TUCoPS :: Privacy :: priv_323.txt

Privacy Digest 3.23 12/6/94

PRIVACY Forum Digest     Tuesday, 6 December 1994     Volume 03 : Issue 23

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	UK CLI gets go ahead (Sue Schofield)
	How to remove "SSN as account number"? (Michael McKay)
	Re: Orwell, 499 channels, and where privacy begins 
	   (Jerry Leichter)
        Re: Sears captures signatures (Bernard Gunther)
	New Penal Code in Spain (Rafael Fernandez Calvo)
	How to stop invasions of privacy (Gary Martin)
	PATNEWS: A review of a book on PGP (Gregory Aharonian)
	EPIC Alert 1.07 [items selected by MODERATOR] (Alert@epic.org)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW home
page at the URL: "http://www.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 03, ISSUE 23

   Quote for the day:

  	 "I've got a bad feeling about this..."

		Han Solo (Harrison Ford)
	        "Star Wars" (1977)

----------------------------------------------------------------------

Date:    Mon, 14 Nov 94 14:57:47 +0000
From:    Sue Schofield <sue@s-sco.demon.co.uk>
Subject: UK CLI gets go ahead

UK Caller Identification Scheme goes awry
By Sue Schofield - Sussex, UK

While most of the USA  telecoms providers appeared to learn the hard way
that subscribers don't want their phone numbers disclosed without their
consent, BT, the premier UK telecomms supplier, launched a caller line
identification scheme (CLI) on November 5th last.  At least it would have
done if the launch hadn't been delayed until the end of November for
'research' reasons, despite massive hype for the previous launch date of
November 5th. 

BT had already market tested the CLI scheme on the East Coast of  Scotland,
where 'most users were delighted' by the ability to return home from a night
out, dial a number, and have the exchange relay the numbers and times of all
the calls they'd missed.  Domestic testers were also pleased that the CLI 
feature 'would cut down on abusive and threatening  calls'.

Surprisingly  BT has not make much out of the fact that CLI can be disabled
for each call by adding three digits in front of the number dialled, 
something  which might be of more use to malicious callers than to paying
subscribers. Nor do they overplay the very small print in the full page ads
of National newspapers, which discloses that the CLI feature can be 
permanently disabled by calling a Freephone  number. The Freephone number is
answered by BT  sales staff, and suprisingly it doesn't give direct  access
to an automatic CLI-disabler at the exchange.

BT's CLI scheme  also covertly dismisses the popular 'ex-directory'
(unlisted) feature explicitly requested by  many single parents and lone
females. This dismissal  makes CLI a negative option -  you get it even if
you don't want it - unless you take action at your time and expense to
disable it.   From its launch date BT's CLI will automatically disclose the
number of tens of thousands of BT ex-directory  phones, unless subscribers 
remember to add the disable code, or dial the Freephone number to get it
removed permanently.  This is  hardly suprising in view of BT's dislike of
supplying unlisted numbers  - an unlisted domestic number does not allow for
unsolicited telemarketing or sales opportunities, devices  much loved in the
UK by companies selling home improvement and security products. Nor do
domestic  UK phones generate much in the way of call revenues.  - BT
estimate that UK domestic  lines are in use  for calls  for only two minutes
per  day on average.

UK readers who might be dismissive of CLI's abilities to erode privacy will
be interested to hear of forthcoming telephony applications for personal
computers. Cheap 'Tapi-compliant' or 'Computer/Telephony Integration (CTI)
systems will be on sale by early 1995. They  will allow CLI data to be
interrogated by anyone with a cheap PC.  It will be possible for instance,
for anyone with a Tapi system and a CLI reader to automatically pull out the
address of any UK caller - unlisted or not -  from one of the growing heaps
of pirated directory-listings CD's of UK addresses. The original source of
these CD's in many cases is  BT's 'unhackable ' UK Directory CD,  some
hundreds of which are in  illicit circulation in the UK. And Tapi  makes
call-number logging easy. Any sales company can use such a system to
identify and log   the  postal address  of any caller with a non-disabled
CLI phone. The automatic creation of highly focussed mail-list data is  a
salesman's dream and it's unlikely that any rights issues will be observed,
unless legislation is put in place to stop abuses. 

A spokesman for Mercury Communications, BT's main UK competitor, disclosed
that they  wouldn't be offering CLI until they saw how BT handled the
complex issues arising from displaying previously unlisted phone numbers,
although technically Mercury  is equipped to carry the CLI  datastream from
subscribers.   And while privacy and personal rights lobbies in the UK are
already preparing for battle, many elderly UK subscribers are unaware of the
rights implications of CLI, and will not know how to remove CLI 
transmission capability from their 'lifeline' phones, unlisted numbers or
otherwise. 

------------------------------------------------------------------------------
Sue Schofield  (sue@s-sco.demon.co.uk) is a UK technology journalist, and 
the author of the UK Internet Book, amongst others.
------------------------------------------------------------------------------

------------------------------

Date:    14 Nov 94 11:24:00 -0800
From:    MCKAY_MICHAEL@Tandem.COM
Subject: How to remove "SSN as account number"?

   Over the years, I have been frustrated in my attempt to get my student loan
account number changed.  The account number is my Social Security Number,
followed by "-0" (indicating the 1st loan, I'm told).  Despite the fact that
most univerisities have "alternates" available to avoid the use of SSN, Union
Bank refuses to use a different account number.  I've escalated matters in the
bank (famous "Our computer does not allow us to change it" defense), as well as
the California State education board.
   According to the Social Security Division, it is illegal for them to use it,
but when asked who to complain to, I've gotten conflicting information.  I've
tried both FBI and the Secret Service, as well as more obscure agencies.  The
bank seems to think I want to deny them the use of my SSN ("We have the right
to know it"), despite repeated attempts to explain that I just don't need it
as my account number (which is included with each payment I send; hell, they
even want me to write it on the check).
    My problem will go away in a year or two, but I'm sure other people will
continue to get student loans (and have no more choice about who administers
it than I do).  Any suggestion on how to get this changed?  What can we do to
make this institution [and others] more sensitive to privacy issues?

Michael McKay (aka. MCKAY_MICHAEL@tandem.com)     (408) 435-5320 Work

------------------------------

Date:    Wed, 16 Nov 94 09:12:18 EDT
From:    Jerry Leichter <leichter@lrw.com>
Subject: Orwell, 499 channels, and where privacy begins

An article in a recent Privacy Forum mentioned the potential for video-on-
demand providers to track customer usage and use that to target ads, say for
the latest Steven Segall movie to viewers with a history of interest in
"adventure" flicks.  Of course, other forms of buying habit data collection
and targeting have been around for a while.

An issue I've raised before, but have never seen a serious discussion on, is:
Exactly what is it that people find objectionable in such practices?

Let's look at a little history.  These days, more and more of the services we
rely on are provided by very large institutions:  Huge supermarkets, clothing
store chains, mega book stores.  This is a fairly recent phenomenon; how
recent varies for different services.  Supermarkets have been around at least
since the '50's, but even 10 years ago most bookstores were small, local
operations.  When I went into my local bookstore, I knew the proprieter.  He
knew me.  He also knew my tastes in reading, and would recommend books he'd
seen that I might like.  Did this bother me, or others?  Did it bother people
that the owner of the local clothing shop might suggest some clothing that had
just come in as "just your style"?  That the owner of the mom-and-pop grocery
might tell them that fresh apples were in and were particularly tasty this
year?  (I doubt the owner would have suggested this to a denture wearer - and
he'd know who bought the Dentu-cream.)

Not only didn't people object to this kind of thing, they liked it.  It was a
part of personalized service - something that was being lost with the arrival
of a new massified society.  Ten, twenty, thirty years down the road, we no
longer feel that loss.  We've come to assume that anonymity is not only our
right, but desireable.  It shocks us to hear that a book store might keep
track of our buying habits.

Now, there's certainly a difference between a local book store and a branch of
a mega chain like Borders.  It's certainly true that a large enough quantita-
tive difference results in a qualitative difference.  And I certainly have the
same feeling that there's no problem with the local book seller knowing what
I like to read, but there is a potential problem with Borders keeping track
of such information.  But it bothers me that I can't elucidate exactly why.

Is it only that I personally know the local book seller, while Borders has no
human face?  Perhaps, but in many ways it's *less*, not more, intrusive to
reveal such information to someone you don't have a personal relationship
with.  What does Borders care?  At most, they'll send me some ads.  The local
book seller may comment on my tastes to others I know, which is much more
likely to cause me embarrassment.

Is it some gut feeling that Borders does this for the money, while my local
book seller does it out of friendship?  Perhaps, but that's a misperception:
My local book seller is - well, was; they're almost all gone now - in business
to eat, too.  Good customer relations is as much an issue for him as for a
chain; probably more so, as he has many fewer customers.

Is it that the information my local book seller has is unlikely to be shared,
while Borders will resell what it knows?  Perhaps, but again (a) my local book
seller is more likely to share the information with people who know me than is
Borders, which will sell it with information about thousands of others in an
essentially anonymous fashion; and (b) in fact, this information is becoming
too valuable to be sold - Borders wants to use the information it gathers to
gain an advantage over other mega chains.  (BTW, I should say that I'm using
Borders as an example because I happen to live near one; I don't even know if
they do collect such information.)

Is it that I can't get away from this information - it gets passed all around
the country faster than I can move?  Again, perhaps, but the mobility we take
for granted - and the potential for anonymity that comes with it - is also a
relatively recent phenomenon.  Historically, people didn't move around very
much - and one of the things they missed from "the old neighborhood" was the
feeling of knowing those around them, and being known to them.

I suspect there's another not-so-obvious factor at work here.  To be put in a
category with two or three or thirty other people by the local book seller is
one thing; that re-affirms my uniqueness, since clearly those two or three
or thirty others just happen to share some of my reading tastes - the book
seller knows each of us as individuals.  To be put into a marketing category
with hundreds of thousands of others by Borders *denies* my individual iden-
tity.  It makes me one of a mass.  If we aren't noticed at all, we can cling
to our belief that, in this big crowd, we are unique and individual.  But when
we are selected out, our individuality is paradoxically called into question.
When my local book seller recognizes my tastes, he recognizes *me*.  When
Borders does, it simply classifies and, in effect, dismisses me as a person.

I'd like to hear any thoughts others have on these issues.  If we don't know
what it is we treasure, we'll have a great deal of trouble deciding how to
protect it.
							-- Jerry

------------------------------

Date:    16 Nov 94 13:45:25 EST
From:    Bernard Gunther <72122.2770@compuserve.com>
Subject: Re: Sears captures signatures

I am not involved with Sears on any credit card issues, but I can easily imagine
one reason for capturing all the signatures electronically:
	 - getting rid of paper.

I think Sears sells ~$25 billion of stuff every year.  Let's assume the average
cash purchase is $50 and the average credit card purchase is $200 and that 25%
of purchases are on credit cards.

     X * $200  +  3 X * $50 = $25 billion
     $350 X = $25 billion
     x = 71 million charge transactions

          [Supply your own estimates if you prefer...]

Imagine collecting, storing, warehousing, accessing that many little slips of
paper.  Imagine the cost savings if you could do this electronically.  Imagine
the benefit for a fraud case where you can say to the judge, this is my
signature on the last 10 charges, this most recent one doesn't look anything
like it.

If you told me I could spend a few hundred dollars per store and save doing
something 70+ million times, I certainly would think about it.

Bernard Gunther

------------------------------

Date:    Mon,  5 Dec 94 00:23:33 -0100
From:    rfcalvo@guest2.atimdr.es (Rafael Fernandez Calvo)
Subject: New Penal Code in Spain

A new Penal Code is about to be discussed in the Parliament of Spain. CLI (*)
is putting up a proposal on crimes related to misuse of Information
and Communications Technologies against the rights of citizens (specially --but
not solely-- privacy). That proposal will be sent to the political parties
represented in the Parliament.

Legislation to that respect existing in different countries would be of great
help to achieve our purposes. Please send text of such legislations --before
Dec. 12-- via email or fax to the following addresses:

-----------------------------------------------------------------------
Rafael Fernandez-Calvo                        | rfcalvo@guest2.atimdr.es
Member of the Presidential Board of           |
CLI (Comision de Libertades e Informatica) *  | (34-1) 309 3685 Fax
    (Commission for Liberties and Informatics)| (34-1) 402 9391 Phone
Padilla 66, 3 dcha., E28006 Madrid Spain      |
---------------------------------------------------------------------------

* CLI is an independent coalition created in Madrid on Dec. 1991 by several
 entities (consumers leagues, trade unions, associations of human right
 advocates, DP professionals and judges, and the direct marketing sindicate)
 with a joint membership of about 3 million people. Its main purpose is to
 promote citizens' rights, specially privacy, against misuse of Information
 and Communications Technologies.

------------------------------

Date:    Fri, 25 Nov 1994 19:39:29 -0500 (EST)
From:    G Martin <gmartin@freenet.columbus.oh.us>
Subject: How to stop invasions of privacy

I heard a rumor yesterday that I wanted to run past all of you.  A
relative of mine told me that at least one, possibly more commercial
online service(s) may be invading your privacy without you knowing it when
you're connected to them.  I was told that a particular company routinely
uploads your entire directory structure, and sometimes even data within
certain files.  In one case, they allegedly uploaded part of an
attorney's customer database, and this attorney caught them because he had
software that told him about the activity.  I started thinking about this
and realized that it probably would be pretty easy for a BBS or any
commercial service you're connected to to grab copies of your directories
and files while you're connected to them, especially if you're using their
proprietary software to connect with.  Allegedly this particular service
has something in their contract that tells you they can do this, but I
haven't seen how it's worded or how vague it may be.

Can you imagine what a problem this could be for you if they upload your
personal or business financial records, or customer records that may
contain credit card numbers, etc?

I also wonder if this is happening when you use the built-in features of
some software packages to automatically register them?  For instance, I
installed a new modem two days ago.  The modem came with software that
allows me to manage voice and fax communications.  It asked me if I wanted
to register the software during the setup.  I said "yes", and my C-drive
was going nutts while I did it.  Hmmmmm.

1.  Does anyone know where I can find freeware or shareware that will allow
    me to track every directory read, file read/write and upload or 
    download?  I would prefer that it be Windows 3.1 or OS/2 2.1 based
    software.

2.  Are you aware of any software that would PREVENT a commercial service
    from doing these things?  

3.  Is there anything I can do using existing MS-DOS or Windows options to
    track or prevent this short of password protecting or encrypting
    everything?

I intend to check some of the computer privacy mailing lists to see if I
can find out more about this.  Will update all of you with a single
posting to this list when I do.  Thanks in advance for your help.

Gary

------------------------------

Date: Thu, 17 Nov 1994 23:29:30 -0500
From: srctran@world.std.com (Gregory Aharonian)
Subject: PATNEWS: A review of a book on PGP

     [ From "patents@world.std.com" mailing list.  -- MODERATOR ]

    For those of you who follow the cryptography world, one of the more
interesting recent developments has been the PGP (Pretty Good Privacy)
encryption program.  Developed by an individual, it is a relatively strong
encryption technique that runs on a variety of platforms, is available as
both shareware and commercially, and came be downloaded from computer sites
around the world.  If you don't use PGP, you might have noticed strange
ASCII signatures in postings to USENET - often these are personal signatures
for people who use PGP.

    A book has been published (or is being released) that is an excellent
guide both to the use of PGP, and its' and cryptography's history.  The book
is titled "PGP:Pretty Good Privacy" and is written by Simson Garfinkel.  It
is availble from O'Reilly & Associates (1-800-998-9938) - I am not sure of
the price, but O'Reilly's books are reasonably priced.

    Amongst other things, the book has a fair amount of material on the
patent aspects of cryptography (yes this review has some relevance for my
patent news service), including the latest wranglings involving RSA.  (This
book is filled with tons of acronyms).

    My review of the book is that it is an excellent book, both as a user
guide to PGP, and as a history of cryptography.  For PGP, it explains how
the program works, how to get a copy of the program and install it, and how
to use the various options.  I don't use PGP because encryption key
management to me sounded as burdensome as contact lens cleaning management,
which I also don't use.  However Simson's explanation of PGP is convincing
enough for me to eventually use PGP, once I find something worth encrypting.
d PGP was quite interesting, with many ancedotal stories about the various
characters involved.  As the book goes to press, patent and business
shenigans continue, so the book is quite timely.  The book also explores
some of the privacy, policy and national security aspects of cryptography,
including the recent brouhaha over the Clipper chip, triple-DES, and the
whys of dual secret key PGP.  (Fortunately for those weak at heart, Galois
Fields are not mentioned).

    So if you are in to this stuff, or considering using PGP, get a copy of
the book.

Greg Aharonian
Internet Patent News Service
(for subscription info, send 'help' to   patents@world.std.com )
(for prior art search services info, send 'prior' to patents@world.std.com )
(for WWW patent searching, try  http://sunsite.unc.edu/patents/intropat.html )

------------------------------

Date:    Sat, 12 Nov 1994 10:30:06 -0800
From:    Alert@epic.org
Subject: EPIC Alert 1.07 [items selected by MODERATOR]

  [ Items from the full Epic Alert newsletter were selected
    by the PRIVACY Forum moderator for inclusion in this 
    issue of the digest.  -- MODERATOR ]

   =============================================================
      
Ohio Court Upholds Privacy of SSNs
----------------------------------

In a decision handed down on October 26, the Ohio Supreme Court has
ruled that governmental disclosure of Social Security numbers (SSNs)
violates individuals' constitutional right to privacy.  At issue was a
request by the Akron Beacon Journal for release of computer tape
records of the City of Akron's year-end employee master files.  The
payroll files contain various information including employees' names,
addresses, telephone numbers, SSNs, birth dates, education, employment
status and positions, pay rates, service ratings, annual and sick
leave information, overtime hours and pay, and year-to-date employee
earnings.  The City had provided the records to the newspaper, but
deleted the SSNs on privacy grounds.

EPIC staff, on behalf of Computer Professionals for Social
Responsibility, joined with the Public Citizen Litigation Group in
filing a "friend of the court" brief in the case.  The CPSR/Public
Citizen brief highlighted the privacy implications of SSN disclosures
and argued in support of the City's decision to withhold the numbers.
The brief urged the Ohio Supreme Court to follow the lead of the U.S.
Court of Appeals for the Fourth Circuit in the case of Greidinger v.
Davis, where Virginia's practice of requiring SSNs for voter
registration purposes was held unconstitutional.  EPIC staff had
similarly participated in the Greidinger litigation as friends of the
court.

Significant excerpts from the Ohio Supreme Court decision:

          The city's refusal to release its employees' SSNs does
     not significantly interfere with the public's right to
     monitor governmental conduct. The numbers by themselves
     reveal little information about the city's employees. ...

          While the release of all city employees' SSNs would
     provide inquirers with little useful information about the
     organization of their government, the release of the numbers
     could allow an inquirer to discover the intimate, personal
     details of each city employee's life, which are completely
     irrelevant to the operations of government. As the Greidinger
     court warned, a person's SSN is a device which can quickly be
     used by the unscrupulous to acquire a tremendous amount of
     information about a person. ...

         Thanks to the abundance of data bases in the private
     sector that include the SSNs of persons listed in their
     files, an intruder using an SSN can quietly discover the
     intimate details of a victim's personal life without the
     victim ever knowing of the intrusion.

Coming a year after the Greidinger decision, the Akron Beacon Journal
case continues a trend toward judicial recognition of the privacy
implications of SSNs.  EPIC will continue to participate in related
litigation in an attempt to establish a body of caselaw protecting the
confidentiality of SSNs and other personal information.

A copy of the decision is available at cpsr.org /cpsr/privacy/ssn
ohio_ssn_case_1994.txt.


Canada Asks for Comments on Information Superhighway Privacy
------------------------------------------------------------

The Canadian Information Highway Advisory Council has released a
discussion paper entitled "Privacy and the Canadian Information
Highway."  The Council is asking for comments on the paper and
recomendations on how privacy should be protected on the Canadian
information superhighway.

The paper discusses privacy issues relating to transactional data and
profiling, transaction security and individual identification,
identity cards and single identifier numbers, and monitoring.  It
provides a general overview of Canadian and international privacy for
both government and private sector data.

The report reviews possible approaches to privacy protection:
legislation and regulation; voluntary codes and standards;
technological solutions; and consumer education and the possible
benefits and drawbacks of each. It asks for comments from interested
parties on possible approaches.

Comments are due by December 23, 1994, and should be sent to Parke
Davis, Director General, Information Highway Advisory Secretariat,
Room 614, Journal Tower North, 300 Slater Street, Ottawa, Ontario
Canada K1A 0C8 or emailed to council@istc.ca.  An electronic version
of the paper is avaiable from the CPSR Internet Library. See below for
details.

------------------------------

End of PRIVACY Forum Digest 03.23
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH