PRIVACY Forum Digest Sunday, 13 December 1992 Volume 01 : Issue 28 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PRIVACY Brief (Lauren Weinstein; PRIVACY Forum Moderator) Mobile Homes & The Supreme Court (A. Padgett Peterson) Re: DOJ Authorizes Keystroke Monitoring (Larry Seiler) DoJ Has NOT "Authorized" Keystroke Monitoring (Dennis D. Steinauer) FWD: A Discouraging Word on FCC under Clinton (GRANTH@BROWNVM.brown.edu) Other Perspectives on Clinton FCC Transition Pick (Andrew Blau) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 28 Quote for the day: "They're probably foreigners with ways different than our own. They may do some more... folk dancing!" -- Brad Majors (Barry Bostwick) "The Rocky Horror Picture Show" (1975) ---------------------------------------------------------------------- PRIVACY Brief (from the Moderator) --- A recent report by the U.S. House of Representatives Committee on Government Operations has triggered new controversy regarding the Postal Service practice of providing mailers with corrected addresses for persons who have moved. The Post Office is prohibited by law from selling mailing lists. However, it is considered legal for the post office to provide corrections for existing mailing lists from the change of address forms that most persons file when they change residences. About 2 billion items are forwarded annually by the Postal Service to the new addresses of persons who have moved. The Postal Service says that without the address correction service, this number would double, greatly increasing costs and causing other problems. Privacy issues that have been raised revolve around the ability of businesses to "follow" a person through the change of address service, and the practice of some companies of separating the changed addresses from their master mailing lists and then selling the result to other companies as "recently moved" lists. The Postal Service responds that nobody is forced to file a change of address and make use of mail forwarding, since persons can always take responsibility for doing their own notifications of only those persons whom they want to have their new address. Your moderator, by the way, has mixed feelings about this issue, and sees some validity to the arguments on both sides. ------------------------------ Date: Wed, 9 Dec 92 10:34:56 -0500 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Mobile Homes & The Supreme Court >from the Moderator >In a unanimous decision today, the Supreme Court ruled that the U.S. >Constitution's protection against unreasonable police searches and seizures >can apply to the taking of property, even when the owner's specific privacy >rights were not violated. While one might think that this ruling might have an effect on the seach and seizure of computers as has happened many times in recent months, this does not follow necessarily because of what is in the second paragraph. >The decision reinstated a civil rights lawsuit that had been brought by an >Elk Grove, Illinois family after their mobile home was hauled away from a >trailer park (by trailer park employees accompanied by Cook County >sheriff's deputies) before the required eviction notice had been obtained. The key here is the last line: "... before the required eviction notice had been obtained." i.e. the deputies acted without authorization. Secondly (and admittedly from logic and not knowlege of the law since I am not a lawyer). It sounds like the trailer was not merely removed from the park (evicted) but moved to some other location and the owners denied access. In other words, the deputies exceeded their authority and if such actions had been properly authorized, they would then have been legal. Now without all of the details and knowlege of the law, it is difficult to say exactly what happened and it is possible that the Supreme Court could be setting the stage for more sweeping announcements (such as making illegal the seizure of property such as computers, cash, etc without the filing of any criminal charges) but don't hold your breath. (Random stops of vehicles and seizure of cash without any charge or even a traffic ticket has been much in the Florida news lately). Warmly, Padgett "all rules are unfair to someone" ------------------------------ Date: Wed, 9 Dec 92 14:14:45 EST From: "Larry Seiler, x223-0588, MLO5-2 09-Dec-1992 1239" Subject: Re: "DOJ Authorizes Keystroke Monitoring" (issue 27) I find it highly disturbing that it would be thought necessary to print a *14 line* banner message to protect the right to monitor unauthorized access to a computer. Maybe I should post a similar statement on my front door warning that anyone who enters is liable to have their fingerprints lifted from the furniture if I investigate a burglary. I suspect that any system administrator who takes this seriously will abbreviate the message down to a statement that any use of the system authorizes arbitrary monitoring of that use. And then goodby to any privacy rights of valid users of the system! I am opposed in general to keystroke monitoring, primarily because it is very easy to abuse if used to judge employee performance. However, it seems obvious to me that keystroke monitoring to investigate unauthorized access is just as valid as it would be for me to set up a hidden camera in my own home to record unauthorized access -- or for a company to put video cameras on entrance doors. Although, I don't belive it would be appropriate to use such data other than to check for unauthorized entry. Conclusion: public policy toward privacy needs to include a clear understanding that there is *no* right to privacy when committing illegal acts or making unauthorized use of someone else's property! Also, I believe that privacy protection laws should mostly define allowed *usages* of information, rather than restricting the ways that it can be gathered or processed. Enjoy, Larry ------------------------------ Date: Fri, 11 Dec 92 16:14:09 EST From: dds@csmes.ncsl.nist.gov (Dennis D. Steinauer) Subject: DoJ Has NOT "Authorized" Keystroke Monitoring The Subject line on the recent reposting by David Banisar of the 7 Dec 92 advisory from CERT/CC is highly misleading and inappropriate. As with some newspapers, it is important that people read more than just the headlines. The Department of Justice hasn't "authorized" anything. Rather, they are advising system administrators that certain activities, namely the monitoring or recording of user-to-computer session transmissions (hence "keystroke monitoring") MAY be found illegal in certain circumstances and that notice should be given to users. The CERT advisory was extracted from a letter to the National Institute of Standards and Technology (NIST) from DoJ. Justice asked NIST in its role of providing computer security guidance to Government to circulate the letter and provide appropriate guidance. We have made the letter available, without comment, through several government and other channels (including CERT, I4, etc.). The letter is intended to advise system administrators of an ambiguity in U.S. law that makes it unclear whether session monitoring, often conducted by system administrators who suspect unauthorized activity, is basically the same as an unauthorized telephone wiretap. I repeat, the law is *unclear* -- and the fact that one can argue either way on the issue does not clarify the law as currently written. DoJ advises, therefore, that if system adminstrators are conducting session monitoring or anticipate the need for such monitoring, they should ensure that all system users be notified that such monitoring may be undertaken. The DoJ advice, therefore, is not "authorizing" anything -- even implicitly. They have simply observed the types of activities that diligent system managers often undertake (a la Cliff Stoll in "The Cuckoo's Egg") in an attempt to protect their systems from unauthorized users, and they have rendered some prudent legal advice. Clearly, there are lots of issues here -- technical and otherwise -- that will need to be discussed and sorted out. Indeed, changes in agency/organizational policies and even the law are probably needed. However, none of this changes the fact that system administrators need now to be aware of the potential impact of their activities, and the DoJ advice attempts to do this. We (NIST) are developing additional guidance for system administrators to assist them in implementing the DoJ recommendations. I expect that others will be doing likewise. We also hope to encourage discussion of the related technical and other issues. In the meantime, system adminstrators are well advised to read the basic DoJ advice and examine their systems and agency policies to determine if, where, and how notices should be provided to users. We welcome comments and suggestions, particularly regarding approaches that various organizations take in dealing with this issue. ===== Dennis D. Steinauer National Institute of Standards and Technology A-216 Technology Gaithersburg, MD 20899 USA (301) 975-3359 (301) 948-0279 Facsimile DSteinauer@nist.gov (e-mail) NIST Security BBS: 301-948-5717 (cs-bbs.nist.gov) ------------------------------ Date: Wed, 9 Dec 92 07:30:53 -0500 From: GRANTH@BROWNVM.brown.edu Subject: FWD: A Discouraging Word on FCC under Clinton Originally posted to the THINK mailinglist by Rick Crawford. * Communications Daily article on Clinton transition appointment for Federal Communications Commission (F.C.C.) The following article, written by Art Brodsky (202/872-9202, x252), is reprinted from the December 7, 1992 issue of Communications Daily, with permission. Communications Daily is published by Warren Publishing, Inc., 2115 Ward Court, N.W. Washington, DC 20037. `Far End of Spectrum' PLESSER TRANSITION APPOINTMENT DRAWS FIRE Public interest groups friday criticized naming of Washington attorney Ronald Plesser to head up communications issues for Clinton transition effort (CD Dec4, p1). Groups said Plesser, partner in Washington office of Baltimore law firm Piper & Marbury, represents clients that characterize Washington special interests. As might be expected, Plesser's appointment was defended by Clinton confidants. Plesser will head one of 2 groups in science and technology transition section led by ex-astronaut Sally Ride. Other group in Ride's section will evaluate hard science agencies such as NASA and National Science Foundation. Those transition groups were established to assess policies and agencies, not to make appointment recommendations. Personnel matters for permanent jobs are to be handled by ex-S.C. Gov. Richard Riley (CD Nov 20 p1). Clinton confidants praised Plesser's designation. "He's the right guy," we were told. "He'll take a snapshot of the agency," covering budget needs, personnel and similar matters. Transition team "will look to Ron for insights. He's the guy." Referring to much speculation in press about what Clinton has in mind and who his appointments might be, source said: "I wonder what on earth motivates some of this stuff...most of which is wildly inaccurate." Most criticism of Plesser centers on his advocacy on behalf of Direct Marketing Assn. (DMA) and Information Industry Assn. (IIA), particularly for advocating private sector control of databases constructed by public agencies. Taxpayer Assets Project Dir. James Love said Plesser "himself is the architect of the basic privatization policies that came about in the Reagan Administration." Plesser, he said, is "most ferocious opponent of librarians, citizen groups and the research community, who want to broaden public access to government, taxpayer-supported information systems. He's the devil himself when it comes to government information policy." Similarly, Marc Rotenberg, dir. of Washington office of Computer Professionals for Social Responsibility (CPSR), said that "while there is personal regard for Ron Plesser, there is not happiness about this decision." Rotenberg said that Plesser's clients have great deal at stake at FCC, including decisions on 800 number portability and automatic number identification (ANI) that affect direct marketers, as well as on video dial tone and access to networks. Plesser represents "a far end of the spectrum in the policy debates," Rotenberg said. He said CPSR's main concerns are in areas of privacy protection, public access to govt. information, communications infrastructure. In each of those areas, "Ron has been from our viewpoint on the opposite side of the issue." Rotenberg said that if transition effort is merely to be brief fact-finding exercise, Clinton team could have sought out "someone with less bias," perhaps in academic community. Jeff Chester, co-dir. of Center for Media Education, said his group is "very concerned" about Plesser because "of the special interest lobbying baggage he carries with him." Chester said his group believes that Plesser's appointment "places an extra burden, a double duty on the Clinton Administration, to find people for the FCC and other telecommunications policy positions who don't come with any kind of lobbying baggage and reflect the kind of public interest concerns the Commission definitely needs." Transition team still having difficulty deciding how to apply its proposed tough ethics requirements for Presidential appointees (CD Nov 5 p1). There's still been no decision as "to how deep the 5-year restriction will be applied," we're told. That means, according to sources, restrictions--when they finally come out--may not go below Cabinet level. As for FCC appointees and top staffers (such as bureau chiefs) brought in, it hasn't been decided whether attempt will be made to extend period they couldn't practice or lobby agency to 5 years from one year. Proposal has been roundly criticized by Democrats who are know to be, or expect to be, in line for top jobs in Clinton Administration. ====================================================================== Taxpayer Assets Project Information Policy Note December 7, 1992 SUMMARY * Lobbyist for Information Industry appointed to key Clinton Transition Post * Ronald Plesser named to head transition effort on Federal Communications Commission (F.C.C.) * Public Interest Groups register opposition to appointment BACKGROUND On Friday (12/4/92) Communications Daily reported information industry lobbyist Ronald Plesser has been appointed to a key Clinton/Gore transition post involving federal information policy. According to the friday CD article, attorney Ronald Plesser will head the Clinton transition efforts on communications issues, as part of a Science and Technology group headed by former astronaut Sally Ride. According to officials at Plesser's law office and the Clinton Transition office Plesser has been appointed as a Deputy Director of the Science and Technology group, in charge of the Federal Communications Commission (F.C.C.). Plesser has close ties to a wide range of commercial data vendors and other information industry clients. He is considered a key architect of Reagan Administration efforts to privatize the dissemination of government information, through: a) restrictions on individual access to federal databases and information systems, b) restrictions on the types of "value added" services that agencies can use to enhance public access to federal information, and c) restrictions on the types of electronic information products and services that are distributed to the federal depository library program. Plesser has also spearheaded efforts to weaken privacy laws. Plesser's clients include: - Information Industry Association (IIA). Plesser is legislative counsel for (IIA), a trade group representing commercial data vendors, telephone companies, and cable television companies. - Direct Marketing Association (DMA). Plesser represents DMA on a wide range of issues relating to privacy. - Mead Data Central. Plesser is a lobbyist for Mead (owners of LEXIS/NEXIS and contractor for the ill conceived SEC EDGAR system) on a wide range of topics, including the issues relating to public access to government information and the development of national telecommunications infrastructure, including the implementation of the recently funded National Research and Education Network (NREN). - Knight Ridder. Plesser is a lobbyist for TRANSAX, a vendor of government tariff information. In 1989 Plesser used his close ties to the House Subcommittee on Government Information to block efforts by the Federal Maritime Commission (FMC) to allow shippers to have access to the FMC's new Automated Tariff Filing Information (ATFI) system. (John Markoff, "Giving Public U.S. Data: Private Purveyors say No," 3/4/89, NYT, Government Publications Review, Vol. 19, 1992, pp 400-403). Plesser's appointment to shape F.C.C. policy was greeted by surprise and alarm by a wide range of citizen and library groups who have locked horns with Plesser on the past on issues ranging from public access to government information to privacy. In an article in monday's Communications Daily, written by reporter Art Brodsky (202/872-9202, ext. 252), James Love, Director of the Taxpayer Assets Project, Marc Rotenberg, Washington Director of Computer Professionals for Social Responsibility, and Jeff Chester, Director of the Coalition for Media Education, registered strong opposition to the appointment. Rotenberg said Plesser was far out of the mainstream of opinion on information policy issues. Before launching a highly successful lobbying career, Plesser ran Ralph Nader's Freedom of Information Clearing House. In recent years he helped raise corporate funding for the ACLU's "Information Technology Project" from large information industry companies. In 1991 the ACLU's project was transferred, staff and funding intact, to the Electronic Frontier Foundation (EFF). This project reportedly has focused on issues relating to the development of new telecommunication infrastructure, including but not limited to NREN. ============================================================== James Love, Director voice 215/658-0880 Taxpayer Assets Project fax call 12 Church Road internet love@essential.org Ardmore, PA 19003 ============================================================== ------------------------------ Date: Sat, 12 Dec 1992 13:46:00 -0500 From: Andrew Blau Subject: Other Perspectives on Clinton FCC Transition Pick TELECOM Digest V12, #895 reprinted an article from {Communications Daily} by Art Brodsky on the FCC transition. Here's a follow-up article that fills out the picture a bit, by the same writer. It appeared in the December 9, 1992 issue of {Communications Daily}. I am posting it here with permission. Communications Daily is published by Warren Publishing, Inc., 2115 Ward Court, N.W. Washington, DC 20037. Copyright 1992 Warren Publishing, Inc. Communications Daily December 9, 1992, Wednesday SECTION: Vol. 12, No. 237; Pg. 2 HEADLINE: Plesser Praised; CLINTON TRANSITION TEAM STARTS REVIEW AT FCC BODY: Transition team for Clinton Administration paid first visit to FCC Tuesday, meeting with Chief of Staff Terry Haines. FCC transition team currently is composed of eight persons and its charge has been described as effort to take "snapshot" of operations at agency, rather than go into great policy detail or make personnel recommendations. "Their mission is to come up to speed with what's going on at the Commission and report back to superiors," we were told. Team has been assigned office space on 5th floor of FCC hq. Composition of team makes clear that effort is being made to work closely with Congress, even before Clinton takes office. About half of team members are congressional staffers. Senate Commerce Committee is represented by Antoinette (Toni) Cook (who has been mentioned often as possible FCC chmn.) and John Windhausen, while House side is represented by David Leach from Commerce Committee and Gerald Waldron from Telecom Subcommittee. (Telecom Subcommittee staffer Larry Irving also will be working on telecommunications infrastructure issues for another part of transition). Transition team at FCC also includes Howard U. Prof. Clay Smith, ex-chmn. of Equal Employment Opportunity Commission (husband of Patti Smith, who is deputy dir. of policy and planning for FCC associate managing dir.) and Prof. Henry Parrett of Villanova U. Others will be named later. Transition team leader is attorney Ronald Plesser of Washington office of Baltimore law firm Piper & Marbury. His appointment was strongly criticized by public interest groups (CD Dec 7 p1), who cited his positions on policy issues and suggested conflicts of interest in his representation of clients Information Industry Assn. (IIA) and Direct Marketing Assn. (DMA). Plesser met Tues. at FCC with Haines. Later, Haines met with bureau and office chiefs and commissioner aides to inform them what is going on, and asked them to give full cooperation. However, others in public policy sector praised Plesser, who was strong supporter of ACLU's Information Technology Project and who once worked for consumer advocate Ralph Nader. Cathy Russell, counsel for Senate Technology Subcommittee, said Plesser was "sensitive to privacy considerations." While acknowledging he's "strong advocate for his clients," she said Plesser understands privacy concerns and works to "bring clients to the table with the ACLU to hash things out." Plesser, she said, has been "very reasonable with us" and she was surprised that public interest groups "would attack him on that." Similarly, Jerry Berman, head of Washington office of Electronic Frontier Foundation, called Plesser "one of the leading advocates of the Freedom of Information Act, and a supporter of making an electronic Freedom of Information Act." Plesser has brought IIA "much further toward recognizing public access to information than they [IIA] originally were doing, and brought DMA to the table in signing off on some privacy rights," Berman said. "I don't think that's an accurate description [to say he is out of mainstream]. [ Plesser] makes a great effort to balance interests." Sheryl Walter, gen. counsel of National Security Archive, said Plesser did significant pro bono work on case for her group on Freedom of Information Act on behalf of reporter Raymond Bonner, who was working on book about Philippines Pres. Marcos. In terms of experience with Archives, "we've found him to be very supportive of government disclosure." OMB Watch Exec. Dir. Gary Bass said it "makes good sense" to have Plesser and others familiar with issues involved. Bass said he would like to see more public interest sector representation in transition, but said critics of Plesser are "reacting because of his institutional role." If Plesser were "the sole person deciding policy, I would have a real problem with that," Bass said, but transition team focus is narrower. James Davidson, former staff dir. for House Judiciary Committee and ex-Senate staffer who wrote much of Privacy Act in 1974, said of Plesser: Ron Plesser has won more cases upholding freedom of information than any litigator in the country. Davidson added: "There is no more good advocate for good information policy" than Plesser. ------------------------------ End of PRIVACY Forum Digest 01.28 ************************