Skip to main content
Podcast Episode - Right to Repair Catches the Car

EFFector - Volume 14, Issue 5 - ALERT: Ask Bush Administration to Implement Privacy Regulation


EFFector - Volume 14, Issue 5 - ALERT: Ask Bush Administration to Implement Privacy Regulation

    EFFector       Vol. 14, No. 5       Mar. 27, 2001
   A Publication of the Electronic Frontier Foundation     ISSN 1062-9424
  IN THE 165th ISSUE OF EFFECTOR (now with over 27,300 subscribers!):
     * ALERT: Ask Bush Administration to Implement Privacy Regulation -
     * ALERT: Industry "copy protection" scheme on YOUR hard drive
     * BayFF Meeting Apr. 6th: Chuck D. on Digital Music's Future
     * EFF Produces Two Censorware Whitepapers for NRC Study
     * EFF Files Reply Brief in MPAA v. 2600 (NY DVD DeCSS Case)
     * 7th Circuit Holds Video Game Censorship Law Unconstitutional
     * Administrivia
   For more information on EFF activities & alerts:
ALERT: Ask Bush Administration to Implement Privacy Regulation - Correctly

    Electronic Frontier Foundation Press Release March 5, 2001
   The Health & Human Services privacy regulation issued by the Clinton
   Administration in December 2000 was originally scheduled to go into
   effect on February 26, 2001, but was delayed due to an administrative
   oversight. Though it could be a first major step to national medical
   privacy protection, it has flaws.
   The public has until Friday, March 30, 2001, to submit comments to HHS
   on the regulation. Comments can be submitted electronically at:
   Comments can also be snail mailed, or hand-delivered to:
   U.S. Department of Health and Human Services 
   Attention: Privacy I 
   Room 801 
   Hubert H. Humphrey Building 
   200 Independence Avenue, SW
   Washington, D.C. 20201
Our comments:

   Sent via Web site submission
   Dear Secretary Thompson:
   Today there are no comprehensive federal rules to protect the
   confidentiality of medical record information. The rules mandated by
   the Health Insurance Portability and Accountability Act of 1996
   (HIPAA) are a good first step at protecting the sensitive information
   kept in our medical records by providing a baseline of significant
   privacy protection for medical records. Delaying implementation of the
   rule is not warranted. We need to be able to know that information in
   our private medical files will have the benefit of baseline
   protection, even as further protections are considered.
  Important Fair Information Practices Included in HIPAA
   Fair Information Practices form one of the cornerstones for protecting
   privacy in this country today. Most of the major Federal privacy laws
   incorporate fair information practices, including the Privacy Act of
   1974 and the Fair Credit Reporting Act. Including fair information
   practices in this rule maintains that strong tradition.
   Specifically, Sec. 164.520; Sec 164.522; Sec. 164.524; Sec. 164.526;
   Sec. 164.530; and Sec. 160.306 contain support for these Fair
   Information Practices. The HIPAA rules grant us the important right to
   be notified of the data practices of those who handle personal health
   records. There are also rights to request restrictions on use and
   disclosures of health records.
   The HIPAA rule grants new rights for individuals like myself to access
   our own medical files and amend it if there is erroneous information.
   Before HIPAA, doctors often did not allow patients to view their own
   medical files.
   One area that needs to be strengthened in the rule is the section that
   allows individuals to file a complaint with HHS and with the covered
   entity. We should have the right to sue directly those who violate our
   privacy rights.
  Gaps that need to be addressed by Congress or the States
   I support efforts to further strengthen the HIPAA regulations. For
   example, there should be limitations on the use of patients' data for
   marketing purposes. Sec. 154.501; Sec. 164.514. Use of health
   information is not the proper place to give equal weight to business
   and individual interests; an individual's privacy and health interests
   should always prevail. Protecting privacy for individuals would
   dictate that any disclosure of medical conditions and/or records
   should be by an opt-in process only, not opt-out. An opt-out standard,
   with its focus on initial disclosure followed by a subsequent
   revocation, will not protect any individual's privacy.
   Law enforcement must be required to obtain a warrant before it may
   obtain access to patients' data. Sec. 164.512. A properly drawn court
   order or warrant must first be obtained before medical information is
   released to law enforcement.
   The Government Health Database was discussed in the Standards for
   Privacy of Individually Identifiable Health Information in December,
   2000, (65 Fed. Reg. 62462). Under Disclosures and Uses for Government
   Health Data Systems, the proposed rule had allowed a covered entity
   that was itself a government agency collecting health data for
   analysis in support of policy, planning, regulatory, or management
   functions, to disclose protected health information to government
   health data systems. The final rule explicitly eliminated that
   provision. Consent by the patient is now required, but it contains a
   loophole when disclosure is permissible under another provision of the
   rule. This seems like a way to implicitly side step the consent issue.
   Patients should always be asked for their consent before their health
   information is funneled from one government database to another.
   Unless individuals are able to give true informed consent that is not
   conditioned upon treatment, government will steadily be able to build
   surveillance and tracking systems that will touch every aspect of our
   lives so much so that it will become a threat to our open society.
   Individuals want the privacy of their sensitive medical records to be
   strongly and unambiguously protected. In fact, given the potential for
   medical records to impact employment opportunities, financial
   offerings, family relations, social standing, and even our ability to
   obtain housing, medical records deserve the strongest possible
   This is the farthest our nation has ever come toward protecting the
   sensitive, personal information contained in our medical records.
   There are still privacy-damaging sections included in the rule but I
   believe that the rule gives a baseline right to privacy that can be
   enlarged by either Congress or the States. I encourage you to
   implement this rule without further delay.
   Your Name
   P.S. (Choose one)
   ____Please do not post my personal information on any government
   ____Feel free to post my personal information on the DHHS website

  US Rep. Ron Paul Moves to Close the Loopholes; letter to other legislators:
   Rep. Paul identifies clear loopholes in the existing proposal, in the
   dear-colleague letter below, and EFFector readers should be aware of
   them.  While we agree with Rep. Paul's observations, we believe his
   position, that the entire HIPAA should be repealed, is too extreme. 
   The regs - even with these loopholes - would be a net gain for
   American privacy.  Instead we hope that either Congress will fix the
   loopholes directly with an amendment, or that recently announced plans
   to amend the regs from within HHS are carried out, and that these
   problems are solved.
     Dear Colleague:
     Proponents of the Department of Health and Human Services' (HHS)
     so-called "medical privacy" regulation have launched a campaign to
     convince the American people that these regulations protect their
     medical privacy. However, these supposed "privacy advocates" are
     neglecting to mention that buried within this 367-pages of small print
     which comprise the medical privacy regulation are provisions that :
     Give state-favored special interests the right to access private
     medical information -- including genetic information -- without
     patients' consent (Sections 164.502 and 164.506).
     Force physicians to turn confidential medical records over to HHS and
     other government agencies and law enforcement officials without either
     individual consent or a warrant in complete disregard of the Fourth
     and Fifth Amendments (Section 160.310).
     I have introduced the Medical Privacy Protection Resolution (H.J.Res.
     38), which uses the Congressional Review Act process to overturn this
     misnamed and misguided regulation. Please don't allow medical privacy
     be eroded by a regulation which allows government and the
     politically-connected to access personal medical records without a
     patient's consent. Call Norm at 5-2831 and cosponsor the Medical
     Privacy Protection Resolution today!
     Ron Paul, M.D.


ALERT: Industry "copy protection" scheme on YOUR hard drive

The National Committee for Information Technology 
Standards (NCITS) Technical Committee T13 ( ) is 
designing copy prevention technology into all hard drives, at the behest
of the entertainment industry.  T13 has become the latest battleground
in record and movie industry efforts to cripple digital technologies and
force copy "protection" schemes onto the public's hardware.  The end
result of these proposals is to place limitations on how you use music
and movies in your digital environment. And it's being voted on right
   For more information, see:
BayFF Meeting Apr. 6th: Chuck D. on Digital Music's Future

      Media Advisory
  BayFF On April 6th, 2001 - Come Check It Out!
    Famed Rapper and Activist Chuck D., Speaks About the Challenges and
    Opportunities Facing Online Artists in the World of Digital Music
   WHAT: "BayFF" at UC Hastings - Challenges and Opportunities Facing
   Online Artists in the World of Digital Music
   WHO: Electronic Frontier Foundation, UC Hastings, Chuck D
   WHEN: Friday, April 6th, 2001 at 7PM PST
   WHERE: University of California - SF
   Hastings College of the Law
   198 McAllister Street
   San Francisco, CA. 94012
   Room: The Louis B. Mayer Lounge (LBML)
   The building is on the northeast corner of the Hyde and McAllister
   intersection. Parking is available at the Civic Center parking lot by
   city hall.
   This event is free and open to the general public. Food and beverages
   will be served.
   Famed rapper and outspoken activist Chuck D, formally of Public Enemy,
   will keynote April's BayFF as part of the Electronic Frontier
   Foundation's Campaign for Audio-Visual Free Expression (CAFE). CAFE
   works to protect freedom of expression by empowering the creative
   community in cyberspace. Chuck D will address these issues directly,
   speaking on "The Challenges and Opportunities Facing Online Artists."
   As leader and co-founder of legendary rap group Public Enemy, Chuck D
   redefined rap music and Hip Hop culture. His messages addressed
   weighty issues about race, rage and inequality.
   Most recently, Chuck has become a spokesperson for, and major
   proponent of music on the Internet. In September 1999, he launched a
   multi-format website called The site is a home for the
   global hip hop community. It provides both a television and radio
   station with original programming, a slew of Hip Hop's most prominent
   DJs, celebrity interviews, free MP3 downloads (the first was
   contributed by rap star Coolio), social commentary, current events,
   and regular features dedicated to empower aspiring musicians with the
   knowledge to turn their craft into a viable living.
   Chuck has also launched a radio station on the Internet,, and has made Public Enemy the first multi-platinum
   selling act to release their album in MP3 format via the Internet
   before it was available in retail stores.
   For directions to the event, you can use free services like or to generate driving
   directions or maps. For CalTrain and Muni directions, please call
   their information lines. You can subscribe to receive future BayFF
   annoucements. To subscribe, email and put this in
   the text (not the subject line): subscribe bayff.
   The Electronic Frontier Foundation is the leading civil liberties
   organization working to protect rights in the digital world. Founded
   in 1990, EFF actively encourages and challenges industry and
   government to support free expression, privacy, and openness in the
   information society. EFF is a member-supported organization and
   maintains one of the most-linked-to Web sites in the world:
   Hastings College of the Law was founded in 1878 by Serranus Clinton
   Hastings (the first Chief Justice of California) Hastings is the
   oldest public law school in California and the oldest in the western
   U.S. It is a part of the University of California system. In addition
   to legal practice that covers the entire spectrum of law, many
   Hastings graduates sit as judges on the California bench.
   Continuing over 10 years of defending civil liberties online, EFF
   presents a series of monthly meetings to address important issues
   where technology and policy collide. These meetings, entitled "BayFF",
   (Bay-area Friends of Freedom), kicked off on July 10, 2000, and will
   continue on a monthly basis
   For more information, see: The Electronic Frontier Foundation:
   BayFF Meetings Info Page:
   Katina Bishop
   Director of Education & Offline Activism
   Electronic Frontier Foundation
   +1 415 436 9333 x101

EFF Produces Two Censorware Whitepapers for NRC Study

   In conjunction with EFF Pioneer Award winner & blocking software
   expert Seth Finkelstein, EFF has submitted not one but two concise
   whitepapers on the problems presented by government mandated use of
   "censorware" in public libraries, in response to a National Research
   Council call for comments: 
   "Blacklisting Bytes", co-authors: Seth Finkelstein, Consulting
   Programmer; Lee Tien, Senior Staff Attorney, EFF. EFF's thesis is
   simple: The quest for a technical solution to the alleged problem of
   minors' access to "harmful" material on the Internet is both misguided
   and dangerous to civil liberties. (Mar. 6, 2001)

   "The 'vexing' question of the state's interest in preventing minors'
   access to 'harmful to minors' material", author, Lee Tien, Senior
   Staff Attorney, EFF. In this White Paper, EFF argues that the state
   interest in regulation of non-obscene non-indecent materials is much
   narrower than it appears at first glance. EFF does not here challenge
   the proposition that the government has a legitimate interest of some
   sort, but we believe that such arguments are specious. In particular,
   EFF believes that the government has failed to establish that there
   exists a problem to be solved, as distinguished from a vague fear.
   (Mar. 6, 2001)

EFF Files Reply Brief in MPAA v. 2600 (NY DVD DeCSS Case)

   EFF and attorneys Edward Hernstadt & Martin Garbus of the Frankfurt
   Garbus law firm file detailed reply brief in landmark New York
   DVD/DeCSS appeal, directly addressing all of the motion picture
   industries claims against 2600 Magazine. The full text of the document
   is available at:
   The MPAA brief it is a response to is at:
   See two groups of law professors (50 to 4 in favor of 2600) argue the

7th Circuit Holds Video Game Censorship Law Unconstitutional
   Full text of Seventh Circuit decision overturning district court's
   finding that an Indianapolis video game censorship law was
   constitutional. Appeals court differentiates "violent" video games
   (intended for children) from sexually explicit "harmful matter" that
   is "an adult invasion of children's culture" (Mar. 23, 2001)


   EFFector is published by:
   The Electronic Frontier Foundation
   454 Shotwell Street San Francisco CA 94110-1914 USA
   +1 415 436 9333 (voice)
   +1 415 436 9993 (fax)
   Editor: Stanton McCandlish, EFF Advocacy Director/Webmaster
   Membership & donations:
   General EFF, legal, policy or online resources queries:
   Reproduction of this publication in electronic media is encouraged.
   Signed articles do not necessarily represent the views of EFF. To
   reproduce signed articles individually, please contact the authors for
   their express permission. Press releases and EFF announcements &
   articles may be reproduced individually at will.
   To subscribe to EFFector via e-mail, send message BODY (not subject)
     subscribe effector
   to, which will send you a confirmation code and then
   add you to a subscription list for EFFector (after you return the
   confirmation code; instructions will be in the e-mail).
   To unsubscribe, send a similar message body to the same address, like
     unsubscribe effector
   (Please ask"> to manually add you
   to or remove you from the list if this does not work for you for some
   To change your address, send both commands at once, one per line
   (i.e., unsub your old address, and sub your new address).
   Back issues are available at:
   To get the latest issue, send any message to (or, and it will be mailed to
   you automagically. You can also get, via the Web:

Back to top

JavaScript license information