home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Ian & Stuart's Australian Mac: Not for Sale
/
Another.not.for.sale (Australia).iso
/
fade into you
/
being there
/
Newsletters
/
IIA Newsletter
< prev
next >
Wrap
Text File
|
1994-05-05
|
29KB
|
584 lines
NOTE: The IIA is a major industry association in the United States.
===================================================================
iiiiii iiiiii a INFORMATION POLICY ONLINE
ii ii aaa
ii ii aaa An Internet Newsletter
ii ii aaa published by the
ii ii aaaaaaaaa Information Industry Association
ii ii aaa 555 New Jersey Ave., N.W.
ii ii aaa Washington, DC 20001
ii ii aaa Internet: <iia.ipo@his.com>
iiiiii iiiiii aaaaaaa Volume 1, Number 3, May 1994
-----------------------------------------------------------------
*****************************************************************
IN THIS ISSUE:
[1] House Okays Broader Access to DMV Records
[2] Industry Gives NTIA Its Perspective on Privacy
[3] International Opposition Mounts to U.S. Government
Information Security Initiative
[4] NII Priorities: A Sampling of Views from the NII Advisory
Council
[5] Information Industry Views on Customer Proprietary Network
Information
[6] Information Industry Endorses Senate Telecommunications Bill
[7] Health Care Reform Legislation Will Have Critical Impact on
Future Information Policy and Practices
[8] Should the Federal Government Establish a U.S. Data
Protection Commission?
[9] About "Information Policy Online" and the Information
Industry Association
*****************************************************************
[1]
HOUSE OKAYS BROADER ACCESS TO DMV RECORDS
On April 20, the House of Representatives approved the
Driver's Privacy Protection Act (DPPA) as an amendment to omnibus
anti-crime legislation. The amendment, offered by Rep. James
Moran (D-Va.), incorporates significant changes to the
Senate-passed version of the DPPA, many of which had been called
for by industry [See IIA-IPO, March 1993].
The Moran amendment takes the same basic approach as the
version passed by the Senate without any hearings: a federal
requirement that states cut off public access to personal
information about any individual obtained in connection with a
motor vehicle record. The difference is that the House-passed
version sets out much broader exceptions to this access ban than
those approved by the Senate. These include: access by government
contractors as well as government agencies; broader access by a
business to verify information submitted to it; more expansive
rules for access in connection with (or anticipation of)
litigation; a specific exception for survey research and
statistical reports; access by self-insured entities for claims
investigation or antifraud use; and use by licensed private
investigators. The legislation also provides for states to set up
two "opt-out" systems that would allow individuals to remove
their names from marketing lists and/or block otherwise
unpermitted access to individual records. The records of those
not "opting out" would remain accessible for these purposes.
Finally, the Moran amendment would allow states to specifically
authorize other access for the purpose of public safety or
vehicle operation. The House version could be enforced by
criminal or civil litigation, but the criminal offenses are much
narrower than in the Senate version, and are limited to those who
knowingly misuse, or who lie to obtain, personal information from
a motor vehicle record.
Many information companies currently depend on access to
state department of motor vehicle (DMV) records to provide
valuable information products and services. The House version of
the DPPA would be far less disruptive of these uses than the
Senate-passed version. But industry expressed a broader concern
about the precedent that could be set by a federal law that
orders states to close off access to traditionally public
records. In response to this concern, both Rep. Moran and Rep.Don
Edwards (D-Cal.), chair of the Civil and Constitutional Rights
Subcommittee, placed statements in the Congressional Record when
the Moran amendment was adopted. The Moran statement stressed the
"key differences" between DMV records and other public records,
asserting that the latter "are not vulnerable to abuse in the
same way," and underscoring that the DPPA "does not apply to any
other system of public records maintained by states or local
governments." Rep. Edwards was even more emphatic, referring to
"the need to maintain the public record character" of public
records beyond the DMV, and acknowledging that "broad public
access to such [other] records remains enormously important
to our society." While floor statements are not ordinarily
accorded a great deal of weight in determining Congressional
intent, they are more significant when, as in the case of the
DPPA, the normal legislative procedures have been circumvented,
and no committee in either House has issued a formal report
explaining the legislation.
With House passage of the omnibus crime bill on April 21,
the scene now shifts to a House-Senate conference committee,
which must resolve the differences between the House and Senate
versions not only of the DPPA, but of the dozens of other titles
contained in the anti-crime package.
**************************************************************
[2]
INFORMATION INDUSTRY GIVES NTIA ITS PERSPECTIVE ON PRIVACY
The information industry's diverse companies use personally
identifiable information in a wide variety of ways, but with the
common goals of developing and distributing innovative products
and services to the public, while respecting individuals' privacy
interests. Whether information flows through conventional
channels, or in new ways in an advanced National Information
Infrastructure, this corporate responsibility to maintain fair
information practices remains. Speaking for its member companies
in comments filed March 30 with the National Telecommunications
and Information Administration (NTIA), IIA declared its
commitment to assisting information companies to fulfill this
responsibility in an efficient, comprehensive, and balanced way.
IIA's comments came in response to a sweeping Notice of
Inquiry (NOI) issued by NTIA, a Commerce Department agency, in
February. NTIA's focus is "privacy issues relating to private
sector use of telecommunications-related personal information," a
broad category which includes many information services offered
by information industry companies. The NOI places many of
the most salient questions off-limits, by excluding questions
about the privacy impact of government access to personal
information. "In fact," IIA noted, "these are precisely the
issues that are most prominent in much of the media coverage
about privacy in the NII." IIA particularly cited the digital
telephony and "Clipper chip" escrowed encryption initiatives.
IIA used the filing of comments as an opportunity to
introduce its newly approved Fair Information Practices
Guidelines [See IIA-IPO, April 1994]. The comments noted that the
guidelines drafting process, which included examination of a wide
variety of guidelines, policy statements, and other proposals,
from corporate, government and consumer organizations, both in
the U.S. and abroad, underscored "the difficulties of devising
clear rules designed for general applicability across the broad
spectrum of information products and services." IIA told NTIA
that there is unlikely to be "one size" of regulatory approach
that "fits all" types of, and uses for, personally identifiable
information.
IIA's comments also addressed First Amendment limitations on
government regulation of private sector information practices,
and the impact of technological changes. "Successful policies
should focus on the core interests of the information content,
rather than on particular media or technology. The surest route
to policy failure is to reflexively treat technology as the
enemy." Considering the importance of continuity in information
policy, neither public records -- intended to be broadly
accessible -- nor a company's customer lists -- which generally
fall outside the scope of government regulation -- change their
essential character and purpose when new technologies are used to
compile or manipulate them. Technology can also provide
powerful tools for protecting the privacy and security of the
content of information distributed in an advanced National
Information Infrastructure.
Policy makers should consider three general guidelines:
- First, any regulatory actions should seek to preserve, to
the greatest extent possible, the benefits offered by
maximizing the flow of information.
- Second, any regulatory model should seek to maximize
informed customer choice.
- Third, policy makers should take into account the full
spectrum of means for achieving desired information
practices, including market forces, expanded public
education, and self-regulatory efforts by industry and other
groups.
The development and implementation of sound, balanced
company policies on the collection, use and disclosure of
personally identifiable information can play a major role in
resolving the policy issues addressed by the NOI. As more
companies adopt specific policies, and make these known to the
public, customers and consumers become better informed and better
able to choose intelligently among competing products, based, to
whatever degree the individual finds appropriate, on privacy
factors. The information industry urges the U.S. government to
adhere to the long-standing U.S. approach to privacy issues,
whose many strengths include a respect for First Amendment
principles; a focus on restraining the intrusive activities of
government; and a pragmatic, sectoral approach.
*****************************************************************
[3]
INTERNATIONAL OPPOSITION MOUNTS TO U.S.
GOVERNMENT INFORMATION SECURITY INITIATIVES
The Clinton Administration has experienced virtually
unanimous opposition from public interest and industry groups to
the "Clipper Chip" escrowed encryption initiative for computer
security. Now international organizations are also weighing in
with opposition to Clipper and to the Digital Signature
initiative.
International businesses are demanding communication
networks in which information can flow freely and securely. As
businesses consider connecting to the National Information
Infrastructure -- or, if you prefer, the Global Information
Infrastructure (GII) -- security is critical to intra- and
inter-corporate communications and transactions. Hackers and
unauthorized parties continue to violate the privacy and
security of unprotected communications systems. The
International Chamber of Commerce, long a champion of the need
for secure communications networks, recently criticized the
Clipper initiative as "a national approach to cryptography
[which] seems to conflict with the needs of international
business." The ICC also noted that Clipper's key escrow feature
"would still be unacceptable to international companies because
one government, in this case the U.S. government, would hold the
keys.
Digital signatures are also vital to the success of the
emerging NII/GII. An international standard, RSA, is accepted in
the private sector for digital signatures, but apparently not by
the U.S. Administration. A couple of years ago, the
Administration announced its Digital Signature Algorithm (DSA) as
the proposed federal standard for digital signatures. The DSA
proposal was also almost unanimously opposed by business,
academia, and public interest groups. Part of the opposition was
an assertion that DSA infringed certain patents. Last summer,
the Administration announced a proposed patent cross-license for
DSA, under which the government could use the algorithm
royalty-free, but the private sector would have to pay patent
royalties to do digital signatures. Needless to say, this
"solution" did not quell opposition to DSA from non-governmental
sources.
On February 4, 1994, the Administration announced its intent
to achieve a digital signature algorithm that would be free from
patent license royalties. While no specifics were provided, one
option is to design a new algorithm for digital signatures.
Meanwhile, RSA continues to gain acceptance as the worldwide
digital signature system. The Information Technology Advisory
Expert Group, representing European standards organizations,
recently called for RSA to be the standard used in Europe. So
even if the Administration's goal of freeing DSA from patent
royalties can be achieved, this alone will not make DSA accepted
in the international marketplace. Regardless of continued
Administration campaigning for Clipper and DSA, the private
sector worldwide continues to embrace different implementation:
the digital encryption standard (DES) and RSA.
*****************************************************************
[4]
NII PRIORITIES: A SAMPLING OF VIEWS
FROM THE NII ADVISORY COUNCIL
At its first meeting, the U.S. Advisory Council on the
National Information Infrastructure asked its members to prepare
short papers on the major issues that should be addressed. Here
are excerpts from a few of the submissions.
ESTHER DYSON, EDventure Holdings, Inc.
The priorities we should address are:
...a definition of universal access (desirable) and
universal service (controversial). It clearly includes
interoperability of all systems, and the ability of content
providers (organizations and individuals) to disseminate content
as well as of individuals and organizations to receive it...
...the need for privacy -- ranging from technical means such
as robust encryption to laws guaranteeing individuals' ownership
and right to control information about themselves....
...recommendations concerning freedom of speech, common
carrier rights and obligations, and other constitutional issues.
Note: Ms. Dyson has been asked to co-chair the Advisory
Council's working group on privacy and intellectual property
issues.
CRAIG FIELDS, Microelectronics and Computer Technology Corp.
The Council is uniquely positioned to clarify the national
intent for universal service....Many questions have not been
fully answered:...How will we pay for these universal services
selected from the national information supermarket -- do we need
an equivalent of food stamps?...
If the Federal Government seeks to accelerate the enrichment
of the NII over the coming years, how can the taxpayer tell if it
is succeeding? Can we identify just a few specific goals for the
NII over the next, say, seven years, in terms of information
services available to Americans; and lay out a road map of how to
get to there from here -- required technological accomplishments,
if any; needed regulatory reform; or whatever?
STANLEY S. HUBBARD, Hubbard Broadcasting Inc.
There are many individuals and many organizations across the
country that have predicted new and innovative communications
systems for use within the NII. Some of the ideas are practical
and economically feasible and some are not. In order to
determine what will and will not work, what people want or do not
want, the marketplace must be totally free from any restraints by
which the government would pick "winners and losers."
MITCHELL KAPOR, Electronic Frontier Foundation
The character of the NII is best seen in what it enables,
not what it is, for the NII is no more about fiber optics, than
modern painting is about paint.
- The technical design of the NII will determine more about
its public usefulness than anything else. We have a choice to
make the NII open to a diversity of applications, information
sources and services, or to keep it closed to all but those who
own and operate the networks.
- The NII may be a platform for the rich varieties of
individual expression, for the transaction of commerce, and for
exchange of ideas, or it may be nothing but 500 channels of least
common denominator programming entertainment. We must take steps
to ensure that the NII is more than just a repetition of the
failures and shortcomings of mass media today.
DELANO LEWIS, National Public Radio
...Without sound financial incentives, private sector
players will be reluctant to provide the investment dollars
needed to make the NII a reality. [The Council should] identify
and articulate the economic incentives that need to be in place
to encourage completion of the NII without creating an artificial
bias for or against particular technologies or transmission
media. The protection of intellectual property rights is an
important concern that has both usage and financial implications.
But if the terms of access to our Nation's information
resources -- and the content of those resources themselves --
were to be determined on the basis of financial incentives alone,
I believe that all of us, in the long run, would be the poorer
for it.... The Council must also plan to address the ways in
which non-commercial entities can continue to contribute to the
wealth of information that the NII will make accessible, and
continue to have access to that information on reasonable -- and,
in some cases, even preferential -- terms.
ALEX MANDL, AT&T
The evolving NII may require a new definition of "universal
service." ...Any discussion of a new definition needs to be led
by consumers, government and industry. It must be a public debate
to balance the many stakeholders involved with public subsidies.
New approaches to providing "widespread access" for
underserved populations need to be explored. For instance,
libraries, community centers and schools, which have long been
places where people acquire information and develop skills, are
examples of locations at which a reasonable selection of
information appliances and access to NII communications services
and information resources could be made available.
VANCE OPPERMAN, West Publishing Co.
The NII must be defined by two strong guiding principles:
It must be Universal, Accessible, and Affordable.
True to the American ideal of equality, the NII must connect
all of us with one another -- regardless of place, regardless of
race -- regardless of disability or non-disability, age or
income.... It must be Information Rich.... The NII is only
useful when it is chock full of information -- information put
there by, and used by, people who are confident that they are
guaranteed:
- First Amendment Free Speech;
- Copyright and Intellectual Protections.
Creative expression, and the incentive to create, are
protected and encouraged not only by the First Amendment, but
also by society's guarantee that the products we create are
respected as ours. And we are entitled to be compensated for
creative efforts.
- Privacy. Americans don't want millions of digital neighbors
and government gumshoes reading our mail or clucking over our
cholesterol counts.
**************************************************************
[5]
I NFORMATION INDUSTRY VIEWS ON CUSTOMER
P ROPRIETARY NETWORK INFORMATION
When the Federal Communications
Commission asked for public
comments on rules governing telephone companies' use of customer
proprietary network information (CPNI), the information
industry's response concentrated on three key issues:
(1) privacy concerns in regard to CPNI;
(2) the competitive nature of such information; and
(3) the ramifications of CPNI availability under current
rules at a time when telephone companies are partnering with or
acquiring competitive information providers.
While acknowledging that some restrictions on
dissemination of personal information may be necessary, the
information industry supports the "maximum practical availability
of information such as CPNI because of its substantial value for
information product development and for the provision of better
service to the public. Consider the competitive nature of CPNI:
"It simply cannot be the case that this information is so
valuable to the mass market for information services that
exchange carriers must be given access to it, but so
insignificant that it will not create a major competitive
dislocation if it is not provided to other competitors on equal
terms." Finally, regarding the use of CPNI in partnering
arrangements between carriers and competitive information
providers, "so long as the carrier collects CPNI by virtue of its
government-granted monopoly status, it must not be permitted to
transfer that advantage to its partners or joint venturers and
thus frustrate the goal of achieving competitive equity with
regard to access to CPNI."
**************************************************************
[6]
INFORMATION INDUSTRY ENDORSES
SENATE TELECOMMUNICATIONS BILL
Speaking on behalf of its member information companies, IIA
wrote to every member of the U.S. Senate to encourage their
support for S. 1822, the Communications Act of 1994, introduced
earlier this year by Senator Fritz Hollings, Chairman of the
Senate Commerce Committee. Although the Association takes no
position on the bill's provisions governing long-distance or
equipment manufacturing, S. 1822 is the most comprehensive and
workable plan [currently before Congress] for advancing a
competitive environment for both the telecommunications and
information industries.
Information industry support for the bill is based on S.
1822's approach on many issues of key importance to the industry.
Especially praiseworthy are the legislation's provisions calling
for
(1) the unbundling of local network functions and
instituting cost-based pricing;
(2) enhancing the technological capabilities of
telecommunications networks for advanced digital offerings;
(3) creating strong structural safeguards for the provision
of a broad range of electronic publishing activities; and
(4) establishing cross-subsidy protections for the
provision of information (enhanced) services. The bill also
assures equal treatment for information services providers in
access to CPNI and in preempting state public utility regulation
of information services.
The Senate Commerce Committee is continuing with hearings on
S. 1822, with mark-up tentatively planned for later this spring.
In the meantime, Chairman Jack Brooks of the House Judiciary
Committee and Chairman John Dingell of the House Energy and
Commerce Committee are reportedly working on a new, joint draft
of H.R. 3626, passed by both Committees last month, to be brought
to the House floor. The House hopes to have comprehensive
telecommunications legislation completed shortly before or after
the Memorial Day recess.
**************************************************************
[7]
HEALTH CARE REFORM LEGISLATION WILL HAVE CRITICAL
IMPACT ON FUTURE INFORMATION POLICY AND PRACTICES
Members of Congress have introduced numerous bills to
implement health care reform, including one by Senate Majority
Leader George Mitchell. One House subcommittee with primary
jurisdiction -- the House Ways and Means Subcommittee on Health
-- has completed action on reform legislation, and several other
Senate and House committees have been holding closed-door
meetings to work out compromises on the bills.
While the major proposals differ greatly in the scale and
approach for health care delivery, all have provisions for
administrative simplification. To achieve this goal, the bills
envision a fully automated system of collection and dissemination
of information. This system would allow information about
doctors, patients, billings and claims to be transferred
electronically anytime and anywhere in the nation. Included
within the major bills are: standard setting mechanisms for
information collection; requirements that data be collected and
transmitted electronically; outlines of the official source for
the data; requirements for privacy protection of data; and
listings of entities responsible for collecting and compiling
information about the value of health care delivery systems.
These provisions could become the de facto standards for all
government information collected in the future.
In addition to the major health care reform proposals,
several bills which focus only on health care information
collection have been introduced. The Health Information
Modernization and Security Act, H.R. 3137 and S. 1494, address
only health care collection and privacy protection. H.R. 4077,
the Fair Health Information Practices Act, outlines specific
requirements for the privacy protection of individually
identifiable health care records (see IIA-IPO, April 1994).
Many people are predicting that Congress will not enact a
comprehensive health care reform proposal this year. However, in
an election year, members will be anxious to adopt some type of
reform. Because health care information collection policy has
not been in the Congressional or public spotlight, it is possible
that it could be adopted without much public discussion.
Information professionals need to watch vigilantly lest Congress
codify health care policies without fully examining the
ramifications for information policy.
**************************************************************
[8]
SHOULD THE FEDERAL GOVERNMENT ESTABLISH
A U.S. DATA PROTECTION COMMISSION?
Is there a need in the United States for a single
oversight body -- within the Federal Government -to monitor how
private sector information companies protect the privacy of
individuals? If so, what authority should that body have? In
what federal agency should it be housed? What type of guidelines
would it follow? How would its members be selected? Does
private industry have a stake in this?
These questions are being discussed by several federal
government critics as well as by Congress. The Clinton
Administration's National Information Infrastructure Task Force's
(NIITF) Privacy Working Group will soon release a report that is
likely to prescribe some type of federal government oversight in
this area. Senator Paul Simon has introduced legislation (S.1735)
that would establish a U.S. Data Protection Commission. Rep.
Gary Condit (H.R.4077) has introduced legislation to protect the
privacy of individually identifiable information in health care
records. Both the Census Bureau and the Internal Revenue Service
have established internal task forces to examine the issue of
privacy and data protection.
**************************************************************
[9]
ABOUT "INFORMATION POLICY ONLINE"
INFORMATION POLICY ONLINE (IIA-IPO) is an online newsletter
published on the Internet by the Information Industry Association
and distributed free of charge. The purpose of the Newsletter is
to inform readers of events and activities affecting information
policy, and to present an information industry viewpoint
concerning these events and activities.
IIA-IPO is copyrighted by the Information Industry
Association; however, IIA-IPO is distributed without charge and
may be freely reproduced and redistributed. Please acknowledge
IIA-IPO as the source of the information when quoting or
redistributing the newsletter.
TO SUBSCRIBE TO IIA-IPO: Send the message "subscribe" to
<iiaipo-request@his.com>.
ARCHIVES. IIA-IPO is archived. To get archived copies, ftp
to <ftpmail@his.com> with the message "GET FILENAME." Individual
monthly issues are archived with file names "iia0394.zip" for
March 1994, "iia0494.zip" for April 1994, etc.
-----------------------------------------------------------------
ABOUT THE INFORMATION INDUSTRY ASSOCIATION
THE INFORMATION INDUSTRY ASSOCIATION represents leading
organizations involved in the generation, processing,
distribution and use of information. IIA is home base for
businesses offering the innovative products and services
that make up the information marketplace. IIA fosters a
responsive and responsible forum for promoting a competitive and
growing information marketplace.
-----------------------------------------------------------------
-----------------------------------------------------------------
President of the IIA: Kenneth B. Allen
Editor of Information Policy Online: Steven J. Metalitz, IIA
Vice President and General Counsel
Consulting Editor: J. Timothy Sprehe, Sprehe Information
Management Associates
For messages to IIA-IPO: <iia.ipo@his.com>
Voice: (202) 639-8262. Fax: (202) 638-4403.
-----------------------------------------------------------------
*****************************************************************
--
______________________________________________________________________________
James Cook Internet: jcook@netcom.com
San Francisco Bay, California Compuserve: 76520,2727