EFFector Vol. 14, No. 5 Mar. 27, 2001
[email protected]
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
IN THE 165th ISSUE OF EFFECTOR (now with over 27,300 subscribers!):
* ALERT: Ask Bush Administration to Implement Privacy Regulation -
Correctly
* ALERT: Industry "copy protection" scheme on YOUR hard drive
* BayFF Meeting Apr. 6th: Chuck D. on Digital Music's Future
* EFF Produces Two Censorware Whitepapers for NRC Study
* EFF Files Reply Brief in MPAA v. 2600 (NY DVD DeCSS Case)
* 7th Circuit Holds Video Game Censorship Law Unconstitutional
* Administrivia
For more information on EFF activities & alerts:
http://www.eff.org
_________________________________________________________________
ALERT: Ask Bush Administration to Implement Privacy Regulation - Correctly
Electronic Frontier Foundation Press Release March 5, 2001
The Health & Human Services privacy regulation issued by the Clinton
Administration in December 2000 was originally scheduled to go into
effect on February 26, 2001, but was delayed due to an administrative
oversight. Though it could be a first major step to national medical
privacy protection, it has flaws.
The public has until Friday, March 30, 2001, to submit comments to HHS
on the regulation. Comments can be submitted electronically at:
http://aspe.hhs.gov/admnsimp/
Comments can also be snail mailed, or hand-delivered to:
U.S. Department of Health and Human Services
Attention: Privacy I
Room 801
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C. 20201
Our comments:
Sent via Web site submission
Dear Secretary Thompson:
Today there are no comprehensive federal rules to protect the
confidentiality of medical record information. The rules mandated by
the Health Insurance Portability and Accountability Act of 1996
(HIPAA) are a good first step at protecting the sensitive information
kept in our medical records by providing a baseline of significant
privacy protection for medical records. Delaying implementation of the
rule is not warranted. We need to be able to know that information in
our private medical files will have the benefit of baseline
protection, even as further protections are considered.
Important Fair Information Practices Included in HIPAA
Fair Information Practices form one of the cornerstones for protecting
privacy in this country today. Most of the major Federal privacy laws
incorporate fair information practices, including the Privacy Act of
1974 and the Fair Credit Reporting Act. Including fair information
practices in this rule maintains that strong tradition.
Specifically, Sec. 164.520; Sec 164.522; Sec. 164.524; Sec. 164.526;
Sec. 164.530; and Sec. 160.306 contain support for these Fair
Information Practices. The HIPAA rules grant us the important right to
be notified of the data practices of those who handle personal health
records. There are also rights to request restrictions on use and
disclosures of health records.
The HIPAA rule grants new rights for individuals like myself to access
our own medical files and amend it if there is erroneous information.
Before HIPAA, doctors often did not allow patients to view their own
medical files.
One area that needs to be strengthened in the rule is the section that
allows individuals to file a complaint with HHS and with the covered
entity. We should have the right to sue directly those who violate our
privacy rights.
Gaps that need to be addressed by Congress or the States
I support efforts to further strengthen the HIPAA regulations. For
example, there should be limitations on the use of patients' data for
marketing purposes. Sec. 154.501; Sec. 164.514. Use of health
information is not the proper place to give equal weight to business
and individual interests; an individual's privacy and health interests
should always prevail. Protecting privacy for individuals would
dictate that any disclosure of medical conditions and/or records
should be by an opt-in process only, not opt-out. An opt-out standard,
with its focus on initial disclosure followed by a subsequent
revocation, will not protect any individual's privacy.
Law enforcement must be required to obtain a warrant before it may
obtain access to patients' data. Sec. 164.512. A properly drawn court
order or warrant must first be obtained before medical information is
released to law enforcement.
The Government Health Database was discussed in the Standards for
Privacy of Individually Identifiable Health Information in December,
2000, (65 Fed. Reg. 62462). Under Disclosures and Uses for Government
Health Data Systems, the proposed rule had allowed a covered entity
that was itself a government agency collecting health data for
analysis in support of policy, planning, regulatory, or management
functions, to disclose protected health information to government
health data systems. The final rule explicitly eliminated that
provision. Consent by the patient is now required, but it contains a
loophole when disclosure is permissible under another provision of the
rule. This seems like a way to implicitly side step the consent issue.
Patients should always be asked for their consent before their health
information is funneled from one government database to another.
Unless individuals are able to give true informed consent that is not
conditioned upon treatment, government will steadily be able to build
surveillance and tracking systems that will touch every aspect of our
lives so much so that it will become a threat to our open society.
Conclusion
Individuals want the privacy of their sensitive medical records to be
strongly and unambiguously protected. In fact, given the potential for
medical records to impact employment opportunities, financial
offerings, family relations, social standing, and even our ability to
obtain housing, medical records deserve the strongest possible
protection.
This is the farthest our nation has ever come toward protecting the
sensitive, personal information contained in our medical records.
There are still privacy-damaging sections included in the rule but I
believe that the rule gives a baseline right to privacy that can be
enlarged by either Congress or the States. I encourage you to
implement this rule without further delay.
Sincerely,
__________________________________________________________
Your Name
P.S. (Choose one)
____Please do not post my personal information on any government
website
____Feel free to post my personal information on the DHHS website
US Rep. Ron Paul Moves to Close the Loopholes; letter to other legislators:
Rep. Paul identifies clear loopholes in the existing proposal, in the
dear-colleague letter below, and EFFector readers should be aware of
them. While we agree with Rep. Paul's observations, we believe his
position, that the entire HIPAA should be repealed, is too extreme.
The regs - even with these loopholes - would be a net gain for
American privacy. Instead we hope that either Congress will fix the
loopholes directly with an amendment, or that recently announced plans
to amend the regs from within HHS are carried out, and that these
problems are solved.
Dear Colleague:
Proponents of the Department of Health and Human Services' (HHS)
so-called "medical privacy" regulation have launched a campaign to
convince the American people that these regulations protect their
medical privacy. However, these supposed "privacy advocates" are
neglecting to mention that buried within this 367-pages of small print
which comprise the medical privacy regulation are provisions that :
Give state-favored special interests the right to access private
medical information -- including genetic information -- without
patients' consent (Sections 164.502 and 164.506).
Force physicians to turn confidential medical records over to HHS and
other government agencies and law enforcement officials without either
individual consent or a warrant in complete disregard of the Fourth
and Fifth Amendments (Section 160.310).
I have introduced the Medical Privacy Protection Resolution (H.J.Res.
38), which uses the Congressional Review Act process to overturn this
misnamed and misguided regulation. Please don't allow medical privacy
be eroded by a regulation which allows government and the
politically-connected to access personal medical records without a
patient's consent. Call Norm at 5-2831 and cosponsor the Medical
Privacy Protection Resolution today!
Sincerely,
Ron Paul, M.D.
_________________________________________________________________
ALERT: Industry "copy protection" scheme on YOUR hard drive
The National Committee for Information Technology
Standards (NCITS) Technical Committee T13 (
http://www.t13.org ) is
designing copy prevention technology into all hard drives, at the behest
of the entertainment industry. T13 has become the latest battleground
in record and movie industry efforts to cripple digital technologies and
force copy "protection" schemes onto the public's hardware. The end
result of these proposals is to place limitations on how you use music
and movies in your digital environment. And it's being voted on right
now.
For more information, see:
http://www.eff.org/IP/DRM/CPRM/20010328_eff_cprm_alert.html
_________________________________________________________________
BayFF Meeting Apr. 6th: Chuck D. on Digital Music's Future
Media Advisory
BayFF On April 6th, 2001 - Come Check It Out!
Famed Rapper and Activist Chuck D., Speaks About the Challenges and
Opportunities Facing Online Artists in the World of Digital Music
WHAT: "BayFF" at UC Hastings - Challenges and Opportunities Facing
Online Artists in the World of Digital Music
WHO: Electronic Frontier Foundation, UC Hastings, Chuck D
WHEN: Friday, April 6th, 2001 at 7PM PST
WHERE: University of California - SF
Hastings College of the Law
198 McAllister Street
San Francisco, CA. 94012
Room: The Louis B. Mayer Lounge (LBML)
The building is on the northeast corner of the Hyde and McAllister
intersection. Parking is available at the Civic Center parking lot by
city hall.
This event is free and open to the general public. Food and beverages
will be served.
Famed rapper and outspoken activist Chuck D, formally of Public Enemy,
will keynote April's BayFF as part of the Electronic Frontier
Foundation's Campaign for Audio-Visual Free Expression (CAFE). CAFE
works to protect freedom of expression by empowering the creative
community in cyberspace. Chuck D will address these issues directly,
speaking on "The Challenges and Opportunities Facing Online Artists."
As leader and co-founder of legendary rap group Public Enemy, Chuck D
redefined rap music and Hip Hop culture. His messages addressed
weighty issues about race, rage and inequality.
Most recently, Chuck has become a spokesperson for, and major
proponent of music on the Internet. In September 1999, he launched a
multi-format website called Rapstation.com. The site is a home for the
global hip hop community. It provides both a television and radio
station with original programming, a slew of Hip Hop's most prominent
DJs, celebrity interviews, free MP3 downloads (the first was
contributed by rap star Coolio), social commentary, current events,
and regular features dedicated to empower aspiring musicians with the
knowledge to turn their craft into a viable living.
Chuck has also launched a radio station on the Internet,
BringTheNoise.com, and has made Public Enemy the first multi-platinum
selling act to release their album in MP3 format via the Internet
before it was available in retail stores.
For directions to the event, you can use free services like
http://www.mapquest.com or
http://maps.yahoo.com to generate driving
directions or maps. For CalTrain and Muni directions, please call
their information lines. You can subscribe to receive future BayFF
annoucements. To subscribe, email
[email protected] and put this in
the text (not the subject line): subscribe bayff.
The Electronic Frontier Foundation is the leading civil liberties
organization working to protect rights in the digital world. Founded
in 1990, EFF actively encourages and challenges industry and
government to support free expression, privacy, and openness in the
information society. EFF is a member-supported organization and
maintains one of the most-linked-to Web sites in the world:
http://www.eff.org
Hastings College of the Law was founded in 1878 by Serranus Clinton
Hastings (the first Chief Justice of California) Hastings is the
oldest public law school in California and the oldest in the western
U.S. It is a part of the University of California system. In addition
to legal practice that covers the entire spectrum of law, many
Hastings graduates sit as judges on the California bench.
Continuing over 10 years of defending civil liberties online, EFF
presents a series of monthly meetings to address important issues
where technology and policy collide. These meetings, entitled "BayFF",
(Bay-area Friends of Freedom), kicked off on July 10, 2000, and will
continue on a monthly basis
For more information, see: The Electronic Frontier Foundation:
http://www.eff.org
BayFF Meetings Info Page:
http://www.eff.org/bayff
Contact:
Katina Bishop
Director of Education & Offline Activism
Electronic Frontier Foundation
+1 415 436 9333 x101
[email protected]
_________________________________________________________________
EFF Produces Two Censorware Whitepapers for NRC Study
In conjunction with EFF Pioneer Award winner & blocking software
expert Seth Finkelstein, EFF has submitted not one but two concise
whitepapers on the problems presented by government mandated use of
"censorware" in public libraries, in response to a National Research
Council call for comments:
"Blacklisting Bytes", co-authors: Seth Finkelstein, Consulting
Programmer; Lee Tien, Senior Staff Attorney, EFF. EFF's thesis is
simple: The quest for a technical solution to the alleged problem of
minors' access to "harmful" material on the Internet is both misguided
and dangerous to civil liberties. (Mar. 6, 2001)
http://www.eff.org/Censorship/Censorware/20010306_eff_nrc_paper1.html
"The 'vexing' question of the state's interest in preventing minors'
access to 'harmful to minors' material", author, Lee Tien, Senior
Staff Attorney, EFF. In this White Paper, EFF argues that the state
interest in regulation of non-obscene non-indecent materials is much
narrower than it appears at first glance. EFF does not here challenge
the proposition that the government has a legitimate interest of some
sort, but we believe that such arguments are specious. In particular,
EFF believes that the government has failed to establish that there
exists a problem to be solved, as distinguished from a vague fear.
(Mar. 6, 2001)
http://www.eff.org/Censorship/Censorware/20010306_eff_nrc_paper2.html
_________________________________________________________________
EFF Files Reply Brief in MPAA v. 2600 (NY DVD DeCSS Case)
EFF and attorneys Edward Hernstadt & Martin Garbus of the Frankfurt
Garbus law firm file detailed reply brief in landmark New York
DVD/DeCSS appeal, directly addressing all of the motion picture
industries claims against 2600 Magazine. The full text of the document
is available at:
http://eff.org/IP/Video/MPAA_DVD_cases/20010319_ny_eff_appeal_reply_brief.html
The MPAA brief it is a response to is at:
http://www.eff.org/IP/Video/MPAA_DVD_cases/20010313_ny_dvdcca_amicus.html
See two groups of law professors (50 to 4 in favor of 2600) argue the
matter:
http://www.eff.org/IP/Video/MPAA_DVD_cases/20010126_ny_lawprofs_amicus.html
http://www.eff.org/IP/Video/MPAA_DVD_cases/20010312_ny_law_profs_amicus_for_op.html
_________________________________________________________________
7th Circuit Holds Video Game Censorship Law Unconstitutional
http://www.eff.org/Legal/Cases/American_Amusement_v_Kendrick/20010323_appellate_decision.html
Full text of Seventh Circuit decision overturning district court's
finding that an Indianapolis video game censorship law was
constitutional. Appeals court differentiates "violent" video games
(intended for children) from sexually explicit "harmful matter" that
is "an adult invasion of children's culture" (Mar. 23, 2001)
_________________________________________________________________
Administrivia
EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
http://www.eff.org
Editor: Stanton McCandlish, EFF Advocacy Director/Webmaster
(
[email protected])
Membership & donations:
[email protected]
General EFF, legal, policy or online resources queries:
[email protected]
Reproduction of this publication in electronic media is encouraged.
Signed articles do not necessarily represent the views of EFF. To
reproduce signed articles individually, please contact the authors for
their express permission. Press releases and EFF announcements &
articles may be reproduced individually at will.
To subscribe to EFFector via e-mail, send message BODY (not subject)
of:
subscribe effector
to
[email protected], which will send you a confirmation code and then
add you to a subscription list for EFFector (after you return the
confirmation code; instructions will be in the e-mail).
To unsubscribe, send a similar message body to the same address, like
so:
unsubscribe effector
(Please ask
[email protected]">
[email protected] to manually add you
to or remove you from the list if this does not work for you for some
reason.)
To change your address, send both commands at once, one per line
(i.e., unsub your old address, and sub your new address).
Back issues are available at:
http://www.eff.org/effector
To get the latest issue, send any message to
[email protected] (or
[email protected]), and it will be mailed to
you automagically. You can also get, via the Web:
http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html
_________________________________________________________________