TUCoPS :: Privacy :: priv_110.txt

Privacy Digest 1.10 7/28/92

PRIVACY Forum Digest      Tuesday, 28 July 1992      Volume 01 : Issue 10

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS
	Seminole ACCESS (John G. Otto)
	CPSR Recommends NREN Privacy Principles (Dave Banisar)
	News from Spain (Rafael Fernandez Calvo)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 01, ISSUE 10

    Quote for the day:

		"This time for SURE!"

			-- Bullwinkle J. Moose

----------------------------------------------------------------------

Date:    Thu, 23 Jul 92 17:09:42 EDT
From:    John G. Otto <otto@systems.cc.fsu.edu>
Subject: Re: Seminole ACCESS

"Seminole ACCESS" has been implemented over the past year (starting just
with in-coming freshmen last fall and mandated for everyone - faculty, staff
and students - beginning August 24) at FSU (the Florida State University)
and was planned/developed/championed by Billy Norwood, Associate Director of
Administrative Information Systems.

It involves a new photo-id, credit, library, phone, key card tied into a
number of integrated data-bases.  The credit card portion is administered by
First Florida bank (after a challenge from Guaranty National Bank that the
university was violating a state law forbidding the government to operate
banking services).  The phone card "feature" is with MCI.  The rest is
operated by the university controller's office and AIS, with interfaces
(e.g. for the library system) with the state's Northeast Regional Data
Center (NERDC) at the U of Florida, in Gainesville.

The Seminole ACCESS system, as described in the bright and bouncy articles
published in the local media, sounds great.  It will "offer convenience" and
"prevent crime".  You can use it to shop, make long distance calls, get into
your dorm room, buy soft drinks or do the laundry, all with one
wooonnderfully convenient card.

What the university's PR boys don't tell faculty, staff, students, and soon
to be matriculated freshmen and their parents, is the number of ways in which 
they bend and break the existing feeble privacy laws (and Florida's Article 1 
Section 23 privacy guarantee).  For all their weasel clauses, FERPA74 and
PA74 (Family Educational Right to Privacy Act, sometimes called the Buckley
Amendment, and the Privacy Act of 1974) do require that even internal 
dissemination of personally identifiable information be on a "need to know"
basis (the term used in FERPA is "legitimate educational purpose" if my memory
serves).  Though over-ridden for certain specific purposes (e.g. by the 
Bank Secrecy Act, a tax reform act and an act to control illegal immigrants)
PA74 also states that no "right, benefit or privilege" shall be denied to
people who refuse to disclose their socialist insecurity numbers.

Despite this, students have been prevented from being seen by a physician
at the Thagard Health Center, and have been denied access to public documents
contained in the Robert M. Strozier library, a federal document depository
library with "guaranteed access to the public".  Records of "private" 
meetings, and other individually identifiable records, and, needless to
say, the ubiquitous socialist insecurity numbers, have been duplicated 
and distributed with not a jot of consideration for the receiver's need to
know.  With the addition of the credit card features, records of long distance
calls and of individual items purchased at area stores will be funnelled
into the data-base.

Plans for expansion of the system include making the campus "cashless" (no
mention is made to legal tender laws, or the detailed records of purchases
this portion of the scheme will generate) and mounting card readers on every 
door to control access and keep class & examination attendance with terminals
in the campus police office, "the better to watch where you've gone, my dear".
(Where's the "educational purpose" in that, I wonder?)

------------------------------

Date:    Fri, 24 Jul 1992 17:24:51 EDT
From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: CPSR Recommends NREN Privacy Principles

PRESS RELEASE
  
July 24, 1992
  
CPSR Recommends NREN Privacy Principles

   WASHINGTON, DC -- Computer Professionals for Social Responsibility
(CPSR), a national public interest organization, has recommended privacy
guidelines for the nation's computer network. 

   At a hearing this week before the National Commission on Library and
Information Science, CPSR recommended a privacy policy for the National
Research and Education Network or "NREN."  Marc Rotenberg, Washington
Director of CPSR, said "We hope this proposal will get the ball rolling.
The failure to develop a good policy for the computer network could be very
costly in the long term."
  
   The National Commission is currently reviewing comments for a report to
the Office of Science and Technology Policy on the future of the NREN. 

   Mr. Rotenberg said there are several reasons that the Commission should
address the privacy issue.  "First, the move toward commercialization of the
network is certain to exacerbate privacy concerns.  Second, current law does
not do a very good job of protecting computer messages.  Third, technology
won't solve all the problems."
  
   The CPSR principles are (1) protect confidentiality, (2) identify privacy
implications in new services, (3) limit collection of personal data, (4)
restrict transfer of personal information,(5) do not charge for routine
privacy protection, (6) incorporate technical safeguards, (7) develop
appropriate security policies, and (8) create an enforcement mechanism.

   Professor David Flaherty, an expert in telecommunications privacy law,
said "The CPSR principles fit squarely in the middle of similar efforts in
other countries to promote network services.  This looks like a good
approach."

   Evan Hendricks, the chair of the United States Privacy Council and editor
of Privacy Times, said that the United States is "behind the curve" on
privacy and needs to catch up with other countries who are already
developing privacy guidelines.  "The Europeans are racing forward, and we've
been left with dust on our face."

   The CPSR privacy guidelines are similar to a set of principles developed
almost 20 years ago called The Code of Fair Information practices.  The Code
was developed by a government task force that included policy makers,
privacy experts, and computer scientists.  The Code later became the basis
of the United States Privacy Act.

   Dr. Ronni Rosenberg, who has studied the role of computer scientists in
public policy, said that "Computer professionals have an important role to
play in privacy policy. The CPSR privacy guidelines are another example of
how scientists can contribute to public policy."

   CPSR is a membership organization of 2500 professionals in the technology
field. For more information about the Privacy Policies and how to join
CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302.  415/322-3778 (tel)
and 415/322-3798 (fax).  Email at cpsr@csli.stanford.edu.

	[ When the complete CPSR testimony text has been received,
	  it will be placed in the PRIVACY Forum archives and
	  will be announced here in the digest. -- MODERATOR ]

------------------------------

Date:    Sun, 26 Jul 1992 19:19:34 EDT
From:    "Rafael Fernandez Calvo" <rfcalvo@guest2.atimdr.es>
Subject: News from Spain 

On July 20, the Spanish Commission for Liberties and Informatics (CLI)
has addressed a letter to the Minister of Health and Consumers' Affairs,
Mr. Grinan, with regard to the implementation of the National Health Card
in the Public Health System. A copy of the letter has been mailed to the
Spanish Ombudsman.

CLI is concerned that this informatized tool, designed to improve the
quality of the service provided to the citizens by the aforementioned
entity, may endanger their right to privacy, consecrated by the Spanish
Constitution, if it is not accompanied by adequate administrative and
technological measures. These measures must be in accordance with the
the Recommendation of the Ministers' Committee of the European Council
of January 23, 1981 on Automatized Medical Data Bases.

CLI requests Mr. Grinan that the implementation of the National Health
Card be suspended until the above measures are in place and offers its
collaboration for a successful and privacywise put in work of the card.

CLI is an independent and pluralistic organization that met for the
first time in November '90 and was officially constituted in April '91 in
Madrid, Spain.

The mission of CLI is "to promote, in a permanent and regular fashion,
the development and protection of individual and collective rights,
specially the right to privacy, with regard to the usage of Information
Technologies, both by Public Administrations and private companies,
raising the level of consciousness of the Spanish people about the
importance of this issue for progress in an increasingly technified
democratic society."

As of July '92, CLI is composed by several organizations, with a joint
membership of about 3,000,000 people. They cover a very wide spectrum of
social interest groups: associations of computer professionals, judges,
civil rights leagues, trade unions, consumers groups, DP industry
collectives, etc.

We will be delighted to provide you with additional information about
CLI and the condition of computers, freedom and privacy issues in Spain
if you contact our headquarters:

    CLI
    Padilla 66, 3 dcha.
    E-28006 Madrid, Spain
    Phone: (34-1) 402 9391. Fax: (34-1) 309 3685

and/or send a note to Rafael Fernandez Calvo (member of the Presidential
Board of CLI) at the following e-mail address:

rfcalvo@guest2.atimdr.es

------------------------------

End of PRIVACY Forum Digest 01.10
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH