TUCoPS :: Privacy :: priv_421.txt

Privacy Digest 4.21 9/29/95

PRIVACY Forum Digest     Friday, 29 September 1995     Volume 04 : Issue 21

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	
                       ===== PRIVACY FORUM =====              

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy,
     		     and the Data Services Division 
	           of MCI Communications Corporation.


CONTENTS 
	Privacy Briefs (Lauren Weinstein; PRIVACY Forum Moderator)
	SSNs for E-mail addresses! (James W. O'Toole Jr.)
	Caller ID experiences (Privacy Rights Clearinghouse)
	Privacy International Calls for CCTV Debate [EPIC Alert 2.10]
	   (Marc Rotenberg)
	New info-sec related mailing list (Dr. Frederick B. Cohen)
	"Financial Privacy News" publication (Duane Pitlock)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW 
server at the URL: "http://www.vortex.com".
-----------------------------------------------------------------------------

VOLUME 04, ISSUE 21

   Quote for the day:

	"Just say 'oops', and get out!"

				-- Max Bialystock (Zero Mostel)
				   "The Producers" (1968)

----------------------------------------------------------------------

Privacy Briefs (Lauren Weinstein; PRIVACY Forum Moderator) 

--- 

You may have heard about a recent incident involving "America Online" (AOL)
where a number of AOL subscribers were arrested as part of a "kiddie-porn"
investigation, after AOL turned over their private email to the
investigating authorities.  A number of rumors regarding these actions were
circulating, so I called AOL and in the course of phone and fax
communications learned a bit more about the situation.  AOL states that
their policy was (and remains) to *not* monitor or release customers'
private email (or private "chat" area communications) except in response to
specific law enforcement requests as authorized by applicable laws.  In the
kiddie-porn case they apparently received such requests after subscribers
complained about kiddie-porn-related communications from other AOL
subscribers.  My initial reading of the situation is that AOL's actions were
appropriate (and required) by the existing laws that relate to such
incidents.

---

If you have a non-published ("unlisted") phone number, is it *really*
unlisted?  More and more non-phone company and other third-party services
are appearing that provide phone numbers which are *not* drawn exclusively
from current telco databases.  In some cases the numbers are culled from a
variety of sources including credit reports, DMV records, and other widely
available data where phone numbers were originally supplied by customers who
probably assumed they'd be kept private.  Outside of the obvious privacy
concerns, the accuracy of the phone numbers supplied by many such services is
sometimes quite poor, due to the frequently "stale" nature of the original
data sources.

---

Services have appeared on the Internet that offer to provide social security
numbers to match names, names to match social security numbers, and all
manner of credit reporting and other sorts of checks.  In most cases all
that these organizations want is a credit card to charge, and in general
they return the desired information via non-encrypted, non-secured email
traversing standard Internet routes.

------------------------------

Date:    Thu, 14 Sep 95 18:15:37 EDT
From:    james@sparta.lcs.mit.edu (James W. O'Toole Jr.)
Subject: SSNs for E-mail addresses!

	[ From Risks-Forum Digest; Volume 17 : Issue 35  -- MODERATOR ]

At Villanova University, the Internet E-mail addresses assigned to
undergraduates consist of the student's Social Security Number, as in
123456789@ucis.vill.edu .

I haven't seen SSNs as E-mail addresses before, and I figure ...  maybe
other people would tell Villanova and any other schools that are doing this
to stop.

However, a message sent to postmaster@ucis.vill.edu inquiring about this
policy produced no response.

------------------------------

Date:    Thu, 21 Sep 1995 11:34:47 -0700 (PDT)
From:    Privacy Rights Clearinghouse <prc@pwa.acusd.edu>
Subject: Caller ID experiences

TO:   Privacy advocates
FROM: Beth Givens
      Privacy Rights Clearinghouse (prc@acusd.edu)    
      University of San Diego

The state of California does not now have Caller ID. But it is
likely that the local phone companies will offer it in the coming
months. 

The Privacy Rights Clearinghouse is preparing a fact sheet for
consumers which describes Caller ID and discusses the various
privacy issues related to the service. The purpose of the fact
sheet is to help consumers make informed decisions about whether or
not to subscribe to Caller ID.

To help us prepare this publication, we would like to hear from
people in states *with* caller ID (currently 48, we're told) about
their experiences with it. Feel free to respond to any or all of
the following questions:

- Is Caller ID widely used in your state? Or has it been a
marketplace flop? 
- About what percent of phone customers subscribe to it? Are these
primarily businesses -- or residential customers?
- Have consumers been adequately notified of their blocking
options?
- Have the blocking options available in your state been effective
in allowing consumers to control the dissemination of their phone
numbers? 
- Has Caller ID been used by marketers and other entities to gather
phone numbers?
- Has it been effective at thwarting harassing callers, or is that
argument over-sold?
- Do you have any "horror" stories to relate about Caller ID being
used to invade privacy? For example, are there documented cases of
it being used by stalkers and other types of harassers to learn the
unpublished numbers of their victims?
- Have domestic violence shelters and various "help" hotlines (such
as AIDS and suicide prevention hotlines) noticed a "chilling
effect" on the uses made of their services because of Caller ID?
- Have your phone company's efforts at marketing Caller ID been
above-board, or have they been misleading and manipulative?
- Has the introduction of Caller ID resulted in anything which was
unexpected and which surprised you -- either good or bad?

Your comments are most welcome. Please email them directly to us --
prc@acusd.edu -- or if the moderator wishes, to this discussion
group. 

FYI, when the fact sheet is completed, it will be added to our
gopher and Web sites, along with the other 18 Privacy Rights
Clearinghouse fact sheets currently available.

Thanks for your help!

------------------------------

Date:    Mon, 25 Sep 1995 02:00:15 -0700
From:    "Marc Rotenberg" <rotenberg@epic.org>
Subject: Privacy International Calls for CCTV Debate [EPIC Alert 2.10]

   [ From EPIC Alert 2.10  -- MODERATOR ]

Privacy International Calls for CCTV Debate

[On September 8, ABC News 20/20 ran a special segment on Closed Circuit
Television and the growth of surveillance technologies. Simon Davies,
Directot General of Privacy International, spoke about the threat to
democratic government.  He provided this statement from London]

PRIVACY INTERNATIONAL

BACKGROUND

In recent years, the use of Closed Circuit Television (CCTV)  in the UK
has grown to unprecedented levels. Between 150 and 300 million pounds
per year is now spent on a surveillance industry involving an estimated
200,000 cameras. According to the British Security Industry Association,
more than three quarters of these systems have been professionally
installed. Most towns and cities are moving to CCTV surveillance of
public areas, housing estates, car parks and public facilities. Growth
in the market is estimated at fifteen to twenty per cent annually.

Many Central Business Districts in Britain are now covered by
surveillance camera systems involving a linked system of cameras with
full pan, tilt, zoom and infrared capacity. Their use on private 
property is also becoming popular. Increasingly, police and local
councils are placing camera systems into housing estates and red light 
districts. Residents Associations are independently organising their own
surveillance initiatives.  Tens of thousands of cameras operate in
public places,; in phone booths, vending machines, buses, trains, taxis, 
alongside motorways and inside Automatic Teller Machines. Barclays has 
pioneered the use of pin-hole cameras in its cash machines, and this
lead is being followed by other banks.

The government is heavily promoting the use of video surveillance as a 
key plank in its law and order strategy. One initiative was to offer a 
funding pot to support local CCTV projects. The Home Secretary first 
announced the CCTV competition on 18 October 1994.  There were 480 bids 
from local authorities, community groups, schools and industrial 
estates. Nationally, more than one hundred schemes received a share of 
the 5 million funding, with a further 13.8 million levered in from other 
partnerships.  National winners of the Home Office CCTV competition were
announced in March.

These systems involve sophisticated technology. Features include night
vision, computer assisted operation, and motion detection facilities 
which allows the operator to instruct the system to go on red alert when 
anything moves in view of the cameras. Camera systems increasingly 
employ bullet-proof casing, and automated self defence mechanisms.

The clarity of the pictures is usually excellent, with many systems 
being able to read a cigarette packet at a hundred metres. The systems 
can often work in pitch blackness, bringing images up to daylight level.

According to statistics published by police districts and local 
councils, the effect on crime is dramatic. Car theft is reduced by up to 
ninety percent, while assaults and theft drop by as much as 75 per cent.

IMPACT

The justification for CCTV is seductive, but the evidence is not 
convincing.  In a report to the Scottish Office on the impact of CCTV, 
Jason Ditton, Director of the Scottish Centre for Criminology, argued 
that the claims of crime reduction are little more than fantasy. "All 
(evaluations and statistics) we have seen so far are wholly unreliable",
The British Journal of Criminology described the statistics as  
"....post hoc shoestring efforts by the untrained and self interested
practitioner.

In short, the crime statistics are without credibility. They are
collected over too short a time, in dubious circumstances, and without 
regard for statistical conventions. Different categories of crime are
indiscriminately combined, concealing possible increases in some and
decreases in others.

The crime statistics rarely, if ever, reflect the hypothesis that CCTV 
merely displaces criminal activity to areas outside the range of the 
cameras. One of the features of current surveillance practice is
that the cameras are often installed in high-rent commercial areas. 
Crime may be merely pushed from high value commercial areas into low 
rent residential areas.  Councils often find that it is impossible to
resist demands for such systems.

Originally installed to deter burglary, assault  and car theft, in 
practice most camera systems have been used to combat what town 
officials call ''anti-social behavior,'' including many such minor 
offences as littering, urinating in public, traffic violations, 
fighting, obstruction, drunkenness, and evading meters in town parking 
lots.  They have also been widely used to intervene in other undesirable 
behaviour such as underage smoking and a variety of public order
transgressions.

According to a Home Office promotional booklet, CCTV can be a solution 
for such problems as vandalism, drug use, drunkenness, racial 
harassment, sexual harassment, loitering and disorderly behaviour. Other
innovative uses are constantly being discovered. The cameras are
particularly effective in detecting people using marijuana and other 
substances.

Authorities in Britain are slowly pushing out the limits of camera 
surveillance. For the past ten years, hospitals have used Covert Video 
Surveillance (CVS) to monitor parents who visit their children. These 
videos are taken by concealed cameras and microphones located behind the 
walls of specially prepared surveillance rooms, and are used in cases
of unexplained injuries or illnesses.

The video  surveillance boom is likely to extend even inside the home. 
Andrew May, Assistant Chief Constable of South Wales, has urged victims 
of domestic violence to conceal video cameras in their homes to collect 
evidence. Michael Jack, then Minister for State at the Home Office was 
reported  as responding that the idea brought a "freshness of approach" 
which highlighted the role of new technology.

CONCERNS

Privacy International believes the CCTV trend involves a number of grave 
risks. A situation is developing in which CCTV surveillance is so
commonplace that fundamental changes are occuring in policing, community 
development policy and personal privacy.

Privacy International is calling on the UK government to prohibit or 
restrict the use of three categories of CCTV equipment, and to institute 
a range of protections and legislation to cover all systems.

The categories that require immediate restriction are :

   Computerised Face Recognition (CFR) systems that have the capacity to 
   automatically compare faces captured on CCTV, with a database of 
   facial images.  Several police and commercial organisations are
   developing this technology.  Manchester City Football Club has 
   installed a system at its Maine Road Ground.

   Infra-red, high sensitivity equipment, and systems operating outside 
   the visible light spectrum.  These include Forward Looking Infra-red 
   Radar (FLIR) systems able to detect activity behind walls, and
   infra-red systems able to detect activities in darkness.

   Miniature and micro-engineered devices designed for covert 
   surveillance.  Around 125,000 of these devices are sold each year 
   from UK surveillance equipment outlets.

The current legal situation is that visual surveillance escapes the 
cover of law.  Privacy International believes this is an unacceptable 
situation. Surveillance should not be conducted without legal 
protections, and legislation should be passed without delay. Planning 
jurisdiction should be returned to Councils to re-establish some 
democratic mechanism in the development of wide-scale urban CCTV 
systems.

There is a grave risk that the CCTV industry is out of control. Fueled 
by fear of crime, the systems take on a life of their own, defying 
quantification and quashing public debate. In a very short time, the
systems have challenged some fundamental tenets of justice, and created
the threat of a surveillance society. Other more traditional approaches 
to law enforcement and social justice are being undermined without due 
process.

CCTV is emerging as one of this centuries most profoundly important 
developments, and its implications need urgently to be debated.

[More information about Privacy International may be found at
http://www.privacy.org/pi/]

------------------------------

Date:    Fri, 15 Sep 1995 14:59:16 -0400 (EDT)
From:    fc@all.net (Dr. Frederick B. Cohen)
Subject: New info-sec related mailing list

	Info-sec heaven is one of the world's most comprehensive and
easily usable on-line collections of information related to information
security.  Included in our collection are searchable archives of:

	- state computer crime laws	- The risks and privacy forums
	- the firewalls, privacy, virus-l forums and CIAC and CERT alerts
	- several books on information protection and things like
		the TCSEC in hypertext for for easy search and access
	- periodic articles from several widely respected info-sec
		sources including Computer Security Institute's
		"Security Alert", the ASIS journal "Security Management"
		Ray Jarvis's newsletter on industrial espionage,
		and other similar quality articles.

	It also includes sources to over 50 info-sec software programs
	including our secure Web and Gopher servers and name of the
	most widely used free or shareware protection packages -
		and Much Much More!

	We are introducing a new mailing list.  Unlike many of the
Internet's mailing lists, this is not an open forum for people on the
Internet to exchange ideas.  Rather, it is a monthly mailing used to
inform readers of new information that can be found in info-sec heaven. 

	If you would like to be informed of new information, services,
search capabilities, protection software, articles, books, and other
information that appears in info-sec heaven without having to come in
periodically and look for yourself, please let us know by sending email
to fc@all.net and we will add you to our monthly list. 

	Thank you for your time.


-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

------------------------------

Date:    Tue, 19 Sep 1995 07:37:01 -0700
From:    invis@ix.netcom.com (Duane Pitlock)
Subject: "Financial Privacy News"  publication.

A publication entitled "Financial Privacy News" or "FPN" is a
12 page newsletter self-described "to give the Client continuous
monthly information on a variety of subjects regarding privacy
and confidentiality and how to protect, preserve and expand assets
and develop (tax-free) income opportunities."

"FPN" includes relevant current events, a Question and Answer area,
professional articles and a comprehensive "Privacy Library" for
further detailed reading/learning. "FPN" states also that services
are performed outside U.S. or Canadian jurisdiction since 1976.

What many find interesting are the solutions to personal privacy
facing us all (email/mail/phone/fax ect...)

A free copy of this informative privacy source can be yours by
emailing   stephenw@sol.racsa.co.cr   Put FREE NEWSLETTER/MR.
PATIENCE in the SUBJECT and YOUR POSTAL ADDRESS in the BODY of 
your message.

                                                       Respectfully,
                                                       Duane Pitlock
------------------------------

End of PRIVACY Forum Digest 04.21
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH