========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\________/\ |||||________\ / /////______\ \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 08 No. 04 May 6, 1995 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: Dept. of Justice Opposes Exon Bill - But Calls for Replacement A Note About This Newsletter Calendar of Events What YOU Can Do * See http://www.eff.org/Alerts/ or ftp.eff.org, /pub/Alerts/ for more information on current EFF activities and online activism alerts! * ---------------------------------------------------------------------- Subject: Dept. of Justice Opposes Exon Bill - But Calls for Replacement ----------------------------------------------------------------------- Below is a letter from the Justice Department in response to (D-VT) Sen. Pat Leahy's recent enquiry regarding the DoJ's position on the Exon/Gorton Communications Decency Act. The CDA was recently folded into larger Senate telecom deregulation bill S. 652, after significant but insufficient amendment to reduce system operator liability. The House version of the bill, still in its original form, remains a separate bill, H.R.1004, whose sponsor appears to have had second thoughts and has called for slowing the bill down. As grassroots, and especially online, activists and concerned citizens continue to raise serious doubts about this bill, and as organizations like EFF, Voters' Telecommunications Watch, the Center for Democracy and Technology, and dozens of others, work to derail it, the following letter comes as a pleasant surprise for the most part. The Department of Justice maintains first and foremost that the bill will greatly harm law enforcement's efforts against obscenity and sexual abuse of minors, in a number of ways. Most of these flaws in the bill are due to imprecise application of terms like "digital" and insufficient consideration of the effects that supposedly minor changes to one section of the telecommunications regulations have on other sections, their enforcement and their interpretation by the courts. However, and to their credit, the DoJ has also identified four distinct and serious threats to privacy posed by the CDA. Besides making it easier for system crackers to evade detection, Sen. Exon's legislation would also negate the "exclusionary rule" of 18 USC section 2515, reducing the privacy protections of phone calls in one way, and additionally weaken this privacy by introducing a loophole into the wiretap statute that would broadly allow monitoring by anyone of private voice communications. The Department further warns that one section of the bill "would encourage intrusion by on-line service providers into the private electronic mail communications of individual users. [The section] actually promotes intrusions into private electronic mail by making it 'safer' to monitor private communications than to risk liability. At the same time, [the section] would defeat efforts by the government to enforce federal privacy protections against illegal eavesdropping." Not all is sunshine however, and those concerned about civil liberties online should keep one eye open for a replacement bill in the not too distant future. The Acting Assistant Attorney General notes that "While we agree with the goal of various legislative proposals designed to keep obscenity and child pornography off of the information superhighway, we are currently developing a legislative proposal that will best meet these challenges and provide additional prosecutorial tools. This legislative package is being developed while taking into consideration the need to protect fundamental rights guaranteed by the First Amendment." Needless to say, many of us will remain skeptical. *********** Department of Justice Letter to Sen. Leahy May 3, 1995 Honorable Patrick J. Leahy United States Senate Washington, DC 20510 I write to respond to your letter of March l, 1995 concerning our prosecution of violations of federal child pornography and obscenity laws and your April 21, 1995 request for the views of the United States Department of Justice on the "Communications Decency Act," which has been incorporated as title IV of the proposed "Telecommunications Competition and Deregulation Act of 1995," S. 652. In accordance with your request, the analysis of the Communications Decency Act focuses on sections 402 and 405 of the bill. The Department's Criminal Division has, indeed, successfully prosecuted violations of federal child pornography and obscenity laws which were perpetrated with computer technology. In addition, we have applied current law to this emerging problem while also discovering areas where the new technology may present challenges to successful prosecution. While we agree with the goal of various legislative proposals designed to keep obscenity and child pornography off of the information superhighway, we are currently developing a legislative proposal that will best meet these challenges and provide additional prosecutorial tools. This legislative package is being developed while taking into consideration the need to protect fundamental rights guaranteed by the First Amendment. With respect to the communications Decency Act, while we understand that section 402 is intended to provide users of online services the same protection against obscene and harassing communications afforded to telephone subscribers, this provision would not accomplish that goal. Instead, it would significantly thwart enforcement of existing laws regarding obscenity and child pornography, create several ways for distributors and packagers of obscenity and child pornography to avoid criminal liability, and threaten important First Amendment and privacy rights. Similarly, while we understand that section 405 of this bill is intended to expand privacy protections to "digital" communications, such communications are already protected under existing law. Moreover, this provision would have the unintended consequences of jeopardizing law enforcement's authority to conduct lawful, court-ordered wiretaps and would prevent system administrators from protecting their systems when they are under attack by computer hackers. Despite the flaws in these provisions, the Administration applauds the primary goal of this legislation: prevent obscenity from being widely transmitted over telecommunications networks to which minors have access. However, the legislation raises complex policy issues that merit close examination prior to Congressional action. We recommend that a comprehensive review be undertaken of current laws and law enforcement resources for prosecuting online obscenity and child pornography, and the technical means available to enable parents and users to control the commercial and non commercial communications they receive over interactive telecommunications systems. The following are the Department's primary objections to sections 402 and 405 of the pending telecommunication bill: First, Section 402 of the bill would impose criminal sanctions on the transmission of constitutionally protected speech. Specifically, subsections 402(a)(1) and (b)(2) of the bill would criminalize the transmission of indecent communications, which are protected by the First Amendment. In _Sable Communications of Cal. v. FCC_, 492 U.S. 115 (1989), the Supreme Court ruled that any restrictions on the content of protected speech in media other than broadcast media must advance a compelling state interest and be accomplished by the "least restrictive means." 8y relying on technology relevant only to 900 number services, section 402 fails to take into account less restrictive alternatives utilizing existing and emerging technologies which enable parents and other adult users to control access to content. Nearly ten years of litigation, along with modifications of the regulations, were necessary before the current statute as applied to audiotext services, or "dial-a-porn" calling numbers, was upheld as constitutional. See _Dial Information Services v. Thornburg_, 938 F. 2d 1535 (2d Cir. 1991). The proposed amendment in section 40-2 of the bill would jeopardize the enforcement of the existing dial-a-porn statute by inviting additional constitutional challenges, with the concomitant diversion of law enforcement resources. Second, the definition of "knowingly" in section 402 of the bill would cripple obscenity prosecutions. Under subsection 402(e), only those persons with "actual knowledge" of the "specific content of the communication" could be held criminally liable. This definiition would, make it difficult, if not impossible, to prove guilt, and the standard is higher than the prevailing knowledge requirements under existing obscenity and child sexual exploitation statutes. Under _Miller v. California_, 413 U.S. 629 (1973j, the government must only prove that a person being prosecuted under an obscenity statute had knowledge of the general nature of the material being distributed. Large-scale distributors of child pornography and other obscene materials--among the most egregious violators -- do not read or view each obscene item they distribute. the proposed definition in subsection 402(e) would make it nearly impossible for the government to establish the necessary knowledge requirement and would thereby severely handicap enforcement of existing statutes. Third, section 402 would add new terms and defenses that would thwart ongoing enforcement of the dial-a-porn statute. Currently, the government is vigorously enforcing the existing dial-a-porn statute. It took more than ten years for the government to be able to do so, due to constitutional challenges. The proposed amendment to this statute fundamentally changes its provisions and subjects it to renewed constitutional attack which would hinder current enforcement efforts. Fourth, section 402 would do significant harm by inserting new and sweeping defenses that may be applied to nullify existing federal criminal statutes. The government currently enforces federal criminal laws preventing the distribution over computer networks of obscene and other pornographic material that is harmful to minors (under 18 U.S.C. section 1465, 2252 * 2423 (a)), the illegal solicitation of a minor by way of a computer network (under 18 U.S.C. section 2252), and illegal "luring" of a minor into sexual activity through computer conversations (under 18 U.S.C. section 2423(b)). These statutes apply to all methods of "distribution" including over computer networks. The new defenses proposed in subsection 402(d) would thwart ongoing government obscenity and child sexual exploitation prosecutions in several important ways: * The first defense under subsection 402 (d)(1) would immunize from prosecution "any action" by a defendant who operates a computer bulletin board service as an outlet for the distribution of pornography and obscenity so long as he does not create or later the material [sic]. In fact, this defense would establish a system under which distributors of pornographic material by way of computer would be subject to fewer criminal sanctions than distributors of obscene videos, books, or magazines. * The second defense provided in subsection 402(d)(2) would exculpate defendants who "lacked editorial control over the communications." Such a defense may significantly harm the goal of ensuring that obscene or pornographic material is not available on the Internet or other computer networks by creating a disincentive for operators of public bulletin board services to control postings on their boards. Moreover, persons who provide critical links in the pornography and obscenity distribution chains by serving as "package fulfillment centers" filling orders for obscene materials, could assert the defense that they lack the requisite "editorial control." This proposed defense would complicate prosecutions of entire obscenity distribution chains. * The third defense provided in subsection 402 (d)(3), containing five subparts, would be available to pornographic bulletin boards operators who take such innocuous steps as (A) directing users to their "on/off" switches on their computer as a "means to restrict access" to certain communications; (B) warning, or advertising to, users that they could receive obscene material; and (C) responding to complaints about such minimum, [sic] this proposed defense would lead to litigation over whether such actions constitute "good faith" steps to avoid prosecution for violating the section 402, and could thwart existing child pornography and obscenity prosecutions. * The fourth defense provided in subsection 402 (d)(4) would exculpate defendants whose pornography business does not have the "predominate purpose" of engaging in unlawful activity. This defense would severely undercut law enforcement's efforts to prosecute makers and distributors of noncommercial pornography and obscenity. * The fifth defense provided in subsection 402 (d)(5) would preclude any cause of action from being brought against any person who has taken good faith steps to, _inter_alia_, "restrict or prevent the transmission of, or access to," a communication deemed unlawful under section 402. This defense would encourage intrusion by on-line service providers into the private electronic mail communications of individual users. The defense actually promotes intrusions into private electronic mail by making it "safer" to monitor private communications than to risk liability. At the same time, this defense would defeat efforts by the government to enforce federal privacy protections against illegal eavesdropping. Finally, but no less significantly, section 405 amends the federal wiretap statute in several respects, each of which creates considerable problems. First, it amends the wiretap statute to add the term "digital" to 10 USC section 2511 (see footnote #1), without considering the effect of this amendment on other statutory provisions. For example, 10 USC section 2516 (1) provides that certain government officials may authorize an application for a wiretap order for wire or oral communications while 18 USC section 2516 (3) provides that other government officials may authorize an application for a wiretap order for electronic communications. Since section 405 does not amend 10 USC section 2516, to include the term "digital," it would appear that _no_ government official has the authority to authorize an application for a wiretap order for digital communications. This is particularly problematic, since this investigative tool is reserved for the most serious cases, including those involving terrorists, organized crime, and narcotics. Equally disconcerting, the amendment serves to protect computer hackers at the expense of all users of the National Information Infrastructure (NII), including businesses, government agencies and individuals. Prior to 1994, wiretap statute allowed electronic communication services providers to monitor _voice_ communications to protect their systems from abuse. 18 USC section 2511 (2)(a)(i) (1986 version). Thus, when hackers attacked computer systems and system administrators monitored these communications, they had no clear statutory authority to do so. In October 1994, Congress finally remedied this defect by amending 10 USC section 2511 (2)(a)(i) to permit the monitoring of electronic (i.e., digital, non-voice) communications. If section 405 is enacted and these hacker communications are deemed digital, system administrators will once again be denied the statutory authority to monitor hacker communications. It would be most unfortunate if, at the same time Congress is encouraging the widespread use of the NII, it passed a law giving system administrator's a Hobson's choice: either allow hackers to attack systems unobserved or violate federal law. There are three other concerns as well. First, by adding the term "digital" without amending the suppression provisions of 18 USC section 2515, voice communications -- if they are deemed "digital" -- will no longer be protected by the statute's exclusionary rule. This would serve to reduce the privacy protections for phone calls. Second, section 405 would replace the words "oral communication" with "communication" in 18 USC section 2511 (l)(B). This would have undesirable consequences for law enforcement because it would criminalize the interception of communications as to which there was no reasonable expectation of privacy (see footnote #2). From the law enforcement perspective, there is simply no sound reason for eliminating this highly desirable feature of present law. Additionally, the amendment might also impact upon the news gathering process. For example, if the conversation of two individuals shouting in a hotel room were recorded by a news reporter standing outside the room, the reporter would, under section 405, be violating the wiretap statute. Under current law, of course, the individuals could not complain about the recording because, by shouting loud enough to be heard outside the room, they lack any reasonable expectation of privacy. Last, the provision in section 402 (d)(5) provides that "no cause of action may be brought in any court ... against any person on account of any action which the person has taken in good faith to implement a defense authorized under this section ...." This would seem to suggest that any person can freely engage in electronic surveillance otherwise prohibited under Title III- so long as they claim to be implementing a section 402 defense. As such, section 402 (d)(5) severely weakens the privacy protections currently offered by the wiretap statute. In sum, sections 402 and 405 of the bill would hamper the government's ongoing work in stopping the dissemination of obscenity and child pornography and threaten law enforcement's continued ability to use court-authorized wiretaps. We believe that a comprehensive review be undertaken [sic] to guide response to the problems that the Communications Decency Act seeks to address. I assure you that the Department is aware of the growing use of computers to transmit and traffic obscenity [sic] and child pornography. The Criminal Division's Child Exploitation and Obscenity Section is aggressively investigating and prosecuting the distribution of child pornography and obscenity through computer networks, and the use of computers to locate minors for the purpose of sexual exploitation. As we have discussed with your staff in a meeting focused on these issues, we remain committed to an aggressive effort to halt the use of computers to sexually exploit children and distribute obscenity. Sincerely, {sig} Kent Markus Acting Assistant Attorney General FOOTNOTES (1) It should be noted that "digital" communications are already covered by the wiretap statute. Under current law, a "digital" communication is either a wire communication under 18 USC sec 2510 (1) (if it contains voice) or an "electronic communication" under 18 USC sec 2510 (12) (if it does not contain voice). Since such communications are already covered, the reason for enacting section 405 is unclear, and it is difficult to predict how the courts will interpret the amendment. (2) The definition of "oral communication" in 18 USC sec 2510 (2) contains a requirement that the communication to be protected must have been made under circumstances justifying an expectation of privacy. [End of DoJ document.] ------------------------------ Subject: A Note About This Newsletter ------------------------------------- To better serve our members and the interested public, EFF will be releasing its newsletter more frequently. This has the dual benefit of getting news to you faster, and keeping the size of the newsletter small and easier to digest in these times of "information overload". If you have comments or questions about this newsletter or EFF in general, please send them to editor@eff.org (Stanton McCandlish). ------------------------------ Subject: Calendar of Events --------------------------- This schedule lists EFF events, and those we feel might be of interest to our members. EFF events (those sponsored by us or featuring an EFF speaker) are marked with a "*" instead of a "-" after the date. Simlarly, government events, such as deadlines for comments on reports or testimony submission, are marked with "!" in place of the "-" after the date. If you know of an event of some sort that should be listed here, please send info about it to Stanton McCandlish (mech@eff.org) The latest full version of this calendar, which includes material for later in the year as well as the next couple of months, is available from: ftp: ftp.eff.org, /pub/EFF/calendar.eff gopher: gopher.eff.org, 1/EFF, calendar.eff http://www.eff.org/pub/EFF/calendar.eff Updated: May 6, 1995 May 7- 11 - Assoc. for Computing Machinery Conf. on Computer-Human Interaction (CHI95); Denver, Colorado. Contact: +1 410 263 5382 (voice) Email: chi95@sigchi.acm.org WWW: http://info.sigchi.acm.org/sigchi/chi95.html May 8- 10 - IEEE Symposium on Security & Privacy, Oakland, Calif. Email: sp95@itd.nrl.navy.mil May 14- 17 - Interactive95; Anaheim, Calif. "The leading forum for developers and users of multimedia learning technology". Contact: 1-800-348-7246 (voice, US-only), +1 617 393 3344 (voice, elsewhere) May 16 * Networking the World Conf.; Virginia Commonwealth U., Richmond, VA. Legal issues panel includes Shari Steele (EFF) May 17- 20 - National Public Telecomputing Network 1995 Conf. (Free-Net '95); Computing Commons Bldg., ASU, Tempe, Arizona. Includes a session entitled "Laws and Liabilities of Electronic Communities". Email: amq@nptn.org WWW: http://www.nptn.org/ May 22- 24 - ErgoCon '95 - Silicon Valley Ergonomics Conference & Exposition; San Jose, Calif. Contact: Abbas Moallem, +1 408 9244132 (voice), +1 408 924 4153 (fax) May 26- 28 - Virtual Futures 1995; U. of Warwick, Coventry, UK. VF'95 "is an interdisciplinary event that examines the role of cybernetic and specifically dissipative or non-linear models in the arts, sciences, and philosophy. The conference explores the relationship between postmodern philosophy and chaos theory, with topics ranging from: information technology, hypertext and multimedia applications...[to] neural nets, and nanotechnology." Speakers include: Kathy Acker, Hakim Bey, Richard Kadrey, Manuel DeLanda, Alan Sondheim and many more. Deadline for proposals: Mar. 1 '95. Contact: +44 0203 523523 x2582 (voice), +44 0203 523019 (fax) Email: virtual-futures@warwick.ac.uk May 31 - Deadline for paper submissions, 11th Ann. Computer Security Applications Conference (see Dec. 11, below). June 4- 6 - Cyber.Xpo.95; Sahara Hotel, Las Vegas, Nevada; sponsored by _Sysop_News_. Seminar sessions & tradeshow. Contact: +1 614 452 4541 (voice) June 5- 6 ! 5th Annual "U.S. Copyright Office Speaks" Seminar (West Coast); the Beverly Hilton, Los Angeles, Calif. Topics include: inside look at New Register's agenda, analysis of NII legislation, ACCORD update, & international developments. (See May 1-2 for East Coast event.) Contact: +1 201 894 8260 (voice) June 7- 9 - Third International Conference on Artificial Intelligence Applications on Wall Street; Pace University, New York City, NY. Contact: +1 914 763 8820 (voice), +1 914 763 9324 (fax) Email: satwell@mcimail.com June 8- 10 - Exploring the VideoClass Alternative; Raleigh, N. Carolina. Email: tom_russell@nsu.edu June 11- 14 - Society & the Future of Computing (SFC'95); Tamarron Lodge, Durango, Colorado. Sponsored by the Assoc. for Computing Machinery, LANL, U. of Md., IEEE. Speakers will include Phil Agre (UCSD), Leslie Sandberg (Institute for Telemedicine), Wm. Halverson (PacBell), Don Norman (Apple), Linda Garcia (Congressional Office of Technology Assessment), John Cherniavsky (Natl. Science Found.) and several others. Email: sfc95@lanl.gov WWW: http://www.lanl.gov/LANLNews/Conferences/.sfc95/sfcHome.html/ June 13- 15 - IDT 95 - 12th Congress on Information Markets and Industries; Paris, France. Organized by ADBS (a society of information professionals), ANRT (National Association of Technological Research), and GFII (French association of information industries). Contact: +33 1 43 72 25 25 (voice), +33 1 43 72 30 41 (fax) June 17- 19 - NECC'95: Emerging Technologies and Lifelong Learning: 16th Annual National Educational Computing Conf., sponsored by International Society for Technology in Education; Baltimore, Maryland. VP Gore and Sec'y. of Labor Robert Reich invited as keynote speakers. Other speakers include: John Phillipo (CELT), Frank Knott (MGITB) Contact: +1 503 346 2834 (voice), +1 503 346 5890 (fax) Email: necc95@ccmail.uoregon.edu June 18- 21 - ED-MEDIA'95; Graz, Austria. A world conference on educational multimedia and hypermedia. Sponsor: The Association for the Advancement of Computing. Contact: +1 804 973 3987 (voice) Email: aace@virginia.edu. June 24- 28 - Workshop on Ethical & Professional Issues in Computing; Rensselaer Polytechnic Inst., Troy, NY. Deadline for submissions: Apr. 15. Contact: +1 518 276 8503 (voice), +1 518 276 2659 (fax) Email: cherkt@rpi.edu June 27- 29 - Women in Technology Conference: Channels for Change; Santa Clara Conv. Ctr., Santa Clara, Calif. Speakers include: Gloria Steinem. Sponsored by Int'l. Network of Women in Technology (WITI). Contact: +1 818 990 1987 (voice), +1 818 906 3299 (fax) Email: witi@crl.com June 28- 30 - INET '95 Internet Society 5th Ann. International Networking Conf.; Honolulu, Hawaii. Sponsored by Internet Society (ISoc). See Jan. 13 for proposal deadline Contact: +1 703 648 9888 (voice) FTP: ftp.isoc.org, /isoc/inet95/ Gopher: gopher.isoc.org, 1/isoc/inet95 WWW: http://www.isoc.org/inet95.html Email: inet95@isoc.org ------------------------------ Subject: What YOU Can Do ------------------------ * The Exon Bill (Communications Decency Act) The Communications Decency Act poses serious threats to freedom of expression online, and to the livelihoods of system operators. The legislation also undermines several crucial privacy protections. Business/industry persons concerned should alert their corporate govt. affairs office and/or legal counsel. Everyone should write to their own Senators and ask them to oppose this bill. Explain, quickly and clearly, why this bill is dangerous, and urge efforts to stop this legislation or remove it from the larger bill it is a part of. S.652, the Senate telecom deregulation bill, now contains Sen. Exon's "Communications Decency Act" (formerly S.314.) The House version, even more dangerous to system operators, is H.R.1004. For more information on what you can do to help stop this dangerous legislation, see: ftp.eff.org, /pub/Alerts/s314_hr1004_s652.alert gopher.eff.org, 1/Alerts, s314_hr1004_s652.alert http://www.eff.org/pub/Alerts/ If you do not have full internet access, send a request for this action alert to ask@eff.org. * Find Out Who Your Congresspersons Are EFF has lists of the Senate and House with contact information, as well as lists of Congressional committees. These lists are available at: ftp.eff.org, /pub/Activism/Congress_cmtes/ gopher.eff.org, 1/EFF/Issues/Activism/Congress_cmtes http://www.eff.org/pub/Activism/Congress_cmtes/ The full Senate and House lists are senate.list and hr.list, respectively. Those not in the U.S. should seek out similar information about their own legislative bodies. EFF will be happy to archive any such information provided. * Join EFF! For EFF membership info, send queries to membership@eff.org, or send any message to info@eff.org for basic EFF info, and a membership form. ------------------------------ Administrivia ============= EFFector Online is published by: The Electronic Frontier Foundation 1667 K St. NW, Suite 801 Washington DC 20006-1605 USA +1 202 861 7700 (voice) +1 202 861 1258 (fax) +1 202 861 1223 (BBS - 16.8k ZyXEL) +1 202 861 1224 (BBS - 14.4k V.32bis) Membership & donations: membership@eff.org Legal services: ssteele@eff.org Hardcopy publications: pubs@eff.org General EFF, legal, policy or online resources queries: ask@eff.org Editor: Stanton McCandlish, Online Services Mgr. (mech@eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements may be reproduced individ- ually at will. To subscribe to EFFector via email, send message body of "subscribe effector-online" (without the "quotes") to listserv@eff.org, which will add you to a subscription list for EFFector. Back issues are available at: ftp.eff.org, /pub/EFF/Newsletters/EFFector/ gopher.eff.org, 1/EFF/Newsletters/EFFector http://www.eff.org/pub/EFF/Newsletters/EFFector/ To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automagically. You can also get the file "current" from the EFFector directory at the above sites at any time for a copy of the current issue. HTML editions available in the HTML subdirectory of the EFFectory directory just mentioned. ------------------------------ End of EFFector Online v08 #04 Digest ************************************* $$