EFFector Online Volume 7.15

• EFF Relocation Underway - New Contact Info!
• NIIAC Draft Privacy Principles
• Notes on the Pensacola BBS Busts
• And......
• Calender Of Events
• What YOU Can Do
• Administrivia

Subject: EFF Relocation Underway - New Contact Info!

New contact information:

Snail mail: 1667 K St. NW, Suite 801
Washington DC 20006-1605 USA

Phone: +1 202 861 7700
Fax: +1 202 861 1258
BBS: +1 202 861 1223, +1 202 861 1224

Email and network server addresses remain the same.

Return to the Table of Contents

Subject: NIIAC Draft Privacy Principles

Comments may be submitted regarding this draft to Esther Dyson.

DRAFT OF MEGA-PROJECT III (privacy, security, intellectual property) of the NATIONAL INFORMATION INFRASTRUCTURE ADVISORY COUNCIL

(December 6, 1994)

PRIVACY AND RELATED SECURITY PRINCIPLES FOR THE NII

PREAMBLE

Privacy is a cherished American value. In designing the technological infrastructure and the policy environment for the NII, the United States is establishing the framework for individual, social, economic, and political life in the 21st century. It is important that fundamental American values -- including protection of privacy, freedom of speech and association, and freedom from discrimination and protection of property rights -- be considered in the NII. None of these values are absolute, and all need to be addressed in the context of the public interest.

DEFINITIONS

Throughout this document personally identifiable information refers to "any information that could be uniquely associated with the individual to whom it pertains." In policy discussions, privacy is frequently coupled with confidentiality and security. Although the terms are interrelated, it is important that the meaning of each be understood independently. Information privacy is the ability of an individual to control the use and dissemination of information that relates to himself or herself. Confidentiality is a tool for protecting privacy. Sensitive information is accorded a confidential status that mandates specific controls, including strict limitations on access and disclosure, that must be adhered to by those handling the information. Security is the totality of safeguards in a computer-based information system. Security protects both the system and the information contained within it from unauthorized access and misuse. Security consists of hardware, software, personnel policies, information practice policies, and disaster preparedness.

MEGA PROJECT III RECOMMENDS THE ADOPTION OF THE FOLLOWING PRIVACY AND SECURITY-RELATED PRINCIPLES FOR THE NATIONAL INFORMATION INFRASTRUCTURE (NII):

1. Personal privacy -- including information, transactions, and communications -- must be protected in the design, management, and use of the NII. Informed, uncoerced consent to the use of personally identifiable information, as well as autonomy and individual choice are fostered by ensuring privacy on the NII. In addition, protection of privacy is crucial to encouraging free speech and free association on the NII. While privacy protections are crucial to encourage free speech and free association on the NII, such protections are not absolute and must continue to be balanced, where appropriate, by concepts of legal accountability.

2. The privacy of communications, information, and transactions must be protected to engender public confidence in the use of the NII. For instance, people should be able to encrypt lawful communications, information, and transactions on the NII. Network-wide and system-specific security systems that ensure confidentiality, integrity, and privacy should be incorporated into the design of the NII. In an interactive electronic environment, transactional information should be afforded the same high standard of legal protection as content. To achieve its full potential, the NII must incorporate technical and legal means to protect personal privacy.

3. Existing constitutional and statutory limitations on access to information and communication, such as those requiring warrants and subpoenas, should not be diminished or weakened and should keep pace with technological developments.

4. Individual rights to access personally identifiable information about themselves must not be diminished or weakened on the NII. Individuals must have the ability to review personally identifiable information and the means to challenge and correct inaccurate information.

5. Individuals should be informed of other uses and disclosures of personally identifiable information provided by that individual or generated by transactions on the NII. Personally identifiable information about an individual provided or generated for one purpose should not be used for an unrelated purpose or disclosed to another party without the informed consent of the individual except as provided under existing law.

6. Data integrity -- including accuracy, relevance, and timeliness of personally identifiable information -- must be paramount on the NII. Users of the NII, including providers of services or products on the NII, should establish ways of ensuring data integrity, such as audit trails and means of providing authentication.

7. The use of a national personal identification system administered by the federal government should not be developed as a condition for participation in the NII.

8. Subject to public policies intended to secure and maintain the integrity and enforceability of rights and protections under U.S. laws -- such as those concerning intellectual property, defamation, child pornography, harassment, and mail fraud -- spheres for anonymous communication should be permitted on the NII. Those who operate, facilitate, or are otherwise responsible for such spheres must adequately address the sometimes conflicting demands of anonymity, on the one hand, and accountability, on the other.

9. Collectors and users of personally identifiable information on the NII should provide timely and effective notice of their privacy and related security practices.

10. Public education about the NII and its potential effect on individual privacy is critical to the success of the NII.

11. An entity with input from federal, state and local governments and the private sector should develop a process for overseeing the development, implementation, and enforcement of privacy policy on the NII.

12. Aggrieved individuals should have available to them effective remedies to ensure that privacy and related security rights and laws are enforced on the NII, and those who use these remedies should not be subject to retaliatory actions.

Return to the Table of Contents

Subject: Notes on the Pensacola BBS Busts

This is what we know so far:

1) Only three BBS searches have been confirmed.

2) The investigations center on sexual material.

3) No one has yet been charged.

Contrary to earlier reports, EFF did not send someone to the scene, although the Association of Online Professionals may have. EFF is ready to provide information and help contact lawyers for any defendants in the case, but we have not yet been asked to do so.

If you are in contact with the sysops of these BBSs, please tell them that they should contact EFF's legal services at 202-347-5400 (AFTER DEC. 17: 202-861-7700).

Return to the Table of Contents

Subject: And...

Return to the Table of Contents

Subject: Calendar of Events

1994:

Dec. 16 - 4th Annual Loebner Prize Competition in Aritificial Intelligence, Calif. State U. - San Marcos.
Contact: Dr. Robert Epstein, +1 619 436 4400, fax: +1 619 436 4490
Internet: repstein@nunic.nu.edu

Dec. 31 - Deadline for proposals for ISEA 95 (see below).

1995:

Jan. 8 - Deadline for proposals, Midwest Conference on Technology, Employment and Community, sponsored by the UIC Center for Urban Economic Development
Contact: +1 312 996 5463
Email: jdav@mcs.com
Conf. mailing list discussion: listserv@uic, message body:"SUBSCRIBE JOB-TECH " (w/o "quotes")

Jan. 20 - Deadline for after-the-event written testimony for White House "Security for Health & Educational Information on the NII" open public meeting (held Dec. 8, 1995, Washington DC)
Contact: Sam Shekar (DoHHS), +1 202 690 5727

Jan. 27 - Privacy, Info. Infrastructure & Healthcare Reform Symposium, Ohio State U., Columbus OH. Featured speakers: Janlori Goldman (EFF), Rober Belair (ed., Privacy & American Business, and former White House deputy counsel), Mary Gardiner Jones (CIRI, formerly with FTC; co-author, 21st Century Learning and Health Care in the Home), Pierrot Peladeau (Societe Progestacces [Canada]), James Rule (author, Politics of Privacy; SUNY profesor), Bruce Schneier (author, Applied Cryptography)
Contact: CAST/OSU, +1 614 292 8444 (registration)
Vicente Berdayes, +1 614 292 0080
Email: vberdaye@magnus.acs.ohio-state.edu

Feb. 4 - U. of Richmond [VA] Law & Technology Assoc. Symposium on Community in Cyberspace, 9am-5pm EST. Featured speakers: Shari Steele (EFF), Prof. Trotter Hardy (Wm. & Mary College), Brock Meeks (CyberWire Dispatch), Asst. Professor Dan L. Burk (GMU), Henry C. Su esq. (Williams, Mullen, Christian & Dobbins), Dr. Danny Arkin (Central VA Free-Net), Carol Woodward esq. (chair, VA Bar Assoc. Special Legal Networking Cmte.), Bill Cooper (VA ACLU), etc.
Contact: LTA, +1 804 287 6811
Email: lta@uofrlaw.urich.edu

Mar. 3- 4 - Midwest Conference on Technology, Employment and Community, sponsored by the UIC Center for Urban Economic Development
Deadline for proposals: Jan. 8, 1995
Contact: +1 312 996 5463
email: jdav@mcs.com
Conf. mailing list discussion: listserv@uic, message body:"SUBSCRIBE JOB-TECH " (w/o "quotes")

Mar. 27 - John Perry Barlow seminar on "Cyberspace: the New Frontier",
4pm local time, NCB Auditorium, 71 Science Park Dr., Singapore 0512
Contact: Marvin Tay Eng Sin marv@iti.gov.sg

Mar. 28- 31 - 5th Conference on Computers, Freedom & Privacy, Burlingame, Calif.
Contact: Carey Heckman, +1 415 725 7788, fax: +1 415 725 1861,
internet: cfp95@forsythe.stanford.edu

Sep. 17- 24 - International Symposium on Electronic Art, Montreal, Quebec, Canada.
Information: +1 514 990 0229, fax: +1 514 842 7459,
Internet: isea95@er.uqam.ca

Dec. 1 - Computer Security Day (started by Washington DC chapter of the Assoc. for Computing Machinery, to "draw attention to computer security during the holiday season when it might otherwise become lax."

Return to the Table of Contents

Subject: What YOU Can Do

"If five years from now we [the FBI] solve the access problem, but what we're hearing is all encrypted, I'll probably, if I'm still here, be talking about that in a very different way: the objective is the same. The objective is for us to get those conversations whether they're by an alligator clip or ones and zeros. Whoever they are, whatever they are, I need them."
- FBI Director Louis Freeh, clarifying statements that the FBI may seek legislation to ban strong encryption, in an Oct. 1994 interview with Steven Levy.

Ensuring the democratic potential of the technologies of computer-mediated communication requires active participation in the political processes that shape our destinies. Government agencies, legislatures and heads of state are accustomed to making decisions about the future of technology, media, education, and public access to information, with far-reaching and long-lasting effects on citizens and their lives, but are accustomed to doing so with little input or opposition from anyone but the largest of corporations, and other government representatives.

Now, more than ever, EFF is working to make sure that you can play an active role in making these choices. Our members are making themselves heard on the whole range of issues. EFF collected over 5000 letters of support for Rep. Maria Cantwell's bill to liberalize restrictions on cryptography. We also gathered over 1400 letters supporting Sen. Leahy's open hearings on the proposed Clipper encryption scheme, which were held in May 1994. And EFF collected over 90% of the public comments that were submitted to NIST regarding whether or not Clipper should be made a federal standard. Additionally, EFF has worked for the passage of legislation that would ensure open access to the information infrastructure of today and tomorrow, and continues to provide some of the best online resources on privacy, intellectual freedom, the legalities of networking, and public access to government representatives and information.

You know privacy, freedom of speech and ability to make your voice heard in government are important. You have probably participated in our online campaigns and forums. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today! -------- 8< ------- cut here ------- 8< --------

================================================

MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION

================================================

Print out and mail to:
Membership Coordinator
Electronic Frontier Foundation
1001 G Street, NW, Suite 950 East, Washington, DC 20001

I wish to become a member of the Electronic Frontier Foundation. I enclose:
$__________ Regular membership -- $40
$__________ Student membership -- $20

Special Contribution

I wish to make an additional tax-deductible donation in the amount of $__________ to further support the activities of EFF and to broaden participation in the organization.

PAYMENT METHOD:

___ Enclosed is a check payable to the Electronic Frontier Foundation.

___ Please charge my:
___ MasterCard ___ Visa ___ American Express

Card Number: ___________________________________________

Expiration Date: _________________________________________

Signature: ______________________________________________

NOTE: We do not recommend sending credit card information via the Internet!

YOUR CONTACT INFORMATION:

Name: _________________________________________________

Organization: ____________________________________________

Address: ________________________________________________

___________________________________________________

Phone: (____) _______________ FAX: (____) _______________ (optional)

E-mail address: __________________________________________

PREFERRED CONTACT

___ Electronic: Please contact me via the Internet address listed above.
I would like to receive the following at that address:

___ EFFector Online - EFF's biweekly electronic newsletter (back issues available from ftp.eff.org/ pub/EFF/Newsletters/EFFector).

___ Online Bulletins - bulletins on key developments affecting online communications.

NOTE: Traffic may be high. You may wish to browse these publications in the Usenet newsgroup comp.org.eff.news (also available in FidoNet, as EFF-NEWS).

___ Paper: Please contact me through the U.S. Mail at the street address listed above.

PRIVACY POLICY

EFF occasionally shares our mailing list with other organizations promoting similar goals. However, we respect an individual's right to privacy and will not distribute your name without explicit permission.

___ I grant permission for the EFF to distribute my name and contact information to organizations sharing similar goals.

This form came from EFFector Online (please leave this line on the form!)

-------- 8< ------- cut here ------- 8< --------

Administrivia

The Electronic Frontier Foundation
1667 K St. NW, Suite 801
Washington DC 20006-1605 USA
+1 202 861 7700 (voice)
+1 202 861 1258 (fax)
+1 202 861 1223 (BBS - 16.8k ZyXEL)
+1 202 861 1224 (BBS - 14.4k V.32bis)
Membership & donations: membership@eff.org
Legal services: ssteele@eff.org
Hardcopy publications: pubs@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org

Editor: Stanton McCandlish, Online Services Mgr./Activist/Archivist (mech@eff.org)
This newsletter printed on 100% recycled electrons.

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements may be reproduced individ- ually at will.

To subscribe to EFFector via email, send message body of "subscribe effector-online" (without the "quotes") to listserv@eff.org, which will add you to a subscription list for EFFector.

Back issues are available at:

ftp.eff.org,/pub/EFF/Newsletters/EFFector/
gopher.eff.org,1/EFF/Newsletters/EFFector/
http://www.eff.org/pub/EF F/Newsletters/EFFector/

HTML editions available at:

http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/ at EFFweb.