JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for CYBER-SOCIETY-LIVE Archives















By Topic:










By Author:











Proportional Font








Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password


[CSL]: EPIC Alert 7.18


John Armitage <[log in to unmask]>


[log in to unmask][log in to unmask]> [...]46_25May200009:28:[log in to unmask]


Fri, 13 Oct 2000 08:03:21 +0100





text/plain (519 lines)

From: EPIC News [mailto:[log in to unmask]] 
Sent: Thursday, October 12, 2000 11:24 PM
To: EPIC Info
Subject: EPIC Alert 7.18


       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

   Volume 7.18                                   October 12, 2000

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.


Table of Contents

[1] EPIC Obtains First Set of FBI Carnivore Documents
[2] Congressional Office Seeks Access to Census and IRS Data
[3] Capitol Hill Hearings Focus on Internet Consumer Privacy
[4] New At-Large Members Elected to ICANN Board
[5] NIST Selects New Advanced Encryption Standard
[6] Supreme Court to Hear Thermal Imaging Case
[7] EPIC Bookstore - Think UNIX
[8] Upcoming Conferences and Events

[1] EPIC Obtains First Set of FBI Carnivore Documents

The Federal Bureau of Investigation released the first set of
documents concerning its Carnivore Internet surveillance system on
October 2.  The documents were released as a result of EPIC's Freedom
of Information Act lawsuit against the FBI and Department of Justice
(see EPIC Alert 7.15).  Of the 729 pages of material processed, nearly
200 were withheld in full and another 400 were released with
deletions.  The documents reveal the surveillance system's origins,
contain discussions of interception of voice over IP, and describe
various testing procedures.

The newly-released documents confirm that Carnivore grew out of an
earlier FBI project called "Omnivore" and reveal for the first time
that Omnivore itself replaced an older surveillance tool.  The name of
that earlier project has been blacked out of the documents, and
remains classified.  In September 1998, the FBI's Data Intercept
Technology Unit in Quantico, Virginia launched a project to migrate
Omnivore from Sun's Solaris operating system to a Windows NT platform.
"This will facilitate the miniaturization of the system and support a
wide range of personal computer (PC) equipment," according to the
project's Statement of Need.  The project was called "Phiple Troenix"
and the resulting system was named "Carnivore."

Phiple Troenix's estimated price tag of $800,000 included training for
personnel at the Bureau's National Infrastructure Protection Center
(NIPC).  The Omnivore project was formally closed down in June 1999,
at a final cost of $900,000.

Carnivore version 1.2 was released in September 1999; as of May
2000, it was in version 1.3.4.  At that time it was subjected to an
exhaustive series of carefully prescribed tests under variable
conditions.  The results, according to an internal memo, were
positive.  "Carnivore is remarkably tolerant of network aberration,
such as speed change, data corruption and targeted smurf type

An "Enhanced Carnivore" project began in November 1999 and is
scheduled to conclude in January of next year, at a total cost of
$650,000.  Some of the documents indicate that the Bureau plans to add
more features to versions 2.0 and 3.0 of Carnivore, but the details
have been mostly redacted.

The next installment of Carnivore documents is scheduled to be
released to EPIC in mid-November.

EPIC has posted scanned images of selected documents at:


[2] Congressional Office Seeks Access to Census and IRS Data

In a secretive assault on Americans' privacy, the Congressional Budget
Office (CBO) is seeking access to confidential Census Bureau records,
as well as confidential financial data collected by the Internal
Revenue Service.  Congressional supporters of the CBO's data grab are
attempting to insert into any of several pending appropriations bills
language that would authorize the unprecedented disclosure of Census
and IRS information.

The CBO proposal seeks the data, which is currently kept strictly
confidential under federal law, in order to make long-term projections
about the viability of the Social Security and Medicare programs.  The
initiative is being opposed and publicized by Rep. Carolyn Maloney
(D-NY), who has accused the CBO of trying to sneak its proposal
through the complex appropriations process currently ongoing as
Congress rushes toward adjournment.

In a letter sent to leaders of the House Appropriations Committee on
October 11, Rep. Maloney said that "changing the law that protects the
confidentiality of census data in the middle of the 2000 Census,
behind closed doors and with no public debate, sends the wrong signal
to the American public."  She cited widespread privacy concerns that
were expressed earlier this year after the Census Bureau's long-form
questionnaire sought answers to a number of intrusive personal
questions (see EPIC Alert 7.06).

The attempted disclosure is also opposed by Commerce Secretary Norman
Mineta, who told Congressional leaders that the proposal would weaken
"the most important legal structure protecting the privacy and
confidentiality of all Americans, with regard to the private
information they provide the Census Bureau."  Saying that he is
"adamantly opposed" to the proposal, Mineta noted that CBO's
initiative "would threaten public confidence in the confidentiality
of all information collected by the Census Bureau and other data
collecting agencies."

According to a coalition of consumer and privacy groups, another
last-minute amendment could detrimentally affect personal privacy.
Sen. Judd Gregg (R-NH) has attached his Social Security number
proposal, S. 2554, to the Commerce-Justice-State Appropriations Bill.
The amendment would not effectively increase protections over Social
Security numbers, but would pre-empt the ability of states to provide
stronger protections on their own.

A letter from consumer and privacy groups opposing the amendment to
the Commerce-Justice-State appropriations bill is available at:


[3] Capitol Hill Hearings Focus on Internet Consumer Privacy

On October 2, EPIC testified before the Senate Commerce Committee on
a trio of Internet privacy bills introduced by Committee members:
S. 809, the "Online Privacy Protection Act"; S. 2606, the "Consumer
Privacy Protection Act"; and S. 2928, the "Consumer Internet Privacy
Enhancement Act."  In testimony before the full Committee, EPIC argued
that there is widespread public support for privacy legislation, a
substantive privacy law will require more than the posting of privacy
policies, and protections should provide multiple enforcement
mechanisms.  In its conclusion, EPIC argued that among the three
bills, S. 2606 provides the most robust legal framework for privacy

More recently, on October 11, EPIC testified before the House Commerce
Subcommittee on Telecommunications Trade and Consumer Protection.  The
hearing on "Recent Developments in Privacy Protections for Consumers"
touched on the privacy practices of both government and commercial
websites.  In its testimony, EPIC pointed to both online profiling and
the recent trend of companies claiming customer data as assets in
bankruptcy proceedings as evidence of the need for baseline privacy
standards.  The testimony went on to argue that strong laws would give
consumer long-needed privacy rights in the online world and would
provide necessary support for developing privacy enhancing

In a related development, a recent survey conducted by Harris
Interactive and commissioned by the National Consumers League found
that more Americans are "very concerned" about loss of personal
privacy than they are about health care, crime, or taxes.  Seventy-one
percent of respondents also believed that it is absolutely essential
that companies ask permission before using personal information, and
34 percent incorrectly believed that it is illegal for companies to
share or sell personal data.

EPIC's testimony before the Senate Commerce Committee on October 2:


EPIC's testimony before the House Commerce Committee on October 11:


Results of the National Consumers League survey:


[4] New At-Large Members Elected to ICANN Board

Five new members have been elected to the Internet Corporation for
Assigned Names and Numbers (ICANN) Board of Directors.  The five new
members are the first publicly elected members of the Board and will
take their posts following ICANN's November meeting in Los Angeles.

Nii Quaynor, an employee of Network Computer Systems and administrator
for the .gh domain (Ghana), was the winner in the Africa region.
Masanobu Katoh, an employee of Fujitsu living in the United States,
placed first in the Asia/Australia/Pacific region.  In the European
region Andy Mueller-Maguhn of the Chaos Computer Club was selected.
Ivan Moura Campos, the chief executive of Akwan Information
Technologies, is the representative for the Latin America and
Caribbean region.  Cisco engineer and outspoken ICANN critic Karl
Auerbach placed first in the North America region.  The views of all
five members on civil society issues can be found at the website of
the Internet Democracy Project.

Earlier this month, the Internet Democracy Project co-sponsored two
events on the ICANN elections.  The "ICANN Candidates Forum" was held
on October 2 at the Harvard Law School in cooperation with the Berkman
Center for Internet and Society.  Another event -- "ICANN and Internet
Privatization: Technical Coordination or Cyberspace Governance?" --
was held on October 4 in cooperation with the Technology & Culture
Forum at MIT. Cybercasts of both events are available online.

ICANN will meet next in Los Angeles on November 13-17, 2000.
Participants are expected to discuss the introduction of new top-level
domains.  The following ICANN meeting will be held in Melbourne,
Australia on March 10-13, 2001.

Results of the 2000 At-Large Membership Vote:


Homepage of the Internet Democracy Project:


Information on the upcoming ICANN Meeting in Marina del Rey, November
13-17, 2000:


[5] NIST Selects New Advanced Encryption Standard

On October 2, the National Institute of Standards and Technology
(NIST) selected a new algorithm to be used as the government's
official encryption standard for the 21st century.  Rijndael, named
after its Belgian creators Joan Daemen and Vincent Rijmen, will
replace the Data Encryption Standard (DES), adopted by the federal
government as the Federal Information Processing Standard (FIPS) since

The search for a new Advanced Encryption Standard (AES) was announced
by the NIST in 1997. By March 1999, the pool of candidates was
narrowed to five finalists: MARS, RC6, Rijndael, Serpent, and Twofish.
 Rijndael was chosen for its combination of "security, performance,
efficiency, ease of implementation and flexibility."

Rijndael will now be the official scrambling standard for all U.S.
federal government agencies.  As it will be available for use
royalty-free worldwide, it is also likely to be widely adopted for use
by private sector companies both nationally and internationally.

The weakness of the Data Encryption Standard, which relied on 56 bit
encryption keys, was demonstrated in a series of DES Cracker Projects
sponsored by RSA Laboratories in 1997, 1998 and 1999.  Relying on
specialized "DES Cracker" machines, code breakers were eventually able
to recover DES keys in a matter of hours.  The AES will use three key
sizes: 128, 192 and 256 bits.  It is estimated that it would take
longer than the life of the universe to crack the AES (!!).

For complete AES-related information visit the AES home page at:


For more information on the RSA's DES Challenges visit:


[6] Supreme Court to Hear Thermal Imaging Case

On September 26, the U.S. Supreme Court agreed to hear a case that
presents the question whether the use of a device that detects heat
emanating from a home constitutes a search under the Fourth Amendment.

The petitioner, Danny Lee Kyllo, was arrested in 1992 by Oregon
officials for growing marijuana in his home.  To obtain the evidence
for the arrest, the police used (without a warrant) a thermal imaging
device that detects heat emanations inside a home.  After discovering
Kyllo's home was warmer than neighboring buildings, police then
obtained a warrant and searched Kyllo's home and found evidence of
criminal conduct.  Kyllo pleaded guilty to charges of growing
marijuana but challenged the constitutionality of the use of the
thermal imaging device absent a warrant.

The case is on appeal from the U.S. Court of Appeals for the Ninth
Circuit which held in a 2-1 decision that the use of thermal imaging
technology did not constitute a search.  Writing for the majority,
Judge Hawkins said the use of the device was not a search since its
use did not reveal any intimate details.  Further, use of the device
did not violate any reasonable expectation of privacy since Kyllo made
no attempt to conceal heat emissions, thus "demonstrating a lack of
concern with the heat emitted and a lack of a subjective privacy
expectation in the heat."  In his dissent, Judge Noonan responded that

	It is strange to focus on the homeowner's non-existent
	expectation as to emissions.  The homeowner's expectation is
	directed to the privacy of the interior of his home.  It is
	that expectation which the Fourth Amendment is intended to

While several federal Courts of Appeals have agreed with the Ninth
Circuit's decision that use of thermal imaging devices does not
constitute a search, other District and State Supreme Courts have held
that a warrant requirement should apply.

More information about Kyllo v. U.S. (No. 99-8508) is available at:


[7] EPIC Bookstore - Think UNIX

Think UNIX by Jon Lasser


Unix has a reputation for being cryptic and difficult to learn, but it
doesn't need to be that way.  Think Unix takes an analogous approach
to that of a grammar book.  Rather than teaching individual words or
phrases like most books, Think Unix teaches the set of logical
structures to be learned.  Myriad examples help you learn individual
commands, and practice problems at the end of difficult sections help
you learn the practical side of Unix.  Strong attention is paid to
learning how to read "man pages," the standard documentation on all
Unix systems, including Linux.  While most books simply tell you that
man pages exist and spend some time teaching how to use the man
command, none spend any significant amount of space teaching how to
use the content of the man pages.  Even if you are lost at the Unix
command prompt, you can learn subsystems that are specific to the Unix
flavor.  Teaches how to use Unix effectively for everyday tasks by
teaching the design model

A succinct introduction to Unix for advanced computer users that
teaches the basics but also provides a framework for additional


EPIC Publications:

"Privacy & Human Rights 2000: An International Survey of Privacy Laws
and Developments," David Banisar, author (EPIC 2000).
Price: $20. http://www.epic.org/phr/

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including, data protection, telephone
tapping, genetic databases, ID systems and freedom of information


"The Privacy Law Sourcebook 2000: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2000).
Price: $40. http://www.epic.org/pls/

The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, editors (EPIC 2000).
Price: $20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.


"Filters and Freedom - Free Speech Perspectives on Internet Content
Controls," David Sobel, editor (EPIC 1999). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


Additional titles on privacy, open government, free expression,
computer security, and crypto, as well as films and DVDs can be
ordered through the EPIC Bookstore: http://www.epic.org/bookstore/

[8] Upcoming Conferences and Events

Drawing the Blinds: Reconstructing Privacy in the Information Age.
CPSR's Annual Conference and Wiener Award Dinner. October 14, 2000.
Philadelphia, PA. For more information: http://www.cpsr.org

Gore/Bush Forum on Privacy. Institute for Communitarian Policy Studies,
George Washington University. Rep. Markey will be presenting the views
of Vice President Gore and Senior Advisor Stephen Goldsmith the
approach of Governor Bush. October 16, 2000. Washington, DC. For more
information: [log in to unmask]

Identity Theft Victim Assistance Workshop. Federal Trade Commission.
October 23-24, 2000. Washington, DC. For more information:

Identity Theft Prevention Workshop. Social Security Administration.
October 25, 2000. Washington, DC. For more information:

Privacy2000: Information and Security in the Digital Age. October 31-
November 1, 2000. Columbus, Ohio. For more information:

Mealey's Internet Law 101 Conference. November 1-2, 2000. Tysons
Corner, VA. For more information: [log in to unmask]

2000 BNA Public Policy Forum: e-commerce and internet regulation.
November 15-16, 2000. Tysons Corner, VA. For more information:

16th Annual Computer Security Applications Conference (ACSAC).
December 11-15, 2000. New Orleans, Louisiana. For more information:

Network and Distributed System Security Symposium (NDSS '01). Internet
Society. February 7-9, 2001. San Diego, CA. For more information:

Online, Offshore and Cross-Border: Regulating Global E-Commerce.
Washington College of Law, American University. March 30, 2001.
Washington, DC. For more information: http://www.wcl.american.edu

Subscription Information

The EPIC Alert is a free biweekly publication of the Electronic
Privacy Information Center. A Web-based form is available for
subscribing or unsubscribing at:


To subscribe or unsubscribe using email, send email to
[log in to unmask] with the subject: "subscribe" (no quotes) or

Back issues are available at:


Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your email address
from this list, please follow the above instructions under
"subscription information".  Please contact [log in to unmask] if you have
any other questions.

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, a
non-profit organization established in 1974 to protect civil liberties
and constitutional rights.  EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy research.
For more information, e-mail [log in to unmask], http://www.epic.org or
write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC
20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "The Fund for
Constitutional Government" and sent to EPIC, 1718 Connecticut
Ave., NW, Suite 200, Washington, DC 20009.

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.

Thank you for your support.

  ---------------------- END EPIC Alert 7.18 -----------------------



Top of Message | Previous Page | Permalink

JiscMail Tools

RSS Feeds and Sharing

Advanced Options


December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
June 2022
May 2022
March 2022
February 2022
October 2021
July 2021
June 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
July 2020
June 2020
May 2020
April 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007

JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

For help and support help@jisc.ac.uk

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager