Skip to main content

EFFector - Volume 7, Issue 15 - NIIAC Draft Privacy Principles

=========================================================================
  ________________             _______________          _______________
 /_______________/\           /_______________\        /\______________\
 \\\\\\\\\\\\\\\\\ \          |||||||||||||||||       / ////////////////  
  \\\\\\\\\\\\\\\\\/          |||||||||||||||||      / ////////////////
   \\\\\\_______/\            ||||||_______\        / //////_____\  
    \\\\\\\\\\\\\ \           ||||||||||||||       / /////////////
     \\\\\\\\\\\\\/____       ||||||||||||||      / ///////////// 
      \\\\\___________/\      |||||              / ////   
       \\\\\\\\\\\\\\\\ \     |||||             / ////  
        \\\\\\\\\\\\\\\\/     |||||             \////

=========================================================================
EFFector Online Volume 07 No. 15    December 15, 1994     editors@eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

In This Issue:

EFF Relocation Underway - New Contact Info!
NIIAC Draft Privacy Principles
Notes on the Pensacola BBS Busts
And...
What YOU Can Do

----------------------------------------------------------------------


Subject: EFF Relocation Underway - New Contact Info!
----------------------------------------------------

EFF is moving to larger office space. There will be *.eff.org and
EFF Outpost BBS downtime during this period.  Our servers go down today,
Thursday, Dec. 15, 1994, and will be back online no later than Monday, Dec.
19 (possibly as soon as Saturday, Dec. 17).

New contact information:

Snail mail: 1667 K St. NW, Suite 801
            Washington DC 20006-1605 USA

Phone: +1 202 861 7700
Fax:   +1 202 861 1258
BBS:   +1 202 861 1223, +1 202 861 1224

Email and network server addresses remain the same.

------------------------------


Subject: NIIAC Draft Privacy Principles
---------------------------------------

This is a draft of the NIIAC Mega-Project III's privacy principles statement.
Mega-Project III is chaired by Esther Dyson, a member of the EFF Board of
Directors.  the NII Advisory Council is composed of individuals from the
publishing, telecommunications, computer, and other fields, and serves as
a civilian advisory board for the Administration on issues regarding
information infrastructure.

Comments may be submitted regarding this draft to Esther Dyson
.


DRAFT 
OF
MEGA-PROJECT III 
(privacy, security, intellectual property)
of the 
NATIONAL INFORMATION INFRASTRUCTURE ADVISORY COUNCIL

(December 6, 1994)

PRIVACY AND RELATED SECURITY PRINCIPLES FOR THE NII

PREAMBLE

     Privacy is a cherished American value.  In designing the technological
infrastructure and the policy environment for the NII, the United States is
establishing the framework for individual, social, economic, and political
life in  the 21st century.  It is important that fundamental American
values -- including protection of privacy, freedom of speech and
association, and freedom from discrimination and protection of property
rights -- be considered in the NII.  None of these values are absolute, and
all need to be addressed in the context of the public interest.

DEFINITIONS

     Throughout this document personally identifiable information refers to
"any information that could be uniquely associated with the individual to
whom it pertains."   
        In policy discussions, privacy is frequently coupled with
confidentiality and security.  Although the terms are interrelated, it is
important that the meaning of each be understood independently. 
Information privacy is the ability of an individual to control the use and
dissemination of information that relates to himself or herself. 
Confidentiality is a tool for protecting privacy.  Sensitive information is
accorded a confidential status that  mandates specific controls, including
strict limitations on access and disclosure, that must be adhered to by
those handling the information.  Security is the totality of safeguards in
a computer-based information system.  Security protects both the system and
the information contained within it from unauthorized access and misuse. 
Security consists of hardware, software, personnel policies, information
practice policies, and disaster preparedness.  


        MEGA PROJECT III RECOMMENDS THE ADOPTION OF THE FOLLOWING PRIVACY
AND SECURITY-RELATED PRINCIPLES FOR THE NATIONAL INFORMATION INFRASTRUCTURE
(NII):


1.    Personal privacy -- including information, transactions, and
communications -- must be protected in the design, management, and use of
the NII.  Informed, uncoerced consent to the use of personally identifiable
information, as well as autonomy and individual choice are fostered by
ensuring privacy on the NII.  In addition, protection of privacy is crucial
to encouraging free speech and free association on the NII.  While privacy
protections are crucial to encourage free speech and free association on
the NII, such protections are not absolute and must continue to be
balanced,
where appropriate, by concepts of legal accountability.

2.    The privacy of communications, information, and transactions must be
protected to engender public confidence in the use of the NII.  For
instance, people should be able to encrypt lawful communications,
information, and transactions on the NII.  Network-wide and system-specific
security systems that ensure confidentiality, integrity, and privacy should
be incorporated into
the design of the NII.  In an interactive electronic environment,
transactional information should be afforded the same high standard
of legal protection as content.  To achieve its full potential, the NII
must incorporate technical and legal means to protect personal privacy.

3.   Existing constitutional and statutory limitations on access to
information and communication, such as those requiring warrants and
subpoenas, should not be diminished or weakened and should keep pace with
technological developments.

4.   Individual rights to access personally identifiable information about
themselves must not be diminished or weakened on the NII.  Individuals must
have the ability to review personally identifiable information and the
means to challenge and correct inaccurate information.

5.    Individuals should be informed of other uses and disclosures of
personally identifiable information provided by that individual or
generated  by transactions on the NII.  Personally identifiable information
about an individual provided or generated for one purpose should not be
used for an unrelated purpose or disclosed to another party without the
informed consent of the individual except as provided under existing law.

6.   Data integrity -- including accuracy, relevance, and timeliness of 
personally identifiable information -- must be paramount on the NII.  Users
of the NII, including providers of services or products on the NII, should
establish ways of ensuring data integrity, such as audit trails and means
of providing authentication.

7.    The use of a national personal identification system administered by
the federal government should not be developed as a condition for
participation
in the NII.  

8.    Subject to public policies intended to secure and maintain the
integrity and enforceability of rights and protections under U.S. laws --
such as those concerning intellectual property, defamation, child
pornography, harassment, and mail fraud -- spheres for anonymous
communication should be permitted on the NII.  Those who operate,
facilitate, or are otherwise responsible for such spheres must adequately
address the sometimes conflicting demands of anonymity, on the one hand,
and accountability, on the other.

9.    Collectors and users of personally identifiable information on the
NII should provide timely and effective notice of their privacy and related
security practices.

10.    Public education about the NII and its potential effect on
individual privacy is critical to the success of the NII. 

11.   An entity with input from federal, state and local governments and
the private sector should develop a process for overseeing  the
development,
implementation, and enforcement of privacy policy on the NII.

12.   Aggrieved individuals should have available to them effective
remedies to ensure that privacy and related security rights and laws are
enforced on the NII, and those who use these remedies should not be subject
to retaliatory  actions.


------------------------------


Subject: Notes on the Pensacola BBS Busts
-----------------------------------------

This is just a short note updating folks about EFF's tracking of the
Pensacola, Flordia BBS raids.

This is what we know so far:

1) Only three BBS searches have been confirmed.

2) The investigations center on sexual material.

3) No one has yet been charged.

Contrary to earlier reports, EFF did not send someone to the scene,
although the Association of Online Professionals may have. EFF is ready to
provide information and help contact lawyers for any defendants in the
case, but we have not yet been asked to do so.

If you are in contact with the sysops of these BBSs, please tell them that
they should contact EFF's legal services at 202-347-5400 (AFTER DEC. 17:
202-861-7700).

------------------------------


Subject: And...
---------------

Happy holidays from everyone at EFF!  :-)


Subject: Calendar of Events
---------------------------

This schedule lists EFF events, and those we feel might be of interest to
our members.

1994:

Dec. 16 - 4th Annual Loebner Prize Competition in Aritificial Intelligence,
          Calif. State U. - San Marcos.  
          Contact: Dr. Robert Epstein, +1 619 436 4400, fax: +1 619 436 4490 
          Internet: repstein@nunic.nu.edu

Dec. 31 - Deadline for proposals for ISEA 95 (see below).


1995:

Jan. 8  - Deadline for proposals, Midwest Conference on Technology,
          Employment and Community, sponsored by the UIC Center for Urban
          Economic Development
          Contact: +1 312 996 5463
          Email: jdav@mcs.com
          Conf. mailing list discussion: listserv@uic, message body:
                "SUBSCRIBE JOB-TECH  " (w/o "quotes")

Jan. 20 - Deadline for after-the-event written testimony for White House
          "Security for Health & Educational Information on the NII" open
          public meeting (held Dec. 8, 1995, Washington DC)
          Contact: Sam Shekar (DoHHS), +1 202 690 5727

Jan. 27 - Privacy, Info. Infrastructure & Healthcare Reform Symposium,
          Ohio State U., Columbus OH.  Featured speakers: Janlori Goldman
          (EFF), Rober Belair (ed., _Privacy_&_American_Business_, and former
          White House deputy counsel), Mary Gardiner Jones (CIRI, formerly
          with FTC; co-author, _21st_Century_Learning_and_Health_Care_in_the_
          Home_), Pierrot Peladeau (Societe Progestacces [Canada]), James
          Rule (author, _Politics_of_Privacy; SUNY profesor), Bruce Schneier
          (author, _Applied_Cryptography_)
          Contact: CAST/OSU, +1 614 292 8444 (resigtration)
                   Vicente Berdayes, +1 614 292 0080
          Email: vberdaye@magnus.acs.ohio-state.edu

Feb. 4  - U. of Richmond [VA] Law & Technology Assoc. Symposium on Community
          in Cyberspace, 9am-5pm EST.  Featured speakers: Shari Steele (EFF),
          Prof. Trotter Hardy (Wm. & Mary College), Brock Meeks (_CyberWire_
          Dispatch_), Asst. Professor Dan L. Burk (GMU), Henry C. Su esq. 
          (Williams, Mullen, Christian & Dobbins), Dr. Danny Arkin (Central
          VA Free-Net), Carol Woodward esq. (chair, VA Bar Assoc. Special
          Legal Networking Cmte.), Bill Cooper (VA ACLU), etc.
          Contact: LTA, +1 804 287 6811
          Email: lta@uofrlaw.urich.edu

Mar. 3-
     4  - Midwest Conference on Technology, Employment and Community,
          sponsored by the UIC Center for Urban Economic Development
          Deadline for proposals: Jan. 8, 1995
          Contact: +1 312 996 5463
          email: jdav@mcs.com
          Conf. mailing list discussion: listserv@uic, message body:
                "SUBSCRIBE JOB-TECH  " (w/o "quotes")

Mar. 27 - John Perry Barlow seminar on "Cyberspace: the New Frontier", 
          4pm local time, NCB Auditorium, 71 Science Park Dr., Singapore 0512
          Contact: Marvin Tay Eng Sin 

Mar. 28-
     31 - 5th Conference on Computers, Freedom & Privacy, Burlingame, Calif.
          Contact: Carey Heckman, +1 415 725 7788, fax: +1 415 725 1861,
          internet: cfp95@forsythe.stanford.edu

Sep. 17-
     24 - International Symposium on Electronic Art, Montreal, Quebec, Canada.
          Information: +1 514 990 0229, fax: +1 514 842 7459, internet:
          isea95@er.uqam.ca

Dec. 1  - Computer Security Day (started by Washington DC chapter of the
          Assoc. for Computing Machinery, to "draw attention to computer
          security during the holdiay season when it might otherwise become
          lax."   


Subject: What YOU Can Do
------------------------

"If five years from now we [the FBI] solve the access problem, but
what we're hearing is all encrypted, I'll probably, if I'm still here, be
talking about that in a very different way: the objective is the same.
The objective is for us to get those conversations whether they're by an
alligator clip or ones and zeros.  Whoever they are, whatever they are, I
need them."
  - FBI Director Louis Freeh, clarifying statements that the FBI may seek
    legislation to ban strong encryption, in an Oct. 1994 interview with
    Steven Levy.

Ensuring the democratic potential of the technologies of computer-mediated
communication requires active participation in the political processes that
shape our destinies.  Government agencies, legislatures and heads of state
are accustomed to making decisions about the future of technology, media,
education, and public access to information, with far-reaching and
long-lasting effects on citizens and their lives, but are accustomed to
doing so with little input or opposition from anyone but the largest of
corporations, and other government representatives.

Now, more than ever, EFF is working to make sure that you can play an
active role in making these choices. Our members are making themselves heard
on the whole range of issues. EFF collected over 5000 letters of support
for Rep. Maria Cantwell's bill to liberalize restrictions on cryptography. 
We also gathered over 1400 letters supporting Sen. Leahy's open hearings on
the proposed Clipper encryption scheme, which were held in May 1994.  And
EFF collected over 90% of the public comments that were submitted to NIST
regarding whether or not Clipper should be made a federal standard. 
Additionally, EFF has worked for the passage of legislation that would
ensure open access to the information infrastructure of today and tomorrow,
and continues to provide some of the best online resources on privacy,
intellectual freedom, the legalities of networking, and public access to
government representatives and information.

You *know* privacy, freedom of speech and ability to make your voice heard
in government are important. You have probably participated in our online
campaigns and forums.  Have you become a member of EFF yet?  The best way to
protect your online rights is to be fully informed and to make your
opinions heard.  EFF members are informed and are making a difference.  Join
EFF today!

For EFF membership info, send queries to membership@eff.org, or send any
message to info@eff.org for basic EFF info, and a membership form.


------------------------------




Administrivia
=============

EFFector Online is published by:

The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
AFTER DEC. 17: 1667 K St. NW, Suite 801
Washington DC 20006-1605 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
AFTER DEC. 17:
+1 202 861 7700 (voice)
+1 202 861 1258 (fax)
+1 202 861 1223 (BBS - 16.8k ZyXEL)
+1 202 861 1224 (BBS - 14.4k V.32bis)
Internet: ask@eff.org
Internet fax gate: remote-printer.EFF@9.0.5.5.3.9.3.2.0.2.1.tpc.int

Editor: Stanton McCandlish, Online Activist/SysOp/Archivist 

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission. Press releases and EFF announcements may be reproduced individ-
ually at will.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (without the "quotes") to listserve@eff.org, which will add
you to a subscription list for EFFector.

To get the latest issue, send any message to effector-reflector@eff.org (or
er@eff.org), and it will be mailed to you automagically.  You can also get
ftp.eff.org, /pub/EFF/Newsletters/EFFector/current at any time for a copy
of the current issue.

------------------------------



Internet Contact Addresses
--------------------------

Membership & donations: membership@eff.org
Legal services: ssteele@eff.org
Hardcopy publications: pubs@eff.org
Technical questions/problems, access to mailing lists: eff@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org




End of EFFector Online v07 #15
******************************

$$
JavaScript license information