==============================================================
@@@@ @@@@ @@@ @@@@
@ @ @@@@ @@@@
@@@@@
@
@ @ @ @
@ @ @ @ @
@ @
@@@@
@@@ @ @
@@@@@ @ @@@
@@@ @
@ @ @
@ @ @
@ @ @ @
@
@@@@
@ @@@ @@@@ @ @
@@@@ @@@@ @ @ @
==============================================================
Volume
9.01
January 14, 2002
--------------------------------------------------------------
Published by
the
Electronic Privacy Information Center
(EPIC)
Washington,
D.C.
http://www.epic.org/alert/EPIC_Alert_9.01.html
=======================================================================
Table
of
Contents
=======================================================================
[1]
State DMVs Developing National ID System
[2] EPIC Urges Qwest to Drop
Marketing Plan
[3] Court Upholds FBI Use of Secret "Key Logger"
Technology
[4] Companies Stop Privacy-Invasive Practices
[5] Student
Privacy Protections Enacted
[6] Digital Rights Management Discussed at Future
of Music Conference
[7] EPIC Bookstore - A National ID Card: A License to
Live
[8] Upcoming Conferences and
Events
=======================================================================
[1]
State DMVs Developing National ID
System
=======================================================================
A
Task Force of the American Association of Motor Vehicle
Administrators
(AAMVA) announced plans today to increase uniformity of
state driver's
licenses and information sharing between states and law
enforcement
agencies. The AAMVA proposal combines several
initiatives, each with
very different privacy implications, and asks
for 0 million in federal
funding to determine what technology
should be used and to expand information
sharing capacity. Efforts to
enhance document security and prevent
forgery, such as improved
holograms and printing techniques, are a positive
application of
technology to the driver's license regime. The AAMVA
also advocates
stricter enforcement and tougher penalties for fraud and abuse
of
driver's licenses occurring inside and outside of
DMVs.
Standardization of driver's license security features and
issuance
standards across the 50 states, as well as information sharing
with
federal agencies and state law enforcement, would make the
driver's
license a de facto national identity card. The AAMVA has
not
disclosed how the detailed personal information required to obtain
a
license, including residency and immigration status and social
security
information, will be collected, used and shared under the new
program.
The AAMVA has also proposed making the driver's license a
unique
identifier. While they have not yet determined what technology
will be
implemented, they plan to use biometric or other identifiers
to positively
ensure that license applicants are who they say they
are, and that no person
holds more than one license. This proposal
presents the most
significant privacy and security risks, which are
detailed in EPIC's ID Card
and Biometrics pages referenced below.
The possible creation of national
identification cards through
driver's licenses deserves careful examination
and open public
discussion. EPIC is in the process of drafting a memo
discussing the
risks and policy implications of national identification
schemes, to
be prepared in time for the AAMVA's leadership summit, where the
heads
of the state DMVs will discuss the task force's
recommendations.
AAMVA's website (including an archived webcast of the
January 14th
press conference):
http://www.aamva.org/
EPIC's ID Card Page:
http://www.epic.org/privacy/id_cards/
EPIC's Biometrics
Page:
http://www.epic.org/privacy/biometrics/
=======================================================================
[2]
EPIC Urges Qwest to Drop Marketing
Plan
=======================================================================
Last
week, millions of Qwest customers across the country received
opt-out notices
in their monthly billing statements. The notices,
which were contained
within a pamphlet that said "the following will
not affect your billing,"
provided that Qwest could use customer
calling data -- information such as
services subscribed to and call
logs -- unless customers opted-out of this
plan by calling a toll-free
number within 30 days.
Customers
attempting to call the toll-free number to opt-out have
reported numerous
difficulties, including long waits and disconnects.
The information that
Qwest is planning on using is known as customer
proprietary network
information, and is protected from use absent
"customer approval" by the 1996
Communications Act. The FCC
promulgated a rule in 1998 that required
telecommunication carriers to
obtain explicit customer approval (opt-in)
before using such
information in any manner inconsistent with provision of
services. The
FCC explicitly rejected an opt-out approach as
insufficiently
protective of customer privacy. However, in 1999 the US
Court of
Appeals for the 10th Circuit ruled that the opt-in approach did
not
pass First Amendment scrutiny because the decision to require
"opt-in"
was not adequately considered or supported by existing
facts.
In response to this 1999 court decision, the FCC in October
2001
issued a request for public comments, seeking advice on, among
other
things, whether an opt-in approach inherently violates the
First
Amendment. EPIC and consumer groups filed comments and reply
comments
urging the FCC to implement an opt-in approach. Similar
comments were
filed by 39 Attorneys General.
In a letter sent to Qwest
President Afshin Mohebbi on January 7, EPIC
urged Qwest to suspend their
marketing plan.
Although the initial comment period closed in November,
the FCC has
announced -- in the wake of Qwest
www.epic.org/
Original: EPIC Alert 9.01