PRIVACY Forum Digest Friday, 5 November 1993 Volume 02 : Issue 34 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS PRIVACY Briefs (Lauren Weinstein; PRIVACY Forum Moderator) Re: Politics is private property in the panopticon society (Andy Sherman) Re: Conviction after 30 years (Warren R. Carithers) Re: Swiss weapons (Martin Minow) "On the Road to Nosiness?" (Dan Gillmor) CLI News from Spain - Nov. 1, '93 (Rafael Fernandez Calvo) Privacy Advocate (Prof. L. P. Levine) Re: Computer Fingerprint Matching (Tom Olin) NII Call for Action (Al Whaley) Help with SSN question (Brad Dolan) Privacy of Card Reader Systems (Dave Millar) Commercials in phone calls (chris@efi.com) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 02, ISSUE 34 Quote for the day: "Every boy wants a Remco toy... and so do girls." -- Modified 1960's advertising slogan for the Remco toy manufacturing company. Their original slogan did not include the "and so do girls" phrase. ---------------------------------------------------------------------- Privacy Briefs (from the Moderator) --- A controversy has arisen over a recent case where a police officer, who was listening to cellular phone channels with a radio scanner, overheard a conversation which led him to a crime (robbery) in progress and associated arrests. The problem: Under U.S. federal law, it is illegal to monitor cellular phone channels without an appropriate warrant. There was no warrant in this case, since the conversation was heard during random scanning of cellular calls. Many legal experts seem to feel that the arrests may be invalidated due to the apparently improper use of the cellular scanner, much as evidence may be invalidated through the use of other improper procedures. Comments? --- The U.S. Social Security Administration is reported to be considering using federal prisoners to transcribe requests for information from callers leaving recorded messages on their inquiry numbers. While the SSA points out that prisoners would not have access to SSA records, concerns have been raised (by members of Congress and other parties) that the handing over of names, addresses, and presumably social security numbers of callers to convicted felons, may not be in the best interests of personal privacy. ------------------------------ Date: Thu, 28 Oct 93 07:56:40 EDT From: andys@internet.sbi.com (Andy Sherman) Subject: Re: politics is private property in the panopticon society >>>>> On Mon, 11 Oct 93 10:38:53 -0400, sorenjs@pb.com (Jeffrey S. Sorensen) >>>>> said: sorenjs> According to the article, a company called _Scanners_ out of sorenjs> Denver will "fax a list of toll calls made by anyone, sorenjs> anywhere, for up to $125." (No doubt the company takes their sorenjs> name from the movie about people who make your blood boil and sorenjs> your veins pop out on your head.) It seems that while the sorenjs> content of calls is private and cannot be monitored without a sorenjs> court order, the billing information is not protected. This puzzled me greatly when it appeared in the Telecom Digest, too. When I was at AT&T, the code of conduct that I signed asserted that call detail is Customer Proprietary Network Information (CPNI), and that it is illegal to disclose CPNI without the customer's consent. To do so also results in immediate dismissal. So how can Scanners claim that it's legal for them to sell CPNI? *SOMEBODY* had to break the law for them to get it. I can't speak about MCI or Sprint, or the tons of little Mom and Pop storm door and phone companies, but I know that AT&T and the RBOCs have typically refused to disclose anything without papers signed by a judge. -- Andy Sherman Salomon Inc - Unix Systems Support - Rutherford, NJ (201) 896-7018 - andys@sbi.com or asherman@sbi.com ------------------------------ Date: Thu, 28 Oct 1993 08:43:13 -0400 (EDT) From: wrc@cs.rit.edu (Warren R Carithers) Subject: Re: conviction after 30 years > Question: Is the use of computer technology to provide such a > "match," long after most other evidence has been lost or is no > longer available, a positive or negative development? As is the case with many technological improvements, this one provides a mixed blessing. Certainly, in some cases, this capability will merely provide confirmation of the "story" told by other evidence; in cases such as the one cited, however, I worry that the computer match will be taken as absolute truth because/in spite of the lack of additional evidence. I don't know any of the other details of this case, so I don't know what other evidence existed. The man claimed to have been in "military training" at the time - presumably this was verified by the prosecution? Were there any other connections between the accused and the victim? I find it disturbing, however, to think that a jury would convict *solely* on the basis of a fingerprint match between a 30-year-old sample and a current one, regardless of how the match was achieved (by computer, or by manual comparison). -- Warren R. Carithers, RIT Department of Computer Science, Rochester NY 14623-5608 Internet: wrc@cs.rit.edu, wrcics@ultb.isc.rit.edu (716) 475-2288 BITNET: wrcics@ritvax.bitnet FAX (716) 475-7100 ------------------------------ Date: Thu, 28 Oct 93 09:10:11 -0700 From: Martin Minow Subject: re: Swiss weapons In a note to Privacy, Paul Robinson wrote, > ...(okay to commit any crime since you probably won't do time.) In > Switzerland by law every male is required to keep in their house, loaded, > a FULLY AUTOMATIC machine gun which the government gives them. Gun homicides > are rare there. I believe that this is incorrect regarding Switzerland. There, members of the armed forces (active and reserve, which includes most Swiss male citizens) generally keep their military personal arms at home. Ammunition is, however, kept in sealed containers (and it is a court-martial offense to break the seal except under orders). However, if the military doesn't trust you (or you are female or don't have a military need for a personal weapon), you don't get a machine gun. My source for this is John McFee's book on the Swiss military, which I recommend highly. Martin Minow minow@apple.com ------------------------------ Date: Thu, 28 Oct 1993 16:44:11 -0400 (EDT) From: Dan Gillmor Subject: Privacy Advocate The state of Wisconsin recently appointed a Privacy Advocate. Carol M. Doeppers, the wife of a UW Geology Professor begins in this new post 12/1/93 according to an article by Steven Walters in the October 27th Milwaukee Sentinel. The job pays $33,000/year and should be compared to $100,000/year paid to the state person who tracks Railroad legislation. Even with this interesting disparity Wisconsin is the first state in the union to have such an advocate. Canada has had one for some time. Doeppers is not sure just what the job entails, according to the Sentinel, but intends to be "... keenly concerned" with "the pretty rampant collection of identifiable information, much of which is not relevant." I am sure there will be more news to come on this. + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail levine@cs.uwm.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. FAX (414) 229-6958 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ------------------------------ Date: Mon, 1 Nov 93 16:00:42 EST From: adiron!tro@uunet.UU.NET (Tom Olin) Subject: Re: Computer Fingerprint Matching A California jury has recently convicted a man of murder, some 30 years after the event, based solely on a computer fingerprint match. ... Question: Is the use of computer technology to provide such a "match," long after most other evidence has been lost or is no longer available, a positive or negative development? The merit of *using* such technology is, I think, independent of whether other evidence is still available. If the technology works, it works. However, I think your question is really whether a conviction on a single fingerprint is acceptable, given that all other evidence has been lost. That's a harder question. I would be concerned if the fingerprint is the only piece of evidence used to convict, unless the print is in an obviously telling location - e.g., in blood, on the murder weapon. Tom Olin PAR Technology Corporation Tel:(315)738-0600 Ext 638 tro@partech.com New Hartford, NY Fax:(315)738-8304 ------------------------------ Date: Tue, 2 Nov 1993 13:13:13 -0800 From: Al Whaley Subject: NII Call for Action Date: Mon, 1 Nov 93 14:46:22 PST From: Doug Schuler Computer Professionals for Social Responsibility NII Call for Action Autumn, 1993 Introduction The Clinton administration has recently developed an "Agenda for Action" to develop a National Information Infrastructure (NII), a very high capacity network for communication of digital information in the United States. While Computer Professionals for Social Responsibility (CPSR) applauds much of this effort, we feel that there are serious concerns that must be addressed if this technology is to meet our country's needs and our citizen's expectations into the 21st Century. This is a critical technology that transcends entertainment, convenience shopping, and instant polling. Communication and information are at the core of a democratic and equitable society. We believe that the development of this technology has the potential to fundamentally change the nature of community and democratic discourse and, hence, is one of the most critical issues facing us. We feel that this issue deserves serious and comprehensive public participation. Important decisions may be made in the near future with inadequate public participation. This document is designed to help spur that participation. We urge you to contact us with your ideas for what needs to be done, and your feedback on this call for action. Motivation The United States is faced with profound challenges as it prepares to enter the 21st century. These include wide disparities in income and economic opportunity as well as a declining sense of community involvement. Many of today's children are growing up in an unsafe environment with little hope for the future. These problems may well be exacerbated by a lack of access to communication and information technology. We believe that ensuring affordable access could help increase political participation, improve economic opportunities, reinvigorate community, and promote opportunities for lifelong learning. While not a panacea, technology may be useful in this area if it is developed with full democratic participation and if genuine human needs are addressed. Why a Call for Action? CPSR has written a policy statement with recommendations for those who will be building the NII. This statement was released in conjunction with a press conference by the Telecommunications Policy Roundtable (TPR), a coalition group of some 60 public interest organizations. CPSR's policy document, entitled "Serving the Community: A Public-Interest Vision of the National Information Infrastructure", is largely addressed to policy makers. At the same time, we realize that top-down action from government policy makers is only one piece of the puzzle. Action at all levels is required if the NII is to become a shared national (and ultimately international) resource. This call for action is being released simultaneously with the policy statement. TPR Principles The TPR principles represent a consensus view of a variety of public- interest organizations. These principles represent as shared desire for an equitable public space that we can hold in common as a society. We urge you to adopt them in any future discussions, proposals, or pilot projects. (1) Universal access. All people should have affordable access to the information infrastructure. (2) Freedom to communicate. The information infrastructure should enable all people to effectively exercise their fundamental right to communicate. (3) Vital civic sector. The information infrastructure must have a vital civic sector at its core. (4) Diverse and competitive marketplace. The information infrastructure should ensure competition among ideas and information providers. (5) Equitable workplace. New technologies should be used to enhance the quality of work and to promote equity in the workplace. (6) Privacy. Privacy should be carefully protected and extended. (7) Democratic policy-making. The public should be fully involved in policy-making for the information infrastructure. Based on our experience as both users and designers of networking systems we have formulated an additional principle: (8) Functional integrity. The NII must be engineered to high standards of reliability, robustness, and extensibility. Opportunities for Action We believe that substantial effort will be required if the NII is to live up to the principles outlined above. Some of this work can be initiated by individuals and some by organizations at the community, regional, and national levels. CPSR at both the national and the chapter level intends to be a strong player in this effort. These objectives will not be realized without a strong diversified and distributed effort and we hope that you will become involved in this effort. We've included a list of possible opportunities actions - there are lots of others! Education and Public Meetings + Organize and attend public meetings on the NII + Organize and attend study groups on NII issues + Write articles and editorial pieces for publication emphasizing the eight public-interest principles and their application to specific NII proposals and plans. Work with Community + Help assess community information and services needs + Develop criteria for NII related projects and services to evaluate whether they support the public-interest principles and address community needs + Work with local organizations, projects, and networks to develop models of how the NII can promote the public good and to ensure that the principles are followed + Co-design local service and information related pilot projects that can be used by others as models Work with Government + Contact government officials to sponsor hearings and consider NII issues + Identify government information and services for inclusion on NII. + Attend and offer testimony at public hearings + Help to develop equitable regulatory approaches to NII implementation Work with Organizations + Work with local cultural, civic, social service, educational, and library organizations to develop NII policies, pilot projects, and proposals. + Work with organizations that are actively working in this area + Work with organizations to educate them as to the importance of these issues + Form coalitions with organizations in this area Work with Business + Work with businesses to encourage them to acknowledge and support public access to the NII + Work with businesses to ensure that affordable public access systems and concerns are included in technological and regulatory development Develop and Build Models + Develop Community Networks, Free-Nets, Civic Networks, information and services cooperative and organizations and conduct other experiments in local telecommunications. + Communicate goals, concerns, and findings to the rest of the community About CPSR Computer Professionals for Social Responsibility stands alone as the only national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Decisions regarding the use of this technology have far-reaching consequences that necessarily reflect the basic values and priorities of the people who govern their use. We will continue our work on Calling Number ID, workplace issues, participatory design, privacy, freedom of information, redirection of national technology policy for non-military purposes and other issues in addition to our recent NII initiatives. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Each of our members is an important participant in the dialogue that is helping to shape the future use of computers in the United States. Our National Advisory Board includes one Nobel laureate and three winners of the Turing Award, the highest honor in computer science. We believe that as the influence of computers continues to permeate every aspect of our society, it is important that professionals become active participants in formulating the policy that governs computer use and access. CPSR welcomes any and all who share our convictions. To obtain copies of the CPSR NII Policy Document or to obtain additional information about CPSR, contact us at cpsr@cpsr.org or CPSR, P.O. Box 717, Palo Alto, CA, 94302. ------------------------------ Date: Thu, 4 Nov 1993 12:13:28 -0500 (EST) From: PINE_RIDGE@ORVB.SAIC.COM Subject: Help with SSN question Forgive me if this is FAQ-ish or wrong for this forum. I've just subscribed. My company is claiming that the '93 budget act includes a provision requiring it to report my dependent's names, ages, *SSNs*, and other data to the "Medicare/Medicaid Coverage Data Bank". There are several things I don't like about this, but I'm particularly offended by the requirement to report dependent SSNs (my kids don't have 'em!). Can somebody provide or point me to more info about the actual legal requirements? What legal legs do I have to stand on in refusing to supply SSNs? Brad Dolan 71431.2564@compuserve.com ask for PGP dat ------------------------------ Date: Mon, 18 Oct 1993 17:18:12 -0400 From: millar@pobox.upenn.edu (Dave Millar) Subject: Privacy of Card Reader Systems Hi, Can you help me find any information on the issues associated with information kept on security card scanner systems? We have a large network of card readers scattered across campus tracking the comings and goings of several tens of thousands of people at several hundred points on campus - administrative buildings, dining halls, dorms, libraries, etc. What, if anything, stops someone from collecting this data and using it in ways not known or intended by the people being monitored? I scanned through the Privacy Rights Clearinghouse bbs, but didn't see anything. Can you point me to any other resources? Do you know any way that I might keyword search back issues of Privacy FORUM? Any help would be much appreciated. Also, for my searches, are you aware of any other terms I might use (I'm trying "id cards", "card readers", "security cards"). Thanks in advance. Dave Millar University of Pennsylvania millar@pobox.upenn.edu ------------------------------ Date: Fri, 5 Nov 1993 19:22:55 -0800 (PST) From: chris@efi.com Subject: Commercials in phone calls A blurb in the "Bits & Bytes" column of the August 16th BusinessWeek tells about a new kind of long distance service. Calls will be free, but you have to listen to commercials and they will collect and sell information on you. A small startup in New York City that hopes to go nationwide later this year (sorry, I don't have any more recent information) is offering the service. Callers punch in "a special access code" to connect to the company's computer which then routes the calls over leased long-distance lines. Before the call, the caller has to punch in info like age and sex. The system uses this to determine which commercials it will use to "periodically interrupt" your call! In addition, advertisers will get "access to a wealth of demographic information--length and time of call, what geographic areas are called most, number of ads played per call, and so on." This doesn't seem like a privacy risk or invasion--as long as they tell people that they're going to sell the information. (Privacy-conscious people should be able to spot it in a second anyway, but I suspect many people wouldn't.) But it surprised me that they would go to such lengths to collect information and make me listen to commercials. Would I use it? Yes, unless I can think of a worse risk than getting extra junk mail. One dodge that occurs to me: if both people have two phone lines, make the call on both at once and switch lines when a commercial comes on! It's free, after all... ------------------------------ End of PRIVACY Forum Digest 02.34 ************************