EFFector       Vol. 14, No. 30       Oct. 10, 2001     [email protected]

  A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

   In the 188th Issue of EFFector (now with over 29,300 subscribers!):

    * ALERT: "Anti-Terrorism" Surveillance Bill May Pass on Thu.
    * Administrivia

  For more information on EFF activities & alerts: http://www.eff.org/

  To join EFF or make an additional donation:
    http://www.eff.org/support/
  EFF is a member-supported nonprofit. Please sign up as a member today!
    _________________________________________________________________

ALERT: "Anti-Terrorism" Surveillance Bill May Pass on Thu.

 Act Today and Ask Your Legislators to Vote Against Rushed, Invasive
 Legislation

   Electronic Frontier Foundation ACTION ALERT

   (Issued: Wednesday, October 10, 2001 / Deadline: Thursday, October 11,
   2001, unless extended)

  Though legislators are finally becoming aware of civil liberties
  concerns surrounding the draft Anti-Terrorism Act and related
  legislation, and some not-as-bad versions of the legislation exist,
  the Administration is pushing very hard to have their preferred
  version voted on pre-emptively by both the House and the Senate within
  the next few days. The Senate is expected to hold a vote tomorrow
  afternoon, with only four or fewer amendments being permitted. Sen.
  Feingold is expected to offer some amendments, but they will not
  address all of the concerns with this legislation.

 What YOU Can Do Now:

    * EFF urges you to contact your legislators immediately and let them
      know that you believe it is too soon to pass such sweeping changes
      to American privacy and criminal justice laws, and that Congress
      should hold full, open hearings on all issued raised by these
      bills, which depsite their names, do not stick to anti-terrorism
      issues. Let them know that you do not believe liberty must be
      sacrified for security. Please be polite and concise, but firm.
      For information on how to contact your legislators and other
      government officials, see EFF's "Contacting Congress and Other
      Policymakers" guide at:
        http://www.eff.org/congress.html
      and see also the links below.
    * Join EFF! For membership information see:
        http://www.eff.org/support/

 Contacting Your Legislators

  Please call them, and also fax and e-mail your message. Keep it short,
  and ask them to vote AGAINST this legislation at this time, unless and
  until extensive hearings are conducted, because the bills pose
  unprecendented threats to American privacy, to basic justice, and to
  equal treatment under the law. Use their Washington fax and e-mail
  contact info, which you can get from Project Vote Smart:
    http://www.vote-smart.org/vote-smart/data.phtml?dtype=C&style=
  or the House:
    http://www.house.gov/house/MemberWWW.html
  and Senate:
    http://www.senate.gov/senators/index.cfm
  websites.

 Non-US Activists

  Non-US readers can probably have little impact on the US Congress's
  votes on these matters, and could even affect them negatively. Your
  best course of action is to contact your own
  legislators/parliamentarians and urge them to avoid similar policies
  in your own country.

 Privacy Campaign:

  This drive to contact your legislators about unprecedented wiretap
  power expansion is part of a larger campaign to highlight how
  extensively companies and governmental agencies subject us to
  surveillance and share and use personal information online & offline,
  and what you can do about it.

  Check the EFF Privacy Now! Campaign website regularly for additional
  alerts and news:
    http://www.eff.org/privnow/

 Background:

  EFF again urges Congress to act with deliberation and approve only
  measures that are effective in preventing terrorism while protecting
  the freedoms of Americans.

  "The theme of freedom in the face of terrorist attacks should include
  a focus on measures that preserve rather than diminish our civil
  liberties," said EFF Exec. Dir. Shari Steele.

  The DOJ's own analysis of another particularly egregious provision of
  the ATA points out that "United States prosecutors may use against
  American citizens information collected by a foreign government even
  if the collection would have violated the Fourth Amendment."

  "Operating from abroad, foreign governments could do the dirty work of
  spying on the communications of Americans worldwide. US protections
  against unreasonable search and seizure won't matter," commented EFF
  Senior Staff Attorney Lee Tien.

  Additional provisions of the proposed Anti-Terrorism Act include the
  following measures:
    * make it possible to obtain e-mail message header information,
      Internet user web browsing patterns, and "stored" voicemail
      without a wiretap order
    * eviscerate controls on Title III roving wiretaps
    * permit law enforcement to disclose information obtained through
      wiretaps to any employee of the Executive branch
    * reduce restrictions on domestic investigations under the Foreign
      Intelligence Surveillance Act (FISA)
    * permit grand juries to provide information to the US intelligence
      community
    * permit the President to designate any "foreign-directed
      individual, group, or entity," including any United States citizen
      or organization, as a target for FISA surveillance
    * prevent people from providing "expert advice" to terrorists
    * extends federal DNA database to every person convicted of a
      federal terrorism offense which includes low-level computer
      intrusions
    * other provisions, whether or not related to online civil liberties

  The scope of the Computer Fraud and Abuse Act's Sect. 1030(a)(5)(A) is
  especially broad, dangerously so even before the ATA would attempt to
  redefine violations of this section as "terrorism". It criminalizes
  the following:

    (5)(A) [one who] knowingly causes the transmission of a program,
    information, code, or command, and as a result of such conduct,
    intentionally causes damage without authorization, to a protected
    computer [is in violation of the statute];

  Several civil cases have construed this language. For example, in Shaw
  v. Toshiba America Information Systems, Inc., 91 F.Supp.2d 926
  (E.D.Tex.,1999.), defendant knowingly distributed laptop computers
  containing disk drives with faulty microcode that allowed unwanted
  corruption/deletion of data. The court squarely held that
  manufacturers of computer equipment could be reached by Sect.
  1030(a)(5)(A) -- "transmission" includes the design, manufacture,
  creation, distribution, sale, and marketing of floppy-disk controllers
  allegedly made faulty by defective microcode.

  One court has found that placing a cookie on a user's computer to
  monitor websurfing habits could violate Sect. 1030(a)(5)(A). In re
  Intuit Privacy Litigation, 138 F.Supp. 2d 1272 (C.D.Cal. 2001).
  Defendant operated a website that used cookies to track its users, and
  were sued for privacy violations on several theories, including Sect.
  1030. On motion to dismiss, the court found that this conduct fell
  within Sect. 1030(a)(5)(A). (Because the class-action plaintiffs had
  not alleged economic damages, the motion to dismiss was granted, but
  without prejudice, to allow the plaintiffs to make the proper
  allegations.)

  It is clear that any number of activities not initially on the minds
  of legislators when they passed Sect. 1030(a)(5)(a) could eventually
  be held to fall under this statute anyway. No one can predict at this
  early stage what will or will not be considered a violation of this
  provision. Yet the ATA would redefine all present and future
  violations as acts of terrorism, with violators subject to terrible
  penalities, up to and including life in prison without possibility of
  parole.

  Additionally, these changes to the law would remove statutes of
  limitations and become retroactive. This means that any US-based
  computer security professional who, like many in this field, once upon
  a time began as a system cracker or other "black hat" hacker,
  potentially faces criminal prosecution under the ATA.

  If the Department of Justice needs extra laws relating to supposed
  "cyberterrorism", it can seek narrowly-tailored legislation. Simply
  importing virtually all computer crime into the definition of
  terrorism is far too broad and heavy-handed.

  Senator Patrick Leahy has attempted to moderate the ATA through
  introduction of the "Uniting and Strengthening of America Act" (USAA).
  While EFF believes USAA would unnecessarily increase law enforcement
  surveillance powers, it is nowhere near as harmful to civil liberties
  as the Bush administration's proposal.

  For example, the USAA does not increase penalties for low-level
  computer intrusion. The USAA would retain existing restrictions on
  wiretaps, including requiring court orders to obtain voicemail
  messages. However, both the ATA and the USAA would expand FISA to
  include roving wiretaps. The USAA would also permit disclosure of
  Title III wiretaps to intelligence officers, whereas the ATA would
  permit disclosure to any federal employee. The USAA also would require
  a court order for grand juries to provide information to the US
  intelligence community, unlike ATA. Provisions of the ATA permitting
  the President to designate targets for FISA surveillance, preventing
  people from providing "expert advice" to terrorists, and collecting
  foreign intelligence on American citizens are not included in the
  USAA.

  EFF's Steele emphasized, "While it is obviously of vital national
  importance to respond effectively to terrorism, these bills recall the
  McCarthy era in the power they would give the government to scrutinize
  the private lives of American citizens."

  The ATA and USAA bills come in the wake of the Senate's hasty passage
  of the "Combating Terrorism Act" (CTA, amendment S.A. 1562 to
  House-passed bill H.R. 2500) on the evening of September 13 with less
  than 30 minutes of consideration on the Senate floor.

  Another similar bill, called the Public Safety and Cyber Security
  Enhancement Act (PSCSEA), has been drafted for introduction in the
  House, and appears to be a "backup plan" for S.A. 1562; if it does not
  pass as part of H.R. 2500, it can be reintroduced separately in
  slightly different form as a new bill. Sen. Graham's new Intelligence
  to Prevent Terrorism Act (IPTA, S. 1448) raises related issues. Sen.
  Judd Gregg is drafting anti-encryption legislation, as well.

  For bill texts and analyses, see the EFF Surveillance Archive:
    http://www.eff.org/Privacy/Surveillance/

 About EFF:

  The Electronic Frontier Foundation is the leading civil liberties
  organization working to protect rights in the digital world. Founded
  in 1990, EFF actively encourages and challenges industry and
  government to support free expression, privacy, and openness in the
  information society. EFF is a member-supported organization and
  maintains one of the most linked-to Web sites in the world:
    http://www.eff.org

   Contact:

    Lee Tien, EFF Senior First Amendment Attorney
      [email protected]
      +1 415-436-9333 x102

    Will Doherty, EFF Online Activist / Media Relations
      [email protected]
      +1 415-436-9333 x111

                                 - end -
    _________________________________________________________________


Administrivia

  EFFector is published by:

  The Electronic Frontier Foundation
  454 Shotwell Street
  San Francisco CA 94110-1914 USA
  +1 415 436 9333 (voice)
  +1 415 436 9993 (fax)
    http://www.eff.org/

  Editors:
  Katina Bishop, EFF Education & Offline Activism Director
  Stanton McCandlish, EFF Technical Director/Webmaster
    [email protected]

  To Join EFF online, or make an additional donation, go to:
    http://www.eff.org/support/

  Membership & donation queries: [email protected]
  General EFF, legal, policy or online resources queries: [email protected]

  Reproduction of this publication in electronic media is encouraged.
  Signed articles do not necessarily represent the views of EFF. To
  reproduce signed articles individually, please contact the authors for
  their express permission. Press releases and EFF announcements &
  articles may be reproduced individually at will.

  To subscribe to or unsubscribe from EFFector via the Web, go to:
    http://www.eff.org/signup/mailserv.html

  To subscribe to EFFector via e-mail, send to [email protected] a
  message BODY (not subject) of:
    subscribe effector
  The list server will send you a confirmation code and then add you to
  a subscription list for EFFector (after you return the confirmation
  code; instructions will be in the confirmation e-mail).

  To unsubscribe, send a similar message body to the same address, like
  so:
    unsubscribe effector

  (Please ask [email protected] to manually remove you from the list if
  this does not work for you for some reason.)

  To change your address, send both commands at once, one per line
  (i.e., unsubscribe your old address, and subscribe your new address).

  Back issues are available at:
    http://www.eff.org/effector

  To get the latest issue, send any message to
  [email protected] (or [email protected]), and it will be mailed to
  you automatically. You can also get, via the Web:
    http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html
    _________________________________________________________________

You are viewing proxied material from gopher.meulie.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.