TUCoPS :: Privacy :: priv_120.txt

Privacy Digest 1.20 9/27/92

From privacy@cv.vortex.com Mon Sep 28 02:06:07 1992
Return-Path: <privacy@cv.vortex.com>
Received: from cv.vortex.com by csrc.ncsl.nist.gov (4.1/NIST)
	id AA12444; Mon, 28 Sep 92 02:03:16 EDT
Posted-Date: Sun, 27 Sep 92 22:28 PDT
Received-Date: Mon, 28 Sep 92 02:03:16 EDT
Received: by cv.vortex.com (Smail3.1.26.7 #2)
	id m0mZDes-0001hAC; Sun, 27 Sep 92 22:28 PDT
Message-Id: <m0mZDes-0001hAC@cv.vortex.com>
Date: Sun, 27 Sep 92 22:28 PDT
From: privacy@cv.vortex.com (PRIVACY Forum)
Subject: PRIVACY Forum Digest V01 #20
To: PRIVACY-Forum-List@cv.vortex.com
Status: R

PRIVACY Forum Digest     Sunday, 27 September 1992     Volume 01 : Issue 20

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	PRIVACY Briefs (Moderator--Lauren Weinstein)
	Scientific American article, 'Achieving Electronic Privacy'
	   (Dan Huber)
	Credit reports, phone bills, credit card bills for sale 
	   (Dan Ellis)
	SG Debate Centers on ACCESS Card Issue (John G. Otto)
	Tracking mail (Allen Smith)
	Comments on draft ACM whitepaper (Craig Partridge)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.


    Quote for the day:

		"I'm wearing a cardboard belt!"

				-- Max Bialystock (Zero Mostel)
				   "The Producers" (1968)


PRIVACY Briefs (from the Moderator)


Last week's edition of CBS's "48 Hours" program centered on the issues of
technological invasions of privacy.  The emphasis was on the ease with which
information could be collected on particular "targeted" individuals by
"private detectives" via legal and illegal means (databases, public
photography and tracking, cellular phone interception, etc.)  The program
was not primarily concerned with the broader issues of privacy as they
affect the population at large, and was rather disappointing.  However,
any program that gets people thinking about privacy issues has value.

Some Internet readers may recall a message circulating around the net months
ago when CBS was attempting to find someone to demonstrate the (illegal)
practice of cellular interception for that program.  Obviously they found
their man--his disguise, consisting of dark sunglasses and a fake "Castro"
beard, was definitely worth a few chuckles.


Regular readers of the PRIVACY Forum will already be familiar with the
"FBI Wiretap Bill" (a.k.a. "Dial-A-Wiretap").  This proposed legislation
would mandate direct, remote monitoring access to virtually all
domestic telecommunications networks and systems for court-approved
wiretaps.  Many privacy advocates have expressed grave concerns 
regarding the potential for abuse and misuse of such a system, among
other serious problems.

Rumors are now circulating that due to perceived potential difficulties in
obtaining approval for the bill as separate legislation, an attempt may be
made to attach essentially the complete language of the bill as
an ammendment to some other legislation with a higher probability
of "low-scrutiny" passage (e.g. federal omnibus crime legislation).


Date:    Thu, 24 Sep 92 09:51 EDT
Subject: Scientific American article, 'Achieving Electronic Privacy'

  I read an interesting article in the Aug 92 issue of 'Scientific
American' by David Chaum that discussed using what he called 'blind
signatures' in electronic cash and credential verification applications.
I'm relatively new to this topic and would like to get reaction/opinions
of others on this idea.  Perhaps someone could review it in the Privacy
Forum digest.

             Dan Huber


Date:    Thu, 24 Sep 92 10:07:41 -0400
From:    "Dan Ellis" <dpwe@media.mit.edu>
Subject: Credit reports, phone bills, credit card bills for sale

I heard an alarming interview on NPR's "Fresh Air" on Tuesday night.
Unfortunately I didn't take notes, but the gist was that a journalist 
who works for Business Week (?) called something that sounded like
Geoffrey Rothvader has written a book called "Privacy for sale"(?) 
based on his research in accessing private records via 'legitimate' 
information-pooling businesses.

He described a class of organization he called 'superbureaus' which 
gather and merge information from better known sources such as the 
credit reporting agencies but also phone companies and credit card 
companies.  He was able to buy an account with apparently complete 
access to these databases on the grounds that he worked for a reputable 
publishing company (McGraw Hill) and that he wanted to check up on 
some potential employees.  He was then able to inspect the credit report 
for J Danforth Quale (without knowing anything more than an old 
address from a Who's Who), but more alarmingly, was able to see 
Dan Rather's credit card bill for the past month - showing stores and 
amounts etc.  He said that phone records were similarly available, and 
it had cost him $300 to get the information.

He suggested that the credit card bill and phone bill information must 
be being supplied by unauthorized sources within the appropriate companies, 
and that such companies should give more thought to audit trails and 
access restrictions in their internal information systems.

Perhaps this is old hat, but I was shocked by the amount of information 
that was, in practice, available.  The author emphasized that these are 
above-board businesses and there was nothing illegal or even particularly 
exotic in what he did.

Apologies for anything I have distorted or misremembered in the two days 
since the program.

  Dan Ellis, MIT Media Lab <dpwe@media.mit.edu>


Date:    Thu, 24 Sep 92 12:55:41 EDT
From:    John G. Otto <otto@systems.cc.fsu.edu>
Subject: SG Debate Centers on ACCESS Card Issue

Wednesday, 1992-09-23
Florida Flambeau (Box 29287; Tallahassee, FL 32316; 904-681-6692)
(distributed with permission of the editor)

SG Debate Centers on ACCESS Card Issue
by Matt Grimison

The Seminole ACCESS card is a fascist pariah that keeps a Big Brother-like
watch on students - or it's a high-tech Godsend that will make the Florida
State University campus safer.

Those were the 2 sides to just 1 of many issues discussed Tuesday during
a debate a the student Union between 3 parties vying for student senate
seats in today's elections.

Representatives of the Monarchy, Osceola and Alliance parties, as well as
4 independent candidates, argued about the ACCESS card and a controversial
constitutional amendment on the ballot when they squared off in what turned
out as more of a question and answer session than a head to head debate.

Opinions turned bilateral when Osceola and Monarchy agreed to disagree with
Alliance on the 2 issues.

Jeanne Campbell of Monarchy and Joe Gillespie of Osceola united in
condemning the ACCESS program, saying it takes advantage of students by
keeping the money earned in interest from their accounts.  They also said
it's too expensive to implement and contains too much personal information.
"It infringes on students' privacy.", Gillespie said.  "They have students'
biographical information, credit history and social[ist in]security 
numbers and can track students' movement on campus.  It is dangerous as an
information source.

But Fred Maglione of Alliance said that while the system is not trouble
free, it's still worth while because it will help make FSU a cash free
campus.  [That's worth while?!?!?!?!?...jgo]

"After the problems are worked out, it will run smoothly.", Maglione said.
"We are very pleased with the ACCESS card.  Once the bugs are worked out
it will make for a better and safer campus environment."...

jgo   John G. Otto   otto@systems.cc.fsu.edu


Date:    Thu, 24 Sep 1992 22:32 EST
Subject: Tracking mail

        In regards to the privacy issue of automated mail tracking, it
occurs to me that that sort of system is rather easily disrupted by simply
sending fake mailings to various "interesting" locations. That admittedly
won't cure the problem that various interfering agencies, etc., can tell
that you're doing _something_ they're interested in, but it can confuse
them (until they get a warrant/whatever to actually open the mail) on
_what_ you're doing. It does also cost a bit, admittedly.


Date:    Fri, 25 Sep 92 10:11:58 -0700
From:    Craig Partridge <craig@aland.bbn.com>
Subject: comments on draft ACM whitepaper

    I read through the draft and felt it had an important limitation.
It does not discuss when data gathering is beneficial (to the public or
even to individuals).  The overall tone of the first half of the document
left the impression that data gathering, in and of itself, may be bad.
Yet when I read the principles of the Code of Fair Information Practices,
it was clear that it was carefully designed to permit data collection,
subject to some basic safeguards.

    It seems to me that a professional body such as ACM has an obligation to
recognize and try to understand all sides of the issue, even if ACM favors
a particular perspective.

    I do not claim to be an expert in this area, but let me try a couple
of points suggesting where data collection is useful:

    * Better business bureaus and other organizations which track complaints
	against business.  Consumers, in general, benefit from being able
	to check on the perceived quality of a business they propose to
	deal with.

    * Credit bureaus.  We can (and should) make much of the failure of
	credit bureaus to keep accurate information and sufficiently
	protect it (indeed, their propensity to sell it).  However,
	just as it is useful for consumers to check on businesses, it
	is beneficial to business to be able to check on the creditworthness
	of individuals who are asking for credit.

    * Utility records.  There's been some fuss here in Northern California
	about access to utility bills.  Some newspapers have been printing
	lists of people and organizations whose water bills indicate
	exceptionally high consumption (we're in the midst of a drought).

	There have been benefits to this information.  For example, we've
	learned that utilities are giving odd preferential billing schemes
	(such as special water rates to golf courses) which are probably
	not in the public interest.  There are arguably harmful effects
	too: a reputedly hard-of-hearing individual who had not heard
	water running from a broken pipe under his home ran up a large
	bill one month and was distressed by the publicity his bill got.

	But there's a powerful argument that the greater public interest
	in seeing careful water use during the drought was served by
	publishing the list.

    * Legal decisions.  Our legal system is based on precedent.  Collecting
	legal opinions on-line makes it easier for lawyers to locate relevant
	prior decisions.  However, decisions also often contain personal
	information about parties in the case, so there's a privacy risk
	here (though I believe rather small).

Perhaps one may disagree with this particular list.  That's fine, but I think
some discussion of cases where data collection is beneficial is needed if
the ACM white paper is to fully present the issues around privacy.

I hope this is useful.

Craig Partridge
past editor, ACM Computer Communication Review

E-mail: craig@aland.bbn.com or craig@bbn.com


End of PRIVACY Forum Digest 01.20

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH