PRIVACY Forum Digest Friday, 16 December 1994 Volume 03 : Issue 24 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS IMPORTANT: PRIVACY Forum Status and Problems (Lauren Weinstein; PRIVACY Forum Moderator) Privacy on the WWW (Scott Coleman) What's wrong with customized service? (Michael McCarthy) Re: Orwell, 499 channels, and where privacy begins (Nevin Liber) Orwell, 499 channels, and where privacy begins (Scott Coleman) Re: Orwell, 499 channels, and where privacy begins (Karl Anderson) Orwell, 499 channels, and where privacy begins (minya!jc@eddie.mit.edu) UK concerns over personal data grow (Sue Schofield) Re: How to stop invasion of privacy (Arthur L. Rubin) The problem with preference recording (Marc Thibault) Maintaining Privacy in Electronic Transactions (Benjamin Cox) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW home page at the URL: "http://www.vortex.com/". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 03, ISSUE 24 Quote for the day: "All good things must come to an end." -- Folk saying (hopefully not always true...) ---------------------------------------------------------------------- Date: Fri, 16 Dec 94 13:56 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: IMPORTANT: PRIVACY Forum Status and Problems Greetings. This message contains important information regarding the status of the PRIVACY Forum. I'd appreciate it very much if you'd read it over completely. (Thanks!) The number of submissions in the most recent cycle was very large, apparently as the result of recent list additions and gatewaying of the digest into various major online services which have opened Internet gateways to very large numbers of users. I've had to be even more selective than usual as a result. Also, the percentage of addresses yielding some form of bad address return, multiple warning messages (sometimes appearing daily for a month or more), "I'm on vacation messages", and all manner of other automated responses is growing rapidly. Even with the automated listserv to handle some "routine" requests, most of these response messages require manual work to interpret and process. All of this is aside from dealing with the many submissions themselves, the FTP, gopher, and WWW servers and archives, and the other services related to the Forum. I'm happy to continue the gratis offering of the growing amount of time and resources it takes to keep the PRIVACY Forum going, so long as I am able, since I consider it to be an important and worthwhile undertaking. There are some things you can do that would make my life just a little bit easier. First off is to please *always* use *substantive* subject lines on all your submissions. I've been emphasizing this in the Forum info files and digest masthead. Please do *not* use your "reply" command to generate a response, and please don't use subject lines like "a submission", or "my response". Please take the time to choose a subject line that imparts some meaning to the reader regarding the subject at hand. Another point is that whenever possible, please set up your vacation programs and other automated response systems to not reply to the digest mailings. When a list gets this large the number of these that come pouring back becomes quite substantial, and seems to be growing rapidly. With your assistance, I'll have a better chance of keeping things running smoothly even through this high growth period. ---------------------------------------------- ... However ... I'm very sorry to report that external circumstances may force the termination of *all* PRIVACY Forum services (digest, ftp, gopher, WWW, etc.) in the *extremely* near future, due to the probable loss of the current network connection and lack of sufficient funds to obtain a replacement connection. I've been attempting to find a way to replace the necessary PPP or SLIP connection via locally accessible points here in the Los Angeles area, so far without success. If the situation does not change very shortly, I will post a message with the details. In the meantime, if you wish more information about this situation or have suggestions regarding available connection points or entities who might be interested in helping to sponsor the continued work of the Forum, please contact me directly by email. Thank you for your continuing support of the PRIVACY Forum. ---------------------------------------------- --Lauren-- ------------------------------ Date: Sun, 13 Nov 1994 08:51:29 -0600 (CST) From: genghis@ilces.ag.uiuc.edu (Scott Coleman) Subject: PRIVACY on the WWW march@europa.com (Marc H.) said: > Explicit warnings and documentation seem to be the best solutons. [...] > What I would like to see is a much more explicit preferences dialog, one > that warns the user about possible logging by web sites. I would disagree > with any assertion that particular browsers should be avoided because of > HTTP_FROM. Agreed. In fact, even if your web browser does not supply this information, that does not prevent the web site's software from collecting it and much more - see below. > This is not a web-specific issue. Interested readers are referred to RFC > 1413, "Identification Protocol," > , which details a > more-reliable, transparent, and generalized implementation of TCP > connection logging. I think it only prudent to assume that any site you > visit on the net could keep a log of your visit; Indeed it is. In fact, any site using NCSA's httpd web server daemon is already performing such logging, over and above any information explicitly gathered from the HTTP_FROM field. httpd maintains a file called access_log which logs the name and IP address of each machine making a request, the date and time, as well as the request itself (i.e. which file was sent or which query was made). In addition, if the user's machine is running the proper identification daemon, the user's login name is recorded into this log, as well (although the latter can be explicitly disabled by the web admin). This feature of httpd is a marketer's dream - he has accurate information on who accessed his site and specific data on what was accessed. In short, don't think for a moment that leaving the email address field in your web browser's config file blank will prevent the unscrupulous from collecting your email address. This is another feature of which most web users are blissfully unaware; unlike the ftp sites which proclaim their logging policy in all caps and encourage users to disconnect immediately if they do not like that policy, this logging is not explicitly disclosed by any web sites or browsers that I have ever encountered. Caveat User! ------------------------------ Date: Wed, 7 Dec 1994 16:14:51 -0800 From: mac@Advanced.COM (Michael McCarthy) Subject: What's wrong with customized service? Jerry Leichter in "Orwell, 499 channels,a nd where privacy begins" raises excellent questions about why people object to attempts by large distant corporations to get to know you better as a consumer/customer. Until we can answer that question adequately enough to tell if our feelings are unreasonable, we may be expending effort to control a trivial aspect of privacy when so many vital areas of privacy are under seige. I had a coworker who was infuriated because the owner of the local sandwich shop greeted him every day by name. My coworker was completely inarticulate about why this was offensive, but it dawned on me that he was upset because the shop owner was acting too familiar. My coworker was something of a snob, and felt the shop owner beneath him. I suspect that the hatred of businesses knowing more about you in order to serve you more specifically is not really as widespread as assumed in places like the Privacy Forum. I see an undercurrent of elitism and disdain for mere commerce inthe criticisms -- businesses are acting "too familiar." Let us consider what the average person, of any stripe, truly hates: junk mail -- misaddressed, mislabeled, and especially about things we are totally uninterested in. The endless fake telegrams offering overpriced second mortgages, citing sales on cars we wouldn't be caught dead in, begging for money for political movements we despise or charities we never heard of, depicting custom jewelry that offends our taste and lifestyle, and all the other misdirected wasted pleadings. But send me a solicitation to buy a map of the hidden doors to Doom II, or to sell me a CD of clip art just after I got my first copy of Microsoft Publisher, or to contribute to the von Mises Institute as I stew about the latest inanities emitted by Robert Reich -- well, I don't complain about these things, do I? In fact, if there's a movement or a sale or an event that I'd be really interested in and nobody tells me about it, I'm annoyed and feel cut out. Well there's no pleasing some people. I want you to send me only that mail and make to me only those phone calls that address my burning needs and momentary passions most directly -- but don't you dare try to figure out what they might be by examining my recent buying patterns, you nosy so-and-so's! The real fear is of Giant Corporations knowing Too Much about us. Yet our greatest *safety* lies in what some find most offensive: the commercial instincts of those same giant corporations. They are interested in knowing exactly as much about us as will allow them to do the most targeted kind of marketing -- which is almost by definition the least offensive kind of marketing for any given person (except those who profess to hate being marketed to -- the liars). Giant corporations, for all their faults, are not trying to have us arrested or taxed or thrown out of the country. For that kind of truely fearsome invasion of privacy -- for privacy violations aimed squarely at enslavement rather than selling us Cheerios -- we have to turn to the government. I suggest that our efforts be focussed on keeping commercial marketing data out of the hands of -- our congressmen! (I fear information about me in the hands of Newt Gingrich and Teddy Kennedy far more than in the hands of Sears-Roebuck and Apogee Software.) Michael McCarthy michael.mccarthy@advanced.com Editor-in-Chief, Advanced Systems Magazine, San Francisco. ------------------------------ Date: Wed, 7 Dec 1994 04:03:35 -0700 (MST) From: Nevin Liber Subject: Re: Orwell, 499 channels, and where privacy begins Jerry Leichter writes: > An article in a recent Privacy Forum mentioned the potential for video-on- > demand providers to track customer usage and use that to target ads, say for > the latest Steven Segall movie to viewers with a history of interest in > "adventure" flicks. Of course, other forms of buying habit data collection > and targeting have been around for a while. > > An issue I've raised before, but have never seen a serious discussion on, is: > Exactly what is it that people find objectionable in such practices? Take the following scenario: You find out that a good friend of yours has been infected with the AIDS virus. You decide that you want to learn more about it. You go out and get books and videotapes on the subject. A year or two later, you apply for a new job. You are certainly qualified, but they turn you down. Why? Their health insurance carrier has determined that you are in a high-risk group for AIDS, and they won't cover you. Do you think the law is going to protect you? Talk to anyone who has had their credit history screwed up to let you know just how hard it is and how many years it takes to get it corrected. Before computers, it was prohibitively expensive to get this kind of information. Now it's fairly cheap (and if you can't do it through normal channels, just think about how much it would cost to bribe a minimum wage worker to give you the info). The information being kept track of is of *what* is purchased; not *why* it is purchased. All sorts of statistical analyses are performed and a guess is made to why, and that guess is taken as gospel. Your local bookseller might know why you keep buying those AIDS books; the mega-bookstore databases certainly do not. And we'll never have laws against people misusing incomplete information. Just think about the field day McCarthy could have had if he could easily get a list of everyone who ever bought / borrowed from a library a copy of the Communist Manifesto. -- Nevin ":-)" Liber nevin@cs.arizona.edu (602) 293-2799 ^^^ (520) after 3/95 ------------------------------ Date: Wed, 7 Dec 94 07:48 PST From: asre@uiuc.edu (Scott Coleman) Subject: Orwell, 499 channels, and where privacy begins Jerry Leichter asks: > An article in a recent Privacy Forum mentioned the potential for video-on- > demand providers to track customer usage and use that to target ads, say for > the latest Steven Segall movie to viewers with a history of interest in > "adventure" flicks. Of course, other forms of buying habit data collection > and targeting have been around for a while. > > An issue I've raised before, but have never seen a serious discussion on, is: > Exactly what is it that people find objectionable in such practices? > > Let's look at a little history. Unfortunately, your examination of history managed to miss a highly publicized incident which would have answered your question quite handily, namely that involving Judge Bork. In a nutshell, Bork's opponents acquired the records of videotapes he had rented in an effort to prevent his confirmation to the Supreme Court. Although they found nothing particularly incriminating (i.e. no "Deep Throat" or kiddie porn rentals), Congress was sufficiently alarmed by this to enact legislation which guarantees that such video rental records remain private. Incidentally, I wonder how the video-on-demand providers will deal with this law, which could easily be interpreted by a judge to apply to the collection and sale of video-on-demand purchases. > When I went into my local bookstore, I knew the proprieter. He > knew me. He also knew my tastes in reading, and would recommend books he'd > seen that I might like. Did this bother me, or others? Did it bother people > that the owner of the local clothing shop might suggest some clothing that had > just come in as "just your style"? That the owner of the mom-and-pop grocery > might tell them that fresh apples were in and were particularly tasty this > year? [...] > > Not only didn't people object to this kind of thing, they liked it. Ah, but the owners of such small stores weren't compiling huge databases on the preferences of their customers and SELLING IT, WITHOUT THEIR CUSTOMERS' KNOWLEDGE OR CONSENT, to other marketing slime so that enormous, cross-referenced aggregated databases could be produced. Such knowledge is, as you point out, quite benign as long as it exists only in the shopkeeper's head. Nor were these sole proprietors buying similar data from other sources and using it to try and lure people from the next twon over into their stores via targeted direct marketing campaigns. It is this buying, selling and aggregating, as well as the lack of informed consent on the part of the victims, which many people find so objectionable. > a mega chain like Borders. It's certainly true that a large enough quantita- > tive difference results in a qualitative difference. And I certainly have the > same feeling that there's no problem with the local book seller knowing what > I like to read, but there is a potential problem with Borders keeping track > of such information. But it bothers me that I can't elucidate exactly why. Have I been able to help you in any way? ;-) > Is it that the information my local book seller has is unlikely to be shared, > while Borders will resell what it knows? Perhaps, but again (a) my local book > seller is more likely to share the information with people who know me than is > Borders, which will sell it with information about thousands of others in an > essentially anonymous fashion; and (b) in fact, this information is becoming > too valuable to be sold - Borders wants to use the information it gathers to > gain an advantage over other mega chains. An interesting notion, but one which I fear is too naive. To give but one example, it is quite common for grocery stores to get new laser scanner checkout terminals at a greatly reduced cost. The large marketing firms which specialize in the collection and correlation of consumer purchase data will subsidize the cost of acquiring this equipment in exchange for the right to collect and KEEP the data thus generated. Thus, for a one-time fee, these companies get a steady stream of data on what products people are purchasing (and, thanks to the widespread use of credit cards, check cashing cards, and "preferred customer"/discount cards, the marketers have a valid name and address with which to associate those purchases. At this point, I could go on into the great potential for abuse and privacy erosion which such enormous databases of targeted marketing data present, but I think I'll save that tome for another thread. ;-) -- Scott Coleman, President ASRE (American Society of Reverse Engineers) asre@uiuc.edu ------------------------------ Date: Wed, 7 Dec 94 12:31 PST From: karl@reed.edu (Karl Anderson) Subject: Re: Orwell, 499 channels, and where privacy begins >From: Jerry Leichter [regarding vendors selling one's buying habits] >An issue I've raised before, but have never seen a serious discussion on, is: >Exactly what is it that people find objectionable in such practices? >When I went into my local bookstore, I knew the proprieter. He >knew me. He also knew my tastes in reading, and would recommend books he'd >seen that I might like. Did this bother me, or others? By casting a vendor as the friendly owner of one's hometown store, you eliminate the problem. "Mom and pop" aren't going to do anything with this information except give recommendations. We don't have this assurance with a corporation. If I were HIV positive, and consequently were to buy books on the subject, I would appreciate it if my bookseller told me about related books or services. Telling potential employers, landlords, etc. would be a different matter entirely. I signed up to donate blood when I was 18, before I had ever been tested for HIV. I was given a questionnaire first. The fine print mentioned that in accordance with state or federal law something-or-other, names associated with several types of positive tests, including syphillis and HIV, would be forwarded to state or federal agency this-or-that. Some government official had been recently blathering to himself in the media about quarantine camps and glow in the dark tattoos. I turned around and walked out. If the Red Cross was administered by "mom and pop", who would do nothing with this knowledge except tell me whatever helpful information they knew, then I might not have done so. karl@reed.edu http://www.reed.edu/~karl/ ------------------------------ Date: Thu, 8 Dec 94 21:37 EST From: minya!jc@eddie.mit.edu Subject: Orwell, 499 channels, and where privacy begins Jerry Leichter wrote: | An article in a recent Privacy Forum mentioned the potential for | video-on- demand providers to track customer usage and use that to | target ads, say for the latest Steven Segall movie to viewers with a | history of interest in "adventure" flicks. Of course, other forms of | buying habit data collection and targeting have been around for a | while. | | An issue I've raised before, but have never seen a serious | discussion on, is: Exactly what is it that people find objectionable | in such practices? | | Let's look at a little history. ... That's the best way to find out why people are so excited about the topic. Do some reading about the McCarthy witch (oops, I meant communist) hunt back in the 50's, and you'll get a pretty good feel for why you want privacy even if you can't offhand think of a way that something might hurt you. One of my favorite news reports from the 70's was about a researcher who found out why he had been turned down for government grants for the previous decades. He was listed as a secret member of a subversive organization in the US government's lists of such things. It seems that his car had been spotted parked in the same block far from where he lived, on evenings when the group had its meetings. The reason turned out to be that his son had a girlfriend who lived in the same block, and had been borrowing his dad's car to visit her many nights each week. Of course, the government investigators didn't see who drove the car or where they went; they just walked down the street writing down all the license numbers, and recorded all those that didn't live in the area as likely members of the group. Think of this the next time you park your car somewhere far from home. An anecdote from my personal life that is (I hope) silly, but which indicates what could happen: About two years ago, a friend (a visiting Russian named Alla) was due to have her baby, and her husband wasn't around, so my SO (Shelley) went to the hospital to keep her company. While there, Alla was understandably not up to walking around much, so Shelley went to pick up the baby pictures, and paid for them with her Visa card. As a result, we are now on the mailing lists of every baby-goods seller in North America. We get several baby-oriented mail-order catalogs each day. The catalogs are tracking the baby's age. Just today we got a packet of disposable diapers for a two-year-old (22-35 pounds). In another 15 years or so, we'll probably be getting ads from colleges. It does absolutely no good to tell them that we don't have a baby. Their computer knows we do. As I said, this one is basically silly; it's not easy to see how this could be used against us. Or could it? A lot of American politicians are making a lot of noise these days about unwed mothers being the cause of all our social and economic woes. Suppose someone were to do a cross-check of the records of someone else like Shelley, and discover that she was an unmarried teenager who had just bought baby pictures. She would then be permanently in the records as an unwed teenage mother, and there'd be no way (short of zillions of dollars and the rest of her life spent in court suing *everyone* who used the information) to eradicate such misinformation. If she were later found not to have a baby, she would be under obvious suspicion of having killed it ... Or, to mention another hot topic these days: Suppose instead of baby pictures, she had used her charge card to pay for a friend's AZT prescription. The result would probably be that she'd be unemployed for the rest of her life. As soon as her employer found out, she'd be laid off, and who would hire someone that obviously has AIDS? If you don't believe these scenarios are realistic, you haven't been paying attention. There has been at least one case in the past year or so of a political candidate making a campaign issue of an opponent's video rental record. If you ever want to run for public office, you should consider that everything you've ever purchased with a charge card may be used as evidence against you. (Myself, I figure that my fate will be sealed about the time that Pat Roberson is elected president, and his investigators discover that I was once a key-carrying member of a Unitarian church. ;-) ------------------------------ Date: Wed, 7 Dec 94 13:28:23 +0000 From: Sue Schofield Subject: UK concerns over personal data grow UK concerns over personal data grow by Sue Schofield - Sussex UK Premier UK telecomms supplier BT ( ex British Telecom) hit the UK news twice in November this year, once with the enforcement of Caller Line Identifier on all unlisted numbers, and then with the unwelcome news that a hacker had gained access to thousands of unlisted military and Government numbers. The hacker who got hold of the BT information didn't break into the site or hack into computers from a shady back room, but was a contract employee who found the system passwords left lying around on desks or pinned to public notice boards. His story was verified by a journalist, who got a job in the same department and found the passwords lying around exactly as described by the mystery hacker. The unlisted numbers included those of the Prime Minister and Buckingham Palace, together with actual billing costs and call logs from those numbers. Other interesting snippets provided generous amounts data about some of the UK's most sensitive sites, including details of 'safe' call boxes. Freephone numbers and businesses used by MI5 as fronts for covert operations were also described in detail, mainly in the form of ASCII billing and customer information taken from BT's USA-built systems. (Business Managers might wonder how the information was so easily copied electronically and removed from BT premises.) The news broke as a front page in the Independent Newspaper and immediately lead to questions in the House of Commons. An apparently Internet-savvy Prime Minister confidently informed the House that there was no evidence of secret telephone numbers being posted or made available on the Internet. A subsequent edition of the Independent showed time and date stamped print-outs of a telnet session to an Internet site, from where it was (apparently) still possible to download reams of similar information. The new information was published after the PM's speech denying that the data was available, and after a statement from BT confirming that no security information had been leaked or was available. The escapade was just another in a series of high level information leaks from within the privatized BT. Previous leaks included the duplication of an 'unhackable' CD-ROM UK phone directory which is now available in the USA for a few dollars, and numerous stories of BT employees selling or making available unlisted or 'interesting' telephone numbers. BT, formerly British Telecom, is one of the national utility companies sold off in the current Government's strive for privatization. The BT Hacker scam has raised eyebrows in country where the public still has implicit faith in the security of national health and personal financial data. But much of this faith is misplaced, especially in the light of proposed further privatization of public services where personal privacy issues are almost certain to be ignored. But there are clouds on the horizon for UK individuals who remain unconcerned about the Government's stance on privacy issues or the ability or suitability of private businesses to handle electronic data on individuals. Forthcoming privatization of the electronic handling of both Inland Revenue and medical records mean that for the first time in the UK there's a real risk of electronic data about individuals becoming readily available to anyone capable of accessing a 'secure' computer terminal. While all of the private companies involved in bidding for these lucrative tenders deny that there are risks of medical data or other personal data becoming available to unauthorized persons, BT's example of what a private company can do with public records must ring a loud warning to UK residents. Most of the UK population's credit card, vehicle, Revenue, credit, utility and medical records will be available electronically by the year 2000, on computer systems maintained and operated by private companies unaccountable in law to the individual. This should ring a loud alarm bell in a country where there are no constitutional privacy rights. Individuals have to ask themselves whether the numerous breaches of BT's 'secure' record systems will provide a model for the forthcoming mass computerization of personal data. As things stand the Government relies on the much maligned Computer Misuse Act to prosecute those who gain 'unauthorized access' to computer systems. But the Act has not deterred repeated misuse of the Police National Computer, utility computers or the national Vehicle Licensing computer, nor it will not provide any protection or recourse for individuals whose medical, personal or other records are mishandled by private companies. ---------------------------------------------------------------- Sue Schofield (sue@s-sco.demon.co.uk) is a UK technology journalist, and the author of the UK Internet Book, amongst others. --------------------------------------------------------------- ------------------------------ Date: Wed, 7 Dec 94 07:52:13 PST From: a_rubin@dsg4.dse.beckman.com Subject: Re: How to stop invasion of privacy In privacy digest 3:23, Gary Martin >I heard a rumor yesterday that I wanted to run past all of you. A >relative of mine told me that at least one, possibly more commercial >online service(s) may be invading your privacy without you knowing it when >you're connected to them. I was told that a particular company routinely >uploads your entire directory structure, and sometimes even data within >certain files. Is this a rehash of the Prodigy "STAGE.DAT" fiasco, in which the service allocated a large file without clearing it, hence the accusation that it uploaded propriatary information; whereas in actuality, the file is a download staging area? However.... >1. Does anyone know where I can find freeware or shareware that will allow > me to track every directory read, file read/write and upload or > download? I would prefer that it be Windows 3.1 or OS/2 2.1 based > software. I've seen some such for directory read, and file read/write. I could write a TSR for DOS which would (probably) work under Windows that would do that, but it seems relatively easy. >2. Are you aware of any software that would PREVENT a commercial service > from doing these things? No. I think it could be done, but the shell/TSR/program would have to prompt you on any request to read a file, making it very burdensome. How can the software know what you want the service to be allowed to read? Alternatively, the TSR could provide a software simulation of password protection. >3. Is there anything I can do using existing MS-DOS or Windows options to > track or prevent this short of password protecting or encrypting > everything? I don't think so....but I'd be happy to be proved wrong. -- Arthur L. Rubin: a_rubin@dsg4.dse.beckman.com (work) Beckman Instruments/Brea 216-5888@mcimail.com 70707.453@compuserve.com arubin@pro-sol.cts.com (personal) My opinions are my own, and do not represent those of my employer. [ There were a large number of other messages on this topic, most also suggesting that the rumor was related to the original "Prodigy" incident. As reported above, it appears that Prodigy's use of a staging file which contained unerased user data alarmed some users, but apparently this file was never uploaded *to* Prodigy. Another message pointed out that the possible liabilities to any service that purposely uploaded private user data without users' permission could be extremely great. There was also a report that the next (1995) release of a popular windows-oriented operating system for PCs might contain an "online registration" feature which uploads the users' AUTOEXEC.BAT file. Since careful inspection of this file could reveal the names of which software packages the user had installed on their system (among other information) the author of the message was concerned about the privacy implications. No details regarding this "feature" or how (or *if*) it was really implemented were available. Persons with more information are of course invited to comment here in the Forum. -- MODERATOR ] ------------------------------ Date: Wed, 7 Dec 1994 10:15:22 -0500 From: marc@tanda.on.ca (Marc Thibault) Subject: The problem with preference recording Jerry Liechter's musings about why we are concerned about the privacy of the databases kept by the stores we use makes a good point. It is important for us to be able to articulate our concerns. Like Jerry I have a problem expressing the unease that mere existence of these databases produces. There is, however, an identifiable problem: that of misuse or conversion. The bookstore or, more dramatically, the video store records that are kept of my purchases are different than the owner's recollection of my buying habits in a very important way. The owner's memories can't be stolen, confiscated, or subpoena'd, and they die when he does. Governments and the law are fickle things, as anyone who was around in the 50's and 60's can attest. Who would want a modern-day McCarthy, Hoover or Carrie Nation to have access to their video rental records? If the gun control trend in Canada goes to its logical conclusion, I don't want cops crashing into my house demanding my guns because my name showed up on a list of people who read _Guns and Ammo_ or _Hunter_, but not on their registration list. What defense can I possibly have if I don't have any guns? No one can prove a negative, so they'll just keep wrecking my house until they are satisfied that even the beams aren't hiding guns, at which point they'll insist on knowing who I gave them to (ref BATF, Waco). The people who make and enforce our laws can be counted on to act in mindless, ignorant and brutal fashion at almost any time. We don't need to add fuel to their fantasies. A bookstore owner is capable of selective memory, based on whether he thinks the information is relevant, and his testimony can be called into question if it's insufficiently selective. A computer database is mute, complete, and open to whatever spin the most powerful interpreter chooses. Cheers, Mtmp/arc ------------------------------ Date: Wed, 7 Dec 1994 17:58:25 -0500 (EST) From: Benjamin Cox Subject: Maintaining Privacy in Electronic Transactions Now that I've finished jumping through all the necessary hoops to have my MS thesis signed by all the necessary parties, I'm making it available through the Web. There may be some in this forum who will find it interesting. The thesis (titled "Maintaining Privacy in Electronic Transactions") is available in PostScript form at http://www.ini.cmu.edu/~thoth/ms-thesis.ps The abstract is reproduced below; it is available as HTML at http://www.ini.cmu.edu/~thoth/ms-thesis-abstract.html (it includes a pointer to the PostScript). Ben Cox thoth+@cmu.edu ---------------------------------------------------------------------- Abstract Electronic commerce presents a number of seemingly contradictory requirements. On the one hand, we must be able to account for funds and comply with laws requiring disclosure of certain sorts of transaction information (e.g., taxable transactions, transactions of more than $10,000). On the other hand, it is often socially desirable to limit exposure of transaction information to protect the privacy of the participants. In this thesis, I address the following issues: * I develop a new analysis technique for measuring the exposure of transaction information. * I analyze various privacy and disclosure configurations to determine which are technically feasible and which are logically impossible. * I apply this analysis to the Information Networking Institute's proposed ``NetBill'' billing server protocol. * I consider the use of intermediary agents to protect anonymity and the implications of various arrangements of intermediaries. * I develop an encoding technique that can reveal the order of magnitude of a transaction without revealing the exact value of the transaction itself. ------------------------------ End of PRIVACY Forum Digest 03.24 ************************