TUCoPS :: Privacy :: priv_308.txt

Privacy Digest 3.08 4/13/94

PRIVACY Forum Digest      Wednesday, 13 April 1994       Volume 03 : Issue 08

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	 Editorial: "Crime, Privacy, and Singapore"
            (Lauren Weinstein; PRIVACY Forum Moderator)
	 Searching for health care anecdotes (Marianne P. Lavelle)
	 Postmaster Gen'l wants to "certify elec.msgs. for privacy" ??? (fwd)
	    (Lance J. Hoffman)
	 We Can't Heeeaaarrrr You ... (Richard Johnson)
	 Dave Barry Responds To E-Mail Hacking Charges [extracted by MODERATOR]
	    (Erik Nilsson)
	 Let your fingers do the walking on the Internet (Paul Robinson)
	 NYNEX Calling Card Fiasco (George Feil)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 03, ISSUE 08

   Quote for the day:

	"Where was it I lost control of that interview?"

		-- Hans Conried; "Factured Flickers" (1963)

----------------------------------------------------------------------

Date:    Wed, 13 Apr 94 19:11 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Editorial: "Crime, Privacy, and Singapore"

Greetings.  Be warned--it's time for another PRIVACY Forum editorial.

I've frequently noted that it's easy for privacy rights to gradually slip
away--sometimes with people hardly even noticing the individual losses until
they add up to a big chunk--and by then it's usually very difficult to do
anything about them.  Then again, sometimes people willingly give up aspects
of privacy in the belief that they will gain something valuable in return.
Unfortunately, the loss of privacy often does far more damage in the long
run than the perceived benefits.

There is an increasing correlation in the U.S. between privacy and crime
issues.  Little by little, we see more and more efforts to limit various
aspects of privacy in the name of crime control.  We're also seeing a rash
of very broad "get tough" sentencing laws, many of which, in my opinion, are
based on frail reasoning likely to have widespread unanticipated negative
effects on prosecutions and society in general (but they're almost always
great politics--reality be damned!)  Obvious examples are the so-called
"three-strikes" laws (and now, "one-strike" laws) which already literally
have homeless, mentally ill persons facing life imprisonment for knocking
over other homeless persons (not injuring them, just knocking them down--but
it's classed as a felony violent assualt).  As a society, we seem unwilling
to do anything to help such persons--other than lock them in a cell for
life -- *that* we're willing to pay for.

Of course, you can depend on many of the folks being sucked into these laws
to never have adequate representation--but what does it matter if a few
innocents rot away in jail for the rest of their lives?  Or for that matter,
why shouldn't someone die when they've been convicted of a capital crime,
just because evidence found after a particular arbitrary time *definitively*
could prove the person innocent?  You don't believe it?  Check out the laws
in some states and think about new technologies involving DNA identification.
These cases exist right now.

Is crime a serious problem?  Absolutely.  Are stiffer penalities for some
classes of criminals needed?  Yes, indeed.  However, we must be careful in
our efforts to deal with crime that we don't create broad draconian
side-effects as a result.  The same applies to privacy issues.

An interesting example of what happens when privacy is depleted and social
order (crime control) is elevated to the top of the scale is the country of
Singapore.  Ruled (under various titles) by the same man with an iron hand
for many years, it is, on its face, clean, orderly, and prosperous--moving
with incredible speed into the 21st century, becoming the Asian
information/technology center supreme.

It is also a land where personal privacy is vanishing, where onerous
punishments for even trivial "crimes" are the rule, and where, as a result,
outward migration from the country has become a significant problem.  It's a
land where mere possession of chewing gum is considered to be a significant
crime, where all citizens are reduced to "children" faced with an endless
array of signs pointing out the serious penalties for even the most minor
transgressions.  It's also a place where government tracks citizen movements
via the mass transit systems and otherwise keeps intense centralized
scrutiny on all aspects of citizens' lives.  It is, in certain aspects, the
embodiment of some features from "1984"--taken into modern terms with a
layer of high technology thrown in for good measure.

From the British masters of colonial times the Singapore government has come
to rely on corporal punishments for some crimes.  The current case of the
American youth facing "caning" has made headlines, and has caused something
of an outpouring of emotion from some quarters in the U.S.--an outpouring of
loud, angry, short-sighted emotionalism with some persons suggesting not
only that the mutilating punishment which has been categorized as torture is
appropriate for the minor, non-permanent vandalism caused by the youth, but
suggesting that such punishments should be used over here.  Some have
also suggested even more violent punishments for such offenses.

The details of caning in Singapore are instructive:

	From: jodi731@utxsvs.cc.utexas.edu (Werner J. Severin)
	Newsgroups: soc.culture.singapore
	Subject: Re: Caning in Singapore
	Date: Sat, 02 Apr 1994 10:38:41 -0600
	Organization: Univ. of Texas at Austin

	In article <2nj1un$oja@nuscc.nus.sg>, law00138@leonis.nus.sg (Hoo Cher
	Liek) wrote:

	...

	Firstly, the prisoner is examined to see if he is fit to be caned.
	The caning takes place in the prison itself, in a room. The prisoner
	is stripped naked and tied to a special X-shaped rack. He is not
	gagged so that his screams can be heard by the rest of the
	prisoners. The caning takes place behind closed doors and is
	generally not open to viewing. 
	 
	The cane, or ratan, is literally made to order. It is usually about
	three feet long and about half an inch thick. Before the sentence is
	executed, the cane is dipped in a special chemical to ensure maximum
	effect. 
	 
	The executor is no ordinary person. He is specially chosen and must
	have qualifications in martial arts. He practices caning regularly,
	so that his positioning and stroking is extremely precise to have
	maximum effect.  The cane stroke usually ends up at the exact spot
	as the previous, and is inflicted on the buttocks. In the process
	itself, the executor uses not just his arm, but his entire body
	weight. Technique is crucial. 
	 
	The first stroke breaks the skin. Even the most hardened criminals
	is known to scream. Usually, by the third stroke, the accused passes
	out and has to be revived. A doctor is always present and must
	examine the accused after every stroke to ensure that he is capable
	of carrying on.  The time interval between each stroke is around 30s
	to 1 minute. Wherever possible, the entire sentence is carried in
	one flogging to achieve maximum effect. Where that is not possible,
	the prisoner is allowed reprieve until such time that he is deemed
	fit to carry on. Because of the chemical applied on the cane, the
	marks are permanent and cannot be removed...

	...

	The following is part of a news item from the March 21 Voice of
	America-- 

	TEXT:    MS. JONES REMEMBERS THE TRAUMA REPORTED BY ONE MAN WHO 
        	 CAME TO AMNESTY INTERNATIONAL AFTER SEVERAL STROKES OF 
	         THE CANE. 

	   	 TAPE CUT THREE       JONES
	
	         "HE WAS SHIVERING AND PERSPIRING WITH FEAR JUST BEFORE.
		 AND THEN DURING THE CANING, HE REMEMBERS HE FELT IT WAS
		 LIKE A TEARING ACROSS HIS BUTTOCKS. HE TALKED ABOUT HOW HE
		 SCREAMED LIKE A MAD ANIMAL AND HOW BASICALLY, IT LEAVES
		 HUMONGOUS [FESTERING] AND HUGE SCARS ON HIS DERRIERE. IT
		 SWELLED TO TWICE ITS SIZE AND HE WAS NOT ABLE FOR WEEKS AND
		 WEEKS TO WEAR CLOTHING. THE TREMENDOUS BRUISING BLACK AND
		 BLUE OF THIGHS. AND HE SAYS TO THIS DAY HE STILL HAS
		 NIGHTMARES ABOUT IT. THIS HAPPENED WHEN HE WAS SEVENTEEN.
		 HE'S NOW OVER 40.  THIS ISN'T JUST A LITTLE SPANKING.
		 (BEGIN OPT) THIS IS TRULY TRAUMATIC. IT MAY BE EASY FOR
		 PEOPLE TO SAY, 'OH, THIS IS SIMPLY A LITTLE PAIN AND IT'LL
		 GO AWAY.' IF ONE HAS UNDERGONE IT, I THINK ONE CAN REALLY
		 UNDERSTAND THE CRUELTY OF IT. (END OPT)" 

Let's skip the issue of whether or not the Singapore government has applied
the vandalism statutes unfairly (apparently this is the first time anyone
has been sentenced to caning there for other than "politically"-oriented
vandalism--which tells us even more about the Singapore government's
views).  International organizations have officially classified the punishment
as torture.

There is little crime in Singapore--because the population is effectively the
property of the state and treated as such.  The ruler of the country claims
that the reason Singapore is so crime free is that Asian cultures value
society more highly than the individual, in distinction to Western
cultures.  

I certainly agree that corporal punishments can be effective.  If you treat
humans as slabs of meat to be tortured for minor transgressions, I have no
doubt you can achieve wonders in law enforcement.  As they say, the trains
run on time under dictatorships.  But is this really the sort of society we
should emulate?  Do we really want "1984", "Clockwork Orange", and "The
Running Man" all rolled into one when it comes to crime control and privacy?

I hope not.

--Lauren--

------------------------------

Date:    Mon, 28 Mar 1994 17:22:50 -0500 (EST)
From:    "Marianne P. Lavelle" <mlavelle@cap.gwu.edu>
Subject: searching for health care anecdotes

Hello,

I'm a writer for The National Law Journal, a newspaper for lawyers, and
would like to send a query to members of the PRIVACY mailing list. I am
writing about some legislation that would provide privacy protection
regarding health care information, and I am looking for anecdotes about
misuse of health information. Have there been documented instances of Job
Discrimination, Insurance Discrimination, or other harms?  If this is an
inappropriate use of the list, please forgive me. I trust that because it is
a moderated list, the moderator will be able to screen this message out.  I
hope you'll be able to help me on this important privacy issue.  

Marianne Lavelle 
The National Law Journal
mlavelle@cap.gwu.edu
voice: 202-662-8921

------------------------------

Date:    Mon, 28 Mar 1994 21:46:49 -0500 (EST)
From:    "Lance J. Hoffman" <hoffman@seas.gwu.edu>
Subject: Postmaster Gen'l wants to "certify elec.msgs. for privacy" ??? (fwd)

Forwarded message:
>From jwarren@autodesk.com Mon Mar 28 19:46:12 1994
Date: Mon, 28 Mar 94 15:41:11 PST
From: jwarren@autodesk.com (Jim Warren)
Message-Id: <9403282341.AA15794@megalon.autodesk.com>
To: eff@eff.org
Subject: Postmaster Gen'l wants to "certify elec.msgs. for privacy" ???

Just got this from Jon Erickson, Ed-in-Chief of Dr. Dobb's Journal.  Part of
it came from an Associated Press story by Randolph Schmidt; part from Jon's
follow-up conversations with folks at USPS, including their new Technology
Applications Group.  I consider it likely, reliable, but not authoritative.
--jim

Reportedly:
   Postmaster General Marvin Runyon suggested that the Postal Service should
be certifying electronic messages to safeguard privacy, "securing one
company's market-sensitive information from the intruding eyes of its
competitors," or so he said in March 24th testimony before the Senate
Governmental Affairs Subcommittee.  The AP story apparently somewhat
mentioned Commerce and the Department of Justice, but not the detailed link.
  Jon called USPS and worked his way beyond the p.r. flacks.  Asked if this
proposal to certify electronic messages to assure their privacy and its
coordinating with Commerce and Justice was a reference to Clipper, and he
was told yes.

It appears that the PM General has proposed that the USPS get in the business
of certifying electronic messages [via what channels?] to assure their
INsecurity by using Capstone/Clipper/Skipjack.

Advanced Technology Group is also working on handwriting recognition -- but
only for recognizing addresses on letters, I'm sure.

--jim
Jim Warren, columnist for MicroTimes, Government Technology, BoardWatch, etc.
jwarren@well.sf.ca.us  -or-  jwarren@autodesk.com
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/415-851-2814

1984 is a bit late this decade.  But it does appear to be arriving.
Feel free to repost and resend.  I'm bcc'ing to lots of others.
-- 
Professor Lance J. Hoffman
Department of Electrical Engineering and Computer Science
The George Washington University    (202) 994-4955    Fax: (202) 994-0227
Washington, D. C. 20052             hoffman@seas.gwu.edu

------------------------------

Date:    Tue, 29 Mar 1994 08:39:40 -0800 (PST)
From:    rdj@plaza.ds.adp.com (Richard Johnson)
Subject: We Can't Heeeaaarrrr You ...

(quotes from 21 March, 1994 "Aviation Week"), pg 51

   AT&T has applied acoustinc and digital signal processing technology 
   developed for antisubmarine warfare to produce a vehicular traffic 
   surveillance system.  The SmartSonic Traffic Surveillance System 
   detects vehicles acoustically and can differentiate between large 
   vehicles, such as buses and trucks, and automobiles, from the 
   signatures.

<typical applications and "gee-whiz" technology stuff deleted.>

Here's the rub ...

   ... Processing and computing capacity in excess of that needed for 
   vehicular traffic surveillance allows for future signal processing 
   growth, such as a more detailed classification of vehicles.  A 
   possible auxiliary use would be detecting accidents and alerting 
   authorities ....

While monitoring traffic flow is probably a good thing, simply possessing
the ability to collect all kinds of data in addition to the vehicle count
just invites abuse.  It seems that a simple piece of software could 
differentiate (mathematically) the signal of a vehicle and determine 
it's speed.  Together with vehicle identification from acoustic signature,
tracking of your car and it's behavior becomes simple.  Another (not so 
simple) program could locate and identify footfalls. Or conversation.  And
again, acoustic signatures and possibly even voiceprints could be used to
the advantage of some unscrupulous person or agency.  I'm sure you can
think of other possible side-effects and risks, too.

Don't count on me to be the first on our block to request one of these.
-- 
Richard Johnson   (rdj@plaza.ds.adp.com)   (richard@agora.rdrop.com)   
We meet our destiny along the road we take to avoid it.        -- C.G. Jung

------------------------------

Date:    Fri, 8 Apr 1994 01:48:31 -0700
From:    erikn@goldfish.mitron.tek.com (Erik Nilsson)
Subject: Dave Barry Responds To E-Mail Hacking Charges [extracted by MODERATOR]

[ Extracted from CPSR/PDX 7 #4 by MODERATOR ]

CPSR/PDX received the following letter from syndicated columnist Dave
Barry's office:

> Let me tell you what happened, and you can decide how immoral it was.
> During the Olympics, a lot of rumors about Tonya Harding were floating
> around the press center.  One of these was that some numbers were
> Tonya Harding's e-mail code.  A lot of people punched these into the
> computer to see if they were.  I was one of those.  As soon as I saw
> the numbers worked, I signed off, _without_ reading any e-mail.
> 
> Perhaps you wouldn't have done what I did.  I respect that.  But I
> view what I did as checking out a rumor, and no more.  I never saw any
> private correspondence, nor, as far as I know, did other reporters.
> When some reporters' names surfaced in connection with this, I
> volunteered the information that a lot of people, including me, had
> tried those numbers.  I was trying to put what happened into
> perspective; Unfortunately, the quotes that were printed made it sound
> as though I was defending the practice of reading other people's mail.
> I wasn't.
> 
> Sincerely,
> 
> Dave Barry
> 
> DB/js

------------------------------

Date:    Mon, 11 Apr 1994 03:47:29 -0400 (EDT)
From:    Paul Robinson <PAUL@TDR.COM>
Subject: Let your fingers do the walking on the Internet
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----

Saturday I was over at Micro Center, a computer store in Vienna, Virginia.

Visiting the book department, I spotted a new set of three books, 
highlighted in plain view, all having the word "Internet" on the cover.

One was a book on things you can find, e.g. a list of sources for things 
such as Weather information, FTP sites for various types of files, and so 
on, e.g. a list of services similar to the ones on the internet, only 
broader and much better organized.  It was also about an inch thick, which
meant it was about 500 pages long.  I didn't have much chance to look at 
it since I don't have that much interest in the services on the 
Internet.  I know they are comprehensive, I just never thought about it.

The second book was printed on yellow paper and I think it referred to 
itself as "The Internet Yellow Pages".  In essence it was a topic and 
subject cross reference for news groups and mailing lists.  This, I think 
is a good idea.  It's better if someone knows that, for example, Com Priv
deals with the Commercialization and Privatization of the Internet and not
with say, Private Compost heap management.  (Although some people who 
read that group might think the latter is more accurate.)  Or that the 
Bitnet list ETHICS-L@VM.GMD.DE deals with the ethics of computer 
programming and computer-related ethical issues, rather than it being a 
general ethics list.

This too, was a Phone Book sized tome, about 3/4 inch thick, and it also 
mentioned that it covers about 2700+ newsgroups, which doesn't make it 
comprehensive (as someone corrected me earlier this month, the worldwide 
set of public newsgroups is currently over 8,000 and runs close to 100 
megabytes a day.)

What I found most interesting was the third book, also about an inch
thick, e.g. phone book sized, and what could probably be called "The
Internet White Pages".  Someone started collecting E-Mail addresses and
names for people from public messages, probably those posted on newsgroups
and heavily circulated mailing lists and put them in alphabetical order. 
A practice very similar to that done by the address lookup program on
rtfm.mit.edu (formerly "pit-manager"). 

Apparently the compiler of the book collected some 100,000 people's names 
and printed them up.  This book is fairly recent but not that much.  As 
with most people, I looked myself up.  While it does have my address on 
access.net and MCI Mail, it does not have my address here on TDR.COM, 
which implies that it stopped collecting before I started using it 
almost exclusively, which would be before December 5, 1993, which is when 
the TDR.COM domain is listed as last updated via WHOIS.

Some people seem to have gotten upset over the collection of E-Mail 
addresses for advertising.  Now, here, someone has generally collected 
everyone's address off public messages, and published them in a book that 
is sold over the counter in a computer store.  I wonder how people feel 
about this issue.

The author said in the preface quite frankly that he had started
"surrepticiously" collecting E-Mail addresses for a while.  I put that
word in quotes because I think that was his term, not mine.  I am trying
to avoid being judgemental here, because I don't see it as that big a
problem.  My E-Mail address is not my street address and doesn't tell you
where I live or what I do or how much money I make or how educated I am. 
But this practice does annoy some people and I wanted to let some people
know that if you are worried about the collection of names and E-Mail
addresses, you are a little late, someone's already done a White Pages
that anyone can purchase.  And if it's successful, I'll bet there will be
new issues, as well as possibly competitors. 

Seriously, I have a full newsgroup feed coming into the site I use, there's 
nothing that says I couldn't set up a cron job that runs several times a day 
to scan the spool files and collect addresses for subsequent 
publication.  Anyone who has access to a full news feed could have done 
the same thing.  

Here's some questions to think about: What do you think about the
practice?  Is it right or wrong and why?  Does this impact people's
security?  Are there risks involved if your E-Mail address becomes well
known or if it is misprinted in a published "white pages"?  Are there 
other considerations to think about?

---
Paul Robinson - Paul@TDR.COM

------------------------------

Date:    Tue, 12 Apr 94 16:45:21 -0400
From:    "George Feil" <feil@sbcm.com>
Subject: NYNEX Calling Card Fiasco

Recently, NYNEX sent all its calling card holders in New York a flyer
for an "Only in New York" sweepstakes. The idea was that customers
would automatically get one entry into the sweepstakes for every call
they made on the calling card. (The calling card number consists of
the customer's area code and phone number, followed by a four-digit
PIN).

Unfortunately, this has led to two problems. First of all, a private
corporation has been given access to every customers' calling card
number.  Secondly, the flyer was sent taped together, and not in a
sealed envelope. On the inside was printed a facsimile of a calling
card, with the customer's PIN. This could be easily read without
breaking the seal by bending the flyer slightly.  Therefore, anyone
who picked up this flyer could determine a person's calling card
number by looking up their phone number in the book, and appending the
PIN to it!

As a result, thousands of outraged customers (including myself) have
called NYNEX requesting a new PIN. NYNEX has set up a special hot line
specifically to handle such requests. In addition, they promised that
no customer would be responsible for any fraudulent usage on their
card caused by this promotion.

By the way, this got a lot of media attention in the New York City
area, which probably fueled even more calls by customers to NYNEX.

George Feil		feil@sbcm.com
voice: 212-524-8059	fax: 212-524-8081
Opinions are not those of SBCM Inc.

------------------------------

End of PRIVACY Forum Digest 03.08
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH