PRIVACY Forum Digest Friday, 17 November 1995 Volume 04 : Issue 24 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Major PRIVACY Forum Upgrade; Thanks MCI and Cisco! (Lauren Weinstein; PRIVACY Forum Moderator) Re: Businesses monitoring employee e-mail (Jered Floyd) Privacy episode on Oprah last week (Kevin Maguire) Getting your clearance on the net ([Name withheld on request]) Concerns about Medical "Privacy" Bill Grow (Marc Rotenberg) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 24 Quote for the day: "Maybe he just wanted to steal our wirecutters!" -- 'Animal' Stosh (Robert Strauss) "Stalag 17" (1953) ---------------------------------------------------------------------- Date: Fri, 17 Nov 95 21:03 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Major PRIVACY Forum Upgrade; Thanks MCI and Cisco! Greetings! As regular readers of the PRIVACY Forum may remember, it was only about a year ago that the Forum's existence was threatened by the imminent loss of its network connectivity. You may also recall that early this year MCI Telecommunications Corporation saved the day by providing a PPP link to the Internet which allowed the digest and related servers and operations to continue. Since that time, the Forum readership and network traffic related to the Forum has continued to grow rapidly, often in rather dramatic bursts as new populations of users become connected to the net. However, I don't expect this to become a problem, since bandwidth should not be a limiting factor for the foreseeable future. Because... I'm extremely pleased to announce that the Data Services Division of MCI, in its continuing support of the PRIVACY Forum, has upgraded the network connectivity that serves the Forum to a full T1 via their "internetMCI" service. I'm also very pleased to report that Cisco Systems, Inc., one of the best known names in Internet routing hardware and systems, has joined as another supporter of the Forum, and has provided the router through which the MCI T1 is accessed. These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. I'd like to offer my special thanks to Vint Cerf of MCI, and to Ed Kozel of Cisco Systems, for making this all possible. I'd also like to thank all the other folks at MCI and Cisco who were involved in the process. The "internetMCI" T1 and Cisco router have been rock solid since the moment they were activated and are just humming along. I'd like to urge everyone to consider MCI (http://www.mci.com) and Cisco Systems (http://www.cisco.com) whenever they have Internet procurement decisions to make. Outside of the improvements these changes have made possible in the existing Forum services, stay-tuned for announcements concerning exciting new services and features of the PRIVACY Forum which have been made possible by the new bandwidth and will be coming soon. I've said something like this before, but it's worth repeating. We're in an age where the Internet has suddenly, seemingly overnight, gone from research tool to vast worldwide commercial enterprise. Where 99%+ of the population would have had no idea what "Internet" or "World Wide Web" meant a few years ago, we're now seeing email and Web addresses in print ads, on television, and even on billboards and the sides of buses. It's important to remember that even in the face of these changes and growth, corporate good-citizenship, as exemplified by MCI and Cisco, can continue to make some of the best and most important "traditional" aspects of the Internet, such as volunteer moderation, a continuing facet of the Internet into the future. Once again, my thanks to both MCI and Cisco! --Lauren-- ------------------------------ Date: Sun, 5 Nov 1995 11:38:05 -0500 From: jered@MIT.EDU Subject: Re: Businesses monitoring employee e-mail >Are there any articles, courtcases, .... anything.... relevant to the >unethical ... perhaps illegal ... monitoring of employee's electronic >mail? Yes, unfortunately in the cases that I am aware of that have gone to court, the courts tend to rule in the favor of the employer. Buried in the October 16, 1995 Newsweek Special Report (filled with OJ fallout) there is an interesting relevant article. (p.82, "When E-mail is Ooops-Mail: Think your private messages are private? Think again.") The first paragraph: Like millions of working stiffs, Rhonda Hall and Bonita Bourke didn't always use their office e-mail for strictly professional purposes. Sometimes they gossiped or exchanged jokes. Once in a while they engaged in that age-old practice of carping about the boss. Nothing wrong with that -- or so they thought. But then the boss, hearing rumors of his repeated appearances in the women's electronic thoughts, overrode his employees' computer passwords to read all about himself (or, more precisely, aabout a guy named "numbnuts," the nickname the women had for him). Hall and Bourke, whose job was to teach employees at the Nissan Motor Corp. how to use the company's e-mail, sued for invasion of privacy. The courts have twice ruled in favor of the company. The article continues on to give some background information for the less computer literate, and then touches on several other less relevant examples. (Let me also take this chance to praise the column on page 84, "Stop Talking Dirty To Me: Let's hope the media frenzy about sex in cyberspace ahs almost played its course", as a very good article on that topic.) --Jered Floyd ------------------------------ Date: Mon, 6 Nov 1995 15:51:05 -0800 From: Kevin Maguire Subject: Privacy episode on Oprah last week My apologies for not sending this in sooner; I had thought someone else would be submitting a better report than the admittedly sketchy report below. One day last week, I think it was Thursday, the Oprah Winfrey show was on the TV at the Chinese restaurant I went to for lunch. The restaurant was too loud for me to follow the show as closely as I would have liked, but the guests were Caroline Kennedy and her co-author of a new book about the erosion of privacy in modern America (the same woman was Kennedy's co-author of a recent book about the bill of rights, if that helps). Additional guests were people who'd had negative privacy experiences, and were featured in the book. There were: - a woman who was strip and body-cavity searched after being arrested for going the wrong way on a one-way street - a couple who discovered a camera and peepholes behind a two-way mirror in their hotel room - a man who applied for work as a store detective and was asked to take a written evaluation test which asked highly invasive questions about religious beliefs and sexual habits - a woman who works as a swimming pig trainer, and had a promotional picture of her and a pig appear in the men's magazine _Chic_ without her (or her employer's) permission It was nice to see a show on privacy being done at all, but disappointing that all the examples shown invovled things which were either illegal already, or obviously offensive to the most casual observer. These were all (except for the job applicant) also extremely unusual events; it would have been nice to see more discussion of the data gathering and processing which happens to everyone who has a credit card, drivers' license, or social security number. -- Kevin Maguire Kevin.P.Maguire@jpl.nasa.gov The above is my opinion only, and has no connection to JPL, NASA, or Caltech. ------------------------------ Date: Fri, 20 Oct 1995 10:50:54 -0700 From: [Name withheld on request] Subject: Getting your clearance on the net [ From Risks-Forum Digest; Volume 17 : Issue 41 -- MODERATOR ] I'm going in for a top-secret clearance, and was talking to the person who's responsible for sending off the paperwork. She's excited: seems that you can now submit the forms over the Internet, thus saving the need to send stacks of paper. You obviously don't sign the form (no digital signature capability); at some point in the future they said I'll be asked to sign a hardcopy. I suggested that it made me uncomfortable to have all that personal information being sent over a public net without any form of protection, so they agreed to submit mine on paper. The risks of sending any sort of confidential information over the net have been described to death, so there's nothing new. It just amazes me that the U.S. government office responsible for handing out clearances could be so unaware of the risks as to allow it. Further, as holding a clearance is generally something that's not supposed to be discussed except for those with a need to know, it seems odd that they would be willing to accept the information leading to a clearance over a public network. P.S. For those who haven't had the pleasure of applying for a clearance, among the information they ask for is where you've lived, worked, been married to, travelled to; also any treatment for psychiatric conditions, use of drugs, criminal record, organizational memberships, communist party affiliation, etc. So there's plenty there that some people might not want posted on bathroom walls. ------------------------------ Date: Wed, 8 Nov 1995 23:31:08 -0800 From: "Marc Rotenberg" Subject: Concerns about Medical "Privacy" Bill Grow [ From EPIC Alert 2.14 -- MODERATOR ] Senator Bennett's medical privacy bill continues to raise concerns. Now, consumer groups are jumping into the battle. The Consumer Project on Technology, founded by Ralph Nader and led by public interest advocate Jamie Love, wrote recently to Senator Kassenbaum to warn that the bill "ensures that virtually any law enforcement official will have the right to search your medical records, not by identifying your doctors and obtaining a warrant for records from a doctors office, but simply by contacting large insurance companies, employers or database companies, and searching computer databases." Even one of the backers of the bill concedes that privacy will likely get short shrift if the measure goes forward. "To suggest to the public that this bill is a championing of the doctor-patient relationship and medical privacy is misrepresenting what's really going on," said Lawrence Gostin, director of the law and public health program at Georgetown University, in a November 3 Boston Globe article. "What this bill does is legitimize the development of these large health databases that are intended to hold vast amounts of medical information about individual Americans." Massachusetts is one of several states that will see current privacy safeguards drop if the federal bill goes through. Senator Kassenbaum is expected to hold hearings on November 13, 1995. Alert readers are urged to contact Senator Kassenbaum with your views on the bill. More information about the proposal can be found at: http://www.epic.org/privacy/medical/ ------------------------------ End of PRIVACY Forum Digest 04.24 ************************