From: m...@well.com (S.McC.)
Subject: EFFector Online 10.03: EFF Filtration/Ratings Principles Draft
Date: 1997/02/28
Message-ID: <5f63eb$nvp$1@was.hooked.net>
X-Deja-AN: 222045062
X-EFF_Membership_Queries_To: members...@eff.org
Distribution: world
Sender: edi...@eff.org
Followup-To: comp.org.eff.talk
Admin: b...@eff.org
Summary: 1) Discussion draft: EFF's public interest principles for Internet 
filration/ratings/labelling software & services
Organization: Electronic Frontier Foundation
X-URL: http://www.eff.org/pub/EFF/Newsletters/EFFector/
Keywords: EFF,free speech,freedom of speech,free expression,freedom of expression,
intellectual freedom,censorship,Constitution,constitutional,security,
chilling effect,slippery slope,proxy,firewall,privacy,private,unconstitutional,
First Amendment,SurfWatch,SafeSurf,NetNanny,RSAC,RSACi,PICS,CyberPatrol,ACF,IHPEG,
filterware,censorware,academic freedom,library,right to read,libraries,school,
schools,employee privacy,workplace privacy,employee monitoring,workplace monitoring, 
Net Shepherd,Internet Filter,CyberSi
Reply-To: edi...@eff.org
Newsgroups: comp.org.eff.news,comp.org.eff.talk,alt.politics.datahighway,
alt.censorship,misc.legal,misc.legal.computing,alt.activism,alt.activism.d,
comp.org.cpsr.talk,alt.society.civil-liberty,alt.society.civil-liberties,
alt.bbs.allsysop,alt.society.resistance,misc.consumers,
comp.infosystems.www.advocacy,alt.culture.www
X-EFF_General_Info: i...@eff.org


=========================================================================
    ________________          _______________        _______________
   /_______________/\        /_______________\      /\______________\
   \\\\\\\\\\\\\\\\\/        |||||||||||||||||     / ////////////////
    \\\\\________/\          |||||________\       / /////______\
     \\\\\\\\\\\\\/____      ||||||||||||||      / /////////////
      \\\\\___________/\     |||||              / ////
       \\\\\\\\\\\\\\\\/     |||||              \////   e  c  t  o  r

=========================================================================
EFFector        Vol. 10, No. 03        Feb. 28, 1997       edi...@eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424



IN THIS ISSUE:

EFF Online Filtration/Ratings/Labelling Public Interest Principles
Quote of the Day
What YOU Can Do
Administrivia

 * See http://www.eff.org/hot.html for more information 
   on current EFF activities and online activism alerts! *

----------------------------------------------------------------------


Subject: EFF Online Filtration/Ratings/Labelling Public Interest Principles 
---------------------------------------------------------------------------

                    ELECTRONIC FRONTIER FOUNDATION

                      PUBLIC INTEREST PRINCIPLES 
          FOR ONLINE FILTRATION, RATINGS AND LABELLING SYSTEMS


Public Discussion Draft            Version 1.0b            Feb. 28, 1997

Please submit comments or questions to m...@eff.org, with "FILTER DRAFT"
in the subject line, by March 31, 1997 if possible. This draft should not
be redistributed beyond March 31, 1997. The latest version can be found at
 http://www.eff.org/pub/Net_info/Tools/Ratings_filters/eff_filter.principles

This document is a DRAFT, and should not be quoted or paraphrased as a
final statement of position, policy or opinion.

If your organization wishes to endorse this document please send a message
to that effect to m...@eff.org or fax: +1 415 436 9333.


INTRODUCTION
____________

As the Internet and other computer networking technologies increasingly
become intertwined in the daily lives of a large number of people,
concerns are frequently raised about locating relevant online material
in a sea of data, preventing the exposure of minors to sexually explicit
expression, ensuring that paid online work time is spent productively,
and avoiding racist, sexist or otherwise offensive electronic messages.

A market in competing and complementary filtration solutions has arisen to
address these concerns, empowering the individual to manage the "firehose"
of information available in cyberspace - as well as manage employee
online time on the job, or children's access to controversial information.
These tools range from email sorting utilities, through specially filtered
sites for children (that provide links to only pre-reviewed material), to
applications and services that track employee Web browsing. Soon, search
engines and "intelligent" agents may also incorporate aspects of
filtration or content labelling.

Even as these new technologies empower users, parents, and employers,
they pose unique conundrums, involving participant privacy, freedom of
expression, and intellectual property among other issues. Many questions
are raised: "Who's watching and recording what?"  "What happens to my
personal information when I send it to a filtering site?"  "Who decides
whether a site is to be blocked by this filtering software I use?"

Although many benefits accrue to individual control over Internet content
at the receiving end, the technolgies that make this possible also pose
several risks for users, on all sides.

The principle areas of concern are:

* protection of end-user privacy;

* ability of parents to understand, and to select in detail, what is
  filtered;

* protection of intellectual property rights;

* maintenance of the integrity of information;

* viability of positive as well as negative filtration tools;

* prevention of a system of self-censorship;

* ability of content providers to challenge inappropriate blockage or
inaccurate ratings/labels.

These concerns may be addressed by applying core online principles of
trust, and more specific guidelines for filtrations/ratings/labelling
policies.


Core Online Trust Principles
____________________________

EFF has developed a set of core principles for the implementation and
operation of rights-affecting networking technologies, necessary to
establish a base level of consumer and organizational trust in privacy,
security, and free flow of information online:

* Informed Consent Is Necessary

  Consumers have the right to be informed about the privacy, security,
  intellectual property and intellectual freedom consequences of an online
  transaction or activity, BEFORE entering into one.

* There Is No Privacy Without Security

  System security is inexorably linked with privacy - and protection of
  intellectual property rights - in an online interaction.

* Standards Vary According to Context

  No single narrow standard or policy, regarding free speech, privacy,
  or security, is adequate for all situations, or for all participants.


Guidelines for Implementation of Internet Filters and Ratings/Labelling
_______________________________________________________________________

1)  Users' Information Privacy - Disclosure and Op-Out from Personal
    Information Use and Re-Use

* The filtration provider must inform the user of what personally
  identifiable information on the user is being  kept and of the use of
  this information (including use by the filtration provider, and/or by
  any intermediary such as educational institution or employer), whether
  or not the information will be made available and in what form to other
  parties, to whom, and for what purpose.

* Users must have the right to opt out of any outside third party use of
  personally identifiable information, and to restrict use and
  redistribution of that information by such outside parties.

* Intermediaries must have the right to opt the intermediary and the user
  out of outside party use, and out of marketing use by the service
  provider.


2)  Children's Information Privacy - Protection of Identity and
    Confidentiality of Minor Status

* The product or service should never reveal that the browsing/posting
  user is a minor, nor reveal any personally identifiable information
  publicly or to outside parties, without the intermediary's knowledge and
  consent.  A child's browsing or other preferences or habits should not
  be made available to outside parties in a personally identifiable
  manner at all

* Private information such as address or phone number should
  not be released to outside parties without the written and informed
  consent of the parent.

Notes: Already, the US Congress and Federal Trade Commission,
and other governmental bodies around the world are examining
possible regulatory measures to prevent marketing with personal
information about children, and to restrict the collection and
redistribution of such information. As with the "L-18" user
identification system proposed by the Dept. of Justice in the
Communications Decency Act trial - a proposal rejected by the
court - the "broadcasting" of an online child's age or even their
status as a minor may make it easier for abusive individuals to
target children.


3)  Availability of Default Content & Filtration Criteria and Operational
    Details

* An explanation of the filtering or rating criteria, and the values or 
  principles underling them, must be accessible easily and without fee to
  customers and content providers, in enough detail to make meaningful
  choices.

* Customers must be informed especially as to whether the filtration
  may block political/social discussion, news reportage, literature,
  art, or scientific/reference works, as well as presumed targets (e.g. 
  explicit images, private "chat" sessions, email, or advertising.)
  It must be clear whether blocking is based on topic, keywords, and/or
  other distinctions, and how broadly it may reach.

* Customers must also be informed of the limitations of the
  software/service - what it does NOT filter, what it cannot prevent - and
  generally how the filtering works (respective of trade secret &
  proprietary information, of course.)


4)  Notice of Active Filtration and Tracking

* User tracking, such as "click-stream" information or "audit trails",
  should be an option (if offered at all), not a default. 

* If any tracking is enabled and information on the user's browsing or
  other Net use (including anything from a list of sites to full-text log,
  on either the customer's own system, or held by the filtration service
  provider) is available for review by a parent, an intermediary or an
  outside party the user should be notified during use or sign-on that
  their usage is being monitored and may be reviewed, and by whom. This
  notice should come before any connection attempt or other online
  activity is logged or processed, and may be shown more frequently to
  give better notice.

* If the service or software does not provide such notice to the user,
  then it also must not provide an on-site or off-site audit trail or other
  form of log available to a parent or employer (nor to outside parties
  without a court order.)  Audit trail or other tracking information must
  never be available to the public without explicit written permission of
  the user.

* If a site, session or document is blocked, some kind of notice should
  appear explaining why, regardless of whether or not the session is being
  logged/tracked.

Notes: As filters become more common both in the home and the workplace,
several concerns arise about "secret monitoring".  Users of any age
deserve the same notification of loss of privacy online as they do when
their phone conversations are recorded. Children's and teens' physical
safety, even their lives, may be at stake in some cases.

Examples: Proper notice might consist of pop-up screens that tell the
user at the beginning of a session that their Net browsing is being
recorded, and that their parents or employers will have access to a list
of what sites or newsgroups the user has been reading. This reminder
might reappear every half-hour or so. On the other hand, a simple email
filter that sorts incoming messages into content-relevant mailboxes,
discarding any emails with profanities in the process, might give no
notice (other than logging what it had done).  Level and detail of notice
is dependent upon potential negative privacy impact on the user.


5)  Customer Choice and Control

* The customer should be able to configure what is being filtered, such
  as by a user-friendly means of adjusting defaults for filtration/ratings
  categories, by selectively adding or deleting specific new sites or
  keywords, by turning on or off topics to filter for, or by swapping
  entire sets of filtration criteria, as examples.

* Customers should not be placed in the position of purchasing someone
  else's morality or preferences for lack of ability to customize or make 
  meaningful choices. Instead, they need tools that help them filter
  out material they do not find appropriate.

Notes: Systems based on the Platform for Internet Content Selection
(PICS) are already compliant with this principle, as PICS allows for
multiple ratings systems from which the user may select, provided that 
more than one label bureau is available.


6)  Appeal Process, Public Access, and Integrity of Personal Information

* Creators, moderators and/or owners of sites or other resources rated,
  filtered or otherwise negatively impacted should have a means of appeal
  within the organization doing the filtration, labelling or rating, to
  review the appropriateness of the decision to block/filter that site,
  to review the accuracy or breadth of an human-assigned label or
  rating, and/or to review the actions of an automated filter or other
  function that blocks that site or document.  The filtering/rating party
  should treat such concerns seriously and help to resolve conflicts when
  possible.

* Additionally, providers have a responsibility to verify information.
  Others must have a right to correct any wrong information about them,
  and to have suggested corrections of general fact considered seriously.
  One of the most serious problems inherent in the computerization of
  records and other information is the wild propagation of errors once
  they are introduced. Providers should have a well-thought-out published
  policy for dealing with such errors rapidly and fairly, with benefit of
  the doubt adhering to the person about whom the information may be
  mistaken.

* The full results of such reviews of claims of errors or of mislabelling
  or improper filtration should be made available to the filtered-out
  party and to the public after the complaint is handled, and not covered
  by non-disclosure or other restriction from consumer examination.
  When possible, parties should seek arbitration, rather than recourse to
  legal machinery.


7)  Intellectual Property and Integrity of Content

* Filtering, labelling and rating should not modify source material.
  Filtered material should simply be blocked, or otherwise dealt with per
  customer preference, intact, with any ratings or labels appearing in
  frames, menu bars, headers, pop-up windows, or distinct and clearly
  attributed lead-ins to the presented content.

Notes: "Four-letter words" should not be replaced by "****", and
proxy-like watchdog servers should not insert rating icons into the
HTML code or other content of rated materials. Such practices abuse the
material owner's copyright (in particular, the right to control the
production of derivative works), and opens the filtration provider to
liabilty. Such alterations may also lead to incorrect reportage or
citation, false attributions of quoted material, misinterpretation, and
other problems.


8)  Open Expression Without Self-Censorship

* Content control systems must not place a heavy burden on content
  authors. In particular, a self-rating/labelling system must be
  sufficiently simple to implement and use that it does not interfere
  with content production,  or result in self-censorship to avoid the toil
  of labelling content. Under no circumstances should any such system be
  imposed by governments, or by private-sector parties such as
  Internet service providers, under government pressure.

* Self-labelling schemes logically apply only to comparatively static
  documents such as web pages, not to content of a conversational nature,
  such as live "chat" or postings to newsgroups and other forums of a
  fluid nature.  In such cases, the forum as a whole, not each post or
  momentary expression in it, could be rated, labelled or filtered.

* Filtration and labeling schemes must be designed carefully, with an
  eye to avoiding monopolization that can lead to chilling of free
  expression or barriers to access for all but the influential or those
  willing to comply with a particular labelling scheme.


9)  Positive as Well as Negative Filtration

* When feasible, content control services should make efforts to not only
  block material offensive to their customers, but also provide active
  pointers to material these users will appreciate.

Notes: Though concerns about inappropriate material have sped up the
development of filtration and labelling technology, the initial seed, and
logical culmination, of such efforts is the search for a solution a much
longer standing problem: the difficulty of finding relevant information
in a staggeringly complex and vast flux of data.  Working on this larger
problem simultaneously moves the Internet community away from hype and
fearmongering, helps the evolution of the Internet into a user-friendly
knowledge tool for everyone, and does something active and constructive
for everyone, as well something passive for those for whom the
availability of inappropriate content remains a focus.


10) Contextual, Factual, Cultural Sensitivity

* Content control systems must consider among the rating/labelling/blocking
  criteria, whenver possible, the context in which the material is found,
  and whether it is presented as fact or fiction, textual or graphical,
  advocacy or reportage, etc.

* Content control systems must take into account whenever possible the
  literary, artistic, journalistic, educational or other value of the
  material to be labelled, rated or blocked.

* Local standards should be taken into account, as mores and preferences
  vary from culture to culture. A system implementing the values of a
  particular subset of one culture may be rationally inapplicable on a
  global scale, or even on a local scale elsewhere.

Notes: "Hell" in the context of a religious discussion is not very similar
to the more offensive use of such a term as an expletive.  Similarly, if
the word "gay" or images of violent conflict appear in a news report, this
should probably not be filtered out by a system that blocks access to
"alternative lifestyle" or "violent" material, unless the customer
specifically requests that such material also be blocked or the
filtering/rating system is intended to be and is disclosed as very
restrictive. Most users, including parents, draw a sharp distinction
between material that advocates or visually displays behavior they find
distasteful, and journalism or political discussion about topics in
general.  There is a severe danger of misuse of parental empowerment
technology for entirely opposite ends, facilitated by censorship of
political, journalistic and other material under the rhetoric of "safety".
Already several public libraries are having filtration softare imposed
upon them by local goverment with political agendas to restrict access to
information. The constitutionality of these actions is highly
questionable.

11) Individual and Academic Self-Determination

* Government and semi-governmental entities must refrain from imposing a
  requirement for self-ratings, assigning private-sector sites particular
  labels, or mandating the use of filtration software.  Any attempt to do
  so is sheer censorship, consisting of forced silence, coerced speech,
  denial of access, or restraint of publication.

* In particular, censorship of online access in libraries and other public
  places must be avoided, and filtration must not be the default for
  public Internet terminals any more than hiding of "mature" books may be
  a default in public libraries.  Public libraries must not reduce
  adult patrons to reading online only what has passed filtration as
  appropriate for children.

* Student's freedom of speech and press, and the rights of libraries and
  library patrons, as forumlated in statute, case law, constitutions and
  UN treaty, apply fully in the context of online media, not simply paper
  and vocal speech.

* The decision to use filtration of online material in the classroom or 
  children's reading room - and what to filter - must rest with the
  teacher or librarian, with no more control by administrators than that
  excercized over what paper handouts teachers may use in class or what
  books may be checked out by children. 

* That libraries can in some cases legally excerise content-based
  discretion in what materials they make available does not in and of
  itself constitute a reason to do so with online material, nor does it
  imply a legislative or executive governmental prerogative to make
  or influence those decisions. Likewise, that libraries may protect
  valuable or fragile paper works by allowing their use only on special
  request, does not indicate that the reverse, "protecting" library
  patrons from materials that may be offensive to some, is appropriate.
  Libraries must not block online material, then require adults to ask for
  a key, password or special permission to access it.
  
* The decisions of a teacher or librarian in this area, as in others,
  should be based on their own criteria, with input from the community
  where appropriate, and not controlled by the political priorities of
  administrators, or of executive or legislative government. The role of
  teachers and librarians is to provide access to information, knowledge
  and critical thinking, not to act as online content police.

* Similarly, network service providers must not require users to rate or
  label their own material or submit to the editorial control of others.
  Government must not coerce or pressure service providers into providing
  content control technology, or require users to participate in
  content control systems.  

* Removing from distribution users' materials or otherwise taking action
  against users based on disagreement with how they self-rate is
  indefensible, and logically incompatible with the notion of a
  self-rating system.


12) Prevention of Centralization and National Filters

* Content filtration defaults must not be built into publicly available
  hardware or operating systems, since market dominance by a particular
  manufacturer, or adoption by governments, could virtually destroy
  free flow of information on the global Internet.

* Filtration service providers must take care not to put into place or
  enable the creation of centralized storehouses of personally
  identifiable user preferences or other transactional and private
  information.

* No filtration, ratings, or other content control system should be
  designed specifically for government usage to censor a populace. It is
  insufficient justification that a government may have laws against
  material that is legal in other parts of the world and accessible
  online. Companies providing such technology to the public must not
  design it to be intentionally easy to abuse in censoring the public,
  and should consciously design their products or services to be difficult
  to scale to such misuses.

Notes: As of recent revisions, PICS does NOT appear to be compliant
with this principle.


13) Consensus and Standards

* Designers and providers of content control technology are encouraged
  to participate in the formulation of open platform, public standards.

* In the case of proprietary solutions, care must be taken not to
  undermine public standards, even in the name of extending them.

Notes: Open, participatory standardization efforts will increase
justified public trust in the technology and the online environment by 
helping prevent monopolization, the institution of censorship-prone flawed
systems, intellectual property disputes that hold up market progress, and
many other problems.


14) Balance of Rights

* Providers must be mindful of the rights of the customer and user,
  particularly privacy rights, but also of the content owner's copyright
  and freedom of speech and press.

* Intermediaries must take into account the user's right to read and to
  communicate, and to not have personal information revealed or used
  without permission.

* The user needs to be aware of intermediaries' institutional or employer
  rights, as well as the rights of other users, of content owners (e.g.,
  copyright), and of the provider (e.g., to collect aggregate,
  NON-identifiable statistical info, without consent.)

* Content owners must respect the fair use rights of users, and the
  rights of users and customers to refuse to receive content they do not
  want, as well as a labellers' or raters' rights to honestly review,
  comment on, describe, or block for their subscribers the material they
  encounter online.

[end]

------------------------------


Subject: Quote of the Day
-------------------------

"Falsehoods not only disagree with truths, but usually quarrel among
themselves."
  - Daniel Webster (1782-1852)

Find yourself wondering if your privacy and freedom of speech are safe 
when bills to censor the Internet are swimming about in a sea of of 
surveillance legislation and anti-terrorism hysteria?  Worried that in 
the rush to make us secure from ourselves that our government 
representatives may deprive us of our essential civil liberties? 
Concerned that legislative efforts nominally to "protect children" will 
actually censor all communications down to only content suitable for 
the playground?  Alarmed by commercial and religious organizations abusing
the judicial and legislative processes to stifle satire, dissent and 
criticism?

Join EFF!   
http://www.eff.org/join (or send any message to i...@eff.org).

Even if you don't live in the U.S., the anti-Internet hysteria will soon 
be visiting a legislative body near you.  If it hasn't already.

------------------------------


Subject: What YOU Can Do
------------------------

* Keep and eye on your local legislature/parliament
All kinds of wacky censorious legislation is turning up at the US state 
and non-US national levels.  Don't let it sneak by you - or by the 
online activism community. Without locals on the look out, it's very 
difficult for the Net civil liberties community to keep track of what's 
happening locally as well as globally.


* Inform your corporate government affairs person or staff counsel
if you have one. Keep them up to speed on developments you learn of,
and let your company's management know if you spot an issue that warrants
your company's involvement.


* Find out who your congresspersons are

Writing letters to, faxing, and phoning your representatives in Congress
is one very important strategy of activism, and an essential way of
making sure YOUR voice is heard on vital issues.

If you are having difficulty determining who your US legislators are,
try contacting your local League of Women Voters, who maintain a great 
deal of legislator information, or consult the free ZIPPER service
that matches Zip Codes to Congressional districts with about 85%
accuracy at:
http://www.stardot.com/~lukeseem/zip.html

Computer Currents Interactive has provided Congress contact info, sorted 
by who voted for and against the Communications Decency Act:
http://www.currents.net/congress.html (NB: Some of these folks have, 
fortunately, been voted out of office.)


* Join EFF!

You *know* privacy, freedom of speech and ability to make your voice heard
in government are important. You have probably participated in our online
campaigns and forums.  Have you become a member of EFF yet?  The best way to
protect your online rights is to be fully informed and to make your
opinions heard.  EFF members are informed and are making a difference.  Join
EFF today!

For EFF membership info, send queries to members...@eff.org, or send any
message to i...@eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector is published by:

The Electronic Frontier Foundation
1550 Bryant St., Suite 725
San Francisco CA 94103 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
Membership & donations: members...@eff.org
Legal services: sste...@eff.org
General EFF, legal, policy or online resources queries: a...@eff.org

Editor: Stanton McCandlish, Program Director/Webmaster (m...@eff.org)

This newsletter is printed on 100% recycled electrons.

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission. Press releases and EFF announcements may be reproduced individ-
ually at will.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (without the "quotes") to lists...@eff.org, which will add
you to a subscription list for EFFector.

Back issues are available at:
ftp.eff.org, /pub/EFF/Newsletters/EFFector/
gopher.eff.org, 1/EFF/Newsletters/EFFector
http://www.eff.org/pub/EFF/Newsletters/EFFector/

To get the latest issue, send any message to effector-reflec...@eff.org (or
e...@eff.org), and it will be mailed to you automagically.  You can also get
the file "current" from the EFFector directory at the above sites at any 
time for a copy of the current issue.  HTML editions available at:
http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/ 
at EFFweb.

------------------------------





End of EFFector Online v10 #03 Digest
*************************************

$$
Newsgroups: comp.org.eff.news,comp.org.eff.talk,alt.politics.datahighway,
alt.censorship,misc.legal,misc.legal.computing,alt.activism,alt.activism.d,
comp.org.cpsr.talk,alt.society.civil-liberty,alt.society.civil-liberties,
alt.bbs.allsysop,alt.society.resistance,talk.politics.crypto
Sender: edi...@eff.org
Followup-To: comp.org.eff.talk
Errors-To: b...@eff.org
Admin: b...@eff.org
Reply-To: edi...@eff.org
Approved: edi...@eff.org
Organization: Electronic Frontier Foundation
Distribution: world
X-EFF_Membership_Queries_To: members...@eff.org
X-EFF_General_Info: i...@eff.org
X-URL: http://www.eff.org/pub/EFF/Newsletters/EFFector/
Summary: 1) Please attend Karn appeal hearing in DC; 2) a slew of govt. proposals, 
regs, hearings, papers and inquiries needing YOUR participation!
Keywords: EFF,free speech,freedom of speech,free expression,freedom of expression,
intellectual freedom,censorship,Constitution,constitutional,encryption,cryptography,
cryptology,AECA,ITAR,Bernstein,export,security,prior restraint,privacy,private,
unconstitutional,First Amendment,crypto,universal service,ISP,LEC,ISPs,LECs,
providers,fees,tarrifs,medical privacy,consumer privacy,DoC,DoS,FRB,Fed,IITF,NII,
GII,FCC,DHHS,FTC,NACIC,DoD,PTO,USPTO,intellectual property
Subject: EFFector Online 10.01: ALERTS: Karn hearing; agencies need YOUR input

=========================================================================
    ________________          _______________        _______________
   /_______________/\        /_______________\      /\______________\
   \\\\\\\\\\\\\\\\\/        |||||||||||||||||     / ////////////////
    \\\\\________/\          |||||________\       / /////______\
     \\\\\\\\\\\\\/____      ||||||||||||||      / /////////////
      \\\\\___________/\     |||||              / ////
       \\\\\\\\\\\\\\\\/     |||||              \////   e  c  t  o  r

=========================================================================
EFFector        Vol. 10, No. 01        Jan. 9, 1997        edi...@eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

If you thought 1996 was interesting, it's only Jan. '97 and there's
already a lot of action.  Call this "January Net Activism Week" - there are
several opportunities for all of us to get in some hopefully meaningful
input into a number of government agency reports, rulemakings, and 
inquiries, plus sit in on a groundbreaking privacy and First Amendment 
legal case.  The rules for submission of comments don't make it easy, 
but please make the effort. Democracy: use it or lose it!


IN THIS ISSUE:

Action in Karn Case Against Irrational Crypto Regs (In DC? Attend!)
DoC Crypto Export Regulations: YOUR Comments Due!
FRB Privacy Study: YOUR Comments Due!
IITF NII Policy Overhauled: YOUR Comments Due!
3 FCC Inquiries & Draft Rules: YOUR Comments Due!
  ISPs Shouldn't Be Charged Long-Distance Carrier Fees By Local Telcos
  Technological Hurdles of Net Growth to Be Examined
  Universal Service Reform
DHHS Medical Privacy Open Hearing: YOUR Comments Due!
FTC Privacy Hearing Report: "Notice, Choice, Security, Access"
NACIC & DoD Hint at Tracking Net Users
Newsnybbles
  PTO to Hold Domain Name Trademark & Unfair Competition Hearing
Upcoming Events
Quote of the Day
What YOU Can Do
Administrivia

 * See http://www.eff.org/hot.html or ftp.eff.org, /pub/Alerts/ for more
 information on current EFF activities and online activism alerts! *

----------------------------------------------------------------------


Subject: Action in Karn Case Against Irrational Crypto Regs (In DC? Attend!)
----------------------------------------------------------------------------

[Friends of crypto freedom should definitely attend.  The courtroom
holds approximately 50 people, and we'd like to fill it.  Show Judges
Williams, Ginsburg and Rogers the importance of the case.  This is the
first time that a crypto export case has hit a Court of Appeals, and
your rights are very much at stake here.

If you're in the DC metropolitan area, come on out and show Phil Karn
your support as he challenges the export control laws!]


  RESEARCHER KARN APPEALS, SEEKING TO OVERTURN IRRATIONAL ENCRYPTION RULES
   "Books are OK to publish, floppies are not" policy faces next challenge

Washington, January 8 - Laywers for researcher Philip R. Karn, Jr.
will argue in court this Friday that Government restrictions on
distribution of encryption software violate the First and Fifth
Amendments of the Constitution, and are "arbitrary, capricious and
invalid" regulations.

This week's hearing, on January 10, 1997 at 9:30AM in the US Court of
Appeals for the District of Columbia Circuit, is open to the public at
333 Constitution Avenue, Washington DC.

The Government will argue that its rules are its own business, which
courts should not oversee, and that it is legitimate to regulate free
speech and publication when the government is uninterested in
suppressing the content thereof.  (The government actually has a
strong interest in suppressing the public's ability to understand and
deploy strong cryptography, but has managed to convince the district
court of the opposite.)

The lawsuit is complicated by the Government's introduction last month
of new encryption regulations.  President Clinton ordered on November
15 that the regulations be moved from the State Department to the
Commerce Department.  Over Christmas, the Clinton Administration
published its new Commerce Department regulations, which are
effectively identical to the State Department regulations, and put
them into immediate effect.  Mr. Karn's case only named the State
Department.  In an unusual switch, the Government is arguing that it
should be able to replace the State Department with the Commerce
Department as a defendant, in the hope of keeping the case alive.
(Most defendants would be happy to have the case disappear.  The State
Department appears to be hoping they will get a better decision in
this case than in related cases.)

The State Department regulations at issue were struck down in December
by Judge Marilyn Hall Patel in a similar case brought by Professor
Daniel Bernstein in San Francisco.  Judge Patel called the regulations
a "paradigm of standardless discretion" which required Americans to
get licenses from the government to publish information and software
about encryption.  No court has yet ruled on the new Commerce
Department regulations, which include the same provisions that were
declared unconstitutional.

"This case clearly raises an issue of fundamental importance to
cryptographers and computer programmers generally," said Kenneth Bass,
lead attorney in the case.  "The fundamental issue is how the courts
will treat computer programs.  Books are entitled to the full
protection of the First Amendment, but the trial judge in this case
decided that source code on a diskette does not enjoy that same
protection.  Programmers immediately recognize the utter irrationality
of this distinction.  We now will see whether the appeals courts will
also see it that way."

"Phil Karn's case illustrates both the irrationality of the encryption
rules and the depths of the bureaucratic mazes which protect them,"
said John Gilmore, co-founder of the Electronic Frontier Foundation,
which backed the suit.  "The idea that the First Amendment protects
the author of a book, but not the author of an identical floppy disk,
is ridiculous.  All books, magazines, and newspapers are written on
computers today before print publication, and many are also published
online.  Yet here we have Government lawyers not only defending their
right to regulate machine-readable publication, but also arguing that
the courts are not permitted to re-examine the issue.  Their argument
amounts to `Trust us with your fundamental liberties'.  Unfortunately,
a decade of NSA actions have amply demonstrated that they are happy to
sacrifice fundamental liberties when it gives them an edge in some
classified spy program.  Unless there's a clear and present danger to
our nation's physical security (which we have seen no evidence of),
our citizens' right to speak and publish freely is much more important
to American national security than any top-secret program."

Civil libertarians have long argued that encryption should be widely
deployed on the Internet and throughout society to protect privacy,
prove the authenticity of transactions, and improve computer security.
Industry has argued that the restrictions hobble them in building
secure products, both for U.S. and worldwide use, risking America's
current dominant position in computer and communications technology.
Government officials in the FBI and NSA argue that the technology is
too dangerous to permit citizens to use it, because it provides privacy
to criminals as well as ordinary citizens.

	Background on the case

Mr. Philip Karn is an engineer with a wide and varied background in
radio and wire communications.  He has given many years of volunteer
work in the amateur radio service, amateur satellite service, and in
the Internet community.  He is the author of the freely available
"KA9Q" internet software for DOS machines, which forms the basis of
many amateur radio experiments as well as several successful
commercial products.  He has written and given away various
cryptographic software, including one of the world's fastest versions
of the Data Encryption Standard (DES).  Phil also did the initial
research into encrypting Internet traffic at the packet level.  Mr.
Karn's home page is at http://www.qualcomm.com/people/pkarn/ .

In 1994, author Bruce Schneier published _Applied Cryptography_, a
best-selling encryption textbook which included some fifty pages of
encryption source code listings, including very strong algorithms such
as "Triple-DES".  As a civil libertarian, Mr. Karn asked the State
Department whether the book could be exported; they replied that it
was in the public domain and could therefore be exported.  Mr. Karn
then created a floppy disk containing the source code from the book,
and asked if the floppy could be exported.  The State Department
determined in May 1994 that the floppy was a munition.  Mr. Karn
would need to register as an arms dealer to be able to export the
disk.

After several administrative appeals, Mr. Karn filed suit in September
1995.  The suit asks a court to declare that the decision was invalid
because the distinction between publication on paper and publication
on floppies has no rational basis, and because the decision violates
Mr. Karn's right to publish the floppy.

Judge Charles R. Richey dismissed the case in a strongly-worded
36-page opinion.  "The plaintiff, in an effort to export a computer
diskette for profit, raises administrative law and meritless
constitutional claims because he and others have not been able to
persuade the Congress and the Executive Branch that the technology at
issue does not endanger the national security. This is a "political
question" for the two elected branches under Articles I and II of the
Constitution."  Mr. Karn, whose effort was motivated by concern for
civil rights rather than profit, appealed.  This week's hearing is the
first public hearing in his appeal case.

The regulations at issue in the case, which prevent American
researchers and companies from exporting cryptographic software and
hardware, are a relic of the Cold War.  The secretive National
Security Agency has built up an arcane web of complex and confusing
laws, regulations, standards, and secret interpretations for years.
These are used to force, persuade, or confuse individuals, companies,
and government departments into making it easy for NSA to wiretap and
decode all kinds of communications.  Their tendrils reach deep into
the White House, into numerous Federal agencies, and into the
Congressional Intelligence Committees.  In recent years this web is
unraveling in the face of increasing visibility, vocal public
disagreement with the spy agency's goals, commercial and political
pressure, and judicial scrutiny.

ABOUT THE ATTORNEYS

Lead counsel on the case are Kenneth C. Bass III and Thomas J. Cooper
of the Washington law firm of Venable, Baetjer, Howard & Civiletti,
who are offering their services pro bono.

ABOUT THE ELECTRONIC FRONTIER FOUNDATION

The Electronic Frontier Foundation (EFF) is a nonprofit civil
liberties organization working in the public interest to protect
privacy, free expression, and access to online resources and
information.  EFF is funding the expenses in Mr. Karn's case.

The full text of the lawsuit and other paperwork filed in the case is
available from Phil Karn's web site at:

        http://www.qualcomm.com/people/pkarn/export/index.html

SOURCE: Electronic Frontier Foundation

CONTACT:  Ken Bass, lead attorney, +1 202 962 4890, kb...@venable.com;
or Shari Steele, EFF Staff Attorney, +1 301 375 8856, sste...@eff.org;
or John Gilmore, EFF Board Member, +1 415 221 6524, g...@toad.com

------------------------------


Subject: DoC Crypto Export Regulations: YOUR Comments Due!
----------------------------------------------------------

In an effort to evade a federal judge's finding that software is
protected expression on the First Amendment, the Administration is
playing a regulatory shellgame, scrapping old State Dept. crypto regs for
"new" Commerce Dept. regs that are as bad, and in some cases worse. The
Commerce Dept. is seeking input from the people on these regulations.
Don't miss this opportunity to provide feedback to government in this
vital area. Have a look at the regs, and make your voice heard! See this
issue's lead article for some background on what the problems are.

The full text of the new regulations (the "Interim Rule") can be found at:
 http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs

What YOU can do: The DoC is requesting comments from the public on this
matter. If you wish to get your word in, reasoned, detailed, but concise
comments should be sent (on paper, 6 copies) to the DoC. More information
on making and filing comments is available at:

 http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs

The docket number for this Interim Rule is "Docket No. 960918265-6366-03,
RIN 0694-AB09" (you will need to include this at the top of your comments).

DEADLINE: February 13, 1997.

------------------------------


Subject: FRB Privacy Study: YOUR Comments Due!
----------------------------------------------

The US Federal Reserve Board requests public comments on issues to be 
addressed in a new consumer information study (ironically required by the 
Economic Growth & Regulatory Paperwork Reduction Act of 1996.)  The study
will aim to determine the public availability of sensitive identifying 
information about individuals, such as social security numbers, mother's 
maiden names, prior addresses, dates of birth, etc.  Additionally, the 
study will look at the "possibility" that such information can be used 
for fraud, and the effect such fraud may have on FDIC banks.  The FRB is 
to report the findings to Congress, including any suggestions for 
legislative change.

The FRB appears to be rather up-to-speed on the problems inherent in the 
social security number system, and related issues such as government 
databases making information of this sort available, leading to "identity 
theft", credit fraud, and access to private information such as school 
records.

This is probably one of the best opportunities in years to raise 
Congressional awareness of these increasingly grave problems, and to 
warn against "solutions" such as electronic national ID cards and other 
even more privacy invasive ideas being floated by various agencies.  The 
FRB is, however seeking input on some specific questions, so general 
privacy-related lobbying is best couched in terms of these questions
and answers to them. The questions are available in the text of the 
FRB's Request for Comments:
 http://www.bog.frb.fed.us/boarddocs/press/BoardActs/1996/19961223

What YOU can do: The FRB is requesting comments from the public on this 
matter. If you wish to get your word in, reasoned, detailed, but concise 
comments should be sent (on paper) to the FRB. Full guidelines for 
making and filing comments are available at: 
 http://www.bog.frb.fed.us/boarddocs/press/BoardActs/1996/19961223
toward the end.

The docket number for this Request for Comments is "Docket No. R-0953"
(you will need to include this at the top of your comments).

DEADLINE: January 31, 1997.

------------------------------


Subject: IITF NII Policy Overhauled: YOUR Comments Due!
-------------------------------------------------------

The White House's Information Infrastructure Task Force has issues a new 
iteration of Administration NII/GII policy initiatives.  The draft 
"Framework for Global Electronic Commerce" aims for "a strategy to help 
accelerate the growth of global commerce across the Internet...The 
proposed strategy establishes a set of principles to guide policy
development, outlines Administration positions on a number of key
issues related to electronic commerce, and provides a road map for
international negotiations, where appropriate. It also identifies
which government agencies will take the lead in implementing this
work." The Administration is now seeking comments from public prior to 
redrafting and formally approving the "strategy".

The document touches on many areas of concern to EFF members and Internet 
users, including taxation, content regulation (i.e., censorship), standards, 
intellectual property, liability, privacy, security, transactions, 
uniform law in multiple jurisdictions, contract enforcement, etc.

Rather surprisingly, the current draft takes a "non-regulatory, 
market-oriented", pro-consumer and rather forward-thinking approach, at
least on paper. The document calls for: establishment of the Net as a 
"duty-free zone", no new Net taxes, laissez-faire policy in standards 
processes and in allowing online payment systems to evolve, 
encouragement of industry self-regulation "where appropriate", and 
improved security & privacy. The paper even addresses (to a limited extent) 
content restrictions and compulsory licensing requirements.

Not surprisingly, however, the document toes the standard Administration 
line on encryption, pulling the doublethink maneuver we have all seen so 
many times before: IITF simultaneously calls for improved computer 
security via encryption, but proposes supporting "key recovery" systems
that are inherently insecure, backed up with the threat of export denial 
for actually secure encryption.  IITF does however readily admit that 
"these export controls have limited the worldwide use of strong
encryption for electronic commerce and other purposes," an admission 
many years in coming from the Administration.  But, the paper also 
hypocritically claims that the transfer of crypto export authority from 
the State Dept. to Commerce is a step that "promotes electronic 
information security and public safety...electronic commerce and secure 
communications worldwide," rather than admitting that it is a further 
attempt to stuff the crypto genie back in the bottle and evade Federal 
court findings that software is protected expression under the First 
Amendment.

Perhaps most disturbingly, the Administration in this paper reaffirms its 
vow to "work within the OECD [and EU]...to guide... member governments as 
they develop national encryption policies," that is, lobby foreign 
governments to go along with "Clipper 3". The specific policy called for 
includes government agencies holding citizens' encryption keys 
directly, and represents a step backward from the very meager progress 
in getting the government to abandon such dangerous proposals.

Summary of, full text of, and already-received comments on the draft paper
are available at:
 http://www.iitf.nist.gov/electronic_commerce.htm

What YOU can do: The IITF is requesting comments from the public on 
these issues. Please contribute your comments so that the next draft 
preserves the good features, while encouraging a reformation of the 
Administration's anti-public-interest views on encryption, intellectual 
property, and online content regulation. If you wish to get your word 
in, reasoned, detailed, but concise comments should be sent (on paper) 
to the IITF (c/o Sr. Advisor Ira Magaziner). Full guidelines for making 
and filing comments (considerably less complicated than the FCC 
requirements mentioned below) are available at:
  http://www.iitf.nist.gov/electronic_commerce.htm

Though emailed comments are accepted, it is unclear whether these are 
considered official or not. In the case of the FCC actions mentioned
below, they are NOT official, only paper ones are.
Better to be safe than sorry.

DEADLINE: January 23, 1997.

------------------------------


Subject: 3 FCC Inquiries & Draft Rules: YOUR Comments Due!
---------------------------------------------------------

* ISPs Shouldn't Be Charged Long-Distance Carrier Fees By Local Telcos

The US Federal Communications Commission has "tentatively concluded that 
providers of information services (including Internet service providers) 
should not be subject to the interstate access charges that local 
telephone companies currently assess on long-distance carriers", as part 
of a series of proposed new regulations that "provide incentive for 
investment and innovation" in networking.

The full text of this Notice of Proposed Rulemaking is available from:
 http://www.fcc.gov/Bureaus/Common_Carrier/Notices/fcc96488.txt

An analysis of the Proposed Rulemaking by Pepper and Corazzini, L.L.P.,
is available at:
 http://www.commlaw.com/pepper/Memos/InfoLaw/access.html

What YOU can do: The FCC is requesting comments from the public on this 
matter. If you wish to get your word in, reasoned, detailed, but concise 
comments should be sent (on paper, alas) to the FCC. Full guidelines for 
making and filing comments are available at: 
 http://www.fcc.gov/Bureaus/Miscellaneous/Factsheets/comments.hlp

The docket number for this Notice of Proposed Rulemaking is "CC Docket 
Number 96-263" (you will need to include this at the top of your comments).

DEADLINE: January 27, 1997 (reply comments, in case you wish to 
challenge or support the comments of others, are due by February 13, 1997.)


* Technological Hurdles of Net Growth to Be Examined

The FCC, in a section of the same document, also seeks "to examine the 
more fundamental issues about the implications of emerging data services 
for the public switched telephone network. In the Notice of Inquiry, the 
Commission sought comment on the effects of increasing Internet usage on 
the network, alternative technologies to alleviate network congestion and 
provide higher bandwidth, and how FCC actions could facilitate efficient 
deployment of such technologies."

The full text of this Notice of Inquiry (Section X of a larger Notice of 
Proposed Rulemaking) is available from: 
http://www.fcc.gov/Bureaus/Common_Carrier/Notices/fcc96488.txt

What YOU can do: The FCC is requesting comments from the public on this
matter. If you wish to get your word in, reasoned, detailed, but concise
comments should be sent (again, on paper) to the FCC. Full guidelines for
making and filing comments are available at:
 http://www.fcc.gov/Bureaus/Miscellaneous/Factsheets/comments.hlp

The docket number for this Notice of Inquiry is "CC Docket Number 96-262" 
(you will need to include this at the top of your comments).

DEADLINE: February 21, 1997 (reply comments, in case you wish to
challenge or support the comments of others, are due by March 24, 1997.)


* Universal Service Reform

Furthermore, the FCC's Federal-State Joint Board issues to the FCC Common 
Carrier Bureau a Universal Service Recommended Decision, to implement 
provisions of the Telecommunications Act of 1996. It has many implications
for all aspects of US telecommunications. This is a much longer proposal 
than the previous two, and touches on many issues, including:
   competitive neutrality, universal service principles; services eligible
   for support; support mechanisms for rural, insular, and high cost
   areas; support for low income consumers; affordability; support for
   schools, libraries, and health care providers; administration of
   support mechanisms; and common line cost recovery.

The full text of this Recommended Decision is available from:
http://www.fcc.gov/Bureaus/Common_Carrier/Reports/decision.html

The already-received comments on the proceeding, to which you may respond 
yourself, are available at:
http://www.fcc.gov/Bureaus/Common_Carrier/Comments/rdcom.html

An analysis of the Recommended Decision provided by People for the 
American Way, Alliance for Community Media, Alliance for Communications 
Democracy, Benton Foundation, Center for Media Education, League of 
United Latin American Citizens, Minority Media and Telecommunications 
Council, National Council of La Raza, and National Rainbow Coalition, is
available at:
 http://www.benton.org/Library/Recommend/recommendations.html

What YOU can do: The FCC has requested comments from the public on this
matter, and received some. If you wish to get your word in, reasoned, 
detailed, but concise comments based on a review of both the 
Recommended Decision and the already available comments, should be sent 
(again, on paper) to the FCC. Full guidelines for making and filing 
comments are available at [NOTE! This is a different URL than above!]: 
 http://www.fcc.gov/Bureaus/Common_Carrier/Public_Notices/da961891.html

The docket number for this Notice of Inquiry is "CC Docket Number 96-45"
(you will need to include this at the top of your comments).

DEADLINE: *January 10, 1997*. The initial comment period is passed. This is
the "last chance" deadline for *reply comments*. 

------------------------------


Subject: DHHS Medical Privacy Open Hearing: YOUR Comments Due!
--------------------------------------------------------------

The US Department of Health and Human Services's National Committee on 
Vital and Health Statistics (NCVHS), Subcommittee on Privacy and 
Confidentiality is required to develop recommendations to the DHHS 
Secretary, who in turn is to submit a report to the Congress containing 
detailed recommendations on standards with respect to the privacy of 
individually identifiable health information. The report is due in August 
1997.

Another indicator of increased privacy-consciousness on the Hill, it is 
important to pack this meeting with concerned citizens. The medical 
privacy "playing field" is heavily dominated by medical and insurance 
industry lobbyists, and little public input ever reaches the ears that 
matter.  Expect, and expect to have to fight, national ID proposals and
attempts by ingrained industries to thwart any meaningful new privacy 
protections.

Excerpt from the meeting announcement:
"The purpose of the hearings is to explore in detail the options,
choices, and trade-offs that must be a part of any health privacy
legislation. To the greatest extent possible, the discussion will focus
on specific alternatives that have been identified in legislative
proposals, on the consequences for patients and institutions of new
rules for use and disclosure of health data, and on how legislation
will operate in the real world. Issues will cover the full range of
fair information practices, patient rights, limitations on use and
disclosure of identifiable information, health identification number,
preemption of state laws, and privacy-enhancing technology."

What YOU Can Do: DHHS is requesting comments from the public on this
matter. If you wish to get your word in, reasoned, detailed, but concise
comments should be sent (on paper) to DHHS. Comments should be sent to:
NCVHS Subcommittee on Privacy and Confidentiality, c/o Division of Data 
Policy, Office of the Assistant Secretary for Planning and Evaluation, 
U.S. Department of Health and Human Services, 440D Humphrey Building, 200 
Independence Avenue, S.W., Washington, DC 20201.

DEADLINE: 5pm ET, February 19, 1997.

You can also attend the hearings in person (attendance limited to
space available.) At the end of each hearing day, members of the public
can present oral testimony, limited to 3 minutes per person (you have to 
sign up on a list when you arrive to be considered for such a presentation).
Times and dates: 9am-5pm, February 3-4, 1997, and  9am-5pm, Feb. 18-19, 1997.
Place: Hubert H. Humphrey Building, 200 Independence Avenue, SW,
Room 503A, Washington, D.C. 20201. (The Humphrey Building is located one 
block from Federal Center SW Metrorail station.) Due to security measures,
you should arrive at 8:30, or at 12:30 if attending afternoon session only.

More information may be obtained from John P. Fanning, Office of the 
Assistant Secretary for Planning and Evaluation, DHHS, Room 440D Humphrey 
Building, 200 Independence Avenue S.W., Washington, D.C. 20201, telephone 
(202) 690-7100, e-mail jfann...@osaspe.dhhs.gov; or Marjorie S. Greenberg,
Acting Executive Secretary, NCVHS, NCHS, CDC, Room 1100, Presidential 
Building, 6525 Belcrest Road, Hyattsville, Maryland 20782, telephone 
(301) 436-7050.

------------------------------


Subject: FTC Privacy Hearing Report: "Notice, Choice, Security, Access"
-----------------------------------------------------------------------

The US Federal Trade Commission - the closest thing to a Privacy Commission
the US has - has released it staff report on the FTC Bureau of 
Consumer Protection's "Consumer Privacy on the Global Information 
Infrastructure" workshop (June 4-5, 1996).  The workshop was part of the
Bureau's Consumer Privacy Initiative, "an ongoing effort to bring
consumers and businesses together to address consumer privacy issues
posed by the emerging online marketplace."  A followup workshop on these 
issues is being planned, but has not yet been scheduled.  

Participants in the 1996 workshop outlined "four necessary elements of 
protecting consumer privacy online", detailed in the report: Notice to 
consumers about how personal information collected online is used; choice 
for consumers about whether and how their personal information is used;
security of personal information, if commerce in cyberspace is to 
flourish on the Internet; and access for consumers to their own personal
information to ensure accuracy.  In general, the FTC's findings closely 
mirror those of EFF's eTRUST project, more information on which is at:
http://www.etrust.org

However, the FTC report, being based on a hearing many month ago, is not 
fully up to speed on recent developments like eTRUST, and EFF is pleased
to hear of the plans for another session. Hopefully eTRUST and other 
private sector efforts can hold off attempts at direct regulation in this 
area, such as last years attempts at legislating online privacy, in ways 
that were actually detrimental to the public interest.  Any public policy 
process involving the Internet should be in the slow lane, until 
lawmakers better understand this medium.

The report and related documents including transcripts from the workshop 
are available at:
 http://www.ftc.gov/bcp/privacy/privacy.htm

------------------------------

Subject: NACIC & DoD Hint at Tracking Net Users
-----------------------------------------------

The National Counterintelligence Center (NACIC), in conjunction with most 
other federal intelleigence and law enforcement agencies, has released a 
short paper on foreign commercial and government spying on US interests 
for economic reasons.  Though the report is general, it does drift toward 
focusing on the Internet as source of trouble.  In as much as NACIC is 
pointing out long-standing Internet security problems (many of which 
could be solved by an overhaul of the intelligence community's cherished 
but senseless anti-encryption regulations), the report serves a useful end.

In other ways, however, it leaves room for concern, being perhaps too 
alarmist in suggesting that Internet connectitivity is a threat to 
proprietary information (this is no more true of the Net than of the 
telephone, unless the companies in question take inadequate security 
precautions).  

More disturbingly, the report appears to suggest in vague terms that all 
Web and other Internet communications and transactions should be 
monitorable and presumably trackable, noting that "Internet and E-mail 
networks provide direct methods of exploitation for foreign 
[intelligence] collection efforts. This is of particular concern in 
situations where programs to monitor the content of such online 
communications are lacking."

The Dept. of Defense mirrored this sentiment in no uncertain terms.
According to a Wall Street Journal article of Jan. 6, a Defense Science 
Board taskforce report calls for $580,000,000 in funding to not only create 
a US Information Warfare Center, run by an "Information Warfare Czar", but 
also to support private and public sector R&D to enable "automatically 
tracing cracker attacks back to their source", and even legally 
authorized "electronic countermeasures" right out of cyberpunk novels, 
such as the facility to infect invaders' systems with debilitating 
computer viruses via an "electronic immune system" detecting crackers 
and acting to repel and disable them.  All gee-wiz aside, such proposals 
do not bode well for computer security and user privacy.

The full text of the NACIC Annual Report to Congress on Foreign Economic 
Collection and Industrial Espionage is available at:
 http://www.nacic.gov/cind/econ96.htm

NACIC also put out another, related report, for private and public 
organizations who deal with sensitive information. This article, "Internet: 
The Fastest Growing Modus Operandi for Unsolicited Collection", is even 
more alarmist, yet is also intended for a very security-conscious audience
with reason to be "extra-careful".  The main thrust of this second report 
is to warn US companies and agencies to be on the lookout for foreigners 
asking for information via the Net. Among the advice included in the 
report is: "All requests for information received via the Internet should be
viewed with suspicion. Only respond to people who are personally known
and only after verifying their identity and address." This seems rather 
overblown, as written, but appears to be intended as a warning about
queries regarding sensitive information only. The introduction to the
newsletter containing the report says this will be it's last hardcopy issue,
"So, hook up your computer, modem, and browser . . . and we'll see you on 
the Web!!!"  Mixed messages?

This second report is available at:
 http://www.nacic.gov/cind/cindnov.htm#art2

No online copy of the DoD report has been located yet.

------------------------------


Subject: Newsnybbles
--------------------

* PTO to Hold Domain Name Trademark & Unfair Competition Hearing

According to a brief Administration statement, the US Patent & Trademark 
office will hold hearings in early 1997 to "address the trademark and 
unfair competition issues relating to domain names".  No date appears to 
have been set yet.

------------------------------


Subject: Upcoming Events
------------------------

This schedule lists EFF events, and those we feel might be of interest to
our members.  EFF events (those sponsored by us or featuring an EFF speaker)
are marked with a "*" instead of a "-" after the date.  Simlarly, government
events (such as deadlines for comments on reports or testimony submission,
or conferences at which government representatives are speaking) are marked
with "!" in place of the "-" ("!?" means a govt. speaker may appear, but
we don't know for certain yet.)  And likewise, "+" in place of "-"
indicates a non-USA event.  If it's a foreign EFF event with govt. people,
it'll be "*!+" instead of "-".  You get the idea. To let us know about an
event, please send details to Dennis Derryberry, den...@eff.org, with a
subject line containing "CALENDAR:" followed by the name of the event.

The latest version of the full EFF calendar is available from:

ftp: ftp.eff.org, /pub/EFF/calendar.eff
gopher: gopher.eff.org, 1/EFF, calendar.eff
http://www.eff.org/pub/EFF/calendar.eff

See also our new Now-Up-to-Date HTML calendar at:
http://events.eff.org


1997

Jan. 10 !* Karn v. US Dept. of State appeal hearing, Washington, DC.
          Please attend!
    URL: http://www.eff.org/pub/Legal/Karn_Schneier_export/19970108.pressrel

        ! Deadline for reply comments on FCC FSJB/CC Recommended Decision 
          on universal service reform.
          URL: http://www.fcc.gov (look for "Recommended Decision")

        - PHILADELPHIA - CALL FOR PAPERS!! - SIGIR '97 seeks original 
	  contributions (i.e. never before published) in the broad field 
	  of information storage and retrieval, covering the handling of 
	  all types of information, people's behavior in information
	  systems, and theories, models and implementations of information 
	  retrieval systems. Subscribe now to SIGIR '97 mailing list by 
	  writing to <sigi...@potomac.ncsl.nist.gov>  Information on 
	  SIGIR '97 will periodically be sent to the mailing list as well as 
	  posted at http://www.acm.org/sigir/conferences/sigir97/index.html
	  The conference will be held at the DoubleTree Hotel in 
	  Philadelphia, PA, USA, July 27 -- July 31, 1997

Jan. 13 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on
          Computer Supported Cooperative Work; deadline for paper
          submissions is January 13, 1997; papers must contain an abstract
          of not more than 100 words and not exceed 16 pages in length; full
          formatting instructions are available from
          http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/papers/
          queries: ecscw97-pap...@comp.lancs.ac.uk
          for more information:
          snail mail: ECSCW'97 Conference Office
                      Computing Department
                      Lancaster University
                      Lancaster  LA1 4YR  UK
          URL: http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/
          email: ecsc...@comp.lancs.ac.uk

Jan. 15-
     17 - WASHINGTON, DC - Universal Service '97: Redefining Universal 
	  Telecommunications Service for the Emerging Competitive
	  Environment; for more information contact:
	  tel: +1 800 822 MEET
	       +1 202 842 3022 x317
	  URL: http://brp.com

Jan. 16-
     17 - ARLINGTON, VA - NCSA International Virus Prevention Conference '97;
	  event will investigate "the continuing, worrisome, costly 
	  problem of computer virus attacks, disasters and recovery; 
	  Crystal Gateway Marriott (+1 703 271 5212);
	  more information:
	  tel: +1 717 258 1816
	  email: ivp...@ncsa.com

Jan. 19-
     21 - PALM SPRINGS, CA - Upside Technology Summit; "Managing Digital 
	  Mania: An Extreme Sport for Technology Executives"; examining 
	  effective business models and strategies in the booming world of 
	  e-commerce; Al Franken has been invited to give a closing speech;
	  La Quinta Resort & Club, Palm Springs, CA; for more info contact:
	  URL: http://www.upside.com
	  tel: +1 888 33 UPSIDE

Jan. 21 *! CDA unconstitutionaly Supreme Court case: government brief due.
	  
Jan. 23 ! Deadline for public comments on IITF GII policy overhaul
          URL: http://www.iitf.nist.gov/electronic_commerce.htm

Jan. 23-
     25 - CAMBRIDGE, MA
	  The Economics of Digital Information and Intellectual Property
	  Harvard University symposium to broaden and deepen understanding 
	  of emerging economic and business models for global publishing 
	  and information access and the attendant transformation of 
	  international information markets, institutions, and businesses.
	  First Announcement and Call for Papers; Prospective authors should 
	  submit short abstracts for review and comment as soon as possible. 
	  Acceptances of abstracts and outlines are conditional pending 
	  receipt of a satisfactory draft by December 15, 1996. Sponsored by
	  Harvard Law School.
	  email: i...@harvard.edu
	  regular mail: Tim Leshan, Information Infrastructure Project, 
		John F. Kennedy School of Government, 79 John F. Kennedy St., 
		Cambridge, MA 02138
	  tel: 617-496-1389
	  fax: 617-495-5776

Jan. 23 ! Deadline for public comments on FCC draft rules exempting
          ISPs from long distance fees imposed by local telcos
          URL: http://www.fcc.gov/isp.html

Jan. 28-
     31 - RSA Cryptography Conference - Computerworld called last year's 
	  event the sine qua non event of the crypto community; at various 
	  facilities atop Nob Hill in San Francisco, the luminaries of 
	  cryptography will gather; Right now, preparations for this 
	  conference are underway. There are many exciting ways for 
	  corporations and individuals to participate. Read on for 
	  information about presenting, exhibiting, or just attending
	  http://www.rsa.com/conf97/

Jan. 31 ! Deadline for public comments on FRB consumer privacy study.
       URL: http://www.bog.frb.fed.us/boarddocs/press/BoardActs/1996/19961223 

Feb. 3-
     4  ! DHHS medical privacy hearing #2, Washington, DC.
          Contact: +1 202 690 7100 (John Fanning)
          Email: jfann...@osaspe.dhhs.gov
Feb. 10-
     11 - Internet Society Symposium on Network and Distributed System 
	  Security; for those interested in the practical aspects of network 
	  and distributed system security, focusing on actual system design 
	  and implementation, rather than theory. Dates, final call for
          papers, advance program, and registration information will be
	  available at the URL: http://www.isoc.org/conferences/ndss97

Feb. 13 ! Deadline for public comments of DoC encryption export regualations.
     URL: http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs

        ! Deadline for reply comments on FCC draft rules exempting
          ISPs from long distance fees imposed by local telcos
          URL: http://www.fcc.gov/isp.html

Feb. 18-
     19 ! DHHS medical privacy hearing #2, Washington, DC.
          Contact: +1 202 690 7100 (John Fanning)
          Email: jfann...@osaspe.dhhs.gov

Feb. 18-
     20 - SAN JOSE, CA - DCI Internet Expo; the world's largest Internet, 
	  Web and email conference and exposition; comprehensive program 
	  will cover Web-enabled marketing, best practices for e-commerce 
	  and application development; San Jose Convention Center; also
	  will be held April 22-24 at McCormick Place in Chicago, IL;
	  email: Expo...@dciexpo.com
	  URL: http://www.dciexpo.com

Feb. 19 ! Deadline for public comments for DHHS medical privacy hearing.
          Contact: +1 202 690 7100 (John Fanning)
          Email: jfann...@osaspe.dhhs.gov

Feb. 20 *! CDA unconstitutionaly Supreme Court case: Appellee (ACLU/ALA/
          EFF/CIEC) brief due.

Feb. 21 ! Deadline for public comments on FCC inquiry into technological
          hurdles for Net growth
          URL: http://www.fcc.gov/isp.html

Feb. 24-
     28 + ANGUILLA, BRITISH WEST INDIES
	  Financial Cryptography '97 - CALL FOR PAPERS; this is a new 
	  conference on the security of digital financial transactions.
	  FC97 aims to bring together persons involved in both the
	  financial and data security fields to foster cooperation and 
	  exchange of ideas. Send a cover letter and 9 copies of an extended 
	  abstract to be received by November 29, 1996 to the Program Chair 
	  at the address given below:
	  Rafael Hirschfeld
	  FC97 Program Chair
	  CWI
	  Kruislaan 413
	  1098 SJ Amsterdam
	  The Netherlands
	  email: r...@cwi.nl
	  phone: +31 20 592 4169
	  fax: +31 20 592 4199
	  URL: http://www.cwi.nl/conferences/FC97

Mar. 1-
     5 -  ACM97: The Next 50 Years of Computing; San Jose Convention 
	  Center, March 1-5, 1997; Registration information: 
	  URL: http://www.acm.org/acm97
	  tel: +1 800 342 6626		

Mar. 3-
     5 -  NEW YORK CITY - Consumer Online Services TV; Jupiter 
	  Communications conference featuring Steve Case of AOL and 
	  Steve Perlman of WebTV; for more information contact:
	  tel: +1 800 488 4345
	  URL: http://www.jup.com

Mar. 7 *! CDA unconstitutionaly Supreme Court case: govt. reply brief due.

Mar. 11-
     14 * 7th Conference on Computers, Freedom & Privacy (CFP97), San
          Francisco Airport Hyatt Regency Hotel in Burlingame, CA.
          The "cyberliberties" mega-event.  Speakers will include EFF
          staff counsel Mike Godwin, and many others. EFF's annual Pioneer
          Awards ceremony will be held at CFP97. Early registration is
          advised (registration will probably open in Jan., and reg. info
          will appear on the CFP site listed below).
          Email: cfpi...@cfp.org.
          URL: http://www.cfp.org

Mar. 24 ! Deadline for reply comments on FCC inquiry into technological
          hurdles for Net growth
          URL: http://www.fcc.gov/isp.html

Apr. 8-
     11 - FRACTAL 97: Fractals in the Natural & Applied Sciences 4th 
          International Working Conference; Denver Colorado.  Sponsored by
          IFIP; paper submissions due by Aug. 5, 1996.
          Contact: Miroslav Novak, +44 181 547 2000 (voice), 
                   +44 181 547 7562 or 7419 (fax)
          Email: no...@kingston.ac.uk   

Apr. 22-
     24 - CHICAGO, IL - DCI Internet Expo; the world's largest Internet,
          Web and email conference and exposition; comprehensive program
          will cover Web-enabled marketing, best practices for e-commerce
          and application development; San Jose Convention Center; also
          will be held February 18-20 at the San Jose Convention Center;
          email: Expo...@dciexpo.com
          URL: http://www.dciexpo.com

June 2-
     4  - American Society for Information Science 1997 Mid-Year Conference;  
          gathering will focus on privacy and security issues online; 
          Scottsdale Arizona; paper submissions due Nov. 1, 1996.
	  Contacts:
		Gregory B. Newby, Co-Chair GSLIS/UIUC
	  	 Tel: (217) 244-7365; Email: gbne...@uiuc.edu
		Mark H. Needleman, Co chair UCOP
		 Tel: (510) 987-0530; Email: m...@stubbs.ucop.edu
		Karla Petersen, Panel  Sessions
		 Tel: (312) 508-2657; Email: kpet...@luc.edu
		Richard Hill, Executive Director, ASIS
		 Tel: (301) 495-0900; Email: rh...@cni.org
	  URL: http://www.asis.org

June 14-
     19 + CALGARY, CANADA
	  ED-MEDIA/ED-TELECOM 97--World Conference on Educational 
	  Multimedia and Hypermedia and World Conference on Educational 
	  Telecommunications are jointly held international conferences, 
	  organized by the Association for the Advancement of Computing 
	  in Education (AACE). These annual conferences serve as multi-
	  disciplinary forums for the discussion and dissemination of 
	  information on the research, development, and applications on all 
	  topics related to multimedia/hypermedia and distance education.  
	  We invite you to attend ED-MEDIA/ED-TELECOM 97 and submit proposals 
	  for papers, panels, roundtables, tutorials, workshops, 
	  demonstrations/posters, and SIG discussions. Proposals may be 
	  submitted in either hard copy (send 5 copies or fax 1 copy) 
	  or in electronic form.  Electronic proposals in the form of 
	  URL addresses or ASCII files (uncoded) are preferred.
	  Submission Deadline: Oct. 25, 1996; Send to:
	  Program Chairs
	  ED-MEDIA 97/AACE
	  P.O. Box 2966
	  Charlottesville, VA 22902, USA
	  E-mail: A...@virginia.edu; Phone: 804-973-3987; Fax: 804-978-7449
	  URL: http://www.aace.org/conf/edmedia

June 19-
     20 - WASHINGTON, DC - CyberPayments '97
	  Conference will investigate issues of online commerce including
	  electronic cash and checks, credit cards, encryption systems 
	  and security products; Sheraton Washington Hotel, Washington, DC
	  For more information contact:
	  email: vinceiab...@msn.com
	  tel: +1 216 464 2618 x228
	       +1 800 529 7375

July 13-
     17 - ACUTA 26th Annual Conference; Atlanta, Georgia.
          Contact: +1 606 278 3338 (voice)

Sep. 7 -
     11 + LANCASTER, UK - ECSCW'97, the Fifth European Conference on 
	  Computer Supported Cooperative Work; deadline for paper 
	  submissions is January 13, 1997; papers must contain an abstract 
	  of not more than 100 words and not exceed 16 pages in length; full 
	  formatting instructions are available from
	  http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/papers/
	  queries: ecscw97-pap...@comp.lancs.ac.uk
	  for more information:
	  snail mail: ECSCW'97 Conference Office
		      Computing Department
		      Lancaster University
		      Lancaster  LA1 4YR  UK
	  URL: http://www.comp.lancs.ac.uk/computing/research/cseg/ecscw97/
	  email: ecsc...@comp.lancs.ac.uk

Sep. 12-
     14   SAN DIEGO - Association of Online Professionals Annual 
	  Conference; sysop trade association's yearly gathering to 
	  discuss issues of relevance to the industry
	  URL: http://www.aop.org/confrnc.html

Oct. 28-
     31 - EDUCOM '97; Minneapolis-St. Paul, Minnesota.
          Contact: +1 202 872 4200 (voice)
          Email: c...@educom.edu

Dec. 1  - Computer Security Day (started by Washington DC chapter of the
          Assoc. for Computing Machinery, to "draw attention to computer
          security during the holdiay season when it might otherwise become
          lax."   

------------------------------


Subject: Quote of the Day
-------------------------

     "...The peculiar evil of silencing the expression of an opinion is
     that it is robbing the human race; posterity as well as the
     existing generation; those who dissent from the opinion, still more
     than those who hold it. If the opinion is right, they are deprived
     of the opportunity of exchanging error for truth: if wrong, they
     lose, what is almost as great a benefit, the clearer perception and
     livelier impression of truth, produced by its collision with
     error...We have now recognized the necessity to the mental
     well-being of mankind (on which all their other well-being depends)
     of freedom of opinion, and freedom of the expression of opinion, on
     four distinct grounds; which we will now briefly recapitulate.

     "First, if any opinion is compelled to silence, that opinion may,
     for aught we can certainly know, be true. To deny this is to assume
     our own infallibility.

     "Secondly, though the silenced opinion be an error, it may, and
     very commonly does, contain a portion of truth; and since the
     general or prevailing opinion on any subject is rarely or never the
     whole truth, it is only by the collision of adverse opinions that
     the remainder of the truth has any chance of being supplied.

     "Thirdly, even if the received opinion be not only true, but the
     whole truth; unless it is suffered to be, and actually is,
     vigorously and earnestly contested, it will, by most of those who
     receive it, be held in the manner of a prejudice, with little
     comprehension or feeling of its rational grounds.

     "And not only this, but fourthly, the meaning of the doctrine
     itself will be in danger of being lost, or enfeebled, and deprived
     of its vital effect on the character and conduct: the dogma
     becoming a mere formal profession, inefficacious for good, but
     encumbering the ground, and preventing the growth of any real and
     heartfelt conviction, from reason or personal experience."

  - John Stuart Mill essay, "On Liberty"

Find yourself wondering if your privacy and freedom of speech are safe 
when bills to censor the Internet are swimming about in a sea of of 
surveillance legislation and anti-terrorism hysteria?  Worried that in 
the rush to make us secure from ourselves that our government 
representatives may deprive us of our essential civil liberties? 
Concerned that legislative efforts nominally to "protect children" will 
actually censor all communications down to only content suitable for 
the playground?  Alarmed by commercial and religious organizations abusing
the judicial and legislative processes to stifle satire, dissent and 
criticism?

Join EFF!   
http://www.eff.org/join (or send any message to i...@eff.org).

Even if you don't live in the U.S., the anti-Internet hysteria will soon 
be visiting a legislative body near you.  If it hasn't already.

------------------------------


Subject: What YOU Can Do
------------------------

* Keep and eye on your local legislature/parliament
All kinds of wacky censorious legislation is turning up at the US state 
and non-US national levels.  Don't let it sneak by you - or by the 
online activism community. Without locals on the look out, it's very 
difficult for the Net civil liberties community to keep track of what's 
happening locally as well as globally.


* Inform your corporate government affairs person or staff counsel
if you have one. Keep them up to speed on developments you learn of,
and let your company's management know if you spot an issue that warrants
your company's involvement.


* Find out who your congresspersons are

Writing letters to, faxing, and phoning your representatives in Congress
is one very important strategy of activism, and an essential way of
making sure YOUR voice is heard on vital issues.

If you are having difficulty determining who your US legislators are,
try contacting your local League of Women Voters, who maintain a great 
deal of legislator information, or consult the free ZIPPER service
that matches Zip Codes to Congressional districts with about 85%
accuracy at:
http://www.stardot.com/~lukeseem/zip.html

Computer Currents Interactive has provided Congress contact info, sorted 
by who voted for and against the Communications Decency Act:
http://www.currents.net/congress.html (NB: Some of these folks have, 
fortunately, been voted out of office.)


* Join EFF!

You *know* privacy, freedom of speech and ability to make your voice heard
in government are important. You have probably participated in our online
campaigns and forums.  Have you become a member of EFF yet?  The best way to
protect your online rights is to be fully informed and to make your
opinions heard.  EFF members are informed and are making a difference.  Join
EFF today!

For EFF membership info, send queries to members...@eff.org, or send any
message to i...@eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector is published by:

The Electronic Frontier Foundation
1550 Bryant St., Suite 725
San Francisco CA 94103 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
Membership & donations: members...@eff.org
Legal services: sste...@eff.org
General EFF, legal, policy or online resources queries: a...@eff.org

Editor: Stanton McCandlish, Program Director/Webmaster (m...@eff.org)

This newsletter is printed on 100% recycled electrons.

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission. Press releases and EFF announcements may be reproduced individ-
ually at will.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (without the "quotes") to lists...@eff.org, which will add
you to a subscription list for EFFector.

Back issues are available at:
ftp.eff.org, /pub/EFF/Newsletters/EFFector/
gopher.eff.org, 1/EFF/Newsletters/EFFector
http://www.eff.org/pub/EFF/Newsletters/EFFector/

To get the latest issue, send any message to effector-reflec...@eff.org (or
e...@eff.org), and it will be mailed to you automagically.  You can also get
the file "current" from the EFFector directory at the above sites at any 
time for a copy of the current issue.  HTML editions available at:
http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/ 
at EFFweb.

------------------------------





End of EFFector Online v10 #01 Digest
*************************************

$$
--
NOISE    C  R  Y  P  T  O     C  I  V  I  L    R  I  G  H  T  S        /\
IN       N O N   S E R V I A M    O N L I N E   A C T I V I S M      //()\
THE      VIRTUAL CULTURE   INTELLIGENCE INCREASE   TECHNOFETISH    / /    \
VOID     Stanton McCandlish    <m...@well.com>  <m...@nitv.net>    \/______\