TUCoPS :: Privacy :: priv_208.txt

Privacy Digest 2.08 3/12/93


PRIVACY Forum Digest     Friday, 12 March 1993     Volume 02 :
Issue 08

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
     
                     ===== PRIVACY FORUM =====

       The PRIVACY Forum digest is supported in part by the 
           ACM Committee on Computers and Public Policy.


CONTENTS
     Re: Should the information industry be consentual? (Tommy
O'Lin)
     Re: Should the information industry be consentual?
            (kaiser@heron.enet.dec.com) 
     B.C. Will Choose New Privacy Commissioner (Leslie Regan Shade)
     Quebec examines personal data law (Leslie Regan Shade)
     Reverse directories (Joseph Pearl)


 *** Please include a RELEVANT "Subject:" line on all submissions!
***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------
------------
The PRIVACY Forum is a moderated digest for the discussion and
analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their
relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and
must have
RELEVANT "Subject:" lines.  Submissions without appropriate and
relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a
message
consisting of the word "help" (quotes not included) in the BODY of
a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should
be
reported to "list-maint@cv.vortex.com".  All submissions included
in this
digest represent the views of the individual authors and all
submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and
all
related materials, is available via anonymous FTP from site
"cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or
"anonymous", and
enter your e-mail address as the password.  The typical "README"
and "INDEX"
files are available to guide you through the files available for
FTP
access.  PRIVACY Forum materials may also be obtained automatically
via
e-mail through the listserv system.  Please follow the instructions
above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used
to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "cv.vortex.com".

For information regarding the availability of this digest via FAX,
please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300,
or FAX
to (310) 455-2364.
-----------------------------------------------------------------
------------

VOLUME 02, ISSUE 08

   Quote for the day:

     "I would like to be on some cutting-edge Bell Labs thing.
      But I'm just not smart enough, so I'd probably be backing
      up stuff and getting coffee."

                 -- Illusionist Penn Jillett (of Penn & Teller),
when
                 asked what he'd like to be doing if he were
working
                 in high-tech.

-----------------------------------------------------------------
-----

Date:    Tue, 9 Mar 93 14:05:50 EST
From:    adiron!tro@uunet.UU.NET (Tommy O'Lin)
Subject: Re: Should the information industry be consentual?

   From:    John Pettitt <jpettitt@well.sf.ca.us>

   Continuing the public discussion with Larry

   .... I submit that he has yet to prove a case where free flow of
_accurate_
   information has caused a problem.

   [paragraphs omitted]

   Data collection and trading is going to happen no matter what -
even if it
   moves off shore (a silly concept in the digital age).  The
sooner we face
   the reality and establish norms, conventions and taboos
regarding data
   the better.  A start would be to:

   1) don't restrict the free flow of _accurate_ data

Well, then, how about if John posts to the rest of us:

- a full (and accurate, of course) financial disclosure, including
a list of
all bank accounts (with balances), all credit accounts (with
balances), all
investment holdings, all real property holdings, etc.  Be sure to
include
accurate income information.

- a list of all publications to which he subscribes or has
subscribed in the
past 5 years.

- a list of all organizations to which he has donated money or
other property
over the past 5 years.

- a list of all books and audio/video recordings he has bought,
rented, or
borrowed over the past 5 years.

- anybody want to know anything else?  Send in your queries today!

As long as he's at it, he might as well post the information on the
front of
his home and business - and it would be convenient for some people
if he posted
it on the bulletin board at the grocery store, too.  Of course, no
harm would
come from any of this, as long as the information is _accurate_.

   2) establish clear, enforced methods of trcking data
   3) make provision for reaonable penalties for selling inaccurate
data

   The problem with all this it is completly impossible to enforce.

If not impossible, perhaps difficult.  Laws against homicide cannot
prevent
murders, but society still tries.

   If you can find a real case of harm by accurate information used
lawfully
   and a way of enforcing privacy I would be happy to look at it.

You might be right.  Let's give it a try.  Post your accurate
information and
see if anything happens.

   Tom Olin    tro@partech.com    uunet!adiron!tro    (315)
738-0600 Ext 638
 PAR Technology Corporation * 220 Seneca Turnpike * New Hartford NY
13413-1191

------------------------------

Date:    Wed, 10 Mar 93 11:22:18 +0100
From:    kaiser@heron.enet.dec.com (European Technology &
Architecture)
Subject: Re: Should the information industry be consentual?

John Pettitt writes:

     I submit that [Larry Seiler] has yet to prove a case where
free
     flow of _accurate_ information has caused a problem.

Problems for whom?

Experience shows that in the business of accumulating and
exchanging
databases about personal information there is a high rate of
corruption, of
both data [1] and individuals [2].  Moreover, there are plenty of
obvious
cases where the free flow of accurate information is unwise,
inhumane, or
illegal [3].

     [1] As a consultant I've worked with businesses on their
billing
     and marketing databases, and my professional experience is
that the
     best of these has a high error rate.  I've also worked with
     governmental agencies on similar databases, and once had the
dismal
     pleasure of seeing two years' work -- on a project funded by
a UN
     agency, not done by me -- having to be abandoned when I
     demonstrated the internal inconsistency of personal data in
the
     database.  Read "Consumer Reports" (Consumers Union) about the
     problems with credit-reporting companies.  Good rule of thumb:
all
     data are dirty until proven otherwise.  Many of us can provide
     anecdotal evidence from my own credit life.  I can.

     [2] Anecdotal evidence from many recent cases, for instance
those
     involving the sale of police data by trusted insiders, or the
sale
     of banking and credit information by trusted insiders. 
Several of
     these in the news recently.

     [3] Medical information?  Sexual information?  Arrest records? 
The
     information may be accurate, but should it flow freely?  What
about
     a complete and accurate transcription of all your
conversations and
     activities with the last three boyfriends/girlfriends you
haven't
     married?

These aren't only civil liberties problems; there are business
costs for
using inaccurate data, or using even accurate data inappropriately;
but
businesses -- at least in America -- can, so far, force society and
individuals to shoulder much of those costs.  We shouldn't have to.

___Pete

------------------------------

Date:    Wed, 10 Mar 1993 19:46:43 -0500 (EST)
From:    Leslie Regan Shade <shade@Ice.CC.McGill.CA>
Subject: B.C. Will Choose New Privacy Commissioner

The March 9, 1993 issue of The Globe and Mail (Canada's national
newspaper) had an article on p. A9 entitled "How B.C. is forming
open
society" by Robert Matas.

Paraphrasing from the article:

Matas mentions that the province of British Columbia has just
closed their
job competition for the province's first information and privacy
commissioner.  The recommendation for hiring should happen next
month when 
the all-party legislation decides who is the lucky person--out of
170
applicants.

B.C.'s first freedom of information law  passed last year. 
This law assumes that "Canadians no longer trust politicians and
bureaucrats to handle public policy" B.C., although the 8th
province to introduce such legislation, promises to be more
advanced than
other laws. 

Beginning in the fall, information and privacy provisions are to be
phased
in over 18 months, with public access to the files of about 200
provincial
boards, agencies, commissions, and corporations.  

The "leading edge" provision will require senior government
officials to
disclose information (with or without a request) that reveals a
serious
health, safety, or environmental hazard. 

As well, the provisions will be extended to cover school boards,
municipalities, hospital boards, police boards, postsecondary
institutions, and local government agencies.  By 1995,
self-governing
professional bodies (doctors, lawyers, architects, engineers, etc)
will be
required to comply by 1995.  

------------------------------

Date:    Wed, 10 Mar 1993 19:58:56 -0500 (EST)
From:    Leslie Regan Shade <shade@Ice.CC.McGill.CA>
Subject: Quebec examines personal data law

>From the Globe and Mail (Canada's national newspaper), February
24, 1993,
"Quebec examines proposal on guarding personal data", by Rheal
Seguin.

Paraphrase:  the article mentions that a bill for the Province of
Quebec
which aims to protect personal information (credit card records,
medical
files) is being scrutinized by a Quebec National Assembly
committee. 

The bill would require that personal information obtained by credit
bureaus or other private companies not be available to third
parties
without the individual's consent.  

Several instances have alarmed privacy advocates, and these have
been
raised by the Parti-Quebecois communications critic, Michel
Bourdon.  For
instance, it is alleged that employees of Equifax Canada have
passed
themselves off as Revenue Ministry employees in order to obtain the
addresses of individuals who have defaulted on their Hydro-Quebec
(electricity) payments.  Equifax Canada is the largest credit
bureau in
Quebec. Their biggest client is the Quebec Ministry of Manpower,
Income
Security and Skills Dept., which frequently requests credit checks
on
welfare recipients. 

As well, a Montreal woman, after receiving treatment in a hospital
for
heart problems, received information about a pre-arranged funeral
package.
 
Critics of the legislation, such as Rebe Laperriere of the
University of
Quebec's Groupe de recherche informatique et droit, believe that
the law
should state clearly under what circumstances a company could have
access
to personal information, as well as imposing tighter restrictions
on how
it is used.

------------------------------

Date:    Thu, 11 Mar 93 09:28:03 EST
From:    joep@jaguar.informix.com (Joseph Pearl)
Subject: reverse directories 

Just a little more into the fray...

I was at Sears with my wife, returning something, when the cashier
asked what our phone number was.  Without thinking, my wife told
the
cashier (one of those rough days where the brain shuts down after
6pm).  The cashier then recited our name and address and asked if
it
was correct.  

Well, this had me thinking the rest of the night -- what are they
doing with such information readily available at the cashier level?
Also, of what importance is that information when returning a $3
item?
I think that, next time, we're going to either use a fictitious
phone
number or simply refuse.  I wonder what will happen...

It's not that I'm keeping that information private - I'm listed in
the
phone book.  I just can't understand why it's necessary.

-> From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
->
-> A final suggestion is the use of "canary traps" - creative
mispellings
-> of your name for different uses - to pinpoint what list
information
-> was garnered from.

I, too, use creative mispellings of my name.  It's *really*
interesting to see from where the lists come from.  

joe.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+
Joe Pearl                Tel:  212-753-3920
Informix Software, Inc.            Fax:  212-753-4210
757 Third Avenue              Email:    joep@informix.com
New York, NY  10017

     [ I have removed somewhat extensive quoted text (from previous
       digest messages) that was originally included in the 
       above message.

       A comment: I would suggest that it is never a good idea
       to use a fictitious phone number in response to a clerk's
       query.  Doing so simply risks dragging some other person,
       who might have that number, into the situation.  If the
clerk
       insists on a number, and you don't want to give it, ask
       for the manager, or consider doing business elsewhere. 

       Keep in mind that in most cases you're simply dealing with 
       a clerk who has a specific set of information he has
       been instructed to get and may not realize that not everyone
       is willing to provide a number.  However, in almost all
cases,
       when faced with a choice of not getting the number or losing
       the sale, the clerk will opt for the former. -- MODERATOR ]

------------------------------

End of PRIVACY Forum Digest 02.08
 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH