TUCoPS :: Privacy :: priv_420.txt

Privacy Digest 4.20 9/15/95

PRIVACY Forum Digest     Friday, 15 September 1995     Volume 04 : Issue 20

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	
                       ===== PRIVACY FORUM =====              

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy,
     		     and the Data Services Division 
	           of MCI Communications Corporation.


CONTENTS 
	Deadbeat Dads (Simson L. Garfinkel)
	Security, Privacy and Marketing on the World Wide Web
	   (Denman F. Maroney)
	Drug-testing 85% of all students proposed (Wm Randolph Franklin)
	4th Amend. & Encryption (Daniel L. Hawes)
	Virginia Changes Driver's License Numbering Practice 
           (Frank B. Hudgins)
	Highway surveillance (Daniel L. Hawes)
	Telcos and Privacy [fwd] (Peter Marshall)
	Court privacy hearings (Beth Givens)
	New Privacy Book (Robert Gellman)
	Privacy Files: a new publication (Pierrot Peladeau)
	Surveillance Conference (Graham Sewell)
	Re: Legality of Unsolicited Advertising Faxes? (Larry Kizziah)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW 
server at the URL: "http://www.vortex.com".
-----------------------------------------------------------------------------

VOLUME 04, ISSUE 20

   Quote for the day:

	"Are you here for an affair?"

			-- Hotel desk clerk (Buck Henry)
			   "The Graduate" (1967)

----------------------------------------------------------------------

Date:    Mon, 28 Aug 1995 21:48:54 -0400
From:    simsong@vineyard.net (Simson L. Garfinkel)
Subject: Deadbeat Dads

	[ Used with permission of the author -- MODERATOR ]

SOCIAL INSECURITY PLAN TO MAKE IT EASIER TO
TRACK DOWN 'DEADBEAT DADS' WORRIES PRIVACY ADVOCATES

    ELEVEN years late, the 1984 as envisioned by George Orwell finally may
arrive.
    Welfare reform legislation moving through Congress could dramatically
increase the use of Social Security numbers by state governments as a way
to track people from cradle to grave. The proposal, which would create or
expand a series of national data banks, is designed to track people who
don't want to be found.
     With support among both Democrats and Republicans, the proposal is
striking fear among the guardians of  privacy, who believe the legislation
would increase the government's surveillance of the American public.
    ''What we are facing is the single greatest step toward big brother
government since Watergate,'' said Donald L. Haines, a legislative counsel
with the American Civil Liberties Union in Washington.
    Nevertheless, the proposal has received relatively little attention
because the expanded use of Social Security numbers is one of the few areas
of agreement between the Republican-controlled Congress and the Clinton
administration.
    Welfare reform was one of President Clinton's campaign promises, and it
also was one of the 10 tenets of the Republican Party's ''Contract with
America.''
    Called the ''Personal Responsibility Act,'' the U.S. House of
Representatives passed its version of the bill March 24. The Senate
version, retitled the ''Family Self-Sufficiency Act of 1995,'' passed a
committee vote June 9. Although the committee, chaired by Sen. Bob
Packwood, R-Ore., made substantial changes to  the House bill, the sections
dealing with the expanded use of Social Security numbers remained
essentially intact. At the heart of the legislation is the desire to do
something about so-called ''deadbeat dads'' - and moms -   who refuse to
pay court-ordered child support payments. Both Congress and the Clinton
administration believe that a large amount of the money spent on the
government's Aid to Families with Dependent Children program could be saved
if more single parents obtained child support orders, and if those orders
were better enforced.
   ''People normally say that there is a $34 billion gap'' between the $14
billion that is annually paid in child support and the $48 billion that
theoretically could be collected, says Jane Checkan of the Health and Human
Service's Administration on Children and Families in Washington. Checkan's
figures are for the year 1993, the last year available.
     In an attempt to close this gap, the welfare reform legislation
mandates increased surveillance of all American citizens. By tracking
Americans when they change jobs or receive state driver's or professional
licenses, the legislation's backers hope to give deadbeat dads nowhere to
hide.
    The legislation also calls for mandatory reporting of Social Security
numbers by people getting marriage licenses or divorced, and in paternity
proceedings. These reports are designed to make it easier for single
parents to obtain support orders, and to make it easier for state welfare
agencies to figure out the identity of a spouse when a single parent
applies for benefits.
   ''Ten million women are potentially eligible to child support for their
kids,'' Checkan said. But many people do not take advantage of their legal
rights. ''Forty-two percent do not have an award in place.'' 

Welfare reform pushed

        Checkan said that it is estimated that as much as 8 percent of the
government's Aid to Families with Dependent Children payments could be
eliminated if child support orders were obtained and enforced. ''That's
why, in the Clinton proposal, that child support is such a major part of
welfare reform,'' she said.
    Currently, many government agencies maintain databases that are indexed
by Social Security numbers. Nevertheless, the databases are of limited use
for welfare enforcement. Some of the databases are restricted by statute so
that their information may not be used for purposes other than that which
they were collected. 

A move to unify standards

        Others are not cross-indexed with databases of current address,
employment and child support orders.  Still other databases cannot easily
be searched against, because the information is not in a uniform format.
One of the intents of the legislation, sponsors say, is to bring order to
this computational chaos by mandating standard data representation and
indexing strategies. Basing the databanks on Social Security numbers is key
to its success, said Bill Walsh, chief of California's Child Support
Management Bureau, part of the Department of Social Services.
    ''I'll tell you, the Social Security number is probably the most
important piece of data that there is in trying to locate parents that we
can't find in order to establish child-support orders, or in cases where we
have already established an order, to get payment on those orders,'' he
said.
    A national database also could make it easier to track down the 30
percent of dads who live outside the state, said Walsh. Although such a
database currently exists, the proposed legislation would greatly expand
its reach, by creating a virtual dragnet that could not be escaped.

Civil libertarians worry

       Walsh said  his department is in favor of creation and expansion of
the national databanks, because they ''allow us to have access to more and
better data in order to locate parents who owe child support.''
    Nevertheless, a growing number of civil libertarians are questioning
the creation of large-scale national databanks, and the expanded use of
Social Security numbers, for tracking down deadbeat dads.
    ''It's a databank that could be used to allow people to track people
down for purposes having nothing to do with (child support),'' said Haines
of the ACLU.
    Haines is especially worried that the system could be used to find
victims of domestic violence who are attempting to hide from their
assailants.
    ''An unfortunate truth is that in our justice system today, for many
victims of domestic violence, their only hope for relief is to escape into
some level of anonymity,'' he said. ''Protective orders don't work or
aren't enforced.''
    Although the legislation would prohibit the unauthorized use of the
system, Haines characterized such use as ''inevitable.'' As an example, he
noted how some abusive men find runaway spouses using surreptitious means,
such as privileged data reserved for law enforcement. 

Potential for fraud

        Other privacy advocates are concerned that the databanks could be
used as the basis for financial fraud.
    ''I think that there is a real danger using (information) provided for
one purpose for another purpose,'' said Claudia Terraza, an attorney with
the Privacy Rights Clearinghouse at the University of San Diego. ''I see a
real problem with people getting access to your Social Security number and
from there, being able to find out your credit report, or for finding out
other information that they could use for fraudulent purposes.''
    Privacy advocates are most upset about the expansion of the Federal
Parent Locator Service. As written, the legislation would create a national
database of virtually all U.S. citizens - parents or not - with the stated
purpose of tracking them so that any individual's most recent address and
employer can be easily determined at any time. The legislation also would
help enforce court- ordered parental visitation rights.
    Staff members working on both the House and Senate versions of the
legislation said that lawmakers were aware of the privacy issues, and had
tried to put ''privacy protection'' measures into the legislation without
compromising the central goal of creating a national location registry.
    ''We had a long discussion about (privacy issues) - and the (lawmakers)
were the main people doing the talking,'' said a staffer. ''There were some
members who were real sensitive, and they were absolutely adamant that (the
Social Security number)  could not be required to be on the license
itself.''
    Nevertheless, the legislation does require states to ask drivers for
their Social Security numbers when they are issued driver's licenses or
professional licenses, and for those numbers to be reported to the central
registry.
    ''What all of that means is that we will have a de facto national ID
system in this country, which is going to be this database, and with a de
facto national ID card,  which will be your Social Security card/driver's
license, all without a debate on whether or not Americans deserve to be
subjected to a Soviet- or Nazi-style national ID system,'' Haines said.

Effort failed in '60s

     This is not the first time that the federal government has proposed
creating a national databank. A proposal in the late 1960s called for the
creation of a national data center that would ''pull together the scattered
statistics in government files on citizens and to provide instant, total
recall of significant education, health, citizenship, employment records
and in some cases personal habits of individuals,'' reported an article in
the Feb. 25, 1968 issue of The New York Times. 

Fears of surveillance

        At the time, the proposal was  opposed  by privacy advocates like
Columbia University Professor Alan F. Westin and University of Michigan Law
School Professor Arthur R. Miller.    Information centers ''may become the
heart of the surveillance system that will turn society into a transparent
world in which our home, our finances, our associates, our mental and
physical conditions are bared to the most casual observer,'' Miller told
the Times.
   The national data center was never built, and today the controversy has
been largely forgotten. Nevertheless, says Marc Rotenberg, director of the
Electronic Privacy Information Center, one of the important issues raised
at the time was the danger of entrusting a single federal agency with so
many different files.
    ''These proposals invariably reach further than originally intended,''
said Rotenberg. ''If the Social Security number is used today to catch
welfare cheats, it can be used tomorrow to identify political dissidents.
    ''It is of course ironic that such a proposal would go through the
Congress at the very same time that the Republican majority is urging
greater relaxation of government regulation.''

 INFOBOX: THEY'VE GOT
          YOUR NUMBER

 Legislation currently before the Senate would mandate the creation or
 expansion of three national databanks. Each databank would be indexed
 by Social Security number. Together, they would track every
 American.

 (box) Federal Parent Locator Service: Would contain a record of every
 driver's license and professional license issued in individual
 states.

 (box) Federal Case Registry of Child Support Orders: Besides tracking
 every child support order issued by the states, this database also
 would contain records of every marriage, every divorce and every
 paternity determination case in the United States.

 (box) State Directory of New Hires: This federal database would be
 updated every time an American started working for a new employer. It
 would contain the employee's name, address, job description, and the
 name of their employer.
 @2 DRAWING: PHOTO ILLUSTRATION BY JENNY ANDERSON
 [950717 BM 1F 1; COLOR]

 CAPTION: PHOTO:  Packwood
          [950717 BM 4F

 KEYWORDS: SOCIAL-SECURITY US CONGRESS LEGISLATION
 TAG: 9507200059
END OF DOCUMENT.

------------------------------

Date:    Tue, 12 Sep 1995 12:13:24 -0400
From:    Denman F. Maroney <MARONEY@DMBB.com>
Subject: Security, Privacy and Marketing on the World Wide Web

The World Wide Web was conceived and created as a distributed hypermedia
environment, a means for people to ride trains of thought across paragraphs,
documents and computers around the world. It has evolved as a hub of
commercial activity on the Internet. This is indicated by the proliferation
of web sites that sell advertising. 

The currency of advertising is audience ratings (and related measures). The
price of commercial time in a TV show, for example, is set based on the
show's projected ratings.  Similarly, the price of a page ad in a magazine
is set based on the publication's projected readership.

The web does not have ratings. Web clients browse web servers with ease, but
web servers identify web clients with difficulty. The closest thing to
ratings on the web is server logs, which log the IP addresses of clients
that access server files. Server logs do not produce ratings because, among
other difficulties, (1) web clients are not people, (2) web files are not
documents but multiples thereof, and (3) cached web file accesses are not
logged. 

Elaborating briefly on each of these points, (1) the number of clients
associated with a given IP address may range from one for an individual with
a SLIP or PPP account to 2,000,000 or more for a proxy server like AOL or
Prodigy; (2) when a client accesses a document comprised of (say) an HTML
file and 12 in-line images, the server logs 13 hits; and, (3) cached file
accesses are not logged because they are accessed indirectly from the
client's computer or proxy server rather than directly from the web site.

Several companies including A.C. Nielsen, I/PRO, NetCount and WebTrack have
launched web site audience measurement services. But, in reality these are
log processing not audience measurement services, because none of them has
solved these problems. 

Some sites try to skirt these problems by asking or requiring their visitors
to register. This solution is unsatisfactory because some people do not
register, and others register more than once because they forget their
passwords. A central registry launched by a joint venture of Nielsen and
I/PRO alleviates the problems of registrants forgetting or using multiple
passwords but still does not oblige people to register.

Suppose HTTP were modified in such a way as to enable web servers to
identify and track the behavior of individual users. This would make the Web
the best measured of all commercial media. Other commercial media are
measured by means of periodic survey sampling. National television audiences
for example are measured by means of a nationally projectable sample of some
5,000 people who consent to have "people meters" installed in their homes for
a period of years. Magazine audiences are measured by means of a national
sample of some 20,000 people who consent on one occasion to be interviewed
personally and fill out a questionnaire.  If web servers could measure all
users individually and continuously, the web would be measured by means of
continuous census taking instead of periodic survey sampling. From
marketers' perspective, this would be the best of all possible worlds. No
more sampling error. No more non-sampling error. No more discontinuous
measurement. The ultimate in database marketing.

Web users might be less enthusiastic. In fact they might be very put off by
the prospect of web behavior monitoring.  Would playboy.com continue to be
among the most heavily visited web sites if all its visitors knew they were
being watched? Not likely. Would people hesitate to visit web sites that
espoused particular political ideologies if they thought they might be spied
on by federal agents? Very likely. Would people hesitate to visit sites that
sell products and services if they thought the behavioral data so generated
would trigger email solicitations from those sites or be sold to other sites
to similar ends? They might very well.

Accurate web measurement offers many potential benefits as well. Web
marketers could use audience data to tailor sites to fit users' interests.
For example, they might find some areas are visited less often than others
and edit those areas accordingly. They might find some areas are favored by
some users and program those areas to greet those users on arrival (dynamic
page generation already does this to an extent). Consumers who let marketers
know what kinds of products and services they are interested in might be
glad to receive highly targeted information about those things. If you're
shopping for a car, for example, you might welcome a message from a car
maker offering you a special deal on exactly the sort of car you want.

Very soon the information exchanged through the web will include currency.
The financial service and network industries are hard at work on making the
Internet secure for financial transactions. It strikes me that there is a
conjunction between the efforts at Internet security by these industries and
the efforts at audience measurement by web marketers and research suppliers.
The question is how to make the Internet secure and transparent and protect
people's privacy at the same time. In principle, behavior should not be
monitored, and behavioral data should not be exchanged, without users'
knowledge and consent. The question is how to implement this principle. 

One solution might be to create a commercial version of HTTP, a place where
web users could go to engage in commercial activity. This would be analogous
to a central registry but would apply to a designated area of the Web
instead of just selected sites. When users entered this area, they could
know or be told that their behavior could be monitored for commercial
purposes. To be admitted, they would have to show their license or password. 

A potential problem wilth this from marketers' perspective is that the area
could become a commercial dumping ground, the Web equivalent of a home
shopping channel or ad well, and as such repel a sizable segment of
consumers and prospects. 

Marketers are also concerned that users would be put off by repeated
warnings or labels about behavior monitoring.  Whose responsibility is it to
post such warnings or labels?  Internet access providers? Online service
providers?  Information providers? An independent entity? Some combination
of these? What should the warnings or labels say? Where and how often should
they appear?

Another solution might be to let web users relinquish or recover their
anonymity at any time by entering or revoking a PIN. In this way users could
go wherever they wanted on the web and disclose their identity to exchange
certain kinds of information. Of course, this is exactly what is contemplated
to effect secure financial transactions on the web. The point is that it
might be fruitful to design the process from an audience measurement as well
as transaction security perspective.

Bottom line, web servers and clients ? marketers and consumers in the
context of this post ? ought to be able to exchange information to their
mutual benefit. Is this possible? How?

I would like to hear directly from anyone with suggestions.
Thank you.

Denman Maroney
Asso. Media Director, New Technologies
DMB&B Inc.
1675 Broadway
New York NY 10019
email maroney@dmbb.com
tel. 212.468.3918
fax 212.468.3770

P.S. I will be out of the country from Sept. 20 until Oct. 16
and so will be unable to respond to any mail I get during that
period.

	[ This article should help to focus the wide range of privacy issues
	  relating to the use of Web (and other Internet) resources.  Many
	  persons have had concerns about this area for quite sometime. 

	  When I heard that the most popular Web search engine, "Lycos", was
	  now partially owned by a major direct marketing firm (as part of
	  the creation of "Lycos, Inc."), I made a query regarding their
	  policies in this area.  I received a response back from their CEO
	  stating that they did not keep records concerning individual users
	  accessing information (i.e. they do not require registration,
	  though presumably site access info is collected as is standard for
	  virtually all servers), and any audit data collected is used only in
	  aggregrate form for marketing and product development purposes.

	  On the other hand, there are firms involved in providing Web
	  statistical information and log analysis who are apparently
	  claiming that they can turn server logs into direct marketing
	  databases--right now.  One can easily imagine the potential
	  problems and pitfalls that could result--technical, legal,
	  political, and so on.  

	  Will it get to the point where the simple random or errant click
	  of a "netsurfer", or incorrect search engine query response,
	  results in users being added to new marketing lists--perhaps for
	  items in which they have no interest or might even find
	  objectionable?  Will user access log data become simply another
	  commodity to buy, sell, trade, use and abuse?  Will users find
	  themselves the victims of unscrupulous operations which might
	  embarrass, blackmail, or otherwise threaten them with disclosure
	  of which Web pages they've browsed?  Should logs of Web usage be
	  accorded at least as much privacy under the law as videotape
	  rental records?

	  The Web could become a truly fantastic tool for "consensual"
	  marketing of all sorts.  The combination of text, audio, graphics,
	  and video is perfect for providing all sorts of useful services,
	  many of which people will be more than happy to pay for.  But the
	  key word is "consensual".

	  If we don't act *now* to deal with the privacy issues of these
	  systems during this dawn of the true "information age", and put
	  appropriate legislative safeguards into place, we could end up
	  creating an infrastructure for privacy abuses of which George
	  Orwell would never have dreamed in his deepest nightmares. 
	  
	  Comments?  
			-- MODERATOR ]

------------------------------

Date:    Fri, 01 Sep 1995 23:28:32 -0400
From:    Wm Randolph Franklin <wrf@ecse.rpi.edu>
Subject: drug-testing 85% of all students proposed

A school district in the Albany NY area is considering subjecting
any student who engages in extra-curricular activities to random
drug testing.  One example given was the drama club.  It was also
stated that 85% of all students take part in extra-currular
activities.

--------
 Wm. Randolph Franklin,  wrf@ecse.rpi.edu, (518) 276-6077;  Fax: -6261
 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA

------------------------------

Date:    2 Sep 1995 12:59:58 EDT
From:    dlh@marsmedia.com (Dlh)
Subject: 4th Amend. & Encryption

The fourth amendment to the U.S. constitution forbids unreasonable
searches and seizures and guarantees citizens security in their persons,
papers, and effects.  Relying on commonsense ideas about what's
"reasonable", courts have interpreted this language to mean that one is
entitled to privacy where he has sought privacy and taken steps to
secure his privacy.  Katz v. U.S., 389 U.S. 347, 88 S.Ct. 507 (1967);
Berger v. New York, 388 U.S. 41, 87 S.Ct. 1873 (1967); U.S. v. Gerena,
662 F.Supp. 1218 (D.Conn. 1987); Smith v. State of Maryland, 283 Md.
156, 389 A.2d 858 (1977); Smith v. Maryland, 99 S.Ct. 2577, 442 U.S.
735, 61 L.Ed.2d 220 (1979); Kemp v. Block, 607 F.Supp. 1262 (D.C.Nev.
1985).

In order to protect oneself from government intrusion, it is necessary
that one express himself in a manner that exhibits a clear intention and
expectation that the expression is made in private.  The definition of
"private conversation" under the Federal statute prohibiting
eavesdropping and interception in electronic communications at 18 U.S.C.
section 2510 (2).  If the communication can be accessed by third
parties, it is not a private communication, and is thus available for
anyone who wishes to do so, to intercept it.  It is irrelevant to the
analysis of whether a communication is private, whether or not such
third party actually did perceive the communication - privacy is
destroyed if they could have done so.

Under federal law and the laws of all of the states as required by the
federal statute, interception of the private electronic communication of
another is a felony and subjects the offender to civil penalties as
well.  18 U.S.C. sections 2511, 2520.  The statutes require the
interception to have been made intentionally (that is, not inadvertently
or accidentally) without the consent of any party to the communication.
State laws can be more restrictive, and in Maryland, Ill., Mich., and
half a dozen other states, the consent of each and every party to the
communication is required.

It is axiomatic that the Internet and its various manifestations and
incarnations are not secure communications media.  Anyone having access
to any intermediate node on the virtual connection path can intercept a
packet (although the entire communication may not be routed along the
same virtual circuit in the packet-switching network) and read it IF IT
IS IN CLEAR TEXT.  There is no way to assert privacy in the electronic
communication that travels over the 'net except by encryption.

The Federal Government wants to restrict the ability to encrypt
information because it wants law enforcement agents to be able to
intercept electronic communications without having to get warrants to
do so, as they now can.  By restricting the ability of citizens to
extend the scope of their privacy rights over the communications on the
net, law enforcement's ability to conduct unrestricted surveillance is
enhanced, and to be able to use the evidence so obtained without
warrants against persons accused of offenses in court.  A warrantless
search on the net, or any computer connected to the net is acceptable
under current law, for the purposes of motions to suppress evidence in
criminal proceedings; that is, the evidence cannot be suppressed because
of assertions of violations of due process by reason of violation of the
fourth amendment search and seizure clause by law enforcement.

I believe that the only way to assert a right to privacy on a public
data network is by encryption.  Encryption and concomitant security of
the password/key (e.g., non-escrowed) is the only way to assert that one
had a constitutionally-protected right to privacy in the electronic
communication so protected.  For the purposes of suppression motion, it
does not matter whether the communication can be unencrypted, only that
the parties to the communication took steps reasonably designed to
ensure privacy and to clearly indicate their expectation that the
communication be a private communication.

===       ===        ===        ===        ===        ===         ===
Daniel L. Hawes, Attorney at Law  --  Practice Limited to Civil
Litigation. Matters relating to Computer and Telecommunications
Technology and Domestication and Execution of Foreign Judgments
(internet) dlh@marsmedia.com; (voice)703-352-8684; (fax)703-352-5930;
(mail)  10312 Cleveland Street, P.O. Box 846, Fairfax, Va. 22030-0846

------------------------------

Date:    Sat, 2 Sep 1995 14:03:16 -400 (EDT)
From:    Frank B Hudgins <fbh@ns.gamewood.net>
Subject: Virginia Changes Driver's License Numbering Practice

It was announced this week that the State of Virginia will no longer 
require that a person use his/her Social Security number as their 
driver's license number. This change will go into effect in October 1995. 
It must be noted however that a computer generated 10-digit (1 letter and 
9 numerals) identification number will be used on the driver's license 
ONLY upon request. There is no charge for this when re-newing a license 
or when obtaining a first license but there is a $5 charge at other 
times. Many merchants are apparently upset at the change. There are 
reports that merchants may refuse to take a person's checks if the social 
security number is not on the driver's license used as an ID.

Frank Hudgins

------------------------------

Date:    2 Sep 1995 13:09:06 EDT
From:    dlh@marsmedia.com (Dlh)
Subject: highway surveillance

Response to Phil Agre:
  A sovereign, such as the State of California, has every right and
power to conduct monitoring and surveillance over its highways.  This is
fundamentally different from monitoring and surveillance of a person, as
in your cellular-telephone usage monitoring example.  If the state were
watching your house to see when you left, and followed your car on the
highway, etc., that could be construed as unlawful surveillance.  And I
would argue that the Feds cannot do so without a warrant.  A state has
inherent police power, however, and its agents can watch anything they
want to anywhere they want to, as long as the individual's right to
privacy under the fourth amendment, as construed under the fourteenth
amendment's due process clause, is not violated, under the U.S.
Constitution.  State law enforcement officers are, of course limited by
the state constitution and general laws enacted thereunder, but there is
no requirement that the states have such restrictions.  The Mother of
the Bill of Rights, Virginia, is more protective of her citizens'
liberties than most states, having a constitution more rigorous than the
Federal derivation, but even in Virginia we have television cameras set
up full time watching certain highways, and certain other devices that
automatically generate a summons for those whom the equipment has
detected as having violated certain traffic laws.
===       ===        ===        ===        ===        ===         ===
Daniel L. Hawes, Attorney at Law  --  Practice Limited to Civil
Litigation. Matters relating to Computer and Telecommunications
Technology and Domestication and Execution of Foreign Judgments
(internet) dlh@marsmedia.com; (voice)703-352-8684; (fax)703-352-5930;
(mail)  10312 Cleveland Street, P.O. Box 846, Fairfax, Va. 22030-0846

------------------------------

Date:    Mon, 4 Sep 1995 14:17:44 -0700 (PDT)
From:    Peter Marshall <rocque@eskimo.com>
Subject: Re: Telcos and Privacy (fwd)

---------- Forwarded message ----------
Date: Mon, 4 Sep 1995 16:09:19 -0500
From: Barry Orton <borton@macc.wisc.edu>
To: Multiple recipients of list <telecomreg@relay.doit.wisc.edu>
Subject: Re: Telcos and Privacy

reposted for CYBEROID@U.WASHINGTON.EDU 
		-------------------------------
I'm not a regular member of this list, but via the WA Information
Activists list, I read Jack Bryar's comments regarding the collec-
tion of local calling information by the RBOCs.

I have an uncomfortable admission to make:  in 1985, I helped to
draft and manage to passage CA's Telephone Privacy Act.  This
law made it a crime to pass information out of the local tele-
phone company to any third party, for any purpose.  This law, at
the time, seemed well-advised, as it prohibited third party's
from gaining access to calling information accumulated by our
state's telephone companies (primarily, Pacific Bell and GTE-CA).

Now I have second thoughts about this.  It puts the telcos in a
position of power that is quite exceptional relative to the
capacities of other information-service providers, IXCs included.
There is nothing to compel the telcos to share their information,
if it becomes necessary to craft an egalitarian competitive en-
vironment.  At the same time, the telcos are uninhibited in the
ways that they can employ this information -- a potent tool.

It may be that the law has accomplished its principal purpose
well and prevented a flood of personal information out of the 
telcos and to third parties.  But times change, and perhaps it's
time to revisit CA's Telephone Privacy Act.  Perhaps it should
apply to the telcos' new info subsidiaries just as it does to
other third parties.  I'm not with the CA legislature any longer;
it's a much wilder, more pro-utility enterprise these days.  I
wonder what can and should be done.

Bob Jacobson
Former Principal Consultant
Assembly Utilities and Commerce
Committee, CA Legislature, 1981-9

------------------------------

Date:    Sat, 9 Sep 1995 14:03:03 -0700 (PDT)
From:    Beth Givens <bgivens@pwa.acusd.edu>
Subject: court privacy hearings

September 8, 1995

IMPORTANT NOTICE REGARDING PRIVACY OF AND ACCESS TO 
CALIFORNIA COURT RECORDS

From:     Beth Givens 
          Privacy Rights Clearinghouse, Univ. of San Diego
          voice: 619-260-4160  fax: 619-298-5681
          e-mail: bgivens@acusd.edu

The Judicial Council of California's Subcommittee on Privacy and
Access, of which I am a member, is holding two important hearings
in California during September and October. These hearings allow
people to express their concerns and opinions on the development of
computerized court records vis-a-vis privacy and access. 

The hearings are open to all -- Californians as well as those from
other states who wish to be heard on these issues. (Non-
Californians might include representatives of privacy advocacy
groups, civil libertarians, trade associations, and industry).

If you are not able to attend the hearings, you may provide written
testimony, as explained in the notice below. *DEADLINE is October
18th.*

Why are these hearings important? And why is it important for
privacy advocates to express their opinions on the issue of
computerization and electronic dissemination of court records?

There is little to argue about regarding the value to our
democratic society of *public access* to government records. Public
records provide notice to all members of society of the official
actions taken by government, giving the citizens the opportunity to
see what their government is doing. Public records also provide
notice of the "official" status of individuals and property. In
short, public records promote government accountability.

But the tradition of public access to court records may need to be
re-examined vis-a-vis *privacy* in this era of computerization and
telecommunications networks, particularly access to computerized
public records in the aggregate. A recent California appellate
court decision had this to say: 

"There is a qualitative difference between obtaining information
from a *specific* docket or on a *specified* individual, [and] from
obtaining docket information on *every* person against whom
criminal charges are pending in the municipal court. ... It is the
*aggregate nature* of the information which makes it valuable to
respondent; it is that same quality which makes its dissemination
constitutionally dangerous." [emphasis added] (Westbrook v. Los
Angeles Co. et al., 27 Cal. App. 4th 157 (1994))

The plaintiff, Robert Westbrook, a vendor of criminal background
information doing business as Crimeline, wanted to purchase a
computer tape from the LA Municipal Court System in order to
process it and resell it to interested parties. Typically,
purchasers of such information are commercial information brokers,
private investigators and employment background check firms. 

The court ruled against Westbrook in the case, citing privacy
considerations. In addition, the court said that Westbrook's use of
the data over time could amount to the creation of virtual "rap
sheets" on individuals (criminal histories), compilations which are
considered confidential under California law (Penal Code 13300).
Contrary to the Westbrook case, however, other courts have *not
prevented* the unfettered access to and use of computerized public
records in the aggregate.

These hearings are important because they will shape the access to
and use of electronic court records in California, and perhaps
other jurisdictions who study California's court policies, for
years to come.

I hope you will take the time to attend one of these hearings and
present your testimony, or provide written testimony. Please
contact me if you want any additional background information. --
Beth Givens, Privacy Rights Clearinghouse (bgivens@acusd.edu).

     ********* OFFICIAL COURT ANNOUNCEMENT FOLLOWS ***********

TO   Court Administrators 
     Executive Officers of the California Trial Courts
     Persons and Organizations Interested in Access to Court Data

FROM Subcommittee on Privacy and Access of the 
     Judicial Council Standing Advisory Committee on Court
     Technology
     Hon. Judith D. Ford, Chair

DATE August 22, 1995

SUBJECT   Invitation to Comment: 
          Policies on Privacy and Access Rights

In January 1995 the Judicial Council of California established a
Standing Advisory Committee on Court Technology to "promote,
coordinate, and facilitate acquisition and implementation of
information and communication technologies useful and appropriate
to the courts" (Rule of Court 1033(a)). 

The Court Technology Committee subsequently established a
Subcommittee on Privacy and Access to draft policies that the Court
Technology Committee will consider for recommendation to the
Judicial Council. If approved and promulgated by the council, the
policies would establish norms governing privacy rights in and
access rights to data that is maintained electronically by the
California courts. 

To assist it in its drafting effort, the Subcommittee on Privacy
and Access is inviting comment on the following and any other
related issues:

- Given the requirements of California and federal law, how should
the California courts protect privacy rights in their electronic
data?

- Given the requirements of California and federal law, how should
the California courts assure access rights to their electronic
data?

- How should any new costs of providing access to electronic data
be funded?

- When privacy and access rights are in apparent conflict, how
should the conflict be resolved?

*How to comment:*

Send your comments before October 18, 1995 to:

Administrative Office of the Courts
Attention: Victor Rowley
303 Second Street, South Tower
San Francisco CA 94107-1366
Fax 415/396-9323

You are also invited to attend one of two public hearings that will
be hosted by Judge Judith D. Ford, the chair of the subcommittee. 

On Friday, September 29, a hearing will be held in San Francisco at
the Commonwealth Club at 595 Market Street from 9 a.m. until 2 p.m.


On Thursday, October 19, 1995, a hearing will be held in Torrance
in the City Council chambers of Torrance City Hall at 3031 Torrance
Blvd. from 11:30 a.m. until 4:30 p.m.

If you are interested in testifying before the subcommittee, you
must request a place on the hearing agenda in advance. To request
a place on the agenda, please contact Victor Rowley at the above
address, or you may also reach him by telephone at 415/396-9271 or
via Internet email at Victor_Rowley@aoc.jud.state.ca.us.

Each speaker will be allotted ten minutes to address the
subcommittee and will be placed on the agenda on a first-come,
first-served basis. The last hour of the hearing will be available
for the testimony of those who have not contacted Mr. Rowley prior
to the meeting. Speakers who want to testify during this hour
should sign up upon arrival at the meeting site and provide their
comments in writing. Each speaker will be permitted ten minutes to
testify. At the hearing, you must provide a written summary of your
comments for the record.

We encourage you to circulate this invitation to comment to others.

------------------------------

Date:    Tue, 5 Sep 1995 16:38:23 -0400 (EDT)
From:    Robert Gellman <rgellman@cais.cais.com>
Subject: New Privacy Book

Subscribers to this forum may be interested in a new book on privacy 
issues.  The title is "Legislating Privacy:  Technology, Social Values, 
and Public Policy."  The author is Priscilla Regan, an assistant 
professor of public affairs at George Mason University.  This is a very 
readable account of how some important federal privacy statutes were 
passed.  Regan identifies the policy, the politics, and the players.  She 
also offers some original observations about why privacy advocates have 
not been successful in getting more legislation passed.

I recommend the book highly.  The publisher is the University of North 
Carolina Press.

Robert Gellman          rgellman@cais.com   
Privacy and Information Policy Consultant   
431 Fifth Street S.E.                       
Washington, DC 20003                        
202-543-7923 (phone)   202-547-8287 (fax)   

------------------------------

Date:    Tue, 12 Sep 1995 16:04:19 -0400 (EDT)
From:    Pierrot Peladeau <pierrot.peladeau@PROGESTA.COM>
Subject: Privacy Files: a new publication

More Than Just Another Newsletter

October 1995 will be the lauching date for Privacy Files, which
aims to fill the order for a Canadian newsletter but will also be
a professional magazine, as well as a reference service for the
international privacy community.

Privacy Files promises to be a timely news source, of interest to
those dealing with personal-information and privacy-protection
issues or with the social assessment of personal-information
systems operating within, or in connection with, the Canadian
informational space.

Privacy Files also purports to be a professional magazine: a
knowledgeable source of pertinent information and analysis about
the social, legal, ethical, technical, administrative and
commercial issues relating to personal-information processing as
well as to privacy and data protection.  Leading professionals
and academics, as well as experienced journalists, will discuss
the facts, put forward learned opinions and share useful tips. 
This mix of disciplinary standpoints should result in a
comprehensive, multidimensional overview of events and issues.

Much has been written about privacy protection from both the
legal and policy standpoints.  But which publication have you
read recently deals with the real-life requirements of privacy
and personal-information protection?  In Privacy Files down-to-
earth concerns will be given front and center attention.  We will
take an unflinching look at the long, often perilous, but
necessary process of adapting an organization's or a profession's
culture to the requirements of good personal-information
protection; at how to cope with the power struggles new
information management practices sometimes trigger, at how to
assess the risks and costs - human costs as well as dollar costs
- of personal-information processing.  For instance, did you know
that maintaining client confidentiality could be a major source
of stress, and even distress, for social and health services
workers left to cope without the appropriate psychological
support?  In Privacy Files you will learn about the solutions as
well as the problems.

Inside The October Issue:

Introducing "Data Protection as an Art"
     The first of a regular column with that down-to-earth focus
     we were just talking about.

Citizens Take Their Information "Personal"
     The largest privacy opinion survey ever conducted (in terms
     of the numbers of questions) sponsored by two citizens'/
     consumers organizations.  As you can imagine, this survey
     arrives at significatly different conclusions from those in
     studies sponsored by private businesses ...

North America Under the Gaze of the European Sphinx
     Many thought that the change in the EU Directive wording
     about an appropriate protection level for transborder data
     flows (from a supposely stricter "equivalent" to a vaguer
     "adequate") would make it less threatening to countries
     without comprehensive legislation.  But Colin Bennett
     demonstrates that implementation is likely to be more
     unpredictable and politicized.  North American data
     importers should be more concerned, not less.

Rules for the Info-Highway?
     Final recommendations of the Canadian Information Highway
     Advisory Council call for a framework data-protection
     legislation and for a public key infrastructure which
     differs significantly from the Clipper Chip approach.
 
Plus book reviews, an events calendar and news briefs. And soon,
we will launch a prestigious guest column, Private Thoughts, in
which renowned experts in the privacy and data-protection field,
as well as personalities from other spheres such as science
fiction, genetics, religion, advertising or politics, will be
invited to put forward their provocative, opinionated, unorthodox
or prospective views.  This is yet another way of bringing a
multidimensional approach to bear on the issues.

Privacy Files will first be published in hard copy, ten times a
year.  But soon a free abridged version will also be available in
English and in French through a listserver.  Later, full edition
will be available in electronic format.

Get Your FREE Sample Copy!
     Just send an Email to <privacy.files@progesta.com> beginning
     with "Free sample copy".  [Personal information will be kept
     confidential, not circulated to third parties and protected
     under the Act respecting the protection of personal
     information in the private sector (L.Q. 1993 c. 17)].

Become a Contributor.
     Our pages are open to your thoughts, your expertise and, of
     course, for any practical experiences you would like to
     share with our readers.  Contact Ms Lise Moisan, Executive
     Editor, at <privacy.files@progesta.com>

	______________________________________________________
		
	Pierrot Peladeau  <pierrot.peladeau@progesta.com>
	Vice President, Research and Development, PROGESTA Inc.
	Editor of PRIVACY FILES
	P.O.Box 42029 Station Jeanne Mance	     voice: +1 (514) 990 2786
	Montreal (Quebec) CANADA   H2W 2Y0	     fax  : +1 (514) 990 3085

------------------------------

Date:    14 Sep 1995 09:39:46 +1000
From:    "Graham Sewell" <Graham_Sewell@uow.edu.au>
Subject: Surveillance Conference

I represent a group of concerned academics based here at the University of
Wollongong, Australia who are researching and writing about a wide range of
issues related to surveillance and privacy.

We are convening a conference here in November 1995 (registration form
attached) where we hope to be addressing some issues that are congruent with
Privacy's interests.  Although the conference is expected primarily to attract
an Australian audience we thought Privacy may be interested in the forthcoming
event and may be able to help us publicise it through its forum.

Yours faithfully,

Dr. Graham Sewell
Dept. of Management
University of Wollongong
NSW 2522
Australia
tel. 0011-61-42-213642
fax. 0011-61-42-272785

			_______________________________

Open conference on 
Surveillance
Experiences o Analysis o Responses

Wollongong, 26 November 1995

The aim of this informal conference is to bring together people from all walks
of life who would like to share their experiences, ideas and concerns about
surveillance. The conference is organised around small group discussions to
help people meet each other and exchange ideas. 

Topics Database matching, hidden cameras, spy agencies, private investigators,
telephone tapping, identification numbers, vehicle tracking, workplace
monitoring, electronic mail security, dossiers, voice recognition,
investigating agencies, direct marketing, credit referencing ... and others.

Experiences People who have experiences of surveillance are especially invited
to attend and tell others.

Analysis Why does surveillance occur? Who benefits and who loses? Who has the
power to implement it? Who can say no? What are the alternatives? Who should
be watching whom-and how?

Responses What can and should be done about surveillance?

The conference
	The conference will be held on Sunday 26 November 1995 at the University of
Wollongong, 10am-5pm. Those attending will be asked in advance about their
special interests. Each person will be able to attend several small group
meetings on specific topics, each chaired by an experienced facilitator. There
will also be special demonstrations. Ample time will be provided between
sessions for informal get-togethers.

Conference papers
	Participants are welcome to-but certainly not obliged to-submit a short
article or comment to be included in the conference papers, which are
circulated beforehand to those attending. The maximum length is 1500 words or
2 A4 pages. The conference papers will also be posted electronically on a Web
page. If possible, please submit contributions by electronic mail or computer
disc or good-quality large-print typing. Those who want to distribute longer
papers should bring multiple copies to the conference.
	Send all submissions to Brian Martin.

Conference organisers (All phone numbers are area code 042.) 
Ann Aungles, Sociology Department, phone 213745 work, 297393 home, email
a.aungles@uow.edu.au
Stan Aungles, Science and Technology Studies Department, phone 297393, email
s.aungles@uow.edu.au
Richard Joseph, Information and Communication Technology Department, phone
214143 work, 213606 messages, email r.joseph@uow.edu.au
Brian Martin, Science and Technology Studies Department, phone 213763 work,
287860 home, email b.martin@uow.edu.au
Graham Sewell, Management Department, phone 213642 work, 281825 home, email
g.sewell@uow.edu.au
All addresses are University of Wollongong, NSW 2522. 
Fax: 213452
 Open conference on surveillance
Wollongong, 26 November 1995
Registration form

Please register to help the organisers make the conference run smoothly.

Conference fee: $20. This includes lunch and morning & afternoon teas.
Name___________________________________________________
Address___________________________________________________
___________________________________________________
Other contact information___________________________________________________

O I plan to attend the conference.
O The conference fee of $20 is enclosed. (Make cheques to "University of
Wollongong Union")
O Please send me a copy of the conference papers.
O Please schedule me to attend discussion groups. My special interests are
___________________________________________________
___________________________________________________
O Please arrange for care for the following children
___________________________________________________
O I would like to join others for dinner after the conference at a local
restaurant
O I have the following special dietary
requirements____________________________________
O Please destroy this sheet after conclusion of the conference.

Send to Brian Martin, STS, University of Wollongong, NSW 2522, Australia.

About a week before the conference you will receive a conference programme,
maps indicating the conference venue, and the conference papers.

------------------------------

Date: 18 Aug 1995 05:44:30 GMT
From: TJRB52A@prodigy.com (Larry Kizziah)
Subject: Re: Legality of Unsolicited Advertising Faxes?
Newsgroups: alt.fax

This just released from FTC.

      List of Subjects of 16 CFR Part 310
 Telemarketing, Trade practices.
 
 Accordingly, the Commission amends Chapter I, Subchapter C of 16 CFR by 
adding a new part 310 to read as follows:
 
PART 310: TELEMARKETING SALES RULE
 Sec.
 
 
310.1 Scope of regulations in this part.
 
310.2 Definitions.
 
310.3 Deceptive telemarketing acts or practices.
 
310.4 Abusive telemarketing acts or practices.
 
310.5 Recordkeeping requirements.
 
310.6 Exemptions.
 
310.7 Actions by states and private persons.
 
310.8 Severability.
 
 Authority: 15 U.S.C. 6101-6108.
 
 
' 310.1 Scope of regulations in this part.
 This part implements the Telemarketing and Consumer Fraud and Abuse 
Prevention Act, 15 U.S.C. 6101-6108.
 
' 310.2 Definitions.
 (a) Acquirer means a business organization, financial institution, or an 
agent of a business organization or financial institution that has 
authority from an organization that operates or licenses a credit card 
system to authorize merchants to accept, transmit, or process payment by 
credit card through the credit card system for money, goods or services, 
or anything else of value.
 (b) Attorney general means the chief legal officer of a State.
 (c) Cardholder means a person to whom a credit card is issued or who is 
authorized to use a credit card on behalf of or in addition to the person 
to whom the credit card is issued.
 (d) Commission means the Federal Trade Commission.
 (e) Credit means the right granted by a creditor to a debtor to defer 
payment of debt or to incur debt and defer its payment.
 (f) Credit card means any card, plate, coupon book, or other credit 
device existing for the purpose of obtaining money, property, labor, or 
services on credit.
 (g)  Credit card sales draft means any record or evidence of a credit 
card transaction.
 (h)  Credit card system means any method or procedure used to process 
credit card transactions involving credit cards issued or licensed by the 
operator of that system.
 (i) Customer means any person who is or may be required to pay for goods 
or services offered through telemarketing.
 (j)  Investment opportunity means anything, tangible or intangible, that 
is offered, offered for sale, sold, or traded based wholly or in part on 
representations, either express or implied, about past, present, or 
future income, profit, or appreciation.
 (k) Material means likely to affect a person's choice of, or conduct 
regarding, goods or services.
 (l) Merchant means a person who is authorized under a written contract 
with an acquirer to honor or accept credit cards, or to transmit or 
process for payment credit card payments, for the purchase of goods or 
services.
 (m)  Merchant agreement means a written contract between a merchant and 
an acquirer to honor or accept credit cards, or to transmit or process 
for payment credit card payments, for the purchase of goods or services.
 (n) Outbound telephone call means a telephone call initiated by a 
telemarketer to induce the purchase of goods or services.
 (o) Person means any individual, group, unincorporated association, 
limited or general partnership, corporation, or other business entity.
 (p) Prize means anything offered, or purportedly offered, and given, or 
purportedly given, to a person by chance. For purposes of this definition,
 chance exists if a person is guaranteed to receive an item and, at the 
time of the offer or purported offer, the telemarketer does not identify 
the specific item that the person will receive.
 (q) Prize promotion means:
 
 
 (1) A sweepstakes or other game of chance; or
 
 (2) An oral or written express or implied representation that a person 
has won, has been selected to receive, or may be eligible to receive a 
prize or purported prize.
 
 (r) Seller means any person who, in connection with a telemarketing 
transaction, provides, offers to provide, or arranges for others to 
provide goods or services to the customer in exchange for consideration.
 (s) State means any State of the United States, the District of Columbia,
 Puerto Rico, the Northern Mariana Islands, and any territory or 
possession of the United States.
 (t) Telemarketer  means any person who, in connection with telemarketing,
 initiates or receives telephone calls to or from a customer.
 (u) Telemarketing means a plan, program, or campaign which is conducted 
to induce the purchase of goods or services by use of one or more 
telephones and which involves more than one interstate telephone call. 
The term does not include the solicitation of sales through the mailing 
of a catalog which: contains a written description or illustration of the 
goods or services offered for sale; includes the business address of the 
seller; includes multiple pages of written material or illustrations; and 
has been issued not less frequently than once a year, when the person 
making the solicitation does not solicit customers by telephone but only 
receives calls initiated by customers in response to the catalog and 
during those calls takes orders only without further solicitation. For 
purposes of the previous sentence, the term "further solicitation" does 
not include providing the customer with information about, or attempting 
to sell, any other item included in the same catalog which prompted the 
customer's call or in a substantially similar catalog.
 
' 310.3 Deceptive telemarketing acts or practices.
 (a)  Prohibited deceptive telemarketing acts or practices. It is a 
deceptive telemarketing act or practice and a violation of this Rule for 
any seller or telemarketer to engage in the following conduct:
 (1) Before a customer pays[1] for goods or services offered, failing to 
disclose, in a clear and conspicuous manner, the following material 
information:
 
 
 (i) The total costs to purchase, receive, or use, and the quantity of, 
any goods or services that are the subject of the sales offer;[2]
 
 (ii) All material restrictions, limitations, or conditions to purchase, 
receive, or use the goods or services that are the subject of the sales 
offer; 
 
 (iii) If the seller has a policy of not making refunds, cancellations, 
exchanges, or repurchases, a statement informing the customer that this 
is the seller's policy; or, if the seller or telemarketer makes a 
representation about a refund, cancellation, exchange, or repurchase 
policy, a statement of all material terms and conditions of such policy;
 
 (iv) In any prize promotion, the odds of being able to receive the prize,
 and if the odds are not calculable in advance, the factors used in 
calculating the odds; that no purchase or payment is required to win a 
prize or to participate in a prize promotion; and the no purchase/no 
payment method of participating in the prize promotion with either 
instructions on how to participate or an address or local or toll-free 
telephone number to which customers may write or call for information on 
how to participate; and
 
 (v) All material costs or conditions to receive or redeem a prize that 
is the subject of the prize promotion;
 
 (2) Misrepresenting, directly or by implication, any of the following 
material information:
 
 
 (i) The total costs to purchase, receive, or use, and the quantity of, 
any goods or services that are the subject of a sales offer; 
 
 (ii) Any material restriction, limitation, or condition to purchase, 
receive, or use goods or services that are the subject of a sales offer;
 
 (iii) Any material aspect of the performance, efficacy, nature, or 
central characteristics of goods or services that are the subject of a 
sales offer;
 
 (iv) Any material aspect of the nature or terms of the seller's refund, 
cancellation, exchange, or repurchase policies;
 
 (v) Any material aspect of a prize promotion including, but not limited 
to, the odds of being able to receive a prize, the nature or value of a 
prize, or that a purchase or payment is required to win a prize or to 
participate in a prize promotion;
 
 (vi) Any material aspect of an investment opportunity including, but not 
limited to, risk, liquidity, earnings potential, or profitability; or
 
 (vii) A seller's or telemarketer's affiliation with, or endorsement by, 
any government or third-party organization;
 
 (3) Obtaining or submitting for payment a check, draft, or other form of 
negotiable paper drawn on a person's checking, savings, share, or similar 
account, without that person's express verifiable authorization. Such 
authorization shall be deemed verifiable if any of the following means 
are employed: 
 
 
 (i) Express written authorization by the customer, which may include the 
customer's signature on the negotiable instrument; or
 
 (ii) Express oral authorization which is tape recorded and made 
available upon request to the customer's bank and which evidences clearly 
both the customer's authorization of payment for the goods and services 
that are the subject of the sales offer and the customer's receipt of all 
of the following information:
 
 
 (A) The date of the draft(s);
 
 (B) The amount of the draft(s);
 
 (C) The payor's name;
 
 (D) The number of draft payments (if more than one);
 
 (E) A telephone number for customer inquiry that is answered during 
normal business hours; and
 
 (F) The date of the customer's oral authorization; or 
 
 
 (iii) Written confirmation of the transaction, sent to the customer 
prior to submission for payment of the customer's check, draft, or other 
form of negotiable paper, that includes:
 
 
 (A) All of the information contained in ' 310.3(a)(3)(ii)(A)-(F); and
 
 (B) The procedures by which the customer can obtain a refund from the 
seller or telemarketer in the event the confirmation is inaccurate; and
 
 (4) Making a false or misleading statement to induce any person to pay 
for goods or services.
 (b) Assisting and facilitating. It is a deceptive telemarketing act or 
practice and a violation of this Rule for a person to provide substantial 
assistance or support to any seller or telemarketer when that person 
knows or consciously avoids knowing that the seller or telemarketer is 
engaged in any act or practice that violates ' 310.3(a) or (c), or ' 310.
4 of this Rule. 
 (c)  Credit card laundering. Except as expressly permitted by the 
applicable credit card system, it is a deceptive telemarketing act or 
practice and a violation of this Rule for:
 
 
 (1) A merchant to present to or deposit into, or cause another to 
present to or deposit into, the credit card system for payment, a credit 
card sales draft generated by a telemarketing transaction that is not the 
result of a telemarketing credit card transaction between the cardholder 
and the merchant;
 
 (2) Any person to employ, solicit, or otherwise cause a merchant or an 
employee, representative, or agent of the merchant, to present to or 
deposit into the credit card system for payment, a credit card sales 
draft generated by a telemarketing transaction that is not the result of 
a telemarketing credit card transaction between the cardholder and the 
merchant; or
 
 (3) Any person to obtain access to the credit card system through the 
use of a business relationship or an affiliation with a merchant, when 
such access is not authorized by the merchant agreement or the applicable 
credit card system.
 
 
' 310.4 Abusive telemarketing acts or practices.
 (a)  Abusive conduct generally. It is an abusive telemarketing act or 
practice and a violation of this Rule for any seller or telemarketer to 
engage in the following conduct:
 
 
 (1) Threats, intimidation, or the use of profane or obscene language;
 
 (2) Requesting or receiving payment of any fee or consideration for 
goods or services represented to remove derogatory information from, or 
improve, a person's credit history, credit record, or credit rating 
until:
 
 
 (i) The time frame in which the seller has represented all of the goods 
or services will be provided to that person has expired; and
 
 (ii) The seller has provided the person with documentation in the form 
of a consumer report from a consumer reporting agency demonstrating that 
the promised results have been achieved, such report having been issued 
more than six months after the results were achieved. Nothing in this 
Rule should be construed to affect the requirement in the Fair Credit 
Reporting Act, 15 U.S.C. 1681, that a consumer report may only be 
obtained for a specified permissible purpose;
 
 
 (3) Requesting or receiving payment of any fee or consideration from a 
person, for goods or services represented to recover or otherwise assist 
in the return of money or any other item of value paid for by, or 
promised to, that person in a previous telemarketing transaction, until 
seven (7) business days after such money or other item is delivered to 
that person. This provision shall not apply to goods or services provided 
to a person by a licensed attorney; or
 
 (4) Requesting or receiving payment of any fee or consideration in 
advance of obtaining a loan or other extension of credit when the seller 
or telemarketer has guaranteed or represented a high likelihood of 
success in obtaining or arranging a loan or other extension of credit for 
a person.
 
 (b) Pattern of calls. (1) It is an abusive telemarketing act or practice 
and a violation of this Rule for a telemarketer to engage in, or for a 
seller to cause a telemarketer to engage in, the following conduct:
 
 
 (i) Causing any telephone to ring, or engaging any person in telephone 
conversation, repeatedly or continuously with intent to annoy, abuse, or 
harass any person at the called number; or
 
 (ii) Initiating an outbound telephone call to a person when that person 
previously has stated that he or she does not wish to receive an outbound 
telephone call made by or on behalf of the seller whose goods or services 
are being offered.
 
 
 (2) A seller or telemarketer will not be liable for violating ' 310.
4(b)(1)(ii) if:
 
 
 (i) It has established and implemented written procedures to comply with 
' 310.4(b)(1)(ii);
 
 (ii) It has trained its personnel in the procedures established pursuant 
to ' 310.4(b)(2)(i);
 
 (iii) The seller, or the telemarketer acting on behalf of the seller, 
has maintained and recorded lists of persons who may not be contacted, in 
compliance with ' 310.4(b)(1)(ii); and
 
 (iv) Any subsequent call is the result of error.
 
 (c) Calling time restrictions. Without the prior consent of a person, it 
is an abusive telemarketing act or practice and a violation of this Rule 
for a telemarketer to engage in outbound telephone calls to a person's 
residence at any time other than between 8:00 a.m. and 9:00 p.m. local 
time at the called person's location.
 (d)  Required oral disclosures. It is an abusive telemarketing act or 
practice and a violation of this Rule for a telemarketer in an outbound 
telephone call to fail to disclose promptly and in a clear and 
conspicuous manner to the person receiving the call, the following 
information: 
 
 
 (1) The identity of the seller;
 
 (2) That the purpose of the call is to sell goods or services;
 
 (3) The nature of the goods or services; and
 
 (4) That no purchase or payment is necessary to be able to win a prize 
or participate in a prize promotion if a prize promotion is offered. This 
disclosure must be made before or in conjunction with the description of 
the prize to the person called. If requested by that person, the 
telemarketer must disclose the no-purchase/no-payment entry method for 
the prize promotion.
 
 
' 310.5 Recordkeeping requirements.
 (a) Any seller or telemarketer shall keep, for a period of 24 months 
from the date the record is produced, the following records relating to 
its telemarketing activities:
 
 
 (1) All substantially different advertising, brochures, telemarketing 
scripts, and promotional materials;
 
 (2) The name and last known address of each prize recipient and the 
prize awarded for prizes that are represented, directly or by implication,
 to have a value of $25.00 or more;
 
 (3) The name and last known address of each customer, the goods or 
services purchased, the date such goods or services were shipped or 
provided, and the amount paid by the customer for the goods or services;
[3]
 
 (4) The name, any fictitious name used, the last known home address and 
telephone number, and the job title(s) for all current and former 
employees directly involved in telephone sales; provided, however, that 
if the seller or telemarketer permits fictitious names to be used by 
employees, each fictitious name must be traceable to only one specific 
employee; and
 
 (5) All verifiable authorizations required to be provided or received 
under this Rule.
 
 (b) A seller or telemarketer may keep the records required by ' 310.5(a) 
in any form, and in the manner, format, or place as they keep such 
records in the ordinary course of business. Failure to keep all records 
required by ' 310.5(a) shall be a violation of this Rule.
 (c) The seller and the telemarketer calling on behalf of the seller may, 
by written agreement, allocate responsibility between themselves for the 
recordkeeping required by this Section. When a seller and telemarketer 
have entered into such an agreement, the terms of that agreement shall 
govern, and the seller or telemarketer, as the case may be, need not keep 
records that duplicate those of the other. If the agreement is unclear as 
to who must maintain any required record(s), or if no such agreement 
exists, the seller shall be responsible for complying with ' 310.5(a)(1)-
(3) and (5); the telemarketer shall be responsible for complying with ' 
310.5(a)(4).
 (d) In the event of any dissolution or termination of the seller's or 
telemarketer's business, the principal of that seller or telemarketer 
shall maintain all records as required under this Section. In the event 
of any sale, assignment, or other change in ownership of the seller's or 
telemarketer's business, the successor business shall maintain all 
records required under this Section.
 
' 310.6 Exemptions.
 The following acts or practices are exempt from this Rule:
 (a) The sale of pay-per-call services subject to the Commission's "Trade 
Regulation Rule Pursuant to the Telephone Disclosure and Dispute 
Resolution Act of 1992," 16 CFR Part 308;
 (b) The sale of franchises subject to the Commission's Rule entitled 
"Disclosure Requirements and Prohibitions Concerning Franchising and 
Business Opportunity Ventures," 16 CFR Part 436;
 (c) Telephone calls in which the sale of goods or services is not 
completed, and payment or authorization of payment is not required, until 
after a face-to-face sales presentation by the seller;
 (d) Telephone calls initiated by a customer that are not the result of 
any solicitation by a seller or telemarketer;
 (e) Telephone calls initiated by a customer in response to an 
advertisement through any media, other than direct mail solicitations; 
provided, however, that this exemption does not apply to calls initiated 
by a customer in response to an advertisement relating to investment 
opportunities, goods or services described in ' 310.4(a)(2) or (3), or 
advertisements that guarantee or represent a high likelihood of success 
in obtaining or arranging for extensions of credit, if payment of a fee 
is required in advance of obtaining the extension of credit; 
 (f) Telephone calls initiated by a customer in response to a direct mail 
solicitation that clearly, conspicuously, and truthfully discloses all 
material information listed in ' 310.3(a)(1) of this Rule for any item 
offered in the direct mail solicitation; provided, however, that this 
exemption does not apply to calls initiated by a customer in response to 
a direct mail solicitation relating to prize promotions, investment 
opportunities, goods or services described in ' 310.4(a)(2) or (3), or 
direct mail solicitations that guarantee or represent a high likelihood 
of success in obtaining or arranging for extensions of credit, if payment 
of a fee is required in advance of obtaining the extension of credit; 
and
 (g) Telephone calls between a telemarketer and any business, except 
calls involving the retail sale of nondurable office or cleaning supplies;
 provided, however, that ' 310.5 of this Rule shall not apply to sellers 
or telemarketers of nondurable office or cleaning supplies.
 
' 310.7 Actions by States and private persons.
 (a) Any attorney general or other officer of a State authorized by the 
State to bring an action under the Telemarketing and Consumer Fraud and 
Abuse Prevention Act, and any private person who brings an action under 
that Act, shall serve written notice of its action on the Commission, if 
feasible, prior to its initiating an action under this Rule. The notice 
shall be sent to the Office of the Director, Bureau of Consumer 
Protection, Federal Trade Commission, Washington, D.C. 20580, and shall 
include a copy of the State's or private person's complaint and any other 
pleadings to be filed with the court. If prior notice is not feasible, 
the State or private person shall serve the Commission with the required 
notice immediately upon instituting its action.
 (b) Nothing contained in this Section shall prohibit any attorney 
general or other authorized State official from proceeding in State court 
on the basis of an alleged violation of any civil or criminal statute of 
such State.
 
' 310.8 Severability.
 The provisions of this Rule are separate and severable from one another. 
If any provision is stayed or determined to be invalid, it is the 
Commission's intention that the remaining provisions shall continue in 
effect.
 By direction of the Commission.
 Donald S. Clark
 Secretary
 
 Footnotes:
 1. When a seller or telemarketer uses, or directs a customer to use, a 
courier to transport payment, the seller or telemarketer must make the 
disclosures required by ' 310.3(a)(1) before sending a courier to pick up 
payment or authorization for payment, or directing a customer to have a 
courier pick up payment or authorizaiton for payment.
 2. For offers of consumer credit products subject to the Truth in 
Lending Act, 15 U.S.C. 1601 et seq., and Regulation Z, 12 CFR 226, 
compliance with the disclosure requirements under the Truth in Lending 
Act, and Regulation Z, shall constitute compliance with ' 310.3(a)(1)(i) 
of this Rule.
 3. For offers of consumer credit products subject to the Truth in 
Lending Act, 15 U.S.C. 1601 et seq., and Regulation Z, 12 CFR 226, 
compliance with the recordkeeping requirements under the Truth in Lending 
Act, and Regulation Z, shall consitute compliance with ' 310.5(a)(3) of 
this Rule.
 
 Please send comments to: webmaster@ftc.gov
 Rev. August 17, 1995
 geh 

------------------------------

End of PRIVACY Forum Digest 04.20
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH