PRIVACY Forum Digest Friday, 5 April 1996 Volume 05 : Issue 08 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Re: Netscape cookies linked to demographic database (Martin Roscheisen) Re: Garage Door openers (Marc Carrel) House Approves Immigration Bill, Rejects National ID Card [From EPIC Alert] (Marc Rotenberg) Medical Privacy Coalition Releases Draft Medical Privacy Bill [From EPIC Alert] (Marc Rotenberg) ACM/IEEE Letter on Crypto (Dave Banisar) Minnesota Online privacy bill in conference committee (Sheldon Mains) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 05, ISSUE 08 Quote for the day: "I think we have a challenge." -- Number 2 (Guy Doleman) "The Prisoner" [Episode one: "Arrival"] June 1968 - September 1968, May 1969 - September 1969 ---------------------------------------------------------------------- Date: Sat, 23 Mar 1996 22:47:18 -0800 From: "Martin Roscheisen" Subject: Re: Netscape cookies linked to demographic database The concern expressed by Andrew Hagen (Privacy Digest 05:07) about the use of Netscape cookies as sort of a universal identifier combined with the speculation that Netscape might sell a corresponding database which links demographic information to such an identifier seems unjustified in the light of the simple fact that the technical mechanism does not provide for this. The cookie protocol is described at http://www.netscape.com/newsref/std/cookie_spec.html To quote the crucial part here: BEGIN QUOTE Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us" END QUOTE In other words, it is not possible to set a cookie from one server and have the browser send it to all the servers to which a user might be going. It therefore does not make any sense to sell a database in the presumed form. [Also, since the cookie size is limited, it would also not work to register in the browser all those servers to which such a hypothetical database had been sold.] Cheers, - Martin Martin Roscheisen Integrated Digital Libraries Project Computer Science Department, Stanford University ------------------------------ Date: Tue, 26 Mar 1996 10:22:27 -0700 (PDT) From: ML.Carrel@SEN.CA.GOV Subject: Re: Garage Door openers Everyone who has contributed to this topic has mentioned high tech methods of opening garage doors. Last year, however, I saw a story on the local news in San Francisco which dealt with a rash of burglaries there. The thieves looted these homes after entering through their garage doors. Apparently all of the homes had older garage door openers which could also be opened by a key switch mounted outside to the side of the garage door. These switches were installed to provide a way to open the garage if you did not have an electronic opener (e.g. for kids when they came home from school, etc.). The thieves would open the garage by spraying a "common household liquid" into the key hole to activate the opening device. All the burglaries had evidence of this liquid in the garage door's keyhole. The television reporter would not disclose what the liquid was, but he used it on camera and showed how it worked. The liquid was colored so it could be anything from anti-freeze to cleaning liquid. Police advised deactivating the wiring inside the key switch so that thieves couldn't enter your house using this very low-tech method. Marc Carrel Sacramento, CA ML.Carrel@sen.ca.gov ------------------------------ Date: 28 Mar 1996 17:08:23 -0500 From: "Marc Rotenberg" Subject: House Approves Immigration Bill, Rejects National ID Card [From EPIC Alert] [ From EPIC Alert 3.07; March 28, 1996 ] The House of Representatives rejected proposals for a national ID card and a mandatory national database of all workers in the United States. The vote came on March 22 when the House approved a far reaching immigration reform bill. A manager's amendment submitted by Rep. Lamar Smith (R-TX) made the employment verification provisions voluntary in at least five of the seven states with the highest levels of illegal immigration. To encourage companies to use the voluntary system, firms would be provided various incentives. By a vote of 221 to 191, the House rejected a proposal from Rep. Bill McCollum (R-FL) to create a "tamperproof social security account card." Previous proposals by McCollum would have required that all individuals over the age of 16 obtain such a card, which would include the person's photograph, name, address, social security number, and some form of biometric identification such as a fingerprint or retinal scan. An amendment by Rep. Steve Chabot (R-OH) to eliminate all identification provisions was defeated by a vote of 260 to 159. The final bill passed on a vote of 333 to 87. The Senate is expected to take up the Immigration bill starting this week. ------------------------------ Date: 28 Mar 1996 17:08:23 -0500 From: "Marc Rotenberg" Subject: Medical Privacy Coalition Releases Draft Medical Privacy Bill [From EPIC Alert] [ From EPIC Alert 3.07; March 28, 1996 ] The Medical Privacy Coalition, an ad hoc group of privacy, medical, consumer and patient rights groups has prepared a draft medical privacy bill. Dr. Denise Nagel, chair of the Privacy Coalition and the head of the Coalition for Patient's Rights, said that the draft bill addresses privacy concerns that have been raised about Senate measure S. 1360. (The American Medical Association recently wrote to Senator Kassebaum to express concern about S. 1360. See EPIC Alert 3.06) The new draft bill is based on a patient-centered view of medical record privacy and strictly limits disclosure of medical information for other purposes. It is based on five principles: o Individuals posses a right to privacy with respect to their personally identifiable health information; o This right to privacy may not be waived in the absence of meaningful notice and informed (not coerced) consent; o In the absence of an express waiver, the right to privacy may not be eliminated or limited, except as expressly provided under this legislation; o The private patient/physician relationship must be facilitated and protected; and o Information that is disclosed must be limited in amount, duration, and use, thus prohibiting secondary, unauthorized uses or disclosures, as well as fishing expeditions. The proposed bill gives each patient the right to access, copy and correct health information, limits third party access, prohibits the use of the SSN as a health care identifier, and prohibits the creation of longitudinal health records without the consent of the patient. Activity in Washington on medical privacy is likely to accelerate in the next few months. The Consumer Project on Technology is expected to host a workshop in Washington, DC in early May on medical record privacy. A copy of the Medical Privacy Coalition's draft bill and more information on medical privacy is available at: http://www.epic.org/privacy/medical/ ------------------------------ Date: 1 Apr 1996 16:26:22 -0500 From: "Dave Banisar" Subject: ACM/IEEE Letter on Crypto Association For Computing Machinery Office of US Public Policy 666 Pennsylvania Avenue SE Suite 301 Washington, DC 20003 USA (tel) 202/298-0842 (fax) 202/547-5482 Institute of Electronics and Electrical Engineers United States Activities 1828 L Street NW Suite 1202 Washington, DC 20036-5104 USA (tel) 202/785-0017 (fax) 202/785-0835 April 2, 1996 Honorable Conrad Burns Chairman, Subcommittee on Science, Technology and Space Senate Commerce, Science and Transportation Committee US Senate SD-508 Washington, DC 20510 Dear Chairman Burns: On behalf of the nation's two leading computing and engineering associations, we are writing to support your efforts, and the efforts of the other cosponsors of the Encrypted Communications Privacy Act, to remove unnecessarily restrictive controls on the export of encryption technology. The Encrypted Communications Privacy Act sets out the minimum changes that are necessary to the current export controls on encryption technology. However, we believe that the inclusion of issues that are tangential to export, such as key escrow and encryption in domestic criminal activities, is not necessary. The relaxation of export controls is of great economic importance to industry and users, and should not become entangled in more controversial matters. Current restrictions on the export of encryption technology harm the interests of the United States in three ways: they handicap American producers of software & hardware, prevent the development of a secure information infrastructure, and limit the ability of Americans using new online services to protect their privacy. The proposed legislation will help mitigate all of these problems, though more will need to be done to assure continued US leadership in this important hi-tech sector. Technological progress has moved encryption from the realm of national security into the commercial sphere. Current policies, as well as the policy-making processes, should reflect this new reality. The legislation takes a necessary first step in shifting authority to the Commerce Department and removing restrictions on certain encryption products. Future liberalization of export controls will allow Americans to excel in this market. The removal of out-dated restrictions on exports will also enable the creation of a Global Information Infrastructure sufficiently secure to provide seamless connectivity to customers previously unreachable by American companies. The United States is a leader in Internet commerce. However, Internet commerce requires cryptography. Thus American systems have been hindered by cold-war restraints on the necessary cryptography as these systems have moved from the laboratory to the marketplace. This legislation would open the market to secure, private, ubiquitous electronic commerce. The cost of not opening the market may include the loss of leadership in computer security technologies, just at the time when Internet users around the world will need good security to launch commercial applications. For this legislation to fulfill its promise the final approval of export regulations must be based on analysis of financial and commercial requirements and opportunities, not simply on the views of experts in national security cryptography. Therefore, we urge you to look at ways to further relax restrictive barriers. Finally, the legislation will serve all users of electronic information systems by supporting the development of a truly global market for secure desktop communications. This will help establish private and secure spaces for the work of users, which is of particular interest to the members of the IEEE/USA and the USACM. On behalf of the both the USACM and the IEEE/USA we look forward to working with you on this important legislation to relax export controls and promote the development of a robust, secure, and reliable communications infrastructure for the twenty-first century. Please contact Deborah Rudolph in the IEEE Washington Office at (202) 785-0017 or Lauren Gelman in the ACM Public Policy Office at (202) 298-0842 for any additional information. Sincerely, Barbara Simons, Ph.D.3 Chair, U.S. Public Policy Committee of ACM Joel B. Snyder, P.E. Vice President, Professional Activities and Chair, United States Activities Board cc: Members of the Subcommittee on Science, Technology and Space ------------------------------ Date: Wed, 27 Mar 1996 22:50:24 -0600 From: shel@MTN.Org (Sheldon Mains) Subject: Minnesota Online privacy bill in conference committee The following online privacy option bill passed the full Minnesota State House and is now in conference committee with a "study" passed today by the State Senate. The various interests, including major commercial on-line services, woke up to the bill and found Senate members to amend their version which was similar to the House's on the floor with a short bill that would instead require study. It is a pretty incredible story that the House bill (following after this intro) has gotten so far without major attention. Sheldon Mains shel@mtn.org You can track the legislation via the legislative WWW at: http://www.leg.state.mn.us Here is the House bill: H.F. No. 2816, 3rd Engrossment 1.1 A bill for an act 1.2 relating to consumer privacy; regulating the use and 1.3 dissemination of personally identifiable information 1.4 on consumers of computer information services; 1.5 amending Minnesota Statutes 1994, section 13.99, by 1.6 adding a subdivision; proposing coding for new law as 1.7 Minnesota Statutes, chapter 13D. 1.8 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA: 1.9 Section 1. Minnesota Statutes 1994, section 13.99, is 1.10 amended by adding a subdivision to read: 1.11 Subd. 116. [CONSUMERS OF COMPUTER INFORMATION 1.12 SERVICES.] Personally identifiable information on consumers of 1.13 computer information services is governed by chapter 13D. 1.14 Sec. 2. [13D.01] [DEFINITIONS.] 1.15 Subdivision 1. [SCOPE.] The definitions in this section 1.16 apply to this chapter. 1.17 Subd. 2. [CONSUMER.] "Consumer" means a person who agrees 1.18 to pay a fee for access to an information service for personal, 1.19 family, or household purposes. 1.20 Subd. 3. [ORDINARY COURSE OF BUSINESS.] "Ordinary course 1.21 of business" means debt collection activities, order 1.22 fulfillment, request processing, or the transfer of ownership. 1.23 Subd. 4. [PERSONALLY IDENTIFIABLE INFORMATION.] 1.24 "Personally identifiable information" means information that: 1.25 (1) identifies a person by physical or electronic address 1.26 or telephone number; 2.1 (2) identifies a person as having requested or obtained 2.2 specific materials or services from an information service; 2.3 (3) identifies internet sites visited by a person; or 2.4 (4) identifies any of the contents of a subscriber's data 2.5 storage devices. 2.6 Subd. 5. [INFORMATION SERVICE.] "Information service" 2.7 means any person in the primary business of offering a 2.8 capability for generating, acquiring, storing, transforming, 2.9 processing, retrieving, utilizing, or making available 2.10 information directly to or for a consumer via 2.11 telecommunications, and includes electronic publishing, but does 2.12 not include: 2.13 (1) any service which is provided to business, 2.14 professional, or commercial users; 2.15 (2) any use of any such capability for the management, 2.16 control, or operation of a telecommunications system or the 2.17 management of a telecommunications service; or 2.18 (3) any governmental entity. 2.19 Subd. 6. [TELECOMMUNICATIONS SERVICE.] "Telecommunications 2.20 service" means the offering, on a common carrier basis, of 2.21 telecommunications facilities, or of telecommunications by means 2.22 of such facilities. It does not include an information service. 2.23 Sec. 3. [13D.02] [LIMITS ON ACCESS TO CONSUMER'S 2.24 PERSONALLY IDENTIFIABLE INFORMATION.] 2.25 The information service may require from the consumer the 2.26 following personally identifiable information for purposes of 2.27 its ordinary course of business: name, home telephone number, 2.28 home address, and electronic address. Any further consumer 2.29 information provided shall be optional at the discretion of the 2.30 consumer. 2.31 Sec. 4. [13D.03] [DISCLOSURE OF CONSUMER'S PERSONALLY 2.32 IDENTIFIABLE INFORMATION.] 2.33 Subdivision 1. [DISCLOSURE PROHIBITED.] Except as provided 2.34 in subdivisions 3 and 4, an information service who knowingly 2.35 discloses, to any person other than the consumer, personally 2.36 identifiable information concerning any consumer of the 3.10 sections 2510 to 2521; 3.11 (3) pursuant to a court order in a civil proceeding upon a 3.12 showing of compelling need for the information that cannot be 3.13 accommodated by other means; or 3.14 (4) to a court in a civil action for conversion commenced 3.15 by the information service or in a civil action to enforce 3.16 collection of unpaid subscription fees or purchase amounts; and 3.17 then only to the extent necessary to establish the fact of the 3.18 subscription delinquency or purchase agreement, and with 3.19 appropriate safeguards against unauthorized disclosure. 3.20 Subd. 3. [DISCLOSURE PERMITTED.] (a) An information 3.21 service may disclose personally identifiable information 3.22 concerning any consumer: 3.23 (1) to the consumer; 3.24 (2) to any person with the informed, documented consent of 3.25 the consumer as provided in subdivision 4; or 3.26 (3) to any person if the disclosure is incident to the 3.27 ordinary course of business of the information service. 3.28 (b) A telecommunications service may disclose published 3.29 telephone numbers and physical addresses without the informed, 3.30 documented consent of the consumer, if the telecommunications 3.31 service provides consumers the alternative of an unpublished 3.32 listing. 3.33 Subd. 4. [PROCEDURE FOR INFORMED, DOCUMENTED CONSENT OF 3.34 CONSUMER.] (a) For purposes of subdivision 3, paragraph (a), 3.35 clause (2), in order to obtain the informed documented consent 3.36 of the consumer, the information service, before furnishing any 4.1 information services, must offer the consumer an opportunity 4.2 substantially conforming to the notice contained in this 4.3 subdivision to refuse to have personally identifiable 4.4 information disclosed. The notice must be in an introductory 4.5 portion of the information service's subscriber section with the 4.6 title "Privacy Policy" or a title which conveys a similar 4.7 meaning. This notice applies to any membership, subscription, 4.8 rental, or purchase agreement between the consumer and the 4.9 information service and, must be completed by the consumer 4.10 before service can be provided. The notice must convey the 4.11 substance of the following: 4.12 Privacy Policy 4.13 This information service occasionally provides to marketers 4.14 of goods and services, or organizations with similar goals, 4.15 lists of the names, physical addresses, telephone numbers, and 4.16 electronic addresses of consumers and material accessed or 4.17 purchased by the consumer. We respect the consumer's right not 4.18 to have name, physical address, electronic address, or 4.19 information regarding material accessed or purchased included in 4.20 these lists. This election may be changed by you the consumer 4.21 at any time. 4.22 -I do/do not object to the release of my name, telephone number, 4.23 and physical address. 4.24 -I do/do not object to the release of my name and electronic 4.25 address. 4.26 -I do/do not object to the release of my name and information 4.27 about services I use, including internet sites visited, or 4.28 information obtained or purchased by me. 4.29 -I do/do not object to the release of my name and information 4.30 about the contents of my computer's electronic storage device or 4.31 devices, such as a hard disk drive. 4.32 Full name: 4.33 Account name: 4.34 Electronic verification: 4.35 Repeat electronic verification: 4.36 (b) The information service shall provide the consumer or 5.1 subscriber with a secured, verifiable account. The information 5.2 service shall be responsible for maintaining the security and 5.3 privacy of a consumer's personally identifiable information 5.4 concerning this account. 5.5 Subd. 5. [EXCLUSION FROM EVIDENCE.] Personally 5.6 identifiable information obtained in any manner other than as 5.7 provided in this section may not be received in evidence in any 5.8 trial, hearing, arbitration, or other proceeding before any 5.9 court, grand jury, officer, agency, regulatory body, legislative 5.10 committee, or other authority of the state or any political 5.11 subdivision. 5.12 Subd. 6. [DESTRUCTION OF INFORMATION.] A person subject to 5.13 this section shall destroy personally identifiable information 5.14 relating to the product, services, or information obtained or 5.15 requested by a consumer, internet sites visited by the consumer, 5.16 and the contents of the consumer's computer's electronic storage 5.17 devices as soon as practicable, but no later than six months 5.18 from the date the information is no longer necessary for the 5.19 purpose for which it was collected, except that requests or 5.20 orders for access to the information under this section pending 5.21 at that time shall be completed before the information is 5.22 destroyed. Destruction of personally identifiable information 5.23 includes electronic erasing or expungement. 5.24 Sec. 5. [13D.04] [ENFORCEMENT; CIVIL LIABILITY.] 5.25 A consumer who prevails or substantially prevails in an 5.26 action brought under sections 13D.01 to 13D.04 is entitled to a 5.27 minimum of $500 in damages, regardless of the amount of actual 5.28 damage provided, plus costs, disbursements, and reasonable 5.29 attorney fees. 5.30 Sec. 6. [13D.05] [OTHER LAW.] 5.31 This chapter does not limit any greater protection of the 5.32 privacy of individual medical records or financial records 5.33 provided by any other state or federal law. 5.34 Sec. 7. [13D.06] [APPLICATION.] 5.35 This chapter applies to information services in the 5.36 provision of services to customers in this state. The Senate file as amended is SF 2454 (only pre-amended version is currently online). It should soon be available from: http://www.leg.state.mn.us/ sheldon mains coordinator, Minnesota E-Democracy shel@mtn.org URL: http://freenet.msp.mn.us/govt/e-democracy ------------------------------ End of PRIVACY Forum Digest 05.08 ************************