|
<HTML> <head><TITLE>PRIVACY Forum Archive Document - (priv.10.02) </TITLE></head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000"> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td width=15%> <center> <table border=0 cellspacing=0 cellpadding=0 width=100%> <tr> <td> <table border=1 cellspacing=0 cellpadding=0> <tr> <td bgcolor="#ffffcc"> <center> <font face="Arial, Helvetica, sans-serif"> <a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b> </font> </center> </td> </tr> <tr> <td bgcolor="#ccffff"> <img src="/ipissues1.jpg" border=0> <center> <font size=-1 face="Arial, Helvetica, sans-serif"> <b>"CRIME or FAIR USE?"</b> </font> </center> <table border=0 cellspacing=0 cellpadding=2 width=100%> <tr> <td bgcolor="#ffffff"> <table border=1 width=100%> <tr> <td> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td> <a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a> </td> <td> <center> <font size=-1> <a href="/pfir-p.ram">Listen<br>RealAudio</a> </font> </center> </td> </tr> </table> </td> <td> <table border=0 cellpadding=1 cellspacing=0 width=100%> <tr> <td> <a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a> </td> <td> <center> <font size=-1> <a href="/pfir-p.mp3">Listen<br>MP3</a> </font> </center> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </center> </td> <td align=center> <table border=1 cellpadding=0 cellspacing=0> <tr> <td bgcolor="#ffffcc"> <table border=0 cellpadding=0 cellspacing=4> <tr> <td> <center> <font face="Arial, Helvetica, sans-serif"> "<a href="/reality">REALITY RESET</a>" </font> </td> <td> <table border=1 cellpadding=1 cellspacing=2 width=100%> <tr> <td bgcolor="#ffffff"> Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a> </td> </tr> </table> </center> </td> </tr> </table> </td> </tr> </table> <p> <font size=+2><b>PRIVACY Forum Archive Document</b></font> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A> </font> <p> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A> </font> <p> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A> </font> <p> </td> </tr> </table> <hr> <PRE> PRIVACY Forum Digest Saturday, 3 February 2001 Volume 10 : Issue 02 (<A HREF="http://www.vortex.com/privacy/priv.10.02">http://www.vortex.com/privacy/priv.10.02</A>) Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>) Vortex Technology, Woodland Hills, CA, U.S.A. <A HREF="http://www.vortex.com">http://www.vortex.com</A> ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS 2001: Into the Privacy Breach (Lauren Weinstein; PRIVACY Forum Moderator) Anonymous "Credit": 7-11/AMEX Gift Card (HC) ACLU Promises Legal Challenge as Congress Adopts Bill Imposing Internet Blocking in Libraries (Monty Solomon) New Canadian privacy law (Mathew Englander) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>". Mailing list problems should be reported to "<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 10, ISSUE 02 Quote for the day: "There is always someone left to fight." -- Marcus Aurelius (Richard Harris) "Gladiator" (DreamWorks/Universal; 2000) ---------------------------------------------------------------------- Date: Sat, 03 Feb 2001 16:57:58 PST From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator) Subject: 2001: Into the Privacy Breach Greetings. Now that we've firmly arrived in the real, genuine 21st century (not the marketing maelstrom, fake 21st century of a year ago), it seems an appropriate time to take a brief look at where we stand when it comes to the brave new world of privacy. Let's peer together into Big Brother's telescreen and see what's in store. Hmmm. Can you say "bad news"? I knew you could. Actually, the situation is complex, but the future in this regard looks remarkably predictable in the broader aspects, even without the use of tarot cards, crystal balls, or psychic-buddy 900 numbers. And worst of all, we'll have nobody to blame, by and large, but our own technology-loving selves. Ever since the first pre-humans (whether inspired by hormones, cellular mutations, or large black monoliths -- it matters not) started swinging around bones and throwing rocks, we've been tool-loving animals. We create tools for what seem like useful purposes, use them as we originally intended... and then continue onward to use (and abuse) many of them in ways that the original innovators often might not have ever contemplated. This evolution of tool usage brings positive and negative effects. The first real electronic computers (like so many of our technological wonders) were essentially products of war, but grew to become an underpinning of our societies. The first lasers seemed to mainly be curiosities -- now they're in tiny consumer products that we can carry in our pockets, while the military continues to spend vast sums in search of their own holy grail -- the laser-based missile-killing "death" ray. When laser-rays prove impractical ("the missiles are too damn shiny!" -- "there are too many decoys!"), we tool-loving apes will still be happily dancing around the result, proud of our ingenuity in any case. When it comes to tools and technologies that can be damaging to privacy, it's especially important to remember that many of them were not created with such abuses in mind. Usually, they were designed for what seemed to be benign or even laudable motives, which have become perverted over time, often due not to any sort of organized effort, but rather from society's own neglect. Privacy has become a highly visible issue over the last few years. When I started the PRIVACY Forum almost 10 years ago, privacy seemed to many people to be an "obscure" topic, without many real-world ramifications. Since then, with the rise of the World Wide Web, the continuing expansion of personal information databases, and an array of new privacy-invasive technologies, privacy itself has become a focus of both legislative and media attention. Thick piles of proposed legislation now await Congressional action -- some of the contemplated laws are good, some are not. However, you can rest assured that the database brokers, direct marketers, and other vested interests who view restrictions regarding access or marketing of personal information as anathemas will manage to have their say. Already, some such groups have announced organized plans to openly lobby against the privacy bills that they consider to be limiting of their operations. Who knows what pressures will be asserted behind the scenes? In the new 70's-redux atmosphere in Washington, there's no reason to believe that their well-financed efforts will be ignored. Meanwhile, technology marches onward. I've written here in the past regarding cell phone tracking systems and related GPS technologies. The former were originally designed to help in emergency situations, but now are being expanded for all manner of criminal, civil, and commercial applications. Watch this become a front-page issue in short order. Video cameras in public and private places, which have become ubiquitous in many communities, are being tied to computer systems in an attempt to automatically signal an alarm if targeted faces (criminals? malcontents?) come into view. The revelation that such a system was used at the recent Superbowl game to scan the patrons entering the venue has raised eyebrows, but the common retort that "people don't have an expectation of privacy in public places" is immediately trotted out by the authorities. Mercifully, most of these face recognition systems still reportedly have high real-world error rates, limiting their practical usefulness for the moment. But they <B>will</B> improve, and the "no expectation of privacy" argument would seem to suggest that it would be perfectly legal to build comprehensive and permanent dossiers, based on sharing of public and private data, of where anyone travels outside of their own apartments or houses. Don't assume that only governments might have interests in doing this. The applications from the commercial sector might prove to be even more onerous and pervasive. The prospect of such dossiers becoming practical may well be enhanced by rapid advances in DNA technology. Even if it becomes fashionable to wear Richard Nixon rubber face masks in public to confuse surveillance cameras, the biometric parameters of your DNA are permanent and increasingly easily obtained -- DNA-bearing material constantly flakes loose from our skin, for example. New systems may allow for the simple, cheap, invisible, and immediate collection and classification of DNA without the target's knowledge, and there are only dubious prospects for practical limitations being placed on their use. Even in the relatively low-tech world of public records the privacy problems continue to expand. Government has only gradually begun to understand how instantaneous online access to public records can create the potential for massive abuses including identity theft, stalking, and other serious problems. These online technologies obliterate the practical deterrence to such abuses that exist in a world of paper records that take considerable effort to obtain. A new proposed system to allow public nationwide access to court documents containing sensitive personal data -- potentially without any "need to know" restrictions -- is causing serious concerns. The list could go on and on. You're already almost certainly aware of privacy abuses related to the Internet and the Web, many of which have been frequently discussed here in the PRIVACY Forum. But what may not be quite as clear is that we seem to be moving in a direction where the worst marketing and surveillance abuses of the Web may soon have even worse technological relatives in our "real" offline lives. The sorts of technologies I've noted above, if they remain largely uncontrolled, may create the tracking equivalents of cookies and Web bugs that could affect our lives wherever we go in the physical world, reducing our real-world privacy to the lowest common denominator of cyberspace. The same sort of "you can't expect privacy" reasoning that has permitted Internet abuses to flourish is being used to justify the expansion of abusive technologies in the stone and mortar world. And just as Web abuses did not require any sort of centralized guidance or planning to develop, the same appears true for physical-world privacy problems. No shadowy conspiracies nor master plans are needed. All that is required is to continue churning out our commercial technological wonders, without spending the time or effort to seriously consider their privacy and other ramifications for today or tomorrow, or how they fundamentally change the shape of society. There are those who argue that privacy is already an obsolete concept. Given the evidence of human history, they do have some strong arguments on their behalf, but they may yet be proven wrong. We shall see. Welcome to the 21st century. --Lauren-- Lauren Weinstein <A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A> Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A> Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A> Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Thu, 07 Dec 2000 19:00:36 EST From: HC <<A HREF="mailto:hc@veriomail.com">hc@veriomail.com</A>> Subject: Anonymous "Credit": 7-11/AMEX Gift Card I'm writing about a fairly new product that has become available: the 7-Eleven Gift Card by American Express. I found it a little odd that AMEX would be enabling people to carry out anonymous/private transactions. Especially considering the reports about how AMEX would peek into customers' bank accounts to verify if they have enough money to pay their monthly bill! So it's interesting that they would issue a card that cannot be tracked back to you. ABOUT THE CARD This card is being issued at 7-Eleven stores nationwide. It is fairly new (to the East Coast anyway) so it's availability may be limited in some areas. You can find out more information on the 7-Eleven web site at <A HREF="http://www.7-eleven.com/products.html">http://www.7-eleven.com/products.html</A>. It is gold in color and bears the American Express "Blue Box" logo on the front. It's packaged much the same way as a prepaid calling card--it is on a hang-card with the front of the card displayed but the back side is half covered by the opaque card but the magnetic strip is exposed. The back side of the card which is covered up contains a silvery strip which you scratch off much like a lottery ticket. This is where the 15-digit card number and 4-digit verification codes appear. Note that there are no embossed numbers or any name whatsoever on the card. The expiry date is in tiny under the signature panel but I noticed that the date shown (12/03) is different than the date encoded on the mag stripe (03/03) yet both of them work. HOW IT WORKS The card is a gift card much like any other gift card or gift certificate from Best Buy, Macy's etc except this card can be used at most anyplace that takes the American Express card. To get a card, simply go to a 7-11 store and ask for a gift card in any amount between $25-$1,000. You'll be charged a fee of 4% to "load" the money onto the card. You pay the amount plus fee with cash or (oddly enough) credit card--or even another gift card. The clerk swiped the gift card and enters the payment information which then activates the card on the AMEX network. You'll be given a receipt showing the balance on the card. When activated, the card can be used instantly--there is no delay. Since this is a gift card, I think AMEX intended it to be sent to loved ones but there is nothing stopping you from buying one for yourself. When your balance runs low you can "reload" more money onto the card at any 7-11 store. You can also call the toll free number on the back to check your balance. USING THE CARD So far, I have used the card in all manner of places both online and in the physical world with only one or two minor snags: one merchant's register would not read the mag stripe properly and when the clerk keyed in the number, the register asked for the effective dates, ie, when did the card <B>start</B> and when did it expire. A quick call to the toll free number took care of that. The other hold up came from a couple of places that not only swipe all credit cards presented but also imprint the number. Well there's nothing to imprint on this card so they just note that and carry on. Note that the four (only four!) places that asked for ID with the credit card changed their mind when they saw there wasn't even a name on the card to verify! On the subject of ownership, you need to treat this card as cash. That's because like cash, you can't really prove ownership--if you drop either in a parking lot and someone else comes along after you leave, he/she can use either and you're out of that money. Some would wonder why pay 4% to use your own cash. One thing to remember is that you can't really use cash across the Internet. This card can be used (again, entering any name and address if necessary) at any website that takes AMEX. This makes it good at sites that you'd rather not have appear on your personal credit card. So you can greatly enhance your privacy by using a web-based mail service, an anonymous web browser and this card and not worry about junk mail or any other annoyances. [ Of course, if a person chooses to buy one of these cash cards using their credit card for payment, the "anonymity" factor may be significantly reduced. -- PRIVACY Forum Moderator ] ------------------------------ Date: Sat, 06 Jan 2001 00:10:21 EST From: Monty Solomon <<A HREF="mailto:monty@roscom.com">monty@roscom.com</A>> Subject: ACLU Promises Legal Challenge as Congress Adopts Bill Imposing Internet Blocking in Libraries <A HREF="http://www.aclu.org/news/2000/n121800a.html">http://www.aclu.org/news/2000/n121800a.html</A> ACLU Promises Legal Challenge as Congress Adopts Bill Imposing Internet Blocking in Libraries FOR IMMEDIATE RELEASE Monday, December 18, 2000 WASHINGTON -- The American Civil Liberties Union said that it will soon launch a legal challenge to legislation adopted by Congress last week that would mandate the use of blocking software on computers in public libraries. "This is the first time since the development of the local, free public library in the 19th century that the federal government has sought to require censorship in every single town and hamlet in America," said Chris Hansen, ACLU Senior Staff Attorney. "More than 100 years of local control of libraries and the strong tradition of allowing adults to decide for themselves what they want to read is being casually set aside." The measure, which was included in the year's final spending bill that was approved on Friday, was introduced by Senator John McCain, R-AZ. It would require libraries and public schools to adopt acceptable use policies accompanied by a "safety technology" - i.e., blocking software - that would block access to materials deemed "harmful to minors." Earlier this year, an 18-member commission appointed by Congress rejected the idea of mandating the use of blocking software, which is notoriously clumsy and inevitably restricts access to valuable, protected speech. A wide spectrum of organizations have opposed blocking software mandates, including the American Library Association, the Society of Professional Journalists, the conservative Free Congress Foundation and state chapters of the Eagle Forum and the American Family Association. "There was an Alice in Wonderland quality to this debate," said Marvin Johnson, a Legislative Counsel with the ACLU's Washington National Office. "With its vote, Congress rejected the advice it asked for from the panel it appointed." The ACLU said that because blocking programs can be so restrictive and overreaching, they significantly reduce the amount and diversity of speech and information available to individuals. For example, House Majority Leader Richard "Dick" Armey, a staunch proponent of Internet blocking, found his own web site censored, because it contains the word "dick." And a recent report by Peacefire found that several dozen websites of candidates for Congress had been blocked by censorware. Over the last five years, the ACLU has successfully challenged a wide range of government efforts to censor the Internet, including the landmark Supreme Court ruling in Reno v. ACLU and, more specifically, in Mainstream Loudoun vs. Board of Trustees of the Loudoun County Library, where a federal district court found mandatory use of blocking software unconstitutional in April 1998. ------------------------------ Date: Fri, 05 Jan 2001 13:42:33 -0800 From: "Mathew Englander" <<A HREF="mailto:MEnglander@ratcliff.com">MEnglander@ratcliff.com</A>> Subject: New Canadian privacy law You're probably aware of Canada's new legislation on privacy rights in the private sector, the Personal Information Protection and Electronic Documents Act, which was enacted in April 2000 and just came into effect on January 1, 2001. For the first three years, it will apply only to banks, phone companies, and other entities that are subject to regulation by the federal government (as opposed to the provinces). It will also apply to personal information disclosed for consideration between provinces or internationally. The Privacy Commissioner of Canada has issued a news release (<A HREF="http://www.privcom.gc.ca/english/02_05_b_010104_e.pdf">http://www.privcom.gc.ca/english/02_05_b_010104_e.pdf</A>). Industry Canada also has information on its web site (<A HREF="http://www.e-com.ic.gc.ca/english/privacy/632d1.html#privup">http://www.e-com.ic.gc.ca/english/privacy/632d1.html#privup</A>). I co-authored a paper on the legislation entitled "Working with the Privacy Rules", which was presented at a course offered by the Continuing Legal Education Society of British Columbia. That society has posted the paper on its web site (<A HREF="http://www.cle.bc.ca/about/features/privacy_rules.htm">http://www.cle.bc.ca/about/features/privacy_rules.htm</A> or <A HREF="http://64.16.29.150/CLE">http://64.16.29.150/CLE</A> /Analysis/Articles/00-5020400-privacy.htm). Let me know if you'd like more information. =========== Mathew B. Englander Ratcliff & Company Barristers and Solicitors 500-221 West Esplanade North Vancouver, BC V7M 3J3 tel 604-988-5201 fax 604-988-1452 <A HREF="mailto:menglander@ratcliff.com">menglander@ratcliff.com</A> ------------------------------ End of PRIVACY Forum Digest 10.02 ************************ </PRE> <hr> <center> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p> <A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p> <A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p> </center> <p> <font size=-2>Copyright © 2001 Vortex Technology. All Rights Reserved.</font> </BODY> </HTML>