TUCoPS :: Privacy :: priv1002.txt

Privacy Digest 10.02

<head><TITLE>PRIVACY Forum Archive Document - (priv.10.02) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<td width=15%>


<table border=0 cellspacing=0 cellpadding=0 width=100%>

<table border=1 cellspacing=0 cellpadding=0>
<td bgcolor="#ffffcc">

<font face="Arial, Helvetica, sans-serif">
<a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b>



<td bgcolor="#ccffff">
<img src="/ipissues1.jpg" border=0>

<font size=-1 face="Arial, Helvetica, sans-serif">
<b>"CRIME or FAIR USE?"</b>

<table border=0 cellspacing=0 cellpadding=2 width=100%>

<td bgcolor="#ffffff">

<table border=1 width=100%>

<table border=0 cellpadding=0 cellspacing=0 width=100%>
<a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a>
<font size=-1>
<a href="/pfir-p.ram">Listen<br>RealAudio</a>



<table border=0 cellpadding=1 cellspacing=0 width=100%>
<a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a>
<font size=-1>
<a href="/pfir-p.mp3">Listen<br>MP3</a>








<td align=center>

<table border=1 cellpadding=0 cellspacing=0>
<td bgcolor="#ffffcc">

<table border=0 cellpadding=0 cellspacing=4>


<font face="Arial, Helvetica, sans-serif">
"<a href="/reality">REALITY RESET</a>"


<table border=1 cellpadding=1 cellspacing=2 width=100%>
<td bgcolor="#ffffff">
&nbsp;Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a>




<font size=+2><b>PRIVACY Forum Archive Document</b></font>

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A>


PRIVACY Forum Digest     Saturday, 3 February 2001     Volume 10 : Issue 02

                (<A HREF="http://www.vortex.com/privacy/priv.10.02">http://www.vortex.com/privacy/priv.10.02</A>)

            Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         <A HREF="http://www.vortex.com">http://www.vortex.com</A> 
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable &amp; Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        2001: Into the Privacy Breach 
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Anonymous "Credit": 7-11/AMEX Gift Card (HC)
        ACLU Promises Legal Challenge as Congress Adopts Bill 
           Imposing Internet Blocking in Libraries (Monty Solomon)
        New Canadian privacy law (Mathew Englander)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>".  Mailing list problems should be reported to
"<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "There is always someone left to fight."

                -- Marcus Aurelius (Richard Harris)
                   "Gladiator" (DreamWorks/Universal; 2000)


Date:    Sat, 03 Feb 2001 16:57:58 PST
From:    <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: 2001: Into the Privacy Breach

Greetings.  Now that we've firmly arrived in the real, genuine 21st century
(not the marketing maelstrom, fake 21st century of a year ago), it seems an
appropriate time to take a brief look at where we stand when it comes to the
brave new world of privacy.  

Let's peer together into Big Brother's telescreen and see what's in store.
Hmmm.  Can you say "bad news"?  I knew you could.

Actually, the situation is complex, but the future in this regard looks
remarkably predictable in the broader aspects, even without the use of tarot
cards, crystal balls, or psychic-buddy 900 numbers.  And worst of all, we'll
have nobody to blame, by and large, but our own technology-loving selves.

Ever since the first pre-humans (whether inspired by hormones, cellular
mutations, or large black monoliths -- it matters not) started swinging
around bones and throwing rocks, we've been tool-loving animals.  We create
tools for what seem like useful purposes, use them as we originally
intended... and then continue onward to use (and abuse) many of them in ways
that the original innovators often might not have ever contemplated.

This evolution of tool usage brings positive and negative effects.  The
first real electronic computers (like so many of our technological wonders)
were essentially products of war, but grew to become an underpinning of our
societies.  The first lasers seemed to mainly be curiosities -- now they're
in tiny consumer products that we can carry in our pockets, while the
military continues to spend vast sums in search of their own holy grail --
the laser-based missile-killing "death" ray.  When laser-rays prove
impractical ("the missiles are too damn shiny!" -- "there are too many
decoys!"), we tool-loving apes will still be happily dancing around the
result, proud of our ingenuity in any case.

When it comes to tools and technologies that can be damaging to privacy,
it's especially important to remember that many of them were not created
with such abuses in mind.  Usually, they were designed for what seemed to be
benign or even laudable motives, which have become perverted over time,
often due not to any sort of organized effort, but rather from society's
own neglect.

Privacy has become a highly visible issue over the last few years.  When I
started the PRIVACY Forum almost 10 years ago, privacy seemed to many people
to be an "obscure" topic, without many real-world ramifications.  Since
then, with the rise of the World Wide Web, the continuing expansion of
personal information databases, and an array of new privacy-invasive
technologies, privacy itself has become a focus of both legislative and
media attention.

Thick piles of proposed legislation now await Congressional action --
some of the contemplated laws are good, some are not.  However, you can rest
assured that the database brokers, direct marketers, and other vested
interests who view restrictions regarding access or marketing of personal
information as anathemas will manage to have their say.  Already, some such
groups have announced organized plans to openly lobby against the privacy
bills that they consider to be limiting of their operations.  Who knows what
pressures will be asserted behind the scenes?  In the new 70's-redux
atmosphere in Washington, there's no reason to believe that their 
well-financed efforts will be ignored.  

Meanwhile, technology marches onward.  I've written here in the past
regarding cell phone tracking systems and related GPS technologies.  The
former were originally designed to help in emergency situations, but now
are being expanded for all manner of criminal, civil, and commercial
applications.  Watch this become a front-page issue in short order.

Video cameras in public and private places, which have become ubiquitous in
many communities, are being tied to computer systems in an attempt to
automatically signal an alarm if targeted faces (criminals?  malcontents?)
come into view.  The revelation that such a system was used at the recent
Superbowl game to scan the patrons entering the venue has raised eyebrows,
but the common retort that "people don't have an expectation of privacy in
public places" is immediately trotted out by the authorities.  

Mercifully, most of these face recognition systems still reportedly have
high real-world error rates, limiting their practical usefulness for the
moment.  But they <B>will</B> improve, and the "no expectation of privacy"
argument would seem to suggest that it would be perfectly legal to build
comprehensive and permanent dossiers, based on sharing of public and private
data, of where anyone travels outside of their own apartments or houses.
Don't assume that only governments might have interests in doing this.  The
applications from the commercial sector might prove to be even more onerous
and pervasive.

The prospect of such dossiers becoming practical may well be enhanced by
rapid advances in DNA technology.  Even if it becomes fashionable to wear
Richard Nixon rubber face masks in public to confuse surveillance cameras,
the biometric parameters of your DNA are permanent and increasingly easily
obtained -- DNA-bearing material constantly flakes loose from our skin, for
example.  New systems may allow for the simple, cheap, invisible, and
immediate collection and classification of DNA without the target's
knowledge, and there are only dubious prospects for practical limitations
being placed on their use.

Even in the relatively low-tech world of public records the privacy problems
continue to expand.  Government has only gradually begun to understand how
instantaneous online access to public records can create the potential for
massive abuses including identity theft, stalking, and other serious
problems.  These online technologies obliterate the practical deterrence to
such abuses that exist in a world of paper records that take considerable
effort to obtain.  A new proposed system to allow public nationwide access
to court documents containing sensitive personal data -- potentially without
any "need to know" restrictions -- is causing serious concerns.

The list could go on and on.  You're already almost certainly aware of
privacy abuses related to the Internet and the Web, many of which have been
frequently discussed here in the PRIVACY Forum.  But what may not be quite
as clear is that we seem to be moving in a direction where the worst
marketing and surveillance abuses of the Web may soon have even worse
technological relatives in our "real" offline lives.  The sorts of
technologies I've noted above, if they remain largely uncontrolled, may
create the tracking equivalents of cookies and Web bugs that could affect
our lives wherever we go in the physical world, reducing our real-world
privacy to the lowest common denominator of cyberspace.

The same sort of "you can't expect privacy" reasoning that has permitted
Internet abuses to flourish is being used to justify the expansion of abusive
technologies in the stone and mortar world.  And just as Web abuses did not
require any sort of centralized guidance or planning to develop, the same
appears true for physical-world privacy problems.  No shadowy conspiracies
nor master plans are needed.  All that is required is to continue churning
out our commercial technological wonders, without spending the time or
effort to seriously consider their privacy and other ramifications for today
or tomorrow, or how they fundamentally change the shape of society.

There are those who argue that privacy is already an obsolete concept.
Given the evidence of human history, they do have some strong arguments on
their behalf, but they may yet be proven wrong.  We shall see.

Welcome to the 21st century.  

Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy


Date:    Thu, 07 Dec 2000 19:00:36 EST
From:    HC &lt;<A HREF="mailto:hc@veriomail.com">hc@veriomail.com</A>&gt;
Subject: Anonymous "Credit": 7-11/AMEX Gift Card

I'm writing about a fairly new product that has become available: the
7-Eleven Gift Card by American Express.  I found it a little odd that AMEX
would be enabling people to carry out anonymous/private transactions.
Especially considering the reports about how AMEX would peek into customers'
bank accounts to verify if they have enough money to pay their monthly bill!
So it's interesting that they would issue a card that cannot be tracked back
to you.


This card is being issued at 7-Eleven stores nationwide.  It is fairly new
(to the East Coast anyway) so it's availability may be limited in some
areas.  You can find out more information on the 7-Eleven web site at
<A HREF="http://www.7-eleven.com/products.html">http://www.7-eleven.com/products.html</A>.  It is gold in color and bears the
American Express "Blue Box" logo on the front.  It's packaged much the same
way as a prepaid calling card--it is on a hang-card with the front of the
card displayed but the back side is half covered by the opaque card but the
magnetic strip is exposed.  The back side of the card which is covered up
contains a silvery strip which you scratch off much like a lottery ticket.
This is where the 15-digit card number and 4-digit verification codes appear.
Note that there are no embossed numbers or any name whatsoever on the card.
The expiry date is in tiny under the signature panel but I noticed that the
date shown (12/03) is different than the date encoded on the mag stripe
(03/03) yet both of them work.


The card is a gift card much like any other gift card or gift certificate
from Best Buy, Macy's etc except this card can be used at most anyplace that
takes the American Express card.  To get a card, simply go to a 7-11 store
and ask for a gift card in any amount between $25-$1,000.  You'll be charged
a fee of 4% to "load" the money onto the card.  You pay the amount plus fee
with cash or (oddly enough) credit card--or even another gift card.  The
clerk swiped the gift card and enters the payment information which then
activates the card on the AMEX network.  You'll be given a receipt showing
the balance on the card.  When activated, the card can be used
instantly--there is no delay.

Since this is a gift card, I think AMEX intended it to be sent to loved ones
but there is nothing stopping you from buying one for yourself.

When your balance runs low you can "reload" more money onto the card at any
7-11 store.  You can also call the toll free number on the back to check
your balance.


So far, I have used the card in all manner of places both online and in the
physical world with only one or two minor snags:  one merchant's register
would not read the mag stripe properly and when the clerk keyed in the
number, the register asked for the effective dates, ie, when did the card
<B>start</B> and when did it expire.  A quick call to the toll free number took
care of that.  The other hold up came from a couple of places that not only
swipe all credit cards presented but also imprint the number.  Well there's
nothing to imprint on this card so they just note that and carry on.  Note
that the four (only four!) places that asked for ID with the credit card
changed their mind when they saw there wasn't even a name on the card to

On the subject of ownership, you need to treat this card as cash.  That's
because like cash, you can't really prove ownership--if you drop either in a
parking lot and someone else comes along after you leave, he/she can use
either and you're out of that money.

Some would wonder why pay 4% to use your own cash.  One thing to remember is
that you can't really use cash across the Internet.  This card can be used
(again, entering any name and address if necessary) at any website that takes
AMEX.  This makes it good at sites that you'd rather not have appear on your
personal credit card.  So you can greatly enhance your privacy by using a
web-based mail service, an anonymous web browser and this card and not worry
about junk mail or any other annoyances.

        [ Of course, if a person chooses to buy one of these cash cards
          using their credit card for payment, the "anonymity" factor
          may be significantly reduced.

                        -- PRIVACY Forum Moderator ]

Date:    Sat, 06 Jan 2001 00:10:21 EST
From:    Monty Solomon &lt;<A HREF="mailto:monty@roscom.com">monty@roscom.com</A>&gt;
Subject: ACLU Promises Legal Challenge as Congress Adopts Bill 
         Imposing Internet Blocking in Libraries

<A HREF="http://www.aclu.org/news/2000/n121800a.html">http://www.aclu.org/news/2000/n121800a.html</A>

     ACLU Promises Legal Challenge as Congress Adopts Bill
     Imposing Internet Blocking in Libraries

Monday, December 18, 2000 

WASHINGTON -- The American Civil Liberties Union said that it will soon
launch a legal challenge to legislation adopted by Congress last week that
would mandate the use of blocking software on computers in public

"This is the first time since the development of the local, free public
library in the 19th century that the federal government has sought to
require censorship in every single town and hamlet in America," said Chris
Hansen, ACLU Senior Staff Attorney. "More than 100 years of local control
of libraries and the strong tradition of allowing adults to decide for
themselves what they want to read is being casually set aside."

The measure, which was included in the year's final spending bill that was
approved on Friday, was introduced by Senator John McCain, R-AZ. It would
require libraries and public schools to adopt acceptable use policies
accompanied by a "safety technology" - i.e., blocking software - that
would block access to materials deemed "harmful to minors."

Earlier this year, an 18-member commission appointed by Congress rejected
the idea of mandating the use of blocking software, which is notoriously
clumsy and inevitably restricts access to valuable, protected speech. A
wide spectrum of organizations have opposed blocking software mandates,
including the American Library Association, the Society of Professional
Journalists, the conservative Free Congress Foundation and state chapters
of the Eagle Forum and the American Family Association.

"There was an Alice in Wonderland quality to this debate," said Marvin
Johnson, a Legislative Counsel with the ACLU's Washington National Office.
"With its vote, Congress rejected the advice it asked for from the panel
it appointed."

The ACLU said that because blocking programs can be so restrictive and
overreaching, they significantly reduce the amount and diversity of speech
and information available to individuals. For example, House Majority
Leader Richard "Dick" Armey, a staunch proponent of Internet blocking,
found his own web site censored, because it contains the word "dick." And
a recent report by Peacefire found that several dozen websites of
candidates for Congress had been blocked by censorware.

Over the last five years, the ACLU has successfully challenged a wide
range of government efforts to censor the Internet, including the landmark
Supreme Court ruling in Reno v. ACLU and, more specifically, in Mainstream
Loudoun vs. Board of Trustees of the Loudoun County Library, where a
federal district court found mandatory use of blocking software
unconstitutional in April 1998.


Date:    Fri, 05 Jan 2001 13:42:33 -0800
From:    "Mathew Englander" &lt;<A HREF="mailto:MEnglander@ratcliff.com">MEnglander@ratcliff.com</A>&gt;
Subject: New Canadian privacy law

You're probably aware of Canada's new legislation on privacy rights in the
private sector, the Personal Information Protection and Electronic Documents
Act, which was enacted in April 2000 and just came into effect on January 1,
2001.  For the first three years, it will apply only to banks, phone
companies, and other entities that are subject to regulation by the federal
government (as opposed to the provinces). It will also apply to personal
information disclosed for consideration between provinces or

The Privacy Commissioner of Canada has issued a news release
(<A HREF="http://www.privcom.gc.ca/english/02_05_b_010104_e.pdf">http://www.privcom.gc.ca/english/02_05_b_010104_e.pdf</A>).

Industry Canada also has information on its web site
(<A HREF="http://www.e-com.ic.gc.ca/english/privacy/632d1.html#privup">http://www.e-com.ic.gc.ca/english/privacy/632d1.html#privup</A>).

I co-authored a paper on the legislation entitled "Working with the Privacy
Rules", which was presented at a course offered by the Continuing Legal
Education Society of British Columbia. That society has posted the paper on
its web site (<A HREF="http://www.cle.bc.ca/about/features/privacy_rules.htm">http://www.cle.bc.ca/about/features/privacy_rules.htm</A> or
<A HREF=""></A> /Analysis/Articles/00-5020400-privacy.htm).

Let me know if you'd like more information.

Mathew B. Englander
Ratcliff &amp; Company
Barristers and Solicitors
500-221 West Esplanade
North Vancouver, BC  V7M 3J3
tel 604-988-5201
fax 604-988-1452
<A HREF="mailto:menglander@ratcliff.com">menglander@ratcliff.com</A>


End of PRIVACY Forum Digest 10.02

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>

<font size=-2>Copyright &copy; 2001 Vortex Technology.  All Rights Reserved.</font> 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH