TUCoPS :: Privacy :: priv_236.txt

Privacy Digest 2.36 12/3/93

PRIVACY Forum Digest     Friday, 3 December 1993     Volume 02 : Issue 36

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	Re: "On the Road to Nosiness?" (Paul Robinson)
	Re: "On the Road to Nosiness?" (Randall Davis)
	Re: "On the Road to Nosiness?" (Olivier MJ Crepin-Leblond)
	Re: Privacy of cellular phones (Brinton Cooper)
	Re: Privacy of cellular phones (Martin Minow)
	Digitized Photos (Mich Kabay)
	United Parcel Service signatures (Jim Carroll)
        GPO Access Act Implementation Proceeds;
	   Electronic FOIA Bill Introduced;
	   OMB Proposes Government Information Locator Service;
	   (ALA Washington Office)
	New Docs Reveal NSA Role in Telephony Proposal (Dave Banisar)
	Sen. Simon Introduces Major Privacy Bill;
	   Senator Simon's Statement on Introduction;
   	   Privacy Commission Bill Section Headings;
	   Bill to Remove Crypto Export Controls Introduced in House;
 	   (Dave Banisar)
	A study of National Cryptography Policy (Marjory Blumenthal)
	DIAC-94 Call for Participation  (Paul Hyland)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.


   Quote for the day:

	"Don't torture yourself Gomez--that's my job."

	          -- Morticia Addams (Anjelica Huston)
	             "The Addams Family" (Theatrical; 1991)


Date:    Sun, 28 Nov 1993 12:20:45 -0500 (EST)
From:    "Tansin A. Darcos & Company" <0005066432@MCIMAIL.COM>
Subject: Re: "On the Road to Nosiness?"

From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
"Joel A. Fine" <joel@postgres.Berkeley.EDU>, writes:

> Dan Gillmor writes:
> > ...suppose some future road officials decide to install new
> > cameras and higher-capacity transmission  lines, allowing the
> > system to scan locations, license-plate numbers and drivers'
> > faces into the computer.
> A similar system is already in place in Campbell, California, and
> several nearby municipalities, for the purpose of enforcing speed
> limits. An unmanned radar-camera combination automatically
> photographs speeding motorists and records their speed at the time
> the picture was taken. Several days later, the driver receives a
> copy of the photo, along with a bill for the appropriate fine for
> the traffic violation. The driver never talks with, or sees, a
> traffic cop.

They probably repealed the old law that required that an infraction be
witnessed by a police officer.  Mere pictures of the same should not 
be sufficient.  Photo radar makes me sick and I abhor its existence as
just another form of fascist state control.  Now you are removed from
arguing that a person made a mistake, you have to argue that the
(presumably infallible) camera made a mistake, a much higher presumption
of guilt having been foisted upon you.

The California State Constitution requirement that requires that any
person charged with a criminal offense be tried by a jury (and it does not
exempt mere fines; ALL criminal cases are supposed to be so triable) is
routinely ignored as well.

Note: All mail is read/responded every day.  If a message is sent to this
account, and you expect a reply, if one is not received within 24 hours,
resend your message; some systems do not send mail to MCI Mail correctly.


Date:    Sun, 21 Nov 93 19:44:14 est
From:    davis@ai.mit.edu (Randall Davis)
Subject: Re: "On the Road to Nosiness?"

  Date:    Mon, 08 Nov 1993 10:24:54 -0800
  From:    "Joel A. Fine" <joel@postgres.Berkeley.EDU>
  Subject: Re: "On the Road to Nosiness?"

  Dan Gillmor writes:
  > ...suppose some future road officials decide to install new
  > cameras and higher-capacity transmission  lines, allowing the
  > system to scan locations, license-plate numbers and drivers'
  > faces into the computer.

  A similar system is already in place in Campbell, California, and
  several nearby municipalities, for the purpose of enforcing speed
  limits. An unmanned radar-camera combination automatically photographs
  speeding motorists and records their speed at the time the picture was
  taken. Several days later, the driver receives a copy of the photo,
  along with a bill for the appropriate fine for the traffic violation.

A (NJ?) newspaper carried a story a few years back about a driver who had
received one of those photos and tickets, and who responded by mailing in a
photograph of the appropriate amount of money.  The Motor Vehicle folks
replied by mailing him a photo of a pair of handcuffs.  He paid up.

	[ I've heard this story before, and I'm still not completely
	  convinced that this "handcuffs photo" response actually
	  occurred.  In any case, it's an amusing story.  -- MODERATOR ]


Date:    Mon, 22 Nov 1993 11:02:52 +0000
From:    Olivier MJ Crepin-Leblond <o.crepin-leblond@ic.ac.uk>
Subject: Re: "On the Road to Nosiness?"

> Date:    Mon, 08 Nov 1993 10:24:54 -0800
> From:    "Joel A. Fine" <joel@postgres.Berkeley.EDU>
> Subject: Re: "On the Road to Nosiness?"
[ on the subject of roadside cameras ]

> A similar system is already in place in Campbell, California, and
> several nearby municipalities, for the purpose of enforcing speed
> limits. An unmanned radar-camera combination automatically photographs
> speeding motorists and records their speed at the time the picture was
> taken. Several days later, the driver receives a copy of the photo,
> along with a bill for the appropriate fine for the traffic violation.
> The driver never talks with, or sees, a traffic cop.

Here in London such a scheme has been active for over a year.  The cameras
actually have a film inside them. One of the first days of trial, the police
thought that they'd be able to use one film for more than a week. The film
was used-up in a few hours. Since that time, of course, the London motorist
has trained to recognise the cameras and slow-down at their sight (only to
pick-up speed a few hundred yards later ;-) As a result, it is rumoured that
not all cameras have a film in them, but since nobody wants to take a
chance, they have the desired effect of slowing down the traffic and making
it adhere to the speed limits. A "nice" touch is the flash that the camera
has, so that you can be seen even at night.  A disturbing thought, however
is what one feels in the middle of the night, say at 3:00am, when nobody is
around, the speed limit is ridiculously low, and you're alone in the car.
When passing by the cameras, you always feel that someone is watching you.

Definitely not my cup of tea as far as the future is concerned.
Olivier M.J. Crepin-Leblond, Digital Comms. Section, Elec. Eng. Department
 Imperial College of Science, Technology and Medicine, London SW7 2BT, UK
       Internet/Bitnet: <foobar@ic.ac.uk> - Janet: <foobar@uk.ac.ic>


Date:    Sun, 21 Nov 93 23:24:43 GMT
From:    Brinton Cooper <abc@ARL.ARMY.MIL>
Subject: Re: Privacy of cellular phones

There have been many remarks in these forums, recently, of this type:

	"Too bad the cop had to break the (eavesdropping) law. At least
	he caught a crook. The crook had it coming, so what's the harm?"

Here's the harm:  You, a law-abiding citizen, are having an innocent
cellular phone conversation with your equally law-abiding spouse when an
officer of the law illegally eavesdrops on your conversation.  The
segment of conversation which she hears (perhaps out of context) sounds
to her like a discussion of concurrent legal activity so she determines
your location, then tracks you down and arrests you.

Now you've done nothing wrong.  However, YOU HAVE BEEN ARRESTED.  So if
your job, as mine, depends upon holding a security clearance, every time
you are asked subsequently, "Have you ever been ARRESTED for a crime?"
you must answer in the affirmative, then go through the whole mess and
explain yourself.  You may even have to discuss the content of the phone
conversation.  (Well, you may not HAVE to, but, then, "you don't have to
work here, either.")

Further, YOU HAVE BEEN ARRESTED, detained from free exercise of your
liberties.  You may be held overnight, perhaps in an urban jail in (name
your least favorite big city) where you may well be harmed or worse
(must I draw you a picture?) by other inmates.

All this happens because it's OK for the cop to break the law if it
results in arresting a "crook."  

And who's a "crook," anyway?  Are all detainees crooks?  Are we guilty
before the law until we prove ourselves innocent, or is it the other
way around?

This is a quiz. You may flunk.



Date:    Mon, 22 Nov 93 09:22:15 -0800
From:    Martin Minow <minow@apple.com>
Subject: Re: Privacy of cellular phones

In a note to Privacy 02.35, Les Earnest (les@sail.stanford.edu) notes that
the location of a cellular phone can be determined to less than a square
mile by measuring the signal strength at nearby transceiver sites.

By measuring the *time* that a signal arrives at three or more sites --
something that is fairly easy to do using commercially-available high
precision "atomic" clocks -- it should be easy to locate a phone to
a few square meters. Note also, that the receiving sites need not be
co-located with the cellular phone transceivers. (Three sites are
needed to locate a site, but more sites would allow for more accurate

Martin Minow


Date: 23 Nov 93 16:52:27 EST
From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com>
Subject: Digitized Photos


[ The author quotes an Associated Press newswire item regarding plans by
  fourteen U.S. states and two Canadian provinces to begin using digitized
  photos on drivers' licenses.  It notes that such photos could be easily
  altered, matched, transmitted, etc., and points out that privacy experts
  are concerned about potential misuse of these
  digitized images.  -- MODERATOR ]

The article goes on to explain that privacy advocates are already worried
about the potential for abuse.  Possible abuses include

 o release of the pictures to the direct-marketing industry, which could
   target specific categories of people (e.g., bald people or those in need
   of dental care) for campaigns;

 o illegal use by criminals to stalk, harass or intimidate victims.

The FBI is claimed to be interested in nationwide picture files and is
currently upgrading its databases to handle pictures such as those from motor
vehicle licenses.

Even in police work, such files could be misused: ``For example, courts have
frowned on police roundups of all young black men near a crime scene -- but
police could use the computer to scan the pictures of every driver living
in the area.''

Police could greatly increase the number of pictures shown to witnesses of
crimes by including thousands of photos of innocent people--with a likely
increase in the number of false positive misidentifications.

Because the pictures will be stored in digital fashion, changing them will
be very easy.

Privacy watchdogs urge caution and thought as the systems are implemented.

Michel E. Kabay, Ph.D.  Director of Education  National Computer Security Assn


Date: 	Fri, 19 Nov 1993 11:00:44 -0500
From: jcarroll@jacc.com (Jim Carroll)
Subject: United Parcel Service signatures


UPS (United Parcel Service) arrived at my doorstep the other day, with
yet another package for delivery.

I signed the little handheld machine that they carry around, to signify my
receipt of the package. I've been doing this for the last couple of years. UPS
is the only courier (in Canada, in any event) to use these handy little

However, I began to wonder this time about UPS and signatures. UPS must
have collected my signature in digital form over 50 times now through the
past few years. 

Maybe my signature exists in some UPS database at this point? Maybe a smart
hacker somewhere in the bowels of has figured out a way to download my
signature from their field device?  Maybe my digital signature can be misused
in some fashion?

What are the risks that are posed by UPS collecting digital signatures? Might
those risks be compounded as more companies implemented field devices such as
UPS? What should we as consumers being doing to protect ourselves?

Should I even bother signing with my real signature, or should I just print
out my name?

Perhaps there is an interesting issue here that RISKS should explore.

Jim Carroll, J.A. Carroll Consulting, Mississauga, Ontario  jcarroll@jacc.com
+1.905.855.2950   Co-Author, "The Canadian Internet Handbook", due March 1994


Date:         Wed, 1 Dec 1993 12:55:54 -0500
From:         ALA Washington Office <alawash@alawash.org>
	      [ Combined subject field by MODERATOR ]

[ Extracted from ALAWON; Vol. 2, No. 54 -- MODERATOR ]

              American Library Association Washington Office


The Superintendent of Documents has held two meetings to describe the
implementation of the Government Printing Office Electronic Information
Access Enhancement Act of 1993 (PL 103-40).  The first was held at GPO on
October 22 to consult with information companies, while a similar meeting
for depository librarians was conducted in Chicago at the Depository
Library Council meeting on November 2.

Under the GPO Access Act, the Superintendent of Documents is required to
(1) maintain an electronic directory of federal electronic information; (2)
provide a system of online access to the Congressional Record, the Federal
Register and other appropriate publications; and (3) operate an electronic
storage facility for federal electronic information.  Work has begun on all
three components of the legislation.

For example, GPO's prototype locator should be operational by June 1994.
The implementation will use a phased approach, and the initial set of
information will be available by January 1994, with additional agencies or
information sources being added gradually thereafter.  The result will not
be a single, central locator, but rather a series of inter-related,
individual locators in several different locations.  According to GPO, the
prototype locator will:

*    allow federal depository libraries and members of the public access to
     an electronic Locator Service in order to obtain data on selected
     federal information services and products as well as to facilitate
     access to the referenced information.

*    provide a basis for the collection of data on user characteristics and
     needs, as well as tracking Prototype Locator usage.

*    demonstrate the feasibility of integrating the Prototype Locator with
     the other components of the GPO Access System, particularly the Online
     Interactive System.

GPO has set up a free Special Interest Group (SIG) on the Federal Bulletin
Board to announce continuing developments under the GPO Access legislation.
The SIG is named GPOACCES.  You can also use the electronic mail service
(E-mail) to send comments by addressing a message to GPOACCES.  To access
The Federal Bulletin Board, contact the GPO Office of Electronic
Information Dissemination Services (EIDS) by telephone at (202) 512-1265 or
by Fax at (202) 512-1262.



On November 23, Senators Patrick Leahy (D-VT) and Hank Brown (R-CO)
introduced S. 1782, Electronic Freedom of Information Improvement Act of
1993 (see November 23 _Congressional Record_, pp. S17056-8).  Senator Leahy
said S. 1782 will give the public access to the records of federal agencies
maintained in electronic form, and takes steps to alleviate the endemic
delays in processing requests for government records.  Without specifically
naming the GPO Access Act, Senator Leahy referred to it in his introductory
statement:  "We recognized the importance of such electronic access when we
recently passed a law requiring that people have online access to important
Government publications, such as the Federal Register, the CONGRESSIONAL
RECORD, and other documents put out by the Government Printing Office."



The Office of Management and Budget is promoting the establishment of an
agency-based Government Information Locator Service (GILS).  In the
November 19 _Federal Register_, pp. 61109-10, OMB requested comments on a
draft design concept for the proposed GILS, and announced a public meeting
on the proposed GILS.  To receive a paper copy of the draft document, or to
request an opportunity to speak at the public meeting, contact Barbara
Banks, Information Policy Branch, Office of Information and Regulatory
Affairs, OMB, Room 3235, New Executive Office Building, Washington DC
20503. Telephone: (202) 395-4814.

Comments on the draft design concept should be received by December 15,
1993, at the above address.  The public meeting will be held on December
13, 2 to 4 p.m., in the auditorium at the Department of Interior, 1849 C
Street, NW, Washington, DC.

In addition to paper copy, the draft design concept will be available on
the FedWorld bulletin board.  FedWorld can be accessed by using a modem to
dial 703/321-8020. For further instructions to access FedWorld, call
703/487-4608.  The document will also be available on the Internet via
anonymous File Transfer Protocol from as /pub/gils.doc
(Microsoft Word for Windows format) or /pub/gils.txt (ASCII text format).
Electronic comments on the draft may be submitted via electronic mail to
the following OMB X.400 mail address:
/s=gils/c=us/admd=telemail/prmd=gov+eop. (Internet users should add
/@sprint.com at the end of the address.)

The OMB notice says that the public would be served by GILS directly or
through intermediaries.  Central disseminating agencies such as the
Government Printing Office and the National Technical Information Service
would act as intermediaries to GILS, as would public libraries and private
sector information services offering GILS contents through kiosks, 800
numbers, electronic mail, bulletin boards, FAX, and off-line media such as
floppy disks, CD-ROM, and printed works.  GILS would supplement, but not
necessarily supplant, other agency information dissemination mechanisms and
commercial information sources.


Date:    Wed, 1 Dec 1993 14:54:51 EST    
From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: New Docs Reveal NSA Role in Telephony Proposal

>From the CPSR Alert 2.06 (Dec. 1, 1993)

New Docs Reveal NSA Involvement in Digital Telephony Proposal

  A series of memoranda received by CPSR from the Department of
Commerce last week indicate that the National Security Agency was
actively involved in the 1992 FBI Digital Telephony Proposal. Two weeks
ago, documents received by CPSR indicated that the FBI proposal, code
named "Operation Root Canal," was pushed forward even after reports
from the field found no cases where electronic surveillance was
hampered by new technologies. The documents also revealed that the
Digital Signature Standard was viewed by the FBI as "[t]he first step
in our plan to deal with the encryption issue."
  The earliest memo is dated July 5, 1991, just a few weeks after the
Senate withdrew a Sense of Congress provision from S-266, the Omnibus
Crime Bill of 1991, that encouraged service and equipment providers to
ensure that their equipment would "permit the government to obtain the
plain text contents of voice, data and other communications...." The
documents consist of a series of fax transmittal sheets and memos from
the Office of Legal Counsel in the Department of Commerce to the
National Security Agency. Many attachments and drafts, including more
detailed descriptions of the  NSA's proposals, were withheld or
released with substantial deletions.
Also included in the documents is a previously released public
statement by the National Telecommunications and Information
Administration entitled "Technological Competitiveness and Policy
Concerns."  The document was requested by Rep. Jack Brooks and states
that the proposal
  could obstruct or distort telecommunications technology development
  by limiting fiber optic transmission, ISDN, digital cellular services
  and other technologies until they are modified, ... could impair the
  security of business communications ... that could facilitate not
  only lawful government interception, but unlawful interception by
  others, [and] could impose industries ability to offer new services
  and technologies.
  CPSR is planning to appeal the Commerce Department's decision to
withhold many of the documents.

To subscribe to the Alert, send the message:

"subscribe cpsr <your name>" (without quotes or brackets) to
listserv@gwuvm.gwu.edu.  Back issues of the Alert are available at the
CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert

Computer Professionals for Social Responsibility is a national,
non-partisan, public-interest organization dedicated to understanding
and directing the impact of computers on society. Founded in 1981, CPSR
has 2000 members from all over the world and 22 chapters across the
country. Our National Advisory Board includes a Nobel laureate and
three winners of the Turing Award, the highest honor in computer
science. Membership is open to everyone.

For more information, please contact: cpsr@cpsr.org or visit the CPSR
discussion conferences on The Well (well.sf.ca.us) or Mindvox


Date:    Wed, 1 Dec 1993 14:06:41 EST
From:    Dave Banisar <banisar@washofc.cpsr.org>
Subject: Sen. Simon Introduces Major Privacy Bill;
	 Senator Simon's Statement on Introduction;
   	 Privacy Commission Bill Section Headings;
	 Bill to Remove Crypto Export Controls Introduced in House;
	 [ Combined subject field by MODERATOR ]

[ Extracted from CPSR Alert 2.06 -- MODERATOR ]

           Computer Professionals for Social Responsibility
                         Washington Office

    [1] Sen. Simon Introduces Major Privacy Bill
    [2] Senator Simon's Statement on Introduction
    [3] Privacy Commission Bill Section Headings
    [5] Bill to Remove Crypto Export Controls Introduced in House

[1] Senator Simon Introduces Major Privacy Bill

Senator Paul Simon (D-IL) has introduced legislation to create a
privacy agency in the United States.  The bill is considered the most
important privacy measure now under consideration by Congress.

The Privacy protection Act of 1993, designated S. 1735, attempts to
fill a critical gap in US privacy law and to respond to growing public
concern about the lack of privacy protection.

The Vice President also recommended the creation of a privacy agency
in the National Performance Review report on reinventing government
released in September.

The measure establishes a commission with authority to oversee the
Privacy Act of 1974, to coordinate federal privacy laws, develop model
guidelines and standards, and assist individuals with privacy matters.
However, the bill lacks authority to regulate the private sector, to
curtail government surveillance proposals, and has a only a small
budget for the commission.

Many privacy experts believe the bill is a good first step but does not
go far enough.

The Senate is expected to consider the bill in January when it returns
to session.


[2] Senator Simon's Statement on Introduction
    (From the Congressional Record, November 19, 1993)

Mr.  Simon.  "Mr. President, I am introducing legislation today to
create a  Privacy  Protection Commission. The fast-paced growth in
technology coupled with American's increasing  privacy  concerns demand
Congress take action.

"A decade ago few could afford the millions of dollars necessary for a
mainframe computer. Today, for a few thousand dollars, you can purchase
a smaller, faster, and even more powerful personal computer. Ten years
from now computers will likely be even less expensive, more accessible,
and more powerful. Currently, there are "smart" buildings, electronic
data "highways", mobile satellite communication systems, and
interactive multimedia. Moreover, the future holds technologies that we
can't even envision today. These changes hold the promise of
advancement for our society, but they also pose serious questions about
our right to privacy. We should not fear the future or its technology,
but we must give significant consideration to the effect such
technology will have on our rights.

"Polls indicate that the American public is very concerned about this
issue. For example, according to a Harris-Equifax poll completed this
fall, 80 percent of those polled were concerned about threats to their
personal  privacy.  In fact, an example of the high level of concern is
reflected in the volume of calls received by California's  Privacy
Rights Clearinghouse. Within the first three months of operation. The
California Clearinghouse received more than 5,400 calls. The
Harris-Equifax poll also reported that only 9 percent of Americans felt
that current law and organizational practices adequately protected
their privacy.  This perception is accurate. The  Privacy  Act of 1974
was created to afford citizens broad protection. Yet, studies and
reviews of the act clearly indicate that there is inadequate specific
protection, too much ambiguity, and lack of strong enforcement.

"Furthermore, half of those polled felt that technology has almost
gotten out of control, and 80 percent felt that they had no control
over how personal information about them is circulated and used by
companies. A recent article written by Charles Piller for MacWorld
magazine outlined a number of privacy concerns. I ask unanimous consent
the article written by Charles Piller be included in the record
following my statement. These privacy  concerns have caused the public
to fear those with access to their personal information. Not
surprisingly, distrust of business and government has significantly
climbed upwards from just three years ago.

"In 1990, the United States General Accounting Office reported that
there were conservatively 910 major federal data banks with billions of
individual records. Information that is often open to other
governmental agencies and corporations, or sold to commercial data
banks that trade information about you, your family, your home, your
spending habits, and so on. What if the data is inaccurate or no longer
relevant? Today's public debates on health care reform, immigration,
and even gun control highlight the growing public concern regarding

"The United States has long been the leader in the development of
privacy policy. The framers of the Constitution and the Bill of Rights
included an implied basic right to  privacy.  More than a hundred years
later, Brandeis and Warren wrote their famous 1890 article, in which
they wrote that  privacy  is the most cherished and comprehensive of
all rights. International  privacy scholar Professor David Flaherty has
argued successfully that the United States invented the concept of a
legal right to  privacy.  In 1967, Professor Alan Westin wrote  privacy
and freedom, which has been described as having been of primary
influence on  privacy debates world-wide. Another early and
internationally influential report on  privacy  was completed in 1972
by the United States Department of Health, Education, and Welfare
advisory committee. A Few years later in 1974, Senator Sam Ervin
introduced legislation to create a federal privacy  board. The result
of debates on Senator Ervin's proposal was the enactment of the
Privacy  Act of 1974. The United States has not addressed privacy
protection in any comprehensive way since.

"International interest in  privacy  and in particular data protection
dramatically moved forward in the late 1970's. In 1977 and 1978 six
countries enacted  privacy  protection legislation. As of September
1993, 27 countries have legislation under consideration. I ask
unanimous consent that a list of those countries be included in the
record following my statement. Among those considering legislation are
former Soviet Block countries Croatia, Estonia, Slovakia, and
Lithuania. Moreover, the European Community Commission will be adopting
a directive on the exchange of personal data between those countries
with and those without data or  privacy  protection laws.

"Mr. President, a  Privacy  Protection Commission is needed to restore
the public's trust in business and government's commitment to
protecting their privacy  and willingness to thoughtfully and seriously
address current and future privacy  issues. It is also needed to fill
in the gaps that remain in federal privacy law.

"The Clinton Administration also recognizes the importance for
restoring public trust. A statement the Office of Management and Budget
sent to me included the following paragraph:

    [T]he need to protect individual privacy  has become increasingly
    important as we move forward on two major initiatives, Health
    Care Reform and the National Information Infrastructure. The
    success of these initiatives will depend, in large part, on the
    extent to which Americans trust the underlying information
    systems. Recognizing this concern, the National Performance
    Review has called for a commission to perform a function similar
    to that envisioned by Senator  Simon.  Senator  Simon's  bill
    responds to an issue of critical importance.

"In addition, the National Research Council recommends the creation of
'an independent federal advisory body ...' In their newly released
study, Private Lives and Public Policies.

"It is very important that the  Privacy  Protection Commission be
effective and above politics. Toward that end, the  Privacy  Protection
Commission will be advisory and independent. It is to be composed of 5
members, who are appointed By the President, by and with the consent of
the Senate, with no more than 3 from the same political party. The
members are to serve for staggered seven year terms, and during their
tenure on the commission, may not engage in any other Employment.

"Mr. President, I am concerned about the creation of additional
bureaucracy; therefore the legislation would limit the number of
employees to a total of 50 officers and employees. The creation of an
independent  Privacy  Protection Commission is imperative. I have
received support for an independent  privacy protection commission from
consumer, civil liberty,  privacy,  library, technology, and law
organizations, groups, and individuals. I ask unanimous consent that a
copy of a letter I have received be included in the record following my

"What the commission's functions, make-up, and responsibilities are
will certainly be debated through the Congressional process. I look
forward to hearing from and working with a broad range of individuals,
organizations, and businesses on this issue, as well as the

"I urge my colleagues to review the legislation and the issue, and join
me in support of a  privacy  protection commission. I ask unanimous
consent that the text of the bill be included in the record."


[3] Privacy Commission Bill Section Headings

   Section 1. Short Title.
   Section 2. Findings and Purpose.
   Section 3. Establishment of a  Privacy Protection Commission.
   Section 4. Privacy Protection Commission.
   Section 5. Personnel of The Commission.
   Section 6. Functions of The Commission.
   Section 7. Confidentiality of Information.
   Section 8. Powers of the Commission.
   Section 9. Reports and Information.
   Section 10. Authorization of Appropriations.

A full copy of the bill, floor statement and other materials will
be made available at the CPSR Internet Library.


[5] Bill to Remove Crypto Export Controls Introduced in House

On November 22, 1993, Congresswoman Maria Cantwell (D-WA) introduced HR 3627
to transfer jurisdiction over the export of software with non-military
encryption to the Department of Commerce from the
Department of State.  The State Department defers to the
National Security Agency on exports that contain cryptography.

The mandates that no export licenses are required for mass market
or public domain software but retains restrictions on countries "of
terrorist concern" and nations currently being embargoed. It also expands
licenses for financial institutions.

A full copy of the bill, press release and analysis is available
from the CPSR Internet Library. See below for retrieval information.


Date: Thu, 02 Dec 93 08:45:28 EST
From: "Marjory Blumenthal" <mblument@nas.edu>
Subject: A study of National Cryptography Policy


As part of the Defense Authorization Bill for FY 1994, the U.S. Congress has
asked the Computer Science and Telecommunications Board (CSTB) of the National
Research Council (NRC) to undertake a study of national policy with respect to
the use and regulation of cryptography.  The report of the study committee is
due two years after all necessary security clearances have been processed,
probably sometime summer 1996, and is subject to NRC review procedures.  The
legislation states that 120 days after the day on which the report is
submitted to the Secretary of Defense, the Secretary shall submit the report
to the Committees on Armed Services, Intelligence, Commerce, and the Judiciary
of the Senate and House of Representatives in unclassified form, with
classified annexes as necessary.

This study is expected to address the appropriate balance in cryptography
policy among various national interests (e.g., U.S. economic competitiveness
(especially with respect to export controls), national security, law
enforcement, and the protection of the privacy rights of individuals), and the
strength of various cryptographic technologies known today and anticipated in
the future that are relevant for commercial purposes.  The federal process
through which national cryptography policy has been formulated is also
expected to be a topic of consideration, and, if appropriate, the project will
address recommendations for improving the formulation of national
cryptographic policy in the future.

This project, like other NRC projects, will depend heavily on input from
industry, academia, and other communities in the concerned public.  Apart from
the study committee (described below), briefings and consultations from
interested parties will be arranged and others will be involved as anonymous
peer reviewers.

It is expected that the study committee will be a high-level group that will
command credibility and respect across the range of government, academic,
commercial, and private interests.  The committee will include members with
expertise in areas such as:

  - relevant computer and communications technology;
  - cryptographic technologies and cryptanalysis;
  - foreign, national security, and intelligence affairs;
  - law enforcement;
  - commercial interests; and
  - privacy and consumer interests.

All committee members (and associated staff) will have to be cleared at the
"SI/TK" level; provisions have been made to expedite the processing of
security clearances for those who do not currently have them.  Committee
members will be chosen for their stature, expertise, and seniority in their
fields; their willingness to listen and consider fairly other points of view;
and their ability to contribute to the formulation of consensus positions.
The committee as a whole will be chosen to reflect the range of judgment and
opinion on the subject under consideration.

The detailed composition of the committee has not yet been decided;
suggestions for committee members are sought from the community at large.
Note that NRC rules regarding conflict of interest forbid the selection as
committee members of individuals that have substantial personal financial
interests that might be significantly affected by the outcome of the study.
Please forward suggestions for people to participate in this project to
CSTB@NAS.EDU by DECEMBER 17, 1993; please include their institutional
affiliations, their field(s) of expertise, a note describing how the criteria
described above apply to them, and a way to contact them.  For our
administrative convenience, please put in the "SUBJECT:" field of your message
the words "crypto person".

Finally, some people have expressed concern about the fact that the project
will involve consideration of classified material.  Arguments can and have
been made on both sides of this point, but in any event this particular ground
rule was established by the U.S. Congress, not by the CSTB.  Whether one
agrees or disagrees with the asserted need for classification, the task at
hand is to do the best possible job given this constraint.

On the National Research Council

The National Research Council (NRC) is the operating arm of the Academy
complex, which includes the National Academy of Sciences, the National Academy
of Engineering, and the Institute of Medicine.  The NRC is a source of
impartial and independent advice to the federal government and other policy
makers that is able to bring to bear the best scientific and technical talent
in the nation to answer questions of national significance.  In addition, it
often acts as a neutral party in convening meetings among multiple
stakeholders on any given issue, thereby facilitating the generation of
consensus on controversial issues.

The Computer Science and Telecommunications Board (CSTB) of the NRC considers
technical and policy issues pertaining to computer science,
telecommunications, and associated technologies.  CSTB monitors the health of
the computer science, computing technology, and telecommunications fields,
including attention as appropriate to the issues of human resources and
information infrastructure and initiates studies involving computer science,
computing technology, and telecommunications as critical resources and sources
of national economic strength.  A list of CSTB publications is available on


Date:    Thu, 2 Dec 1993 17:49:50 EDT
Subject: DIAC-94 Call for Participation 

                         Call for Workshop Proposals

       Developing an Effective and Equitable Information Infrastructure

    Directions and Implications of Advanced Computing (DIAC-94) Symposium
                           Cambridge, MA, USA
                           April 23 - 24, 1994

The National Information Infrastructure (NII) is being proposed as the next-
generation "information superhighway" for the 90's and beyond.  Academia,
libraries, government agencies, as well as media and telecommunication
companies are involved in the current development. Computer Professionals for
Social Responsibility (CPSR) and other organizations believe that critical
issues regarding the use of the NII deserve increased public visibility and
participation and is using the DIAC Symposium to help address this concern.

The DIAC-94 symposium is a two-day symposium and will consist of
presentations on the first day and workshops on the second day.  The DIAC
Symposia are held biannually and DIAC-94 will be CPSR's fifth such
conference.  We encourage your participation both through attending and
through conducting a workshop. We are currently soliciting workshop
proposals. We suggest proposals on the following themes but any topic
relating to the symposium theme is welcome.

 Systems and Services              Policy
   + Community networks              + Funding
   + Information services            + Role of government
   + Delivery of social services     + Economic modelling of networks
   + Privacy (including medical)     + Commercialization of the NII
   + Educational support             + Universal access
   + Meeting diverse needs           + Freedom of expression and
                                        community standards

 Electronic Democracy              Directions and Implications
   + Access to information           + Ubiquitous computing
   + Electronic town meetings        + Global hypertext and multimedia
   + Threats to democracy            + Computing in the workplace
   + Economic and class disparities  + Computing and the environment

 International Issues              Traditional and Virtual Communities
   + Language differences            + MUDs
   + Cultural diversity              + Communication ethics, values, and styles
   + National and international      + Gender relations in cyberspace
   + Cooperative projects            + Networking for indigenous peoples

Workshops will be an hour and half in length.  The proposal should include
title, presenter, purpose of workshop, references, and plan.  Workshops
should substantially involve the audience and proposals in which some group
product or action plan is created are preferred.  As the proposals may be
collected into a book, workshop proposals should be clear and informative to
people who don't participate in the workshop.  Proposals are due February 15,
1994 and acceptance and rejection notices will be sent by March 15, 1994.  To
discuss workshops or to submit proposals for workshops contact the program
chair, Doug Schuler, doug.schuler@cpsr.org.  Electronic submissions are
encouraged but paper versions are also acceptable (send them to CPSR/Seattle
- - - - DIAC '94 Workshop Submission, P.O. Box 85481, Seattle, WA 98145-1481).

        Sponsored by Computer Professionals for Social Responsbility

Potential co-sponsors are being sought.  Please contact us if your
organization would like to help with this event.  For more information on
co-sponsorship or on general issues, contact conference chair, Coralee
Whitcomb, cwhitcomb@bentley.edu.


End of PRIVACY Forum Digest 02.36

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH