========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / //////////////// \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\\_______/\ ||||||_______\ / //////_____\ \\\\\\\\\\\\\ \ |||||||||||||| / ///////////// \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\ \ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 07 No. 15 December 15, 1994 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: EFF Relocation Underway - New Contact Info! NIIAC Draft Privacy Principles Notes on the Pensacola BBS Busts And... What YOU Can Do ---------------------------------------------------------------------- Subject: EFF Relocation Underway - New Contact Info! ---------------------------------------------------- EFF is moving to larger office space. There will be *.eff.org and EFF Outpost BBS downtime during this period. Our servers go down today, Thursday, Dec. 15, 1994, and will be back online no later than Monday, Dec. 19 (possibly as soon as Saturday, Dec. 17). New contact information: Snail mail: 1667 K St. NW, Suite 801 Washington DC 20006-1605 USA Phone: +1 202 861 7700 Fax: +1 202 861 1258 BBS: +1 202 861 1223, +1 202 861 1224 Email and network server addresses remain the same. ------------------------------ Subject: NIIAC Draft Privacy Principles --------------------------------------- This is a draft of the NIIAC Mega-Project III's privacy principles statement. Mega-Project III is chaired by Esther Dyson, a member of the EFF Board of Directors. the NII Advisory Council is composed of individuals from the publishing, telecommunications, computer, and other fields, and serves as a civilian advisory board for the Administration on issues regarding information infrastructure. Comments may be submitted regarding this draft to Esther Dyson . DRAFT OF MEGA-PROJECT III (privacy, security, intellectual property) of the NATIONAL INFORMATION INFRASTRUCTURE ADVISORY COUNCIL (December 6, 1994) PRIVACY AND RELATED SECURITY PRINCIPLES FOR THE NII PREAMBLE Privacy is a cherished American value. In designing the technological infrastructure and the policy environment for the NII, the United States is establishing the framework for individual, social, economic, and political life in the 21st century. It is important that fundamental American values -- including protection of privacy, freedom of speech and association, and freedom from discrimination and protection of property rights -- be considered in the NII. None of these values are absolute, and all need to be addressed in the context of the public interest. DEFINITIONS Throughout this document personally identifiable information refers to "any information that could be uniquely associated with the individual to whom it pertains." In policy discussions, privacy is frequently coupled with confidentiality and security. Although the terms are interrelated, it is important that the meaning of each be understood independently. Information privacy is the ability of an individual to control the use and dissemination of information that relates to himself or herself. Confidentiality is a tool for protecting privacy. Sensitive information is accorded a confidential status that mandates specific controls, including strict limitations on access and disclosure, that must be adhered to by those handling the information. Security is the totality of safeguards in a computer-based information system. Security protects both the system and the information contained within it from unauthorized access and misuse. Security consists of hardware, software, personnel policies, information practice policies, and disaster preparedness. MEGA PROJECT III RECOMMENDS THE ADOPTION OF THE FOLLOWING PRIVACY AND SECURITY-RELATED PRINCIPLES FOR THE NATIONAL INFORMATION INFRASTRUCTURE (NII): 1. Personal privacy -- including information, transactions, and communications -- must be protected in the design, management, and use of the NII. Informed, uncoerced consent to the use of personally identifiable information, as well as autonomy and individual choice are fostered by ensuring privacy on the NII. In addition, protection of privacy is crucial to encouraging free speech and free association on the NII. While privacy protections are crucial to encourage free speech and free association on the NII, such protections are not absolute and must continue to be balanced, where appropriate, by concepts of legal accountability. 2. The privacy of communications, information, and transactions must be protected to engender public confidence in the use of the NII. For instance, people should be able to encrypt lawful communications, information, and transactions on the NII. Network-wide and system-specific security systems that ensure confidentiality, integrity, and privacy should be incorporated into the design of the NII. In an interactive electronic environment, transactional information should be afforded the same high standard of legal protection as content. To achieve its full potential, the NII must incorporate technical and legal means to protect personal privacy. 3. Existing constitutional and statutory limitations on access to information and communication, such as those requiring warrants and subpoenas, should not be diminished or weakened and should keep pace with technological developments. 4. Individual rights to access personally identifiable information about themselves must not be diminished or weakened on the NII. Individuals must have the ability to review personally identifiable information and the means to challenge and correct inaccurate information. 5. Individuals should be informed of other uses and disclosures of personally identifiable information provided by that individual or generated by transactions on the NII. Personally identifiable information about an individual provided or generated for one purpose should not be used for an unrelated purpose or disclosed to another party without the informed consent of the individual except as provided under existing law. 6. Data integrity -- including accuracy, relevance, and timeliness of personally identifiable information -- must be paramount on the NII. Users of the NII, including providers of services or products on the NII, should establish ways of ensuring data integrity, such as audit trails and means of providing authentication. 7. The use of a national personal identification system administered by the federal government should not be developed as a condition for participation in the NII. 8. Subject to public policies intended to secure and maintain the integrity and enforceability of rights and protections under U.S. laws -- such as those concerning intellectual property, defamation, child pornography, harassment, and mail fraud -- spheres for anonymous communication should be permitted on the NII. Those who operate, facilitate, or are otherwise responsible for such spheres must adequately address the sometimes conflicting demands of anonymity, on the one hand, and accountability, on the other. 9. Collectors and users of personally identifiable information on the NII should provide timely and effective notice of their privacy and related security practices. 10. Public education about the NII and its potential effect on individual privacy is critical to the success of the NII. 11. An entity with input from federal, state and local governments and the private sector should develop a process for overseeing the development, implementation, and enforcement of privacy policy on the NII. 12. Aggrieved individuals should have available to them effective remedies to ensure that privacy and related security rights and laws are enforced on the NII, and those who use these remedies should not be subject to retaliatory actions. ------------------------------ Subject: Notes on the Pensacola BBS Busts ----------------------------------------- This is just a short note updating folks about EFF's tracking of the Pensacola, Flordia BBS raids. This is what we know so far: 1) Only three BBS searches have been confirmed. 2) The investigations center on sexual material. 3) No one has yet been charged. Contrary to earlier reports, EFF did not send someone to the scene, although the Association of Online Professionals may have. EFF is ready to provide information and help contact lawyers for any defendants in the case, but we have not yet been asked to do so. If you are in contact with the sysops of these BBSs, please tell them that they should contact EFF's legal services at 202-347-5400 (AFTER DEC. 17: 202-861-7700). ------------------------------ Subject: And... --------------- Happy holidays from everyone at EFF! :-) Subject: Calendar of Events --------------------------- This schedule lists EFF events, and those we feel might be of interest to our members. 1994: Dec. 16 - 4th Annual Loebner Prize Competition in Aritificial Intelligence, Calif. State U. - San Marcos. Contact: Dr. Robert Epstein, +1 619 436 4400, fax: +1 619 436 4490 Internet: repstein@nunic.nu.edu Dec. 31 - Deadline for proposals for ISEA 95 (see below). 1995: Jan. 8 - Deadline for proposals, Midwest Conference on Technology, Employment and Community, sponsored by the UIC Center for Urban Economic Development Contact: +1 312 996 5463 Email: jdav@mcs.com Conf. mailing list discussion: listserv@uic, message body: "SUBSCRIBE JOB-TECH " (w/o "quotes") Jan. 20 - Deadline for after-the-event written testimony for White House "Security for Health & Educational Information on the NII" open public meeting (held Dec. 8, 1995, Washington DC) Contact: Sam Shekar (DoHHS), +1 202 690 5727 Jan. 27 - Privacy, Info. Infrastructure & Healthcare Reform Symposium, Ohio State U., Columbus OH. Featured speakers: Janlori Goldman (EFF), Rober Belair (ed., _Privacy_&_American_Business_, and former White House deputy counsel), Mary Gardiner Jones (CIRI, formerly with FTC; co-author, _21st_Century_Learning_and_Health_Care_in_the_ Home_), Pierrot Peladeau (Societe Progestacces [Canada]), James Rule (author, _Politics_of_Privacy; SUNY profesor), Bruce Schneier (author, _Applied_Cryptography_) Contact: CAST/OSU, +1 614 292 8444 (resigtration) Vicente Berdayes, +1 614 292 0080 Email: vberdaye@magnus.acs.ohio-state.edu Feb. 4 - U. of Richmond [VA] Law & Technology Assoc. Symposium on Community in Cyberspace, 9am-5pm EST. Featured speakers: Shari Steele (EFF), Prof. Trotter Hardy (Wm. & Mary College), Brock Meeks (_CyberWire_ Dispatch_), Asst. Professor Dan L. Burk (GMU), Henry C. Su esq. (Williams, Mullen, Christian & Dobbins), Dr. Danny Arkin (Central VA Free-Net), Carol Woodward esq. (chair, VA Bar Assoc. Special Legal Networking Cmte.), Bill Cooper (VA ACLU), etc. Contact: LTA, +1 804 287 6811 Email: lta@uofrlaw.urich.edu Mar. 3- 4 - Midwest Conference on Technology, Employment and Community, sponsored by the UIC Center for Urban Economic Development Deadline for proposals: Jan. 8, 1995 Contact: +1 312 996 5463 email: jdav@mcs.com Conf. mailing list discussion: listserv@uic, message body: "SUBSCRIBE JOB-TECH " (w/o "quotes") Mar. 27 - John Perry Barlow seminar on "Cyberspace: the New Frontier", 4pm local time, NCB Auditorium, 71 Science Park Dr., Singapore 0512 Contact: Marvin Tay Eng Sin Mar. 28- 31 - 5th Conference on Computers, Freedom & Privacy, Burlingame, Calif. Contact: Carey Heckman, +1 415 725 7788, fax: +1 415 725 1861, internet: cfp95@forsythe.stanford.edu Sep. 17- 24 - International Symposium on Electronic Art, Montreal, Quebec, Canada. Information: +1 514 990 0229, fax: +1 514 842 7459, internet: isea95@er.uqam.ca Dec. 1 - Computer Security Day (started by Washington DC chapter of the Assoc. for Computing Machinery, to "draw attention to computer security during the holdiay season when it might otherwise become lax." Subject: What YOU Can Do ------------------------ "If five years from now we [the FBI] solve the access problem, but what we're hearing is all encrypted, I'll probably, if I'm still here, be talking about that in a very different way: the objective is the same. The objective is for us to get those conversations whether they're by an alligator clip or ones and zeros. Whoever they are, whatever they are, I need them." - FBI Director Louis Freeh, clarifying statements that the FBI may seek legislation to ban strong encryption, in an Oct. 1994 interview with Steven Levy. Ensuring the democratic potential of the technologies of computer-mediated communication requires active participation in the political processes that shape our destinies. Government agencies, legislatures and heads of state are accustomed to making decisions about the future of technology, media, education, and public access to information, with far-reaching and long-lasting effects on citizens and their lives, but are accustomed to doing so with little input or opposition from anyone but the largest of corporations, and other government representatives. Now, more than ever, EFF is working to make sure that you can play an active role in making these choices. Our members are making themselves heard on the whole range of issues. EFF collected over 5000 letters of support for Rep. Maria Cantwell's bill to liberalize restrictions on cryptography. We also gathered over 1400 letters supporting Sen. Leahy's open hearings on the proposed Clipper encryption scheme, which were held in May 1994. And EFF collected over 90% of the public comments that were submitted to NIST regarding whether or not Clipper should be made a federal standard. Additionally, EFF has worked for the passage of legislation that would ensure open access to the information infrastructure of today and tomorrow, and continues to provide some of the best online resources on privacy, intellectual freedom, the legalities of networking, and public access to government representatives and information. You *know* privacy, freedom of speech and ability to make your voice heard in government are important. You have probably participated in our online campaigns and forums. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today! For EFF membership info, send queries to membership@eff.org, or send any message to info@eff.org for basic EFF info, and a membership form. ------------------------------ Administrivia ============= EFFector Online is published by: The Electronic Frontier Foundation 1001 G Street NW, Suite 950 E Washington DC 20001 USA AFTER DEC. 17: 1667 K St. NW, Suite 801 Washington DC 20006-1605 USA +1 202 347 5400 (voice) +1 202 393 5509 (fax) +1 202 638 6119 (BBS - 16.8k ZyXEL) +1 202 638 6120 (BBS - 14.4k V.32bis) AFTER DEC. 17: +1 202 861 7700 (voice) +1 202 861 1258 (fax) +1 202 861 1223 (BBS - 16.8k ZyXEL) +1 202 861 1224 (BBS - 14.4k V.32bis) Internet: ask@eff.org Internet fax gate: remote-printer.EFF@9.0.5.5.3.9.3.2.0.2.1.tpc.int Editor: Stanton McCandlish, Online Activist/SysOp/Archivist Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements may be reproduced individ- ually at will. To subscribe to EFFector via email, send message body of "subscribe effector-online" (without the "quotes") to listserve@eff.org, which will add you to a subscription list for EFFector. To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automagically. You can also get ftp.eff.org, /pub/EFF/Newsletters/EFFector/current at any time for a copy of the current issue. ------------------------------ Internet Contact Addresses -------------------------- Membership & donations: membership@eff.org Legal services: ssteele@eff.org Hardcopy publications: pubs@eff.org Technical questions/problems, access to mailing lists: eff@eff.org General EFF, legal, policy or online resources queries: ask@eff.org End of EFFector Online v07 #15 ****************************** $$