TUCoPS :: Privacy :: priv_229.txt

Privacy Digest 2.29 8/22/93

PRIVACY Forum Digest        Sunday, 22 August 1993        Volume 02 : Issue 29

          Moderated by Lauren Weinstein (lauren@vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	Info from "Privacy Rights Clearinghouse" in PRIVACY Forum Archive
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	DMV vs. Fainting (Brett Glass)
	Call for Clipper Comments (David Sobel)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.


   Quote for the day:

	"This tape will self-destruct in five seconds."

		-- IMF [Impossible Mission Force] Control (Bob Johnson)
		   "Mission Impossible" (1966-1973)


Date:    Sun, 22 Aug 93 19:42 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Info from "Privacy Rights Clearinghouse" in PRIVACY Forum Archive

Greetings.  The "Privacy Rights Clearinghouse" (PRC) is an organization in
which many readers of the PRIVACY Forum may be interested.  While their
emphasis is on California, most of their materials are relevant anywhere in
the U.S., at least.  To quote from their introductory text:

   "The Clearinghouse is a nonprofit consumer education service funded by
   the California Public Utilities Commission through its Telecommunications
   Education Trust. It is administered by the University of San Diego School
   of Law's Center for Public Interest Law."

The PRC publishes a number of "fact sheets" which cover individual topics
relating to privacy, and also operates an online bulletin board service.

I'm pleased to announce that the PRIVACY Forum has made arrangements for
all of the PRC fact sheets and some of their other related information
to be available to the Internet and connected networks via our archive
services.  Information on accessing this material is below. 

The PRIVACY Forum is not affiliated with the PRC, so any questions
regarding information contained in the PRC-related files should be
directed to the PRC itself.  I believe you'll find the material
to be quite interesting!


Accessing "Privacy Rights Clearinghouse" materials from the 
PRIVACY Forum Archive:

Via Anon FTP: From site "ftp.vortex.com":

	Use the appropriate filename listed below.  If you include
	the ".Z" be sure to do a binary (image) mode transfer so
        that you can uncompress the file locally.  If you leave off the
	".Z", the file will be uncompressed for you automatically
	during transfer.

 Via e-mail: 

	Send mail to "listserv@vortex.com" with the line:

	    get privacy <name>

        at the start of the BODY of the message, where <name> is replaced
	with one of the items listed below.  DO *NOT* INCLUDE THE ".Z" ON
	YOUR REQUEST!  You may request one item per message.  Example:

	    get privacy prc.summ-1

Via gopher: From the gopher server on site "gopher.vortex.com"
	    in the "*** PRIVACY Forum ***" area.

Available PRC items in the PRIVACY Forum archive:

prc.intro.Z     Short Intro to the Privacy Rights Clearinghouse (PRC), 8/93
prc.summ-1.Z    PRC Fact Sheet (FS) #1 -- Detailed info about PRC, 7/93
prc.cord-2.Z    PRC FS #2 -- Cordless and Cellular Phone Issues, 10/92
prc.harr-3.Z    PRC FS #3 -- Ending Unwanted or Harassing Calls, 6/93
prc.junk-4.Z	PRC FS #4 -- Junk Mail Issues, 2/93
prc.tmkt-5.Z    PRC FS #5 -- Telemarketing Issues, 3/93
prc.crdt-6.Z    PRC FS #6 -- Privacy of Credit Reports, 6/93
prc.work-7.Z    PRC FS #7 -- Employee Monitoring and Workplace Privacy, 3/93
prc.med-8.Z	PRC FS #8 -- Privacy of Medical Information, 3/93
prc.wire-9.Z    PRC FS #9 -- Wiretapping and Eavesdropping, 3/93
prc.ssn-10.Z    PRC FS #10 -- Social Security Number Security, 6/93
prc.bbs-info.Z  Info about the PRC Computer Bulletin Board Service, 8/93



Date:    Mon, 16 Aug 93 10:09:51 PST
From:    "Brett Glass" <Brett_Glass@ccgate.infoworld.com>
Subject: DMV vs. Fainting [Subject field chosen by MODERATOR]

In a message dated 2 August, 1993, Mel Beckman claims that only
"unexplained" or "pathology-related" loss of consciousness must be reported
to California's DMV. He goes on to say that loss of consciousness as a
result of a trauma, heat prostration, drug overdose, or any other
identifiable agent is not reportable.

To determine whether this was true or not, I interviewed Celeste, a
physician's nurse at Kaiser Permanente's Redwood City health clinic.
(Because she fills out the forms, she needs to understand exactly what the
law requires.) She says that a report must be filed with the DMV "ANYTIME 
a patient has a lapse of consciousness, or even a change in mental status
(such as disorientation)." According to Celeste, the law makes no
exceptions for lapses of consciousness whose cause is known. (Anaesthesia,
incidentally, is not considered to be a "lapse" of consciousness.)

She further stated that once the report is filed, the DMV immediately
suspends the patient's license pending investigation. Since even a few
days' loss of driving privileges may jeopardize the patient's job, and
because the suspension appears on the patient's driving record where it can
be seen by insurance companies, the report (which many doctors feel
violates the confidentiality of the doctor-patient relationship) may have a
devastating effect on the patient's life.

I am in the process of securing permission to post the Merc's original
article on the subject. I have not been able to locate the person mentioned
in that article (who lost consciousness after drinking alcohol while taking
a heart drug); her phone number does not appear to be listed. But the
nurse's account appears to confirm what the Mercury News (and Dr. Dean
Edell) have already reported: Californians can truly lose their licenses
and insurance after a single fainting spell.

	[ Brett did ultimately receive permission from the San Jose Mercury
	  News for inclusion of their April, 1991 article on this topic
	  (thanks Brett!).  However, due to its length and its being almost
	  two and a half years old, I've chosen not to do so at this time.

	  The bottom line from the article appeared to be that:

	    1) Recent sensationalized cases had made doctors likely
	       to report virtually any fainting, for fear of being
	       blamed later if they didn't file such reports.

	    2) A recent change in the law apparently protected doctors
	       from any actions on the part of people who lost their
	       licenses as a result of such reports.
	    3) There was a severe lack of guidelines for how such cases
	       should be handled by DMV, or how people could prove that they
	       were not a risk.  This resulted in people who were unable to
	       get their licenses back even when doctors later said that
	       their one-time fainting was due to a prescription drug dosage
	       error or other non-systemic problem.

 	    The article also implied that efforts were being made to create
	    standards to "solve" these problems.  I'm sure we'd all like to
	    know what has happened (if anything) in the ensuing years on
	    this topic... -- MODERATOR ]

Date:    Tue, 17 Aug 1993 14:06:35 EST
From:    David Sobel <dsobel@washofc.cpsr.org>
Subject: Call for Clipper Comments

The National Institute of Standards and Technology (NIST) has
issued a request for public comments on its proposal to establish
the "Skipjack" key-escrow system as a Federal Information
Processing Standard (FIPS).  The deadline for the submission of
comments is September 28, 1993.  The full text of the NIST notice

CPSR is urging all interested individuals and organizations to
express their views on the proposal and to submit comments
directly to NIST.  Comments need not be lengthy or very detailed;
all thoughtful statements addressing a particular concern will
likely contribute to NIST's evaluation of the key-escrow proposal.

The following points could be raised about the NIST proposal
(additional materials on Clipper and the key escrow proposal may
be found at the CPSR ftp site, cpsr.org):

* The potential risks of the proposal have not been assessed and
many questions about the implementation remain unanswered.  The
NIST notice states that the current proposal "does not include
identification of key escrow agents who will hold the keys for the
key escrow microcircuits or the procedures for access to the
keys."  The key escrow configuration may also create a dangerous
vulnerability in a communications network.  The risks of misuse of
this feature should be weighed against any perceived benefit.

* The classification of the Skipjack algorithm as a "national
security" matter is inappropriate for technology that will be used
primarily in civilian and commercial applications.  Classification
of technical information also limits the computing community's
ability to evaluate fully the proposal and the general public's
right to know about the activities of government.

* The proposal was not developed in response to a public concern
or a business request.  It was put forward by the National
Security Agency and the Federal Bureau of Investigation so that
these two agencies could continue surveillance of electronic
communications. It has not been established that is necessary for
crime prevention.  The number of arrests resulting from wiretaps
has remained essentially unchanged since the federal wiretap law
was enacted in 1968.

* The NIST proposal states that the escrow agents will provide the
key components to a government agency that "properly demonstrates
legal authorization to conduct electronic surveillance of
communications which are encrypted."  The crucial term "legal
authorization" has not been defined.  The vagueness of the term
"legal authorization" leaves open the possibility that court-
issued warrants may not be required in some circumstances.  This
issue must be squarely addressed and clarified.

* Adoption of the proposed key escrow standard may have an adverse
impact upon the ability of U.S. manufacturers to market
cryptographic products abroad.  It is unlikely that non-U.S. users
would purchase communication security products to which the U.S.
government holds keys.

Comments on the NIST proposal should be sent to:

Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899

Submissions must be received by September 28, 1993.  CPSR has
asked NIST that provisions be made to allow for electronic
submission of comments.

Please also send copies of your comments on the key escrow
proposal to CPSR for inclusion in the CPSR Internet Library, our
ftp site.  Copies should be sent to <clipper@washofc.cpsr.org>.


                         FEDERAL REGISTER
                         VOL. 58, No. 145

                     DEPARTMENT OF COMMERCE (DOC)
        National Institute of Standards and Technology (NIST)

                     Docket No. 930659-3159
                         RIN 0693-AB19

A Proposed Federal Information Processing Standard for an Escrowed
Encryption Standard (EES)

                        58 FR 40791

                     Friday, July 30, 1993

Notice; request for comments.

SUMMARY: A Federal Information Processing Standard (FIPS) for an
Escrowed Encryption Standard (EES) is being proposed. This
proposed standard specifies use of a symmetric-key
encryption/decryption algorithm and a key escrowing method which
are to be implemented in electronic devices and used for
protecting certain unclassified government communications when
such protection is required. The algorithm and the key escrowing
method are classified and are referenced, but not specified, in
the standard.

   This proposed standard adopts encryption technology developed
by the Federal government to provide strong protection for
unclassified information and to enable the keys used in the
encryption and decryption processes to be escrowed. This latter
feature will assist law enforcement and other government agencies,
under the proper legal authority, in the collection and decryption
of electronically transmitted information. This proposed standard
does not include identification of  key escrow  agents who will
hold the keys for the  key escrow  microcircuits or the procedures
for access to the keys. These issues will be addressed by the
Department of Justice.

   The purpose of this notice is to solicit views from the public,
manufacturers, and Federal, state, and local government users so
that their needs can be considered prior to submission of this
proposed standard to the Secretary of Commerce for review and

   The proposed standard contains two sections: (1) An
announcement section, which provides information concerning the
applicability, implementation, and maintenance of the standard;
and (2) a specifications section which deals with the technical
aspects of the standard. Both sections are provided in this

DATES: Comments on this proposed standard must be received on or
before September 28, 1993.

ADDRESSES: Written comments concerning the proposed standard
should be sent to: Director, Computer Systems Laboratory, ATTN:
Proposed FIPS for Escrowed Encryption Standard, Technology
Building, room B-154, National Institute of Standards and
Technology, Gaithersburg, MD 20899.

   Written comments received in response to this notice will be
made part of the public record and will be made available for
inspection and copying in the Central Reference and Records
Inspection Facility, room 6020, Herbert C. Hoover Building, 14th
Street between Pennsylvania and Constitution Avenues, NW.,
Washington, DC 20230.

Institute of Standards and Technology, Gaithersburg, MD 20899,
telephone (301) 975-2913.

	[ I have omitted the "Supplementary Information" that followed the
	  Federal Registry text above, which essentially duplicated
	  previously available information regarding Clipper basics and was
	  fairly lengthy.  -- MODERATOR ]

End of PRIVACY Forum Digest 02.29

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH