TUCoPS :: Privacy :: priv_324.txt

Privacy Digest 3.24 12/16/94

PRIVACY Forum Digest     Friday, 16 December 1994     Volume 03 : Issue 24

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.

	IMPORTANT: PRIVACY Forum Status and Problems
           (Lauren Weinstein; PRIVACY Forum Moderator)
	Privacy on the WWW (Scott Coleman)
        What's wrong with customized service? (Michael McCarthy)
        Re: Orwell, 499 channels, and where privacy begins (Nevin Liber)
        Orwell, 499 channels, and where privacy begins (Scott Coleman)
        Re: Orwell, 499 channels, and where privacy begins (Karl Anderson)
	Orwell, 499 channels, and where privacy begins
	UK concerns over personal data grow (Sue Schofield)
	Re: How to stop invasion of privacy (Arthur L. Rubin)
	The problem with preference recording (Marc Thibault)
	Maintaining Privacy in Electronic Transactions (Benjamin Cox)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW home
page at the URL: "http://www.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.


   Quote for the day:

	"All good things must come to an end."

		-- Folk saying (hopefully not always true...)


Date:    Fri, 16 Dec 94 13:56 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: IMPORTANT: PRIVACY Forum Status and Problems

Greetings.  This message contains important information regarding
the status of the PRIVACY Forum.  I'd appreciate it very much
if you'd read it over completely.  (Thanks!)

The number of submissions in the most recent cycle was very large,
apparently as the result of recent list additions and gatewaying of
the digest into various major online services which have opened Internet
gateways to very large numbers of users.  I've had to be even more
selective than usual as a result.

Also, the percentage of addresses yielding some form of bad address return,
multiple warning messages (sometimes appearing daily for a month or more),
"I'm on vacation messages", and all manner of other automated responses is
growing rapidly.  Even with the automated listserv to handle some "routine"
requests, most of these response messages require manual work to interpret
and process.  All of this is aside from dealing with the many submissions
themselves, the FTP, gopher, and WWW servers and archives, and the other
services related to the Forum.

I'm happy to continue the gratis offering of the growing amount of time and
resources it takes to keep the PRIVACY Forum going, so long as I am able,
since I consider it to be an important and worthwhile undertaking.  

There are some things you can do that would make my life just a little bit
easier.  First off is to please *always* use *substantive* subject lines on
all your submissions.  I've been emphasizing this in the Forum info files
and digest masthead.  Please do *not* use your "reply" command to generate a
response, and please don't use subject lines like "a submission", or "my
response".  Please take the time to choose a subject line that imparts some
meaning to the reader regarding the subject at hand.

Another point is that whenever possible, please set up your vacation
programs and other automated response systems to not reply to the digest
mailings.  When a list gets this large the number of these that come pouring
back becomes quite substantial, and seems to be growing rapidly.

With your assistance, I'll have a better chance of keeping things running
smoothly even through this high growth period.


... However ...

I'm very sorry to report that external circumstances may force the
termination of *all* PRIVACY Forum services (digest, ftp, gopher, WWW, etc.)
in the *extremely* near future, due to the probable loss of the current
network connection and lack of sufficient funds to obtain a replacement
connection.  I've been attempting to find a way to replace the necessary 
PPP or SLIP connection via locally accessible points here in the Los Angeles
area, so far without success.  

If the situation does not change very shortly, I will post a message
with the details.  In the meantime, if you wish more information about
this situation or have suggestions regarding available connection points or
entities who might be interested in helping to sponsor the continued
work of the Forum, please contact me directly by email.

Thank you for your continuing support of the PRIVACY Forum.




Date:    Sun, 13 Nov 1994 08:51:29 -0600 (CST)
From:    genghis@ilces.ag.uiuc.edu (Scott Coleman)
Subject: PRIVACY on the WWW

march@europa.com (Marc H.) said:

> Explicit warnings and documentation seem to be the best solutons. 


> What I would like to see is a much more explicit preferences dialog, one 
> that warns the user about possible logging by web sites. I would disagree 
> with any assertion that particular browsers should be avoided because of 

Agreed. In fact, even if your web browser does not supply this information,
that does not prevent the web site's software from collecting it and much 
more - see below.

> This is not a web-specific issue.  Interested readers are referred to RFC
> 1413, "Identification Protocol,"
> <URL:http://www.cis.ohio-state.edu/htbin/rfc/rfc1413.html>, which details a
> more-reliable, transparent, and generalized implementation of TCP
> connection logging.  I think it only prudent to assume that any site you
> visit on the net could keep a log of your visit; 

Indeed it is. In fact, any site using NCSA's httpd web server daemon is
already performing such logging, over and above any information
explicitly gathered from the HTTP_FROM field. httpd maintains a file
called access_log which logs the name and IP address of each machine
making a request, the date and time, as well as the request itself (i.e.
which file was sent or which query was made). In addition, if the user's
machine is running the proper identification daemon, the user's login
name is recorded into this log, as well (although the latter can be
explicitly disabled by the web admin). This feature of httpd is a
marketer's dream - he has accurate information on who accessed his site
and specific data on what was accessed. 

In short, don't think for a moment that leaving the email address field 
in your web browser's config file blank will prevent the unscrupulous from 
collecting your email address. 

This is another feature of which most web users are blissfully unaware; 
unlike the ftp sites which proclaim their logging policy in all caps and 
encourage users to disconnect immediately if they do not like that policy, 
this logging is not explicitly disclosed by any web sites or browsers that 
I have ever encountered.

Caveat User!


Date:    Wed, 7 Dec 1994 16:14:51 -0800
From:    mac@Advanced.COM (Michael McCarthy)
Subject: What's wrong with customized service?

Jerry Leichter in "Orwell, 499 channels,a nd where privacy begins"
raises excellent questions about why people object to attempts by large
distant corporations to get to know you better as a consumer/customer.
Until we can answer that question adequately enough to tell if our
feelings are unreasonable, we may be expending effort to control a
trivial aspect of privacy when so many vital areas of privacy are under

I had a coworker who was infuriated because the owner of the local
sandwich shop greeted him every day by name. My coworker was completely
inarticulate about why this was offensive, but it dawned on me that he
was upset because the shop owner was acting too familiar. My coworker
was something of a snob, and felt the shop owner beneath him.

I suspect that the hatred of businesses knowing more about you in order
to serve you more specifically is not really as widespread as assumed
in places like the Privacy Forum. I see an undercurrent of elitism and
disdain for mere commerce inthe criticisms -- businesses are acting
"too familiar."

Let us consider what the average person, of any stripe, truly hates:
junk mail -- misaddressed, mislabeled, and especially about things we
are totally uninterested in. The endless fake telegrams offering
overpriced second mortgages, citing sales on cars we wouldn't be caught
dead in, begging for money for political movements we despise or
charities we never heard of, depicting custom jewelry that offends our
taste and lifestyle, and all the other misdirected wasted pleadings.

But send me a solicitation to buy a map of the hidden doors to Doom II,
or to sell me a CD of clip art just after I got my first copy of
Microsoft Publisher, or to contribute to the von Mises Institute as I
stew about the latest inanities emitted by Robert Reich -- well, I
don't complain about these things, do I? In fact, if there's a movement
or a sale or an event that I'd be really interested in and nobody tells
me about it, I'm annoyed and feel cut out.

Well there's no pleasing some people. I want you to send me only that
mail and make to me only those phone calls that address my burning
needs and momentary passions most directly -- but don't you dare try to
figure out what they might be by examining my recent buying patterns,
you nosy so-and-so's!

The real fear is of Giant Corporations knowing Too Much about us. Yet
our greatest *safety* lies in what some find most offensive:  the
commercial instincts of those same giant corporations. They are
interested in knowing exactly as much about us as will allow them to do
the most targeted kind of marketing -- which is almost by definition
the least offensive kind of marketing for any given person (except
those who profess to hate being marketed to -- the liars).  Giant
corporations, for all their faults, are not trying to have us arrested
or taxed or thrown out of the country. For that kind of truely fearsome
invasion of privacy -- for privacy violations aimed squarely at
enslavement rather than selling us Cheerios -- we have to turn to the

I suggest that our efforts be focussed on keeping commercial marketing
data out of the hands of -- our congressmen! (I fear information about
me in the hands of Newt Gingrich and Teddy Kennedy far more than in the
hands of Sears-Roebuck and Apogee Software.)

Michael McCarthy
Editor-in-Chief, Advanced Systems Magazine, San Francisco.


Date:    Wed, 7 Dec 1994 04:03:35 -0700 (MST)
From:    Nevin Liber <nevin@cs.arizona.edu>
Subject: Re: Orwell, 499 channels, and where privacy begins

Jerry Leichter <leichter@lrw.com> writes:

> An article in a recent Privacy Forum mentioned the potential for video-on-
> demand providers to track customer usage and use that to target ads, say for
> the latest Steven Segall movie to viewers with a history of interest in
> "adventure" flicks.  Of course, other forms of buying habit data collection
> and targeting have been around for a while.
> An issue I've raised before, but have never seen a serious discussion on, is:
> Exactly what is it that people find objectionable in such practices?

Take the following scenario:

You find out that a good friend of yours has been infected with the AIDS
virus.  You decide that you want to learn more about it.  You go out
and get books and videotapes on the subject.

A year or two later, you apply for a new job.  You are certainly
qualified, but they turn you down.  Why?  Their health insurance
carrier has determined that you are in a high-risk group for AIDS, and
they won't cover you.

Do you think the law is going to protect you?  Talk to anyone who has
had their credit history screwed up to let you know just how hard it is
and how many years it takes to get it corrected.
Before computers, it was prohibitively expensive to get this kind of
information.  Now it's fairly cheap (and if you can't do it through
normal channels, just think about how much it would cost to bribe a
minimum wage worker to give you the info).

The information being kept track of is of *what* is purchased; not *why*
it is purchased.  All sorts of statistical analyses are performed and a
guess is made to why, and that guess is taken as gospel.  Your local
bookseller might know why you keep buying those AIDS books; the
mega-bookstore databases certainly do not.  And we'll never
have laws against people misusing incomplete information.

Just think about the field day McCarthy could have had if he could
easily get a list of everyone who ever bought / borrowed from a
library a copy of the Communist Manifesto.
	Nevin ":-)" Liber	nevin@cs.arizona.edu	(602) 293-2799
	                 	                    	 ^^^ (520) after 3/95

Date:    Wed, 7 Dec 94 07:48 PST
From:    asre@uiuc.edu  (Scott Coleman)
Subject: Orwell, 499 channels, and where privacy begins

Jerry Leichter <leichter@lrw.com> asks:

> An article in a recent Privacy Forum mentioned the potential for video-on-
> demand providers to track customer usage and use that to target ads, say for
> the latest Steven Segall movie to viewers with a history of interest in
> "adventure" flicks.  Of course, other forms of buying habit data collection
> and targeting have been around for a while.
> An issue I've raised before, but have never seen a serious discussion on, is:
> Exactly what is it that people find objectionable in such practices?
> Let's look at a little history.

Unfortunately, your examination of history managed to miss a highly publicized
incident which would have answered your question quite handily, namely that
involving Judge Bork. In a nutshell, Bork's opponents acquired the records
of videotapes he had rented in an effort to prevent his confirmation to the
Supreme Court. Although they found nothing particularly incriminating (i.e.
no "Deep Throat" or kiddie porn rentals), Congress was sufficiently alarmed
by this to enact legislation which guarantees that such video rental records
remain private. Incidentally, I wonder how the video-on-demand providers
will deal with this law, which could easily be interpreted by a judge to
apply to the collection and sale of video-on-demand purchases.

> When I went into my local bookstore, I knew the proprieter.  He
> knew me.  He also knew my tastes in reading, and would recommend books he'd
> seen that I might like.  Did this bother me, or others?  Did it bother people
> that the owner of the local clothing shop might suggest some clothing that had
> just come in as "just your style"?  That the owner of the mom-and-pop grocery
> might tell them that fresh apples were in and were particularly tasty this
> year? [...]
> Not only didn't people object to this kind of thing, they liked it.

Ah, but the owners of such small stores weren't compiling huge databases
on the preferences of their customers and SELLING IT, WITHOUT THEIR
CUSTOMERS' KNOWLEDGE OR CONSENT, to other marketing slime so that
enormous, cross-referenced aggregated databases could be produced. Such
knowledge is, as you point out, quite benign as long as it exists only
in the shopkeeper's head. Nor were these sole proprietors buying similar
data from other sources and using it to try and lure people from the
next twon over into their stores via targeted direct marketing campaigns.
It is this buying, selling and aggregating, as well as the lack of informed
consent on the part of the victims, which many people find so

> a mega chain like Borders.  It's certainly true that a large enough quantita-
> tive difference results in a qualitative difference.  And I certainly have the
> same feeling that there's no problem with the local book seller knowing what
> I like to read, but there is a potential problem with Borders keeping track
> of such information.  But it bothers me that I can't elucidate exactly why.

Have I been able to help you in any way? ;-)

> Is it that the information my local book seller has is unlikely to be shared,
> while Borders will resell what it knows?  Perhaps, but again (a) my local book
> seller is more likely to share the information with people who know me than is
> Borders, which will sell it with information about thousands of others in an
> essentially anonymous fashion; and (b) in fact, this information is becoming
> too valuable to be sold - Borders wants to use the information it gathers to
> gain an advantage over other mega chains.

An interesting notion, but one which I fear is too naive. To give but
one example, it is quite common for grocery stores to get new laser
scanner checkout terminals at a greatly reduced cost. The large
marketing firms which specialize in the collection and correlation of
consumer purchase data will subsidize the cost of acquiring this equipment
in exchange for the right to collect and KEEP the data thus generated.
Thus, for a one-time fee, these companies get a steady stream of data on
what products people are purchasing (and, thanks to the widespread use
of credit cards, check cashing cards, and "preferred customer"/discount
cards, the marketers have a valid name and address with which to
associate those purchases.

At this point, I could go on into the great potential for abuse and
privacy erosion which such enormous databases of targeted marketing data
present, but I think I'll save that tome for another thread. ;-)

Scott Coleman, President ASRE (American Society of Reverse Engineers)


Date:    Wed, 7 Dec 94 12:31 PST
From:    karl@reed.edu (Karl Anderson)
Subject: Re: Orwell, 499 channels, and where privacy begins

>From:    Jerry Leichter <leichter@lrw.com>
[regarding vendors selling one's buying habits]

>An issue I've raised before, but have never seen a serious discussion on, is:
>Exactly what is it that people find objectionable in such practices?

>When I went into my local bookstore, I knew the proprieter.  He
>knew me.  He also knew my tastes in reading, and would recommend books he'd
>seen that I might like.  Did this bother me, or others?

By casting a vendor as the friendly owner of one's hometown
store, you eliminate the problem.  "Mom and pop" aren't going to do
anything with this information except give recommendations.  We
don't have this assurance with a corporation.

If I were HIV positive, and consequently were to buy books on the
subject, I would appreciate it if my bookseller told me about related
books or services.  Telling potential employers, landlords, etc. would
be a different matter entirely.

I signed up to donate blood when I was 18, before I had ever been
tested for HIV.  I was given a questionnaire first.  The fine print
mentioned that in accordance with state or federal law
something-or-other, names associated with several types of positive
tests, including syphillis and HIV, would be forwarded to state or
federal agency this-or-that.  Some government official had been
recently blathering to himself in the media about quarantine camps and
glow in the dark tattoos.  I turned around and walked out.

If the Red Cross was administered by "mom and pop", who would do
nothing with this knowledge except tell me whatever helpful
information they knew, then I might not have done so.

karl@reed.edu               http://www.reed.edu/~karl/


Date:    Thu, 8 Dec 94 21:37 EST
From:    minya!jc@eddie.mit.edu
Subject: Orwell, 499 channels, and where privacy begins

Jerry Leichter <leichter@lrw.com> wrote:

| An article in a recent Privacy Forum  mentioned  the  potential  for
| video-on-  demand  providers to track customer usage and use that to
| target ads, say for the latest Steven Segall movie to viewers with a
| history of interest in "adventure" flicks. Of course, other forms of
| buying habit data collection and targeting have been  around  for  a
| while.
| An  issue  I've  raised  before,  but  have  never  seen  a  serious
| discussion on, is: Exactly what is it that people find objectionable
| in such practices?
| Let's look at a little history.  ...

That's the best way to find out why people are so  excited  about  the
topic.   Do  some  reading  about  the  McCarthy  witch (oops, I meant
communist) hunt back in the 50's, and you'll get a  pretty  good  feel
for why you want privacy even if you can't offhand think of a way that
something might hurt you.

One of my favorite news reports from the 70's was about  a  researcher
who  found  out  why he had been turned down for government grants for
the previous decades. He was listed as a secret member of a subversive
organization  in  the  US government's lists of such things.  It seems
that his car had been spotted parked in the same block far from  where
he  lived,  on  evenings  when the group had its meetings.  The reason
turned out to be that his son had a girlfriend who lived in  the  same
block,  and  had been borrowing his dad's car to visit her many nights
each week.  Of course, the government  investigators  didn't  see  who
drove  the  car  or  where they went; they just walked down the street
writing down all the license numbers,  and  recorded  all  those  that
didn't live in the area as likely members of the group.  Think of this
the next time you park your car somewhere far from home.

An anecdote from my personal life that is (I hope)  silly,  but  which
indicates what could happen: About two years ago, a friend (a visiting
Russian named Alla) was due to have her baby, and her  husband  wasn't
around,  so  my SO (Shelley) went to the hospital to keep her company.
While there, Alla was understandably not up to walking around much, so
Shelley  went to pick up the baby pictures, and paid for them with her
Visa card.  As a result, we are now on  the  mailing  lists  of  every
baby-goods  seller  in  North  America.   We get several baby-oriented
mail-order catalogs each day.  The catalogs are  tracking  the  baby's
age.   Just  today  we  got  a  packet  of  disposable  diapers  for a
two-year-old (22-35 pounds). In another 15 years or so, we'll probably
be getting ads from colleges.  It does absolutely no good to tell them
that we don't have a baby.  Their computer knows we do.

As I said, this one is basically silly; it's not easy to see how  this
could be used against us.  Or could it?  A lot of American politicians
are making a lot of noise these days about  unwed  mothers  being  the
cause of all our social and economic woes.  Suppose someone were to do
a cross-check of  the  records  of  someone  else  like  Shelley,  and
discover  that  she was an unmarried teenager who had just bought baby
pictures.  She would then be permanently in the records  as  an  unwed
teenage  mother,  and  there'd be no way (short of zillions of dollars
and the rest of her life spent in court suing *everyone* who used  the
information) to eradicate such misinformation. If she were later found
not to have a baby, she would be under  obvious  suspicion  of  having
killed it ...

Or, to mention another hot topic these days:  Suppose instead of  baby
pictures,  she  had  used  her  charge  card to pay for a friend's AZT
prescription.  The result would probably be that she'd  be  unemployed
for the rest of her life.  As soon as her employer found out, she'd be
laid off, and who would hire someone that obviously has AIDS?

If you don't believe these scenarios are realistic, you  haven't  been
paying attention. There has been at least one case in the past year or
so of a political candidate making a campaign issue of  an  opponent's
video  rental  record.  If you ever want to run for public office, you
should consider that everything you've ever purchased  with  a  charge
card may be used as evidence against you.

(Myself, I figure that my fate will be sealed about the time that  Pat
Roberson  is  elected president, and his investigators discover that I
was once a key-carrying member of a Unitarian church.  ;-)


Date:    Wed, 7 Dec 94 13:28:23 +0000
From:    Sue Schofield <sue@s-sco.demon.co.uk>
Subject: UK concerns over personal data grow

UK concerns over personal data grow 

by Sue Schofield - Sussex UK

Premier UK telecomms supplier BT ( ex British Telecom) hit the UK news twice
in November  this year, once with the enforcement  of Caller Line Identifier
on all unlisted numbers, and then with the unwelcome news that a hacker had
gained access to thousands of unlisted  military and Government numbers. The
hacker who got hold of the  BT information  didn't break into the site  or
hack into computers from a shady back room, but was a contract employee who
found the system passwords  left lying around on desks or pinned to public
notice boards.  His story was  verified  by a  journalist, who  got a job in
the same department and found the passwords  lying around exactly as
described by the mystery hacker. The unlisted numbers included  those of the
Prime Minister and Buckingham Palace, together with actual billing costs and
call logs from those numbers. 

Other interesting snippets provided  generous amounts data about some of
the UK's most sensitive sites, including details of 'safe' call boxes.
Freephone numbers  and businesses used by MI5 as fronts for covert
operations were also described in detail,  mainly in the form of ASCII
billing and customer information taken from BT's USA-built systems. 
(Business Managers might wonder how the information was  so easily copied
electronically and  removed from BT premises.)

The news broke  as a front page in the Independent Newspaper and
immediately  lead to questions in the House of Commons.  An apparently
Internet-savvy Prime Minister confidently informed  the House that there was
no evidence of secret  telephone numbers being posted or made available on
the Internet.  A subsequent edition of the Independent showed time and date
stamped print-outs of  a telnet session to an Internet  site, from where it
was (apparently) still possible to download reams of similar  information.
The new information was published   after the PM's speech  denying that  the
data was available, and after a statement from BT  confirming that no
security information had been leaked or was available. 

The escapade was just another in a series of  high level information leaks 
from within the privatized  BT. Previous leaks included the duplication of
an 'unhackable' CD-ROM  UK phone directory which is  now available in the
USA for a few dollars, and numerous stories of BT employees selling or
making available unlisted or 'interesting' telephone numbers. BT, formerly
British Telecom, is one of the national utility companies sold off in the
current Government's strive for privatization.

The BT Hacker scam has raised eyebrows in country where the public still has
implicit faith in the security of national health and personal financial
data. But much of this faith is misplaced, especially in the light of 
proposed further  privatization of public services where personal privacy
issues are almost certain to be ignored. But there are clouds on the horizon
for UK individuals who  remain unconcerned about the Government's stance on
privacy issues or the ability  or suitability of private  businesses to 
handle electronic data on individuals. Forthcoming privatization of the
electronic handling of  both Inland Revenue and medical records  mean that
for the first time in the UK there's a real risk of electronic data about
individuals becoming readily  available to anyone capable of accessing a
'secure' computer terminal. While all of the private companies involved in
bidding for these lucrative tenders deny that there are risks of medical
data or other personal data becoming available to unauthorized persons, BT's
example of what a private company can do with public records  must ring  a
loud warning to UK residents.   Most of  the UK  population's credit card,
vehicle,  Revenue, credit, utility   and medical records  will be available
electronically by the year 2000, on computer systems maintained and operated
by private companies unaccountable in law to the individual.
This should ring a loud alarm bell in a country where there are no
constitutional privacy rights. Individuals have to ask themselves whether
the numerous breaches  of BT's 'secure' record systems will provide a model
for the forthcoming mass computerization of personal data. As things stand
the Government relies on the much maligned Computer Misuse Act to prosecute
those who gain 'unauthorized access' to computer systems.  But the Act has
not deterred  repeated misuse of the Police National Computer, utility
computers or the  national Vehicle Licensing computer, nor it will not
provide any protection  or recourse for individuals whose medical, personal
or other records are mishandled by private companies. 

Sue Schofield (sue@s-sco.demon.co.uk) is a UK technology journalist, and the
author of the UK Internet Book, amongst others.


Date:    Wed, 7 Dec 94 07:52:13 PST 
From:    a_rubin@dsg4.dse.beckman.com
Subject: Re: How to stop invasion of privacy

In privacy digest 3:23, Gary Martin <gmartin@freenet.columbus.oh.us>

>I heard a rumor yesterday that I wanted to run past all of you.  A
>relative of mine told me that at least one, possibly more commercial
>online service(s) may be invading your privacy without you knowing it when
>you're connected to them.  I was told that a particular company routinely
>uploads your entire directory structure, and sometimes even data within
>certain files.

Is this a rehash of the Prodigy "STAGE.DAT" fiasco, in which the service
allocated a large file without clearing it, hence the accusation that it
uploaded propriatary information; whereas in actuality, the file is a
download staging area?  However....

>1.  Does anyone know where I can find freeware or shareware that will allow
>    me to track every directory read, file read/write and upload or 
>    download?  I would prefer that it be Windows 3.1 or OS/2 2.1 based
>    software.

I've seen some such for directory read, and file read/write.  I could write
a TSR for DOS which would (probably) work under Windows that would do that,
but it seems relatively easy.

>2.  Are you aware of any software that would PREVENT a commercial service
>    from doing these things?  

No.  I think it could be done, but the shell/TSR/program would have to
prompt you on any request to read a file, making it very burdensome.  How
can the software know what you want the service to be allowed to read? 
Alternatively, the TSR could provide a software simulation of password

>3.  Is there anything I can do using existing MS-DOS or Windows options to
>    track or prevent this short of password protecting or encrypting
>    everything?

I don't think so....but I'd be happy to be proved wrong.
Arthur L. Rubin: a_rubin@dsg4.dse.beckman.com (work) Beckman Instruments/Brea
216-5888@mcimail.com 70707.453@compuserve.com arubin@pro-sol.cts.com (personal)
My opinions are my own, and do not represent those of my employer.

	[ There were a large number of other messages on this topic,
	  most also suggesting that the rumor was related to the
	  original "Prodigy" incident.  As reported above, it appears
          that Prodigy's use of a staging file which contained unerased
	  user data alarmed some users, but apparently this file was
          never uploaded *to* Prodigy.  Another message pointed out that
          the possible liabilities to any service that purposely uploaded
	  private user data without users' permission could be extremely

	  There was also a report that the next (1995) release of a popular
	  windows-oriented operating system for PCs might contain an "online
	  registration" feature which uploads the users' AUTOEXEC.BAT file.
	  Since careful inspection of this file could reveal the names of
	  which software packages the user had installed on their system
	  (among other information) the author of the message was concerned
	  about the privacy implications.  No details regarding this
	  "feature" or how (or *if*) it was really implemented were
	  available.  Persons with more information are of course invited
	  to comment here in the Forum. 
					  -- MODERATOR ]


Date:    Wed, 7 Dec 1994 10:15:22 -0500
From:    marc@tanda.on.ca (Marc Thibault)
Subject: The problem with preference recording

Jerry Liechter's musings about why we are concerned about the privacy of the
databases kept by the stores we use makes a good point. It is important for
us to be able to articulate our concerns. Like Jerry I have a problem
expressing the unease that mere existence of these databases produces. There
is, however, an identifiable problem: that of misuse or conversion.

The bookstore or, more dramatically, the video store records that are kept
of my purchases are different than the owner's recollection of my buying
habits in a very important way. The owner's memories can't be stolen,
confiscated, or subpoena'd, and they die when he does. Governments and the
law are fickle things, as anyone who was around in the 50's and 60's can
attest. Who would want a modern-day McCarthy, Hoover or Carrie Nation to
have access to their video rental records?

If the gun control trend in Canada goes to its logical conclusion, I don't
want cops crashing into my house demanding my guns because my name showed up
on a list of people who read _Guns and Ammo_ or _Hunter_, but not on their
registration list. What defense can I possibly have if I don't have any
guns? No one can prove a negative, so they'll just keep wrecking my house
until they are satisfied that even the beams aren't hiding guns, at which
point they'll insist on knowing who I gave them to (ref BATF, Waco). The
people who make and enforce our laws can be counted on to act in mindless,
ignorant and brutal fashion at almost any time. We don't need to add fuel to
their fantasies.

A bookstore owner is capable of selective memory, based on whether he thinks
the information is relevant, and his testimony can be called into question
if it's insufficiently selective. A computer database is mute, complete, and
open to whatever spin the most powerful interpreter chooses.



Date:    Wed,  7 Dec 1994 17:58:25 -0500 (EST)
From:    Benjamin Cox <thoth+@CMU.EDU>
Subject: Maintaining Privacy in Electronic Transactions

Now that I've finished jumping through all the necessary hoops to have
my MS thesis signed by all the necessary parties, I'm making it
available through the Web.  There may be some in this forum who will
find it interesting.

The thesis (titled "Maintaining Privacy in Electronic Transactions")
is available in PostScript form at


The abstract is reproduced below; it is available as HTML at
http://www.ini.cmu.edu/~thoth/ms-thesis-abstract.html (it includes a
pointer to the PostScript).

Ben Cox					thoth+@cmu.edu



Electronic commerce presents a number of seemingly contradictory
requirements.  On the one hand, we must be able to account for funds
and comply with laws requiring disclosure of certain sorts of
transaction information (e.g., taxable transactions, transactions of
more than $10,000).  On the other hand, it is often socially desirable
to limit exposure of transaction information to protect the privacy of
the participants.

In this thesis, I address the following issues:

  * I develop a new analysis technique for measuring the exposure of
    transaction information.

  * I analyze various privacy and disclosure configurations to
    determine which are technically feasible and which are logically

  * I apply this analysis to the Information Networking Institute's
    proposed ``NetBill'' billing server protocol.

  * I consider the use of intermediary agents to protect anonymity and
    the implications of various arrangements of intermediaries.

  * I develop an encoding technique that can reveal the order of
    magnitude of a transaction without revealing the exact value of the
    transaction itself.


End of PRIVACY Forum Digest 03.24

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH