Washington, DC
For more information contact:
email: vinceiaboni@msn.com
tel: +1 216 464 2618 x228
+1 800 529 7375
June 20-
21 + GLASGOW, SCOTLAND - International Symposium on Technology and
Society 1997 (ISTAS'97): Technology and Society at a Time of
Sweeping Change; University of Strathclyde in Glasgow, Scotland
ISTAS '97 aims to tackle questions of how advancements in
technology are affecting the social and natural landscape;
ISTAS '97 Secretariat
Conference Services Department
The Institution of Electrical Engineers
Savoy Place
London WC2R 0BL
UK
Tel: + 44(0)171 344 5469/8425
Fax: +44 (0)171 240 8830
E-mail: ISTAS@iee.org.uk
URL: http://www.iee.org.uk/LSboard/Conf/call_for/istas97.htm
June 22-
25 + TORONTO - GLOBAL KNOWLEDGE '97; given the vital role of
knowledge in economic and social development, and the
opportunities and challenges posed by new information
and communication technologies, how can developing countries,
and particularly the world's poor, access and harness knowledge
for development, so as to promote empowerment, enable life-long
learning, and reduce poverty?
URL: http://www.bvx.ca/ict/gk97.htm
Conference Secretariat
The World Bank Economic Development Institute
1818 H Street, NW, M7-075
Washington, DC 20433 USA
Tel: 202-473-6442
Fax: 202-676-0858
E-mail: GlobalKnowledge@worldbank.org
Alain Brousseau
Phone: (819) 997-6849
Fax: (819) 953-6356
E-mail: alain_brousseau@acdi-cida.gc.ca
July 13-
17 - ACUTA 26th Annual Conference; Atlanta, Georgia.
Contact: +1 606 278 3338 (voice)
Aug. 24 + NAGOYA, JAPAN - IJCAI-97 Workshop on AI in Digital Libraries:
Moving From Chaos to (More) Order; Nagoya Congress Center,
Nagoya, Japan;
URL: http://www.dlib.com/people/innes/aiindl/cfp.html
Sep. 7 -
11 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on
Computer Supported Cooperative Work; deadline for paper
submissions is January 13, 1997; papers must contain an abstract
of not more than 100 words and not exceed 16 pages in length; full
formatting instructions are available from
http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/papers/
queries: ecscw97-papers@comp.lancs.ac.uk
for more information:
snail mail: ECSCW'97 Conference Office
Computing Department
Lancaster University
Lancaster LA1 4YR UK
URL: http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/
email: ecscw97@comp.lancs.ac.uk
Sep. 12-
14 SAN DIEGO - Association of Online Professionals Annual
Conference; sysop trade association's yearly gathering to
discuss issues of relevance to the industry
URL: http://www.aop.org/confrnc.html
Sep. 25-
27 + PRAGUE, CZECHOSLOVAKIA - RUFIS'97: Role of Universities in the
Future Information Society; Czech Technical University, Prague,
Czechoslovakia; to obtain a registration form, please, send an
empty e-mail message to:
rufis-call@mail.vc.cvut.cz
Karel Kveton
UNESCO International Centre for Scientific Computing
Czech Technical University - Prague
Computing Centre
Zikova 4, 166 35 Prague 6
Phone: + 42 2 2431 0369, fax: + 42 2 311 7529
e-mail: kveton@vc.cvut.cz
URL: http://www.cvut.cz/RUFIS97
Oct. 7-
10 + BEIJING, CHINA - '97 China Database: Electronic Publications
& Software Exhibition; Beijing International Convention Center
Contact: Mr. Cheng Bin and Ms. Hu Yongning
Beijing Evertrust Exposition Co. Ltd.
15 Fuxing Road, Beijing, China
Post code: 100038
Tel: +86-10-68514007
Fax: +86-10-68537092
URL: http: // www.sti.ac. cn/Exhibition/ invi.htm
E-mail: expo@istic.sti.ac.cn
Oct. 28-
31 - EDUCOM '97; Minneapolis-St. Paul, Minnesota.
Contact: +1 202 872 4200 (voice)
Email: conf@educom.edu
Dec. 1 - Computer Security Day (started by Washington DC chapter of the
Assoc. for Computing Machinery, to "draw attention to computer
security during the holdiay season when it might otherwise become
lax."
----
July 12-
16 - ACUTA 27th Annual Conference; San Diego, California.
Contact: +1 606 278 3338 (voice)
Oct. 13-
16 - EDUCOM '98; Orlando, Florida.
Contact: +1 202 872 4200 (voice)
Email: conf@educom.edu
Dec. 1 - Computer Security Day (started by Washington DC chapter of the
Assoc. for Computing Machinery, to "draw attention to computer
security during the holdiay season when it might otherwise become
lax."
------------------------------
Subject: Quote of the Day
-------------------------
"There is nothing more frightful than ignorance in action."
- Goethe
Find yourself wondering if your privacy and freedom of speech are safe
the rush to make us secure from ourselves that our government
Concerned that legislative efforts nominally to "protect children" will
actually censor all communications down to only content suitable for
the playground? Alarmed by commercial and religious organizations abusing
the judicial and legislative processes to stifle satire, dissent and
criticism?
Join EFF!
You *know* privacy, freedom of speech and ability to make your voice heard
n government are important. You have probably participated in our online
campaigns and forums. Have you become a member of EFF yet? The best way
to protect your online rights is to be fully informed and to make your
opinions heard. EFF members are informed and are making a difference.
Join EFF today!
Even if you don't live in the U.S., the anti-Internet hysteria will soon
be visiting a legislative body near you. If it hasn't already.
------------------------------
Subject: What YOU Can Do
------------------------
* Keep an eye on your local legislature/parliament!
All kinds of wacky censorious legislation is turning up at the US state
and non-US national levels. Don't let it sneak by you - or by the
online activism community. Without locals on the look out, it's very
* Inform your corporate government affairs person or staff counsel
f you have one. Keep them up to speed on developments you learn of,
and let your company's management know if you spot an issue that warrants
your company's involvement.
* Find out who your legislators are
Writing letters to, faxing, and phoning your representatives in Congress
s one very important strategy of activism, and an essential way of
making sure YOUR voice is heard on vital issues.
try contacting your local League of Women Voters, who maintain a great
that matches ZIP Codes to Congressional districts with about 85%
accuracy at:
This can be double-checked with the House's own lookup service, at:
Computer Currents Interactive has provided Congress contact info, sorted
by who voted for and against the Communications Decency Act:
fortunately, been voted out of office.)
We are not presently aware of servers that provide contact info for US
------------------------------
Administrivia
=============
EFFector is published by:
The Electronic Frontier Foundation
San Francisco CA 94103 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
Membership & donations: membership@eff.org
Legal services: ssteele@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org
Editor: Stanton McCandlish, Program Director/Webmaster (mech@eff.org)
This newsletter is printed on 100% recycled electrons.
Reproduction of this publication in electronic media is encouraged. Signed
articles do not necessarily represent the views of EFF. To reproduce
ually at will.
To subscribe to EFFector via email, send message body of "subscribe
effector-online" (without the "quotes") to listserv@eff.org, which will add
you to a subscription list for EFFector.
Back issues are available at:
ftp.eff.org, /pub/EFF/Newsletters/EFFector/
To get the latest issue, send any message to effector-reflector@eff.org (or
er@eff.org), and it will be mailed to you automagically. You can also get
the file "current" from the EFFector directory at the above sites at any
time for a copy of the current issue.
------------------------------
End of EFFector Online v10 #05 Digest
*************************************
$$
