---------------------------------------------------------------
EPIC DIGEST AT PRIVACY.ORG

EPIC-DIGEST is a weekly update of news, information, and action
items posted on privacy.org.

October 16-November 6, 2001

TOC------------------------------------------------------------

NEWS
McNealy, Ellison, Dershowitz Call for National ID
Anthrax Scare Changes Direct Marketing Tactics
Forrester: Murisı Privacy Plan Creates Confusion
Ashcroft Directs Agencies to Restrict FOIA Releases
Oakland Airport to Use Face Recognition
Baker: FBI Will Expand Net Surveillance
FINCEN: ID Theft Cases Double
Anti Terrorism Legislation Signed
Privacy, Consumer Groups Urge FTC to Act on XP
Location Based Services Raise Privacy Issues
Pentagon Makes Wish List of Surveillance Technology
USA PATRIOT Act Contains ID Card Proposal
Microsoft's Passport System Deeply Flawed

NEWS-----------------------------------------------------------

McNealy, Ellison, Dershowitz Call for National ID

Scott McNealy, CEO of Sun Microsystems; Larry Ellison, CEO of Oracle;
and Alan Dershowitz, Harvard Law Professor; have advocated the adoption
of mandatory national ID for all Americans. McNealy and Ellison have
economic interests in such systems. Dershowitz argues that the loss of
anonymity caused by national ID systems could be balanced by
corresponding gains in security.

Well-meaning Congress putting liberties at risk, San Jose Mercury News,
October 13, 2001.
http://www0.mercurycenter.com/premium/business/docs/gillmor13.htm

Why Fear National ID Cards?, New York Times, October 13, 2001
(registration required).
http://www.nytimes.com/2001/10/13/opinion/13DERS.html

ID Cards Are de Rigueur Worldwide, Wired, September 25, 2001.
http://www.wired.com/news/conflict/0,2100,47073,00.html

Privacy International National ID Page.
http://www.privacy.org/issues/idcard/

The Oracle of National ID Cards, Wired, October 27, 2001.
http://www.wired.com/news/conflict/0,2100,47788,00.html

Larry Cards, a nod to Oracle chief executive Larry Ellison's unabashed
support for national ID cards, Wired, October 27, 2001.
http://www.wired.com/news/photo/0,1860,47788,00.html
---------------------------------------------------------------

Anthrax Scare Changes Direct Marketing Tactics

Direct marketers, in light of recent anthrax envelope attacks, are
changing policies in sending solicitations through the mail. The Direct
Marketing Association (DMA) has recommended that marketers include
return addresses on mail solicitations. The DMA has also recommended
that marketers first send e-mail or make a phone call to recipients of
mail solicitations.

Anthrax Scare Forces Postal Changes, Direct Marketers Adopt New Tactics
on Mailings to Avoid Losing Business, Washington Post, October 17, 2001.
http://www.washingtonpost.com/ac2/wp-dyn/A5129-2001Oct16?
---------------------------------------------------------------

Forrester: Murisı Privacy Plan Creates Confusion

Forrester Research argues in a new report that Federal Trade Commission
Chair Timothy Murisı approach to privacy will exacerbate privacy
problems. Muris recently changed the agencyıs approach to privacy,
advocating that Congress should not pass new laws to address consumer
privacy protection. Forrester argues that Murisı approach lacks an
overarching framework for enforcement that will result in ill-defined
standards for appropriate business behavior.

Report: U.S. Privacy Plan Bad for Business, CRM Daily, October 16, 2001.
http://www.crmdaily.com/perl/story/14183.html
---------------------------------------------------------------

Ashcroft Directs Agencies to Restrict FOIA Releases

Attorney General John Ashcroft has directed agencies to evaluate Freedom
of Information requests with heightened sensitivity to national security
and law enforcement concerns. Ashcroft also pledged support to agencies
that withhold information in order to protect institutional, commercial,
and personal privacy interests. Since the September terrorist attacks, a
number of agencies have been restricting access to government records.
Most notably, the Nuclear Regulatory Commission has removed all content
from its web site.

Ashcroft FOIA Memorandum, October 12, 2001.
http://www.usdoj.gov/oip/foiapost/2001foiapost19.htm

Ashcroft Urges Caution With FOIA Requests, Washington Post (AP), October
17, 2001.
http://www.washingtonpost.com/wp-dyn/articles/A5308-2001Oct16.html

Ashcroft Tells Agencies to Resist FOIA Releases, Secrecy News, October
17, 2001. 
http://www.fas.org/sgp/news/secrecy/2001/10/101701.html

The Post-September 11 Environment: Access to Government Information,
OMBWatch Report. 
http://www.ombwatch.org/info/2001/access.html
---------------------------------------------------------------

Oakland Airport to Use Face Recognition

Oakland International Airport has announced that face recognition
systems will be deployed to scan passengers as they board planes.

Oakland to be first U.S. airport to use face-recognition ID system,
Mercury News, October 17, 2001.
http://www.siliconvalley.com/docs/hottopics/attack/image101801.htm
---------------------------------------------------------------

Baker: FBI Will Expand Net Surveillance

According to Stewart Baker, the former general counsel to the National
Security Agency, the FBI has developed a new surveillance architecture
that can capture all Internet traffic.

Beyond Carnivore: FBI Eyes Packet Taps, Interactive Week, October 18,
2001.
http://www.interactiveweek.com/article/0,3658,s%253D605%2526a%253D16678,00.asp
---------------------------------------------------------------

FINCEN: ID Theft Cases Double

The U.S. Treasury Financial Crimes Enforcement Network (FINCEN) reports
that from January to April of 2001, 332 reports of identity theft were
reported. There were 637 cases for the entire year of 2000 and 267 in
1999.

SAR Activity Review (PDF 1.1 MB), FINCEN, October 22, 2001.
http://www.ustreas.gov/fincen/sarreviewissue3.pdf

Identity theft more than doubling, ZDNet (Reuters), October 22, 2001.
http://www.zdnet.com/zdnn/stories/news/0,4586,2819435,00.html
---------------------------------------------------------------

Anti Terrorism Legislation Signed

President Bush has signed H.R. 3162, the USA PATRIOT Act. The Act
expands the power of law enforcement to monitor communications.

HR 3162, the Uniting and Strengthening America by Providing Appropriate
Tools Required to Intercept and Obstruct Terrorism Act of 2001, THOMAS
Database. 
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.03162:

Bush Signs Sweeping Surveillance Bill Into Law, Newsbytes, October 26,
2001. 
http://www.newsbytes.com/news/01/171556.html

Bush Signs Anti Terrorism Bill, Tech Law Journal Daily Report, October
29, 2001. 
http://www.techlawjournal.com/alert/2001/10/29.asp

Field Guidance on New Authorities: Enacted in the 2001 Anti Terrorism
Legislation (PDF), Department of Justice.
http://www.epic.org/privacy/terrorism/DOJ_guidance.pdf
---------------------------------------------------------------

Privacy, Consumer Groups Urge FTC to Act on XP

EPIC and a coalition of consumer and privacy groups have urged the
Federal Trade Commission (FTC) to take action to protect consumers from
Microsoft Windows XP and Passport. The groups sent a letter to the FTC
requesting immediate agency action and recommended to consumers that
they should not sign up for Passport.

EPIC Letter to FTC Chair Timothy Muris, EPIC Web Page, October 23, 2001.
http://www.epic.org/privacy/consumer/microsoft/ftcletter10.23.01.html

EPIC Passport Page. 
http://www.epic.org/privacy/consumer/microsoft/

Privacy groups slam Windows XP, ZDNet (Reuters), October 23, 2001.
http://www.zdnet.com/zdnn/stories/news/0,4586,5098685,00.html

Commentary: The Threat Of Microsoftıs .Net, by Whitfield Diffie and
Susan Landau.
http://www.kingpublishing.com/fc/new_technology/commentary.htm

Big Brother Award nomination for WPA, Passport pains MS, The Register,
October 25, 2001. 
http://www.theregister.co.uk/content/4/22471.html
---------------------------------------------------------------

Location Based Services Raise Privacy Issues

The advent of devices that report user location, such as cell phones
that track user location via GPS, affords commercial profilers and the
government more opportunities to monitor behavior. In addition to cell
phones, other devices, such as the automatic toll-paying system
"EZPass," can track driversı location.

Cell Phones Set to Track Call Locales, Los Angeles Times, October 18,
2001. 
http://www.latimes.com/technology/la-000082963oct18.story

It's the Cars, Not the Tires, That Squeal, New York Times, October 25,
2001 (registration required).
http://www.nytimes.com/2001/10/25/technology/circuits/25CARR.html
---------------------------------------------------------------

Pentagon Makes Wish List of Surveillance Technology

Pentagon officials released a list of ideas for new technologies of
surveillance. The list is intended to spark innovation and bids from
private-sector developers of technology systems. The list includes
systems that would track persons who purchase bomb-making material,
polygraph machines for airline passengers, tracking devices for
monitoring civilian and military targets, and software that can
recognize persons who are speaking in Middle Eastern languages.

Pentagon Makes Rush Order For Anti-Terror Technology, Washington Post,
October 26, 2001.
http://www.washingtonpost.com/wp-dyn/articles/A53844-2001Oct25.html
---------------------------------------------------------------

USA PATRIOT Act Contains ID Card Proposal

A provision in the recently passed anti-terrorism legislation may create
a scheme where all non-citizens would have to use an identification card
to enter the country. The provision calls upon the Attorney General to
create an "integrated entry and exit" system that could include
biometric identifiers and improved identity documents.

The USA PATRIOT Act, THOMAS Database.
http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.3162:

New law contains ID-card proposal, Washington Times, November 1, 2001.
http://www.washtimes.com/national/20011031-576161.htm
---------------------------------------------------------------

Microsoft's Passport System Deeply Flawed

Marc Slemko, a software developer, developed a technique to steal a
person's Microsoft Passport, credit card numbers -- and all, simply by
getting the victim to open a Hotmail message. He cobbled together this
technique in just half an hour. Slemko withheld publication of the flaws
until Microsoft had an opportunity to correct it. The attack renews
questions about the inherent security of Passport, which is being
positioned by Microsoft as the lynch pin of its .NET e-commerce service
initiative. Slemko argues that, "Passport's greatest marketing strength
-- the single sign-on -- is also its chief technical weakness."

Stealing MS Passport's Wallet , Wired News, November 2, 2001
http://www.wired.com/news/technology/0,1282,48105,00.html

Risks of the Passport Single Signon Protocol, AT&T Labs - Research
http://avirubin.com/passport.html

EPIC's FTC Complaint Re: Microsoft .NET Initiative (pdf)
http://www.epic.org/privacy/consumer/MS_complaint.pdf

---------------------------------------------------------------

Privacy.org is a joint project of the Electronic Privacy
Information Center (http://www.epic.org) and Privacy
International (http://www.privacyinternational.org). For more
information, e-mail Chris Hoofnagle at digest-editor@privacy.org.
---------------------------------------------------------------

How to unsubscribe from EPIC-DIGEST:

You can leave the EPIC-DIGEST by entering the subscription e-mail
address at http://www.privacy.org/digest.php and selecting
"unsubscribe." Or, you can send a blank e-mail message to
EPIC-DIGEST@lists.epic.org from the subscribed address with the
following text in the subject line: unsubscribe

If you experience difficulty with subscription issues, send a
message to digest-editor@privacy.org.
---------------------------------------------------------------

EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php
---------------------------------------------------------------
END EPIC-DIGEST