TUCoPS :: Privacy :: priv_129.txt

Privacy Digest 1.29 12/22/92

PRIVACY Forum Digest     Tuesday, 22 December 1992     Volume 01 : Issue 29

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	PRIVACY Briefs (Lauren Weinstein; PRIVACY Forum Moderator)
	CPSR and the Transition (Marc Rotenberg)
	Question about Search/Seizure (Brian D. Larkin)
	Call for Comments About Computing and the Future (Gary Chapman)
	Position Paper: Broadening Computer Science (Rob Kling)

			***** HAPPY HOLIDAYS *****

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.


   Quote for the day:

      "My father said that Rudolph was the only reindeer in history
       that kept the wolf from the door."

	   -- Virginia Herz, daughter of Robert May, the author of the
	      1939 story "Rudolph the Red-Nosed Reindeer", commenting on how
	      the copyright from the story, and later the song created from
	      it, saved the family from financial ruin.

	      Originally written as an advertising promotion for Montgomery
	      Ward in Chicago, the story was put to music in 1949 by
	      relative Johnny Marks and recorded by Gene Autry.

	      And they'll go down in his-tor-y!


PRIVACY Briefs (from the Moderator)


On Sunday, December 20, 1992, a new federal law took effect which bans
unsolicited automated telemarketing calls (except for emergency recordings,
calls from non-profit groups, and political polling).  It also requires that
(live) telemarketers refrain (for at least one year) from calling back
parties who have asked that particular firm that they not be called again.

In theory, consumers could recover damages from violators, though proving
violations may be difficult.  Some groups had lobbied for a tougher law that
would have mandated a central nationwide database of consumers who did not
wish to receive any telephone solicitations.


Pacific Bell, the largest California telephone company, announced today that
they have dropped plans for providing Calling Number ID (CNID) services in
California, at least for the time being.  The other major telephone company
in California, GTE, had previously announced that it was cancelling its CNID
plans.  Both companies cited PUC requirements that would have mandated all
unlisted numbers to have number ID blocking by default as a major reason for
their decisions (at least 40% of California residential consumers have
unlisted numbers).  The companies also were concerned about the costs of a
PUC mandated consumer "education" program that would have been required to
inform subscribers about CNID.

Pacific plans to go ahead with several less controversial services,
including call trace, call return, and call blocking.  GTE has announced
interest in similar services.  Some related privacy issues, such as the
revealing of call return numbers on itemized telephone bills and the
handling of calls from California to states where CNID is permitted, are not
clear at this point.


Date:    Tue, 15 Dec 1992 13:13:39 EDT
>From:    Marc Rotenberg <Marc_Rotenberg@washofc.cpsr.org>
Subject: CPSR and the Transition

Over the last several years CPSR has worked extensively on access to
government information, the Freedom of Information Act, computer security
policy, and privacy protection.

We have now sent the following recommendations to several transition team
groups.  (The "(b)(1) exemption" in the first recommendation refers to the
national security exemption in the Freedom of Information Act.)

We hope that the new adminstration will give our proposals full

Marc Rotenberg, Director
CPSR Washington Office


   FROM: Marc Rotenberg, CPSR
   RE:   Classification, Computer Security, Privacy
   CC:   Policy Group, Justice Cluster
   DATE: December 10, 1992

        Three issues that the Executive Order Project should

1) Rescind E.O. 12356 (1982 Reagan Order on classification)

        The Reagan Order on classification is the bane of the FOIA and
science communities.  It has led to enormous overclassification, frustrated
government accountability, and skewed national priorities.  It should be

        A new E.O. should narrow the scope of classification authority.  It
should reduce the classification bureaucracy.  And it should reflect the
economic cost of classifying scientific and technical information, i.e. such
information should be presumptively available. In the FOIA context, the new
E.O. should also require agencies to identify "an ascertainable harm" before
invoking the (b)(1) exemption.

2) Rescind NSD-42 (1991 Bush Directive on computer security authority)

        This directive undermined a fairly good 1987 law (the Computer
Security Act) and transferred authority for computer security from the
civilian sector to the intelligence community.  It led to several bad
decisions in the area of technical standard setting (e.g. network standards
that facilitate surveillance rather than promoting security) and has made it
more difficult to ensure agency accountability.  It should be rescinded.

        The President could either leave the 1987 Act in place and issue no
new E.O. or he could revise the E.O. consistent with the aims of the 1987
law, recognizing the recent problems with technical standard setting by the
intelligence community.

3) Establish a task force on privacy protection

        The new administration should move quickly on the privacy front,
particularly in the telecommunications arena.  The United States currently
lags behind Canada, Japan, and the EC on telecomm privacy policy.  These
policies are necessary for the development of new services and the
protection of consumer interests.

        An Executive Order on privacy should include the following elements:
(1) the creation of an intra-agency task force with public participation,
(2) a report to the President within 180 days with legislative
recommendations, (3) a procedure for ongoing review and coordination with
Justice, Commerce, State, and OSTP.


Date:    Wed, 16 Dec 92 14:01:42 -0600
>From:    "Brian D. Larkin" <brianl@morgana.pubserv.com>
Subject: Question about Search/Seizure

Two days ago I was pulled over by one of Chapaign Illinois'
finest for speeding.  After writing up the ticket, he asked me if
I was transporting any weapons, drugs, or alcohol in my car.  I of
course responded that I did not have any such items in my car.
He then asked if I would mind if he searched my car.  I responded
that he could, because I had nothing to hide.  He found nothing and 
we went on our way.

It got me to thinking though about if I had not consented, would
he had had to have gotten a warrant to search my car?  Would I
have been forced to sit by the side of the road while they went to
get a warrant to search my car?  If he HAD found something of an
illegal nature, could it be used against me in court?

What rights do I have in this situation?  I understand that the
laws of other states may be different.  I was mostly looking for a
general case.  

Brian D. Larkin 			brianl@morgana.pubserv.com
Research & Development			Publication Services, Inc.


Date:    Wed, 16 Dec 1992 12:42:25 -0500
>From:    Gary Chapman <chapman@silver.lcs.mit.edu>
Subject: Call for Comments About Computing and the Future



This is Gary Chapman, director of the Cambridge, Massachusetts, office
of Computer Professionals for Social Responsibility.  I edit The CPSR
Newsletter, a quarterly publication that goes to all CPSR members and
about 400 other people, including a lot of policymakers, members of
Congress, administration officials, etc.

We're going to try something unusual for the next CPSR Newsletter, and
I'm putting out a call for help.  We're going to publish a special issue
on "What the Clinton Administration Can Do For The Computing Profession and
the Public."  I'm sending out this message to ask people to send me SHORT
contributions to this issue, just brief comments about what the
new administration can do to help support computing in the United
States, or perhaps the world.

Here are a few basic guidelines for these submissions:

1.  SHORT MEANS SHORT -- In order to publish as many of these as we can,
we need to keep each contribution to about 100-150 words, max, one or
two paragraphs.  In fact, anything longer will probably be eliminated
out of fairness to others.

2.  YOU MUST IDENTIFY YOURSELF -- Again, briefly, with just your name
and one line that says something about you, such as Joe Blow or Sally
Smith, Programmer, BillyBob Corporation, or Centerville, Ohio, or
something like that, whatever you prefer.

3.  ADDRESS ISSUES OF PUBLIC POLICY -- In order to make these
contributions relevant to the Clinton administration, they should
concern issues about which government can or should do something, or
stop doing, whatever.  These include major issues such as privacy,
access to information, computer networks like the Internet or NREN, R&D
priorities, equitable access to computers, intellectual property,
defense policy, risks to the public, etc.  We're not really interested
in contributions that are self-serving, parochial, excessively arcane or
trivial, belligerently and unconstructively critical, and so on.  We
will favor messages that discuss the intersection of computing and major
issues of concern to the public at large.

back to you about the text.  We won't publish e-mail addresses, I

5.  GET ALL CONTRIBUTIONS TO ME BY JANUARY 15, 1993.  My e-mail address
is chapman@silver.lcs.mit.edu.

This is not limited to people in the United States, although overseas
contributors will have to make a case for what the Clinton
administration should do to help international computing -- the focus
will be on U.S. government  policy.

We're going to try and get this issue into the hands of the key players
on computing and high tech policy in the new administration.  For the
most part we already know who those people are, and we're talking to
them about the issues that CPSR is working on.  This newsletter will
give them a good impression, we hope, of the concerns of the computing
profession and people who use computer networks.  Consider this an
opportunity for a kind of "hard copy" town hall.

Thanks for your help!  Get those messages coming!

Gary Chapman
The 21st Century Project
Computer Professionals for Social Responsibility
Cambridge, MA


Date:    Mon, 21 Dec 1992 23:21:02 EDT
>From:    Rob Kling <kling@ics.uci.edu>
Subject: Position Paper: Broadening Computer Science

               Computing for Our Future in a Social World

                               Rob Kling
              Department of Information & Computer Science
                  University of California at Irvine,
                         Irvine, CA 92717, USA
                    kling@ics.uci.edu (714-856-5955)

                            December 2, 1992


The Computer Science and Telecommunications Board of the National Research
Council has recently issued a report, "Computing the Future (Hartmanis and
Lin, 1992)." It sets a new agenda for Computer Science. This short paper
argues that effective CS practitioners who "compute for the future" in many
organizations need some skills in social analysis to help understand
appropriate systems requirements and the conditions which transform high
performance computing into high performance organizations. It is time for
the academic Computer Science to embrace Organizational Informatics as a
key area of research and instruction.


"Computing the Future" (CTF) (Hartmanis and Lin, 1992) is a welcome report
which argues that academic Computer Scientists must acknowledge the driving
forces behind the generally good Federal support for the discipline. The
explosive growth of computing and demand for CS in the last decade has been
driven by a diverse array of applications and new modes of computing in
diverse social contexts.  CTF takes a strong and useful position in
encouraging all computer scientists to broaden our conceptions of the

The authors encourage Computer Scientists to envision new technologies in
the social contexts in which they will be used. The numerous examples of
computer applications that the authors identify as having significant social
value rest on social analyses of these technologies. Further, the report
tacitly requires that the CS community develop reliable knowledge, based in
systematic research, to support effective social analysis. And it requires
an ability to teach such skills to practitioners and students. Without a
disciplined skill in social analysis, Computer Scientists' claims about the
usability and social value of specific technologies is mere opinion, and
bears an exceptional risk of being self-serving opinion. Further, Computer
Scientists who do not have refined social analytical skills have sometimes
conceived and promoted technologies which were far less useful or far more
costly than they claimed. Effective CS practitioners who "compute for the
future" in many organizations need some skills in social analysis to help
understand appropriate systems requirements and the conditions which
transform high performance computing into high performance organizations.
Since the report does not spell out these tacit implications, I'd like to
explain them here.

Broadening Computer Science: From Computability to Usability

Since the usability of systems and software is a key theme in the history of
CS, we must expand beyond mathematics for our  conceptions of "theory" for
the discipline. Some applications, such as as supercomputing and
computational science are evolutionary extensions of traditional scientific
computation, even though they have taken a new direction with rich graphical
front ends for visualizing enormous mounds of data. But some other, newer
modes of computing, such as networking and microcomputing, changed the
distribution of applications. While they support traditional numerical
computation, albeit in newer formats such as spreadsheets, they have also
expanded the diversity of non-numerical computations. They have made
digitally represented text and graphics accessible to tens of millions of

None of these advances are inconsistent with "mathematical foundations," in
CS, such as Turing machine formulations. But they are not well
conceptualized by the foundational mathematical models of computation. Nor
do our foundational mathematical models provide useful ways of
conceptualizing advances in even more traditional elements of computers
systems such as operating systems and database systems. Mathematical
analysis can play a central role in some areas of CS, and an important role
in many areas. But we cannot understand important aspects of usability if we
limit ourselves to mathematical theories.

Of the diverse trends in computing, the growing emphasis of usability is one
of the most dominant. The usability tradition has deep roots in CS, and
extends back into the design of programming languages, and operating
systems. But each of these topics also rested on mathematical analysis which
Computer Scientists could point to as "the foundations" of the respective
subdisciplines. However, the growth of diverse applications for
non-technical professionals, including text processing, electronic mail,
graphics, and multimedia has placed a premium on making computer systems
relatively simple to use. HCI is now considered a core subdiscipline.

One important repercussion of the integration of HCI into the core of CS is
the resulting need to expand our conception of the theoretical foundations
of the discipline. While every computational interface is reducible to a
Turing computation, the foundational mathematical models of CS do not (and
could not) provide a sound theoretical basis for understanding why some
interfaces are more effective for some groups of people than are others. The
theoretical foundations about effective computer interfaces must rest on
sound theories of human behavior and their empirical manifestations (cf.
Ehn, 1991, Grudin, 1989). Further, interfaces involve capabilities beyond
the primary information processing capabilities of a technology. They entail
ways that people can learn about the system and ways to manage the diverse
data sets that routinely arise in using many computerized systems (Kling,
1992). Understanding the diversity and character of these interfaces, which
are required to make many systems usable rests, in an understanding the way
that people and groups organize their work and expertise with computing.
Appropriate theories of the diverse interfaces that make many computer
systems truly useful must rest on theories of work and organization which
characterize these phenomena.

Broadening Computer Science: From High Performance Computing to High
   Performance Organizations

The foundations of CTF go beyond interface design to claims that
computerized systems will improve the performance of organizations.  The
report argues that the US should invest close to a billion dollars a year in
CS research because of the economic and social gains that must pour forth
from CS research. These are important claims, for which critics can ask for
systematic evidence. For example, one can ask about the evidence that 20
years of major computing R&D and corporate investment in the US has helped
provide proportionate economic and social value.

CTF is filled with numerous examples where computer-based systems have
provided value to people and organizations. The tough question is whether
the overall productive value of these investments has been worth the overall
acquisition and operation costs. In the last few years economists have found
it hard to give unambiguously affirmative answers to this question. In fact,
the question has been termed "The Productivity Paradox," based on a comment
attributed to Nobel laureate Robert Solow who remarked that "computers are
showing up everywhere except in the [productivity] statistics (Dunlop and
Kling, 1991a)."

There are numerous potential slips in translating high performance computing
into cost-effective technological support to improve organizational
performance. Some technologies require extensive technical support which
provides hidden costs (Kling, 1992). Some technologies are superb for
well-trained experts, but are difficult for less experienced people or
"casual users." Further, a significant body of empirical research has shown
that the social processes by which computer systems are introduced and
organized makes a substantial difference in their value to people, groups
and organizations (Lucas, 1981). Most seriously, some computer applications
do not fit a person or groups's work practices (Bullen and Bennet, 1991).
While they may make sense in a simplified world, they can actually
complicate or misdirect real work. We graduate about 30,000 computer
scientists every year and many of them find employment on organizational
information systems projects. Unfortunately, few of them have developed an
adequate conceptual basis for understanding when information systems will
actually improve organizational performance.

CTF anchors the value of CS research on the belief that interesting new
technologies will certainly yield significant economic and social value.
These assessments rest on social analyses. Unfortunately, the CS academic
community is not organized (or funded) to provide a significant body of
trustworthy research to help answer these kinds of questions.

Organizational Informatics

CTF places dual responsibilities on Computer Scientists. One responsibility
is to produce a significant body of applicable research. The other
responsibility is to educate a significant fraction of CS students to be
more effective in conceiving and implementing systems that will actually
enhance organizational performance. Today, most of the tens of thousands
people who obtain BS and MS degrees in CS have no opportunities for
systematic exposure to reliable knowledge about the value of computing in a
social world. Yet a substantial fraction of these students go on to work for
organizations attempting to produce or maintain systems which improve
organizational performance without a good conceptual basis for their work.
Consequently, many of them develop systems which underperform, and are
sometimes even counterproductive, in organizational terms.

Organizational Informatics includes studies of the usability of computerized
information systems and communication systems in organizations. It also
includes studies of their effective implementation, use, organizational
value, and their consequences for  people and an organization's clients. It
is an intellectually rich and also practical research area.

In the last 20 years a substantial body of scientific research in
Organizational Informatics has developed. The best of the research is
conducted by faculty in the Information Systems departments in Business
schools and by scattered social scientists (cf. Boland and Hirschheim, 1987;
Galegher, Kraut and Egido, 1990; Cotterman and Senn, 1992). But the Computer
Scientists simply delegate the research and teaching of Organizational
Informatics to Business Schools or "sociologists." They rarely ask questions
with attention to fine grained technological variations which are important
for CS. And they rarely can effectively teach numerous CS students about
systems development and use in organizations.

CTF is permeated with interesting claims about the social value of recent
and emerging computer-based technologies. While many of these observations
are of a kind that should rest on an empirically grounded scientific
footing, Computer Scientists have deprived themselves of access to such
research. Consequently, many of the "obvious" claims about the value of
various computing technologies that we Computer Scientists make are more
akin to the lore of home remedies for curing illness. Some are valid, others
are unfounded speculation. More seriously, the theoretical basis for
recommending home medical remedies and new computer technologies is not
advanced without having sound research programs.

What is needed

CTF sets the stage for a broader appreciation of value of Organizational
Informatics within Computer Science. It bases the expansion of the
discipline on a rich array of applications in which many of the effective
technologies must be conceived in relationship to plausible uses in order
provide attractive social value for multi-billion dollar public

The CS community needs an institutionalized research capability to produce
a reliable body of knowledge about the usability and of computerized
systems and the conditions under which computer systems improve
organizational performance. The CS curriculum must include opportunities
for students to learn the most reliable knowledge about the social
dimensions of systems development and use. While the study of
Organizational Informatics builds upon both the traditional technological
foundations of CS and the social sciences, it is not a sustainable topic
within the social sciences at most universities. Other disciplines will not
do our important work for us. Mathematics departments may be willing to
teach graph theory for CS students, but the analysis of algorithms would be
a much weaker field if it could only be carried out within Mathematics
Departments. For similar reasons, it is time for the academic Computer
Science to embrace Organizational Informatics as a key area of research and


    Boland, Richard and Rudy Hirschhiem (Ed). 1987.  Critical Issues in
       Information Systems, New York: John-Wiley.
    Bullen, Christine and John Bennett. 1991.  Groupware in Practice: An
       Interpretation of Work Experience" in Dunlop and Kling 1991b.
    Cotterman, William and James Senn (Eds). 1992. Challenges and
       Strategies for Research in Systems Development. New York: John
    Dunlop, Charles  and and Rob Kling, 1991a. "Introduction to the
       Economic and Organizational Dimensions of Computerization." in
       Dunlop and Kling, 1991b.
    Dunlop, Charles and and Rob Kling (Ed). 1991b. Computerization and
       Controversy: Value Conflicts and Social Choices. Boston: Academic
    Ehn, Pelle. 1989. "The Art and Science of Designing Computer
       Artifacts." in Charles Dunlop and and Rob Kling (Ed),
       Computerization and Controversy: Value Conflicts and Social
       Choices. Boston: Academic Press. 1991.
    Galegher, Jolene, Robert Kraut, and Carmen Egido (Ed.) 1990.
       Intellectual Teamwork: Social and Intellectual Foundations of
       Cooperative Work.  Hillsdale, NJ: Lawrence Erlbaum.
    Grudin, Jonathan. 1989. "Why Groupware Applications Fail: Problems in
       Design and Evaluation." Office: Technology and People.
    Hartmanis, Juris and Herbert Lin (Eds). 1992. .Computing the Future: A
       Broader Agenda for Computer Science and Engineering.
       National Academy Press, 1992. [Briefly summarized in
       Communications of the ACM, November 1992]
    Kling, Rob. 1992. "Behind the Terminal: The Critical Role of Computing
       Infrastructure In Effective Information Systems' Development and
       Use." Chapter 10 in Challenges and Strategies for Research in
       Systems Development. edited by William Cotterman and James Senn.
       Pp. 153-201. New York: John Wiley.
    Lucas, Henry C. 1981. Implementation : the Key to Successful
       Information Systems. New York: Columbia University Press.


I appreciate efforts by several colleagues to strengthen this paper through
their comments: Jonathan P. Allen, Lisa Covi, Sy Goodman, Beki Grinter,
Jonathan Grudin, John King, Tim Standish, John Tillquist, and Carson Woo.


End of PRIVACY Forum Digest 01.29

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH