PRIVACY Forum Digest Tuesday, 22 December 1992 Volume 01 : Issue 29 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PRIVACY Briefs (Lauren Weinstein; PRIVACY Forum Moderator) CPSR and the Transition (Marc Rotenberg) Question about Search/Seizure (Brian D. Larkin) Call for Comments About Computing and the Future (Gary Chapman) Position Paper: Broadening Computer Science (Rob Kling) ************************** ***** HAPPY HOLIDAYS ***** ************************** *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 29 Quote for the day: "My father said that Rudolph was the only reindeer in history that kept the wolf from the door." -- Virginia Herz, daughter of Robert May, the author of the 1939 story "Rudolph the Red-Nosed Reindeer", commenting on how the copyright from the story, and later the song created from it, saved the family from financial ruin. Originally written as an advertising promotion for Montgomery Ward in Chicago, the story was put to music in 1949 by relative Johnny Marks and recorded by Gene Autry. And they'll go down in his-tor-y! ---------------------------------------------------------------------- PRIVACY Briefs (from the Moderator) --- On Sunday, December 20, 1992, a new federal law took effect which bans unsolicited automated telemarketing calls (except for emergency recordings, calls from non-profit groups, and political polling). It also requires that (live) telemarketers refrain (for at least one year) from calling back parties who have asked that particular firm that they not be called again. In theory, consumers could recover damages from violators, though proving violations may be difficult. Some groups had lobbied for a tougher law that would have mandated a central nationwide database of consumers who did not wish to receive any telephone solicitations. --- Pacific Bell, the largest California telephone company, announced today that they have dropped plans for providing Calling Number ID (CNID) services in California, at least for the time being. The other major telephone company in California, GTE, had previously announced that it was cancelling its CNID plans. Both companies cited PUC requirements that would have mandated all unlisted numbers to have number ID blocking by default as a major reason for their decisions (at least 40% of California residential consumers have unlisted numbers). The companies also were concerned about the costs of a PUC mandated consumer "education" program that would have been required to inform subscribers about CNID. Pacific plans to go ahead with several less controversial services, including call trace, call return, and call blocking. GTE has announced interest in similar services. Some related privacy issues, such as the revealing of call return numbers on itemized telephone bills and the handling of calls from California to states where CNID is permitted, are not clear at this point. ------------------------------ Date: Tue, 15 Dec 1992 13:13:39 EDT >From: Marc Rotenberg Subject: CPSR and the Transition Over the last several years CPSR has worked extensively on access to government information, the Freedom of Information Act, computer security policy, and privacy protection. We have now sent the following recommendations to several transition team groups. (The "(b)(1) exemption" in the first recommendation refers to the national security exemption in the Freedom of Information Act.) We hope that the new adminstration will give our proposals full consideration. Marc Rotenberg, Director CPSR Washington Office rotenberg@washofc.cpsr.org ============================================= FROM: Marc Rotenberg, CPSR RE: Classification, Computer Security, Privacy CC: Policy Group, Justice Cluster DATE: December 10, 1992 Three issues that the Executive Order Project should address: 1) Rescind E.O. 12356 (1982 Reagan Order on classification) The Reagan Order on classification is the bane of the FOIA and science communities. It has led to enormous overclassification, frustrated government accountability, and skewed national priorities. It should be rescinded. A new E.O. should narrow the scope of classification authority. It should reduce the classification bureaucracy. And it should reflect the economic cost of classifying scientific and technical information, i.e. such information should be presumptively available. In the FOIA context, the new E.O. should also require agencies to identify "an ascertainable harm" before invoking the (b)(1) exemption. 2) Rescind NSD-42 (1991 Bush Directive on computer security authority) This directive undermined a fairly good 1987 law (the Computer Security Act) and transferred authority for computer security from the civilian sector to the intelligence community. It led to several bad decisions in the area of technical standard setting (e.g. network standards that facilitate surveillance rather than promoting security) and has made it more difficult to ensure agency accountability. It should be rescinded. The President could either leave the 1987 Act in place and issue no new E.O. or he could revise the E.O. consistent with the aims of the 1987 law, recognizing the recent problems with technical standard setting by the intelligence community. 3) Establish a task force on privacy protection The new administration should move quickly on the privacy front, particularly in the telecommunications arena. The United States currently lags behind Canada, Japan, and the EC on telecomm privacy policy. These policies are necessary for the development of new services and the protection of consumer interests. An Executive Order on privacy should include the following elements: (1) the creation of an intra-agency task force with public participation, (2) a report to the President within 180 days with legislative recommendations, (3) a procedure for ongoing review and coordination with Justice, Commerce, State, and OSTP. ------------------------------ Date: Wed, 16 Dec 92 14:01:42 -0600 >From: "Brian D. Larkin" Subject: Question about Search/Seizure Two days ago I was pulled over by one of Chapaign Illinois' finest for speeding. After writing up the ticket, he asked me if I was transporting any weapons, drugs, or alcohol in my car. I of course responded that I did not have any such items in my car. He then asked if I would mind if he searched my car. I responded that he could, because I had nothing to hide. He found nothing and we went on our way. It got me to thinking though about if I had not consented, would he had had to have gotten a warrant to search my car? Would I have been forced to sit by the side of the road while they went to get a warrant to search my car? If he HAD found something of an illegal nature, could it be used against me in court? What rights do I have in this situation? I understand that the laws of other states may be different. I was mostly looking for a general case. ------------------------------------------------------------------ Brian D. Larkin brianl@morgana.pubserv.com Research & Development Publication Services, Inc. ------------------------------------------------------------------ ------------------------------ Date: Wed, 16 Dec 1992 12:42:25 -0500 >From: Gary Chapman Subject: Call for Comments About Computing and the Future PLEASE CIRCULATE THIS WHEREVER YOU FEEL IT IS APPROPRIATE BUT ONLY WHERE YOU FEEL IT IS APPROPRIATE AN OPPORTUNITY TO HAVE YOUR SAY ABOUT COMPUTING IN THE FUTURE This is Gary Chapman, director of the Cambridge, Massachusetts, office of Computer Professionals for Social Responsibility. I edit The CPSR Newsletter, a quarterly publication that goes to all CPSR members and about 400 other people, including a lot of policymakers, members of Congress, administration officials, etc. We're going to try something unusual for the next CPSR Newsletter, and I'm putting out a call for help. We're going to publish a special issue on "What the Clinton Administration Can Do For The Computing Profession and the Public." I'm sending out this message to ask people to send me SHORT contributions to this issue, just brief comments about what the new administration can do to help support computing in the United States, or perhaps the world. Here are a few basic guidelines for these submissions: 1. SHORT MEANS SHORT -- In order to publish as many of these as we can, we need to keep each contribution to about 100-150 words, max, one or two paragraphs. In fact, anything longer will probably be eliminated out of fairness to others. 2. YOU MUST IDENTIFY YOURSELF -- Again, briefly, with just your name and one line that says something about you, such as Joe Blow or Sally Smith, Programmer, BillyBob Corporation, or Centerville, Ohio, or something like that, whatever you prefer. 3. ADDRESS ISSUES OF PUBLIC POLICY -- In order to make these contributions relevant to the Clinton administration, they should concern issues about which government can or should do something, or stop doing, whatever. These include major issues such as privacy, access to information, computer networks like the Internet or NREN, R&D priorities, equitable access to computers, intellectual property, defense policy, risks to the public, etc. We're not really interested in contributions that are self-serving, parochial, excessively arcane or trivial, belligerently and unconstructively critical, and so on. We will favor messages that discuss the intersection of computing and major issues of concern to the public at large. 4. PLEASE INCLUDE A WORKABLE E-MAIL ADDRESS -- In case I have to get back to you about the text. We won't publish e-mail addresses, I promise. 5. GET ALL CONTRIBUTIONS TO ME BY JANUARY 15, 1993. My e-mail address is chapman@silver.lcs.mit.edu. This is not limited to people in the United States, although overseas contributors will have to make a case for what the Clinton administration should do to help international computing -- the focus will be on U.S. government policy. We're going to try and get this issue into the hands of the key players on computing and high tech policy in the new administration. For the most part we already know who those people are, and we're talking to them about the issues that CPSR is working on. This newsletter will give them a good impression, we hope, of the concerns of the computing profession and people who use computer networks. Consider this an opportunity for a kind of "hard copy" town hall. Thanks for your help! Get those messages coming! Gary Chapman Coordinator The 21st Century Project Computer Professionals for Social Responsibility Cambridge, MA chapman@silver.lcs.mit.edu ------------------------------ Date: Mon, 21 Dec 1992 23:21:02 EDT >From: Rob Kling Subject: Position Paper: Broadening Computer Science Computing for Our Future in a Social World Rob Kling Department of Information & Computer Science University of California at Irvine, Irvine, CA 92717, USA kling@ics.uci.edu (714-856-5955) December 2, 1992 Abstract The Computer Science and Telecommunications Board of the National Research Council has recently issued a report, "Computing the Future (Hartmanis and Lin, 1992)." It sets a new agenda for Computer Science. This short paper argues that effective CS practitioners who "compute for the future" in many organizations need some skills in social analysis to help understand appropriate systems requirements and the conditions which transform high performance computing into high performance organizations. It is time for the academic Computer Science to embrace Organizational Informatics as a key area of research and instruction. Introduction "Computing the Future" (CTF) (Hartmanis and Lin, 1992) is a welcome report which argues that academic Computer Scientists must acknowledge the driving forces behind the generally good Federal support for the discipline. The explosive growth of computing and demand for CS in the last decade has been driven by a diverse array of applications and new modes of computing in diverse social contexts. CTF takes a strong and useful position in encouraging all computer scientists to broaden our conceptions of the discipline. The authors encourage Computer Scientists to envision new technologies in the social contexts in which they will be used. The numerous examples of computer applications that the authors identify as having significant social value rest on social analyses of these technologies. Further, the report tacitly requires that the CS community develop reliable knowledge, based in systematic research, to support effective social analysis. And it requires an ability to teach such skills to practitioners and students. Without a disciplined skill in social analysis, Computer Scientists' claims about the usability and social value of specific technologies is mere opinion, and bears an exceptional risk of being self-serving opinion. Further, Computer Scientists who do not have refined social analytical skills have sometimes conceived and promoted technologies which were far less useful or far more costly than they claimed. Effective CS practitioners who "compute for the future" in many organizations need some skills in social analysis to help understand appropriate systems requirements and the conditions which transform high performance computing into high performance organizations. Since the report does not spell out these tacit implications, I'd like to explain them here. Broadening Computer Science: From Computability to Usability Since the usability of systems and software is a key theme in the history of CS, we must expand beyond mathematics for our conceptions of "theory" for the discipline. Some applications, such as as supercomputing and computational science are evolutionary extensions of traditional scientific computation, even though they have taken a new direction with rich graphical front ends for visualizing enormous mounds of data. But some other, newer modes of computing, such as networking and microcomputing, changed the distribution of applications. While they support traditional numerical computation, albeit in newer formats such as spreadsheets, they have also expanded the diversity of non-numerical computations. They have made digitally represented text and graphics accessible to tens of millions of people. None of these advances are inconsistent with "mathematical foundations," in CS, such as Turing machine formulations. But they are not well conceptualized by the foundational mathematical models of computation. Nor do our foundational mathematical models provide useful ways of conceptualizing advances in even more traditional elements of computers systems such as operating systems and database systems. Mathematical analysis can play a central role in some areas of CS, and an important role in many areas. But we cannot understand important aspects of usability if we limit ourselves to mathematical theories. Of the diverse trends in computing, the growing emphasis of usability is one of the most dominant. The usability tradition has deep roots in CS, and extends back into the design of programming languages, and operating systems. But each of these topics also rested on mathematical analysis which Computer Scientists could point to as "the foundations" of the respective subdisciplines. However, the growth of diverse applications for non-technical professionals, including text processing, electronic mail, graphics, and multimedia has placed a premium on making computer systems relatively simple to use. HCI is now considered a core subdiscipline. One important repercussion of the integration of HCI into the core of CS is the resulting need to expand our conception of the theoretical foundations of the discipline. While every computational interface is reducible to a Turing computation, the foundational mathematical models of CS do not (and could not) provide a sound theoretical basis for understanding why some interfaces are more effective for some groups of people than are others. The theoretical foundations about effective computer interfaces must rest on sound theories of human behavior and their empirical manifestations (cf. Ehn, 1991, Grudin, 1989). Further, interfaces involve capabilities beyond the primary information processing capabilities of a technology. They entail ways that people can learn about the system and ways to manage the diverse data sets that routinely arise in using many computerized systems (Kling, 1992). Understanding the diversity and character of these interfaces, which are required to make many systems usable rests, in an understanding the way that people and groups organize their work and expertise with computing. Appropriate theories of the diverse interfaces that make many computer systems truly useful must rest on theories of work and organization which characterize these phenomena. Broadening Computer Science: From High Performance Computing to High Performance Organizations The foundations of CTF go beyond interface design to claims that computerized systems will improve the performance of organizations. The report argues that the US should invest close to a billion dollars a year in CS research because of the economic and social gains that must pour forth from CS research. These are important claims, for which critics can ask for systematic evidence. For example, one can ask about the evidence that 20 years of major computing R&D and corporate investment in the US has helped provide proportionate economic and social value. CTF is filled with numerous examples where computer-based systems have provided value to people and organizations. The tough question is whether the overall productive value of these investments has been worth the overall acquisition and operation costs. In the last few years economists have found it hard to give unambiguously affirmative answers to this question. In fact, the question has been termed "The Productivity Paradox," based on a comment attributed to Nobel laureate Robert Solow who remarked that "computers are showing up everywhere except in the [productivity] statistics (Dunlop and Kling, 1991a)." There are numerous potential slips in translating high performance computing into cost-effective technological support to improve organizational performance. Some technologies require extensive technical support which provides hidden costs (Kling, 1992). Some technologies are superb for well-trained experts, but are difficult for less experienced people or "casual users." Further, a significant body of empirical research has shown that the social processes by which computer systems are introduced and organized makes a substantial difference in their value to people, groups and organizations (Lucas, 1981). Most seriously, some computer applications do not fit a person or groups's work practices (Bullen and Bennet, 1991). While they may make sense in a simplified world, they can actually complicate or misdirect real work. We graduate about 30,000 computer scientists every year and many of them find employment on organizational information systems projects. Unfortunately, few of them have developed an adequate conceptual basis for understanding when information systems will actually improve organizational performance. CTF anchors the value of CS research on the belief that interesting new technologies will certainly yield significant economic and social value. These assessments rest on social analyses. Unfortunately, the CS academic community is not organized (or funded) to provide a significant body of trustworthy research to help answer these kinds of questions. Organizational Informatics CTF places dual responsibilities on Computer Scientists. One responsibility is to produce a significant body of applicable research. The other responsibility is to educate a significant fraction of CS students to be more effective in conceiving and implementing systems that will actually enhance organizational performance. Today, most of the tens of thousands people who obtain BS and MS degrees in CS have no opportunities for systematic exposure to reliable knowledge about the value of computing in a social world. Yet a substantial fraction of these students go on to work for organizations attempting to produce or maintain systems which improve organizational performance without a good conceptual basis for their work. Consequently, many of them develop systems which underperform, and are sometimes even counterproductive, in organizational terms. Organizational Informatics includes studies of the usability of computerized information systems and communication systems in organizations. It also includes studies of their effective implementation, use, organizational value, and their consequences for people and an organization's clients. It is an intellectually rich and also practical research area. In the last 20 years a substantial body of scientific research in Organizational Informatics has developed. The best of the research is conducted by faculty in the Information Systems departments in Business schools and by scattered social scientists (cf. Boland and Hirschheim, 1987; Galegher, Kraut and Egido, 1990; Cotterman and Senn, 1992). But the Computer Scientists simply delegate the research and teaching of Organizational Informatics to Business Schools or "sociologists." They rarely ask questions with attention to fine grained technological variations which are important for CS. And they rarely can effectively teach numerous CS students about systems development and use in organizations. CTF is permeated with interesting claims about the social value of recent and emerging computer-based technologies. While many of these observations are of a kind that should rest on an empirically grounded scientific footing, Computer Scientists have deprived themselves of access to such research. Consequently, many of the "obvious" claims about the value of various computing technologies that we Computer Scientists make are more akin to the lore of home remedies for curing illness. Some are valid, others are unfounded speculation. More seriously, the theoretical basis for recommending home medical remedies and new computer technologies is not advanced without having sound research programs. What is needed CTF sets the stage for a broader appreciation of value of Organizational Informatics within Computer Science. It bases the expansion of the discipline on a rich array of applications in which many of the effective technologies must be conceived in relationship to plausible uses in order provide attractive social value for multi-billion dollar public investments. The CS community needs an institutionalized research capability to produce a reliable body of knowledge about the usability and of computerized systems and the conditions under which computer systems improve organizational performance. The CS curriculum must include opportunities for students to learn the most reliable knowledge about the social dimensions of systems development and use. While the study of Organizational Informatics builds upon both the traditional technological foundations of CS and the social sciences, it is not a sustainable topic within the social sciences at most universities. Other disciplines will not do our important work for us. Mathematics departments may be willing to teach graph theory for CS students, but the analysis of algorithms would be a much weaker field if it could only be carried out within Mathematics Departments. For similar reasons, it is time for the academic Computer Science to embrace Organizational Informatics as a key area of research and instruction. References: Boland, Richard and Rudy Hirschhiem (Ed). 1987. Critical Issues in Information Systems, New York: John-Wiley. Bullen, Christine and John Bennett. 1991. Groupware in Practice: An Interpretation of Work Experience" in Dunlop and Kling 1991b. Cotterman, William and James Senn (Eds). 1992. Challenges and Strategies for Research in Systems Development. New York: John Wiley. Dunlop, Charles and and Rob Kling, 1991a. "Introduction to the Economic and Organizational Dimensions of Computerization." in Dunlop and Kling, 1991b. Dunlop, Charles and and Rob Kling (Ed). 1991b. Computerization and Controversy: Value Conflicts and Social Choices. Boston: Academic Press. Ehn, Pelle. 1989. "The Art and Science of Designing Computer Artifacts." in Charles Dunlop and and Rob Kling (Ed), Computerization and Controversy: Value Conflicts and Social Choices. Boston: Academic Press. 1991. Galegher, Jolene, Robert Kraut, and Carmen Egido (Ed.) 1990. Intellectual Teamwork: Social and Intellectual Foundations of Cooperative Work. Hillsdale, NJ: Lawrence Erlbaum. Grudin, Jonathan. 1989. "Why Groupware Applications Fail: Problems in Design and Evaluation." Office: Technology and People. 4(3):245-264. Hartmanis, Juris and Herbert Lin (Eds). 1992. .Computing the Future: A Broader Agenda for Computer Science and Engineering. National Academy Press, 1992. [Briefly summarized in Communications of the ACM, November 1992] Kling, Rob. 1992. "Behind the Terminal: The Critical Role of Computing Infrastructure In Effective Information Systems' Development and Use." Chapter 10 in Challenges and Strategies for Research in Systems Development. edited by William Cotterman and James Senn. Pp. 153-201. New York: John Wiley. Lucas, Henry C. 1981. Implementation : the Key to Successful Information Systems. New York: Columbia University Press. Acknowledgements: I appreciate efforts by several colleagues to strengthen this paper through their comments: Jonathan P. Allen, Lisa Covi, Sy Goodman, Beki Grinter, Jonathan Grudin, John King, Tim Standish, John Tillquist, and Carson Woo. ------------------------------ End of PRIVACY Forum Digest 01.29