TUCoPS :: Privacy :: priv_227.txt

Privacy Digest 2.27 8/1/93

PRIVACY Forum Digest        Sunday, 1 August 1993        Volume 02 : Issue 27

          Moderated by Lauren Weinstein (lauren@vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	CPSR Urges Revision of Secrecy System (David Sobel)
	Credit Reports and National Security (Dave Banisar)
	Medical privacy and the DMV (Brett Glass)
	Re: Name & Address from Phone Number in Chicago (Chris Johnston)
	Call for Papers: Computer Network Use and Abuse Conference
	   (Paul Higgins)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.


   Quote for the day:

	"Book him, Dano."
		-- Steve McGarrett (Jack Lord)
		   "Hawaii Five-O" (1968-1980)


Date:    Thu, 15 Jul 1993 16:58:33 EST
From:    David Sobel <dsobel@washofc.cpsr.org>
Subject: CPSR Urges Revision of Secrecy System

     Computer Professionals for Social Responsibility (CPSR) has
called for a complete overhaul in the federal government's
information classification system, including the removal of
cryptography from the categories of information automatically
deemed to be secret.  In a letter to a special Presidential task
force examining the classification system, CPSR said that the
current system -- embodied in an Executive Order issued by
President Reagan in 1982 -- "has limited informed public debate on
technological issues and has restricted scientific innovation and
technological development."

     The CPSR statement, which was submitted in response to a
task force request for public comments, strongly criticizes a
provision in the Reagan secrecy directive that presumptively
classifies any information that "concerns cryptology."  CPSR notes
that "while cryptography -- the science of making and breaking
secret security codes -- was once the sole province of the
military and the intelligence agencies, the technology today plays
an essential role in assuring the security and privacy of a wide
range of communications affecting finance, education, research and
personal correspondence."  With the end of the Cold War and the
growth of widely available computer network services, the outdated
view of cryptography reflected in the Reagan order must change,
according to the statement.

     CPSR's call for revision of the classification system is
based upon the organization's experience in attempting to obtain
government information relating to cryptography and computer
security issues.  CPSR is currently litigating Freedom of
Information Act lawsuits against the National Security Agency
(NSA) seeking the disclosure of technical data concerning the
digital signature standard (DSS) and the administration's recent
"Clipper Chip" proposal.  NSA has relied on the Reagan Executive
Order as authority for withholding the information from the

     In its submission to the classification task force, CPSR
also called for the following changes to the current secrecy

     *  A return to the "balancing test," whereby the public
     interest in the disclosure of information is weighed
     against the claimed harm that might result from such

     *  A prohibition against the reclassification of
     information that has been previously released;

     *  The requirement that the economic cost of classifying
     scientific and technical be considered before such
     information may be classified;

     *  The automatic declassification of information after
     20 years, unless the head of the original classifying
     agency, in the exercise of his or her non-delegable
     authority, determines in writing that the material
     requires continued classification for a specified
     period of time; and

     *  The establishment of an independent oversight
     commission to monitor the operation of the security
     classification system.

     The task force is scheduled to submit a draft revision of
the Executive Order to President Clinton on November 30.

     The full text of the CPSR statement can be obtained via
ftp, wais and gopher from cpsr.org, under the filename

     CPSR is a national organization of professionals in the
computing field.  Membership is open to the public.  For more
information on CPSR, contact <cpsr@cpsr.org>.


Date:    Sat, 24 Jul 1993 14:13:08 EST    
From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: Credit Reports and National Security

Last week, the Senate Intelligence Committee approved a provision that
allows for FBI access to credit reports using only a letter instead of a
judical warrant in cases that they say involved national security. There is
concern that this will be subject to abuse and that the necessity has not
been proven.  Several privacy and consumer groups sent this letter opposing
the provision.
I was unable to easily find the actual text but will get it after I come
back from vacation.
Dave Banisar
CPSR Washington Office
                             July 12, 1993
   The Honorable Dennis Deconcini
   Senate Select Committee on Intelligence
   United States Senate
   SH-211 Hart Senate Office Building
   Washington, DC  20510-6475
   Dear Chairman DeConcini;
        We are writing to voice our strong opposition to the
   Administration's legislative proposal to amend the Fair Credit
   Reporting Act (FCRA) to allow the Federal Bureau of  Investigation
   (FBI) to obtain consumer credit reports in foreign
   counterintelligence cases.
        The FBI seeks a national security letter exemption to the
   FCRA to obtain personal information from consumer  reporting
   agencies without a subpoena or court order. A  national  security
   letter gives the FBI the authority to obtain records without
   judicial approval and without providing notice to the  individual
   that his or her records have been obtained by the Bureau.
   Similar FBI proposals were rejected in previous years  after
   Congressional leaders expressed concern over  the  civil  liberties
   issues raised.
        Although the current draft proposal is more comprehensive
   than those circulated in previous years, the changes and
   additions do not alter significantly the central character of  the
   proposal. The Administration's 1993 proposal  includes  explicit
   limits to'dissemination of obtained information within the
   goverrment, penalties for violations including punitive  damages,
   and reporting requirements.  These provisions are positive
   changes from the legislation put forward in previous years,  but
   they do not save the proposal from its intrinsic flaws.
        Therefore, the reasons for our fundamental opposition to  the
   current proposal remain the same: 1) the FBI has not  demonstrated
   a compelling need for access to consumer credit reports; and  2)
   legislation that implicates civil liberties should be  addressed
   separately and not as part of the authorization process.
         There are only two instances in which Congress has
   authorized the FBI, in counterintelligence investigations, to
   obtain information about individuals pursuant to a  national
   security letter but without a subpoena, search warrant or  court
   order. First, the Electronic Communications Privacy  Act  (ECPA)
   of 1986 included a provision requiring common carriers to
   disclose subscriber information and long distance toll records  to
   the FBI in response to a national security  letter.  Second,
   congress included in the 1987 Intelligence Authorization Act  an
    amendment to the Right to Financial Privacy Act (RFPA) that
    requires banks to provide customer records to the FBI in  response
    to a similar letter. In that case, the FBI presented  to  Congress
    its case for obtaining financial records in foreign counter-
    intelligence cases and the difficulty of obtaining  those  records
    without a court order.
         In both instances when congress has previously  authorized
    the national security letter, Congress recognized that  the
    procedure departs dramatically from the procedure necessary  to
    obtain a court order.
          The FBI's current proposal seeks similar access to
    individuals' credit records held by consumer reporting  companies.
    The FBI has yet to adequately justify its need to add such  highly
    personal, sensitive information to the narrow category of  records
    subject to the national security letter exemption.
         The Bureau claims obtaining credit reports will allow  it  to
    more easily determine where a subject of an investigation  banks
    -- information the FBI claims will help them effectuate their
    ability to access bank records under the RFPA. We  opposed  the
    national security letter exemption in the RFPA and do not  endorse
    the FBI's slippery slope approach to ensuring that they  can  more
    easily obtain financial information in foreign
    counterintelligence cases. This information can be  and  is
    routinely gained without credit reports.  We do not believe
    convenience is a sufficient justification for this  significant
    exception to the law.
         The FBI further argues that obtaining banking  information
    through a credit report is preferred because it is  actually  leas
    intrusive than those investigative methods that would  otherwise
    be used.  While we too are frustrated that other information-
    gathering techniques are frequently too intrusive, our  objections
    to the other techniques do not lead us to endorse yet another
    technique that is also intrusive and that weakens  existing
    privacy law.
         Finally, we object to using the authorization process as  the
    vehicle for pursuing this change. The national  security  latter
    exemption, because it diminishes the due process and privacy
    protections for individuals, must be given the most careful
    consideration. The FBI's proposal should be  introduced  as
    separate legislation on which public hearings can  be  held.  only
    in this way can the Committee test thoroughly the FBI's  case  for
    the exemption and hear from witnesses who object to the change.
        We urge you to reject the FBI's proposal in its current
   form.  We are available to work with you on this issue.
   Janiori Goldman                                  Michelle Meier
   Privacy and Technology Project          Consumers Union
   American civil Liberties Union
   Marc Rotenberg                                 Evan Hendricks
   Computer Professionals for              U.S. Privacy Council
   Social Responsibility
   cc:  Members, Senate Select Committee on Intelligence
        The Honorable George J. Mitchell
        Senate Majority Leader
        The Honorable Donald W. Riegle, Jr., Chairman
        Senate Committee on Banking, Housing and Urban Affairs
        The Honorable Patrick J. Leahy, Chairman
        Subcommittee on Technology and the Law


Date:    Sun, 25 Jul 93 20:30:15 PST
From:    "Brett Glass" <Brett_Glass@ccgate.infoworld.com>
Subject: Medical privacy and the DMV [Subject field chosen by MODERATOR]

In a recent PRIVACY Forum Digest, Waybe Madsen describes an incident in
which an EMT reported a fainting spell to the DMV.  It's lucky for the poor
victim (who suffered from a brain tumor) that he didn't live in California,
where doctors are required to report ANY loss of consciousness -- no matter
what the cause -- to the DMV. After such a report has been made, it is
nearly impossible to get a driver's license again -- EVER. It's the law.

	[ This seems like a rather broad statement.  Some specifics
	  regarding this issue, by anyone who knows the details,
	  would be appreciated in this forum.  -- MODERATOR ]


Date:    Tue, 27 Jul 93 17:03:23 CDT
From:    Chris Johnston <chris@cs.uchicago.edu>
Subject: Re: Name & Address from Phone Number in Chicago 

    I would expect automated Customer Name and Address (CNA) would
work like the current CNA service.  Call 312-796-9600, tell the
operator the telephone number, operator either tells you it is a
non-published number or reads the name and address without zipcode,
Illinois Bell collects 35 cents.

    I use it regularly to look up numbers that appear on my pager.  Or
I could walk to the library and look it up in the criss cross



Date:    Mon, 26 Jul 1993 16:31:36 EDT
Subject: Call for Papers: Computer Network Use and Abuse Conference


The National Conference of Lawyers and Scientists (NCLS) invites
proposals for original papers to be presented at a two-and-a-
half-day invitational conference on "Legal, Ethical, and
Technological Aspects of Computer and Network Use and Abuse."
The conference, which will include 40 participants representing a
diverse set of perspectives and areas of expertise, will be held
in southern California in mid-December 1993.  Up to three
successful applicants will receive travel expenses and room and
board at the conference.  Papers will be included in the
conference proceedings and may be published subsequently in a
book or journal symposium.

The conference will focus on the ways in which the law, ethics,
and technology can contribute to influencing and enforcing the
bounds of acceptable behavior and fostering the development of
positive human values in a shared computer environment.  Primary
attention will be on unwanted intrusions into computer software
or networks, including unauthorized entry and dissemination of
viruses through networks or shared disks.  Discussions will deal
with such issues as access to information, privacy, security, and
equity; the role of computer users, academic institutions,
industry, professional societies, government, and the law in
defining and maintaining legal and ethical standards for the use
of computer networks; and a policy agenda for implementing these

Papers are invited on any aspect of the conference theme.
Especially welcome would be papers reporting on empirical
research, surveys of computer users, and case studies (other than
those that are already well-known).  Interested persons should
submit a summary or outline of no more than 500 words, together
with a brief (one-page) resum  and a statement (also brief) of
how one's expertise or perspective might contribute to the
meeting.  Proposals will be reviewed by an advisory committee
convened by NCLS and successful applicants will be asked to
prepare papers for the meeting.  Papers must be the original work
of the author, not previously published, in good academic form,
and between about 5,000 and 8,000 words (25-30 double-spaced
pages) in length.

Deadline for receipt of proposals is 5 p.m. Eastern Time,
September 15, 1993.  Applicants who are selected to prepare
papers will be informed by October 1, 1993.  Draft papers will be
due December 3, 1993.  Final versions of the papers, revised in
light of conference discussions, will be due approximately two
months after the conference.

NCLS is an organization sponsored jointly by the American
Association for the Advancement of Science and the American Bar
Association, dedicated to improving communication between members
of the legal and scientific/technical professions and exploring
issues at the intersection of law, science, and technology.
Funding for this meeting has been provided by the Program on
Ethics and Values Studies of the National Science Foundation.
For further information please contact Deborah Runkle,
Directorate for Science & Policy Programs, American Association
for the Advancement of Science, 1333 H Street, NW, Washington, DC
20005. Phone: 202-326-6600.  Fax:  202-289-4950.  E-mail:


End of PRIVACY Forum Digest 02.27

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH