PRIVACY Forum Digest Saturday, 4 November 1995 Volume 04 : Issue 23
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy,
and the Data Services Division
of MCI Communications Corporation.
CONTENTS
TV News Interview Request (Lauren Weinstein; PRIVACY Forum Moderator)
Monaco taps *every* international call?!?! (Kent Quirk)
Who owns your name? (Graystreak )
Caller ID/New Worries (J.P. Kleinhaus)
France: change in cryptography policy (kaiser@acm.org)
FBI Unveils National Wiretap Plan (Marc Rotenberg)
Controversy Over Medical Records Legislation (Monty Solomon)
Businesses monitoring employee e-mail (Andy Erickson)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com". Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW
server at the URL: "http://www.vortex.com".
-----------------------------------------------------------------------------
VOLUME 04, ISSUE 23
Quote for the day:
"How tall was King Kong?"
-- Eli Cross (Peter O'Toole)
"The Stunt Man" (1980)
----------------------------------------------------------------------
Date: Sat, 4 Nov 95 10:23 PST
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: TV News interview request
Greetings. I've received a request from a producer for one of the three
major U.S. television networks' evening news programs. They'd like to do a
privacy story, with a focus on an individual who feels their privacy has
been invaded and what steps they've taken to try protect themselves from
further problems.
I receive queries like this from time to time, and I always point out to the
producers the irony involved: A person who has had privacy problems is
probably about the *least* likely person to want to go on-camera on national
television.
Still, this is an important topic, and as I've often mentioned here in the
Forum, it's crucial that these matters be brought to the attention of the
broader population--and to a large extent that means TV news. And TV news
is very "people"-oriented--it likes to do stories where the viewers can
focus on individuals rather than generalized concepts.
Are there risks involved with doing such interviews? Sure. As someone who
willingly talks to the media about these topics, and has done quite a number
of interviews, I can tell you that when the interview ends and the tape is
"in the can" you're at the mercy of the producer, tape editor, and other
involved folk in terms of how the final product turns out. You may
find that an hour of tape is reduced down to a 10 second soundbite in the
aired version, but that's the way it is for most everyone from politicians
to entertainers who do news interviews.
As you can gather, I consider discussion of these topics in mainstream media
to be valuable, even given some of the negatives in the interview process.
The producer for this particular story is based here in L.A., and since
the main network news bureaus are in L.A. and New York, persons in those
areas would be easiest for them to work with, though other areas may
also be considered. If you feel you have a relevant story and are
willing to go bigtime public with it, drop me an email note and I'll
put you in touch with the producer, and you two can take it from there.
--Lauren--
------------------------------
Date: Mon, 16 Oct 95 23:19:44 -0500
From: Kent Quirk <kentq@world.std.com>
Subject: Monaco taps *every* international call?!?!
In the October/November 1995 issue of _The Riviera Reporter_, an English-
language magazine distributed in the French Riviera, there was an article
that disturbed me greatly.
It described the a television interview of a resident of the Principality of
Monaco who was enthusiastic that the local police apparently record every
telephone call. He encouraged viewers to look on it as a memory aid, and
described how he had forgotten what he was supposed to get his sister for
her birthday. He called the local police -- they played back the call and
told him what he should buy.
Can anyone verify that this is indeed the case? I'm told that Monaco has an
incredibly low crime rate. But, if true, the cost is higher than I'm
willing to pay.
- Kent
--
Kent Quirk | Email: kentq@world.std.com
Les Genets | WWW: http://world.std.com/~kentq/
[ It's a bit unlikely that you'll be able to get any definitive statement
specifically regarding Monaco, but some general observations can be
made. From a technical standpoint, the smaller the country,
and the fewer the communications circuits in and out, the easier
it becomes to monitor substantial percentages of traffic, assuming
you wish to do so. Monaco is certainly a geographically small
country, but that says nothing about whether or not such monitoring
goes on there.
However, it's worth noting that in many parts of the world, routine
monitoring of international (and in some cases domestic)
telecommunications circuits is as old as the telegraph. Circuits to
and from given countries, or simply transiting through, have frequently
been considered to be fair game for routine monitoring activities,
either in part or in whole. This continues in a long tradition that
literally reaches back several centuries (and probably much farther!)
with international mail and courier messages. Many, perhaps even most
governments, regardless of political leanings, have at various times
felt it was their right, or even their obligation, to keep track of
what goes on in international communications, much as they endeavor to
track the flow of physical goods across the borders. You may agree or
disagree with this reasoning, but it's not new, or even unusual.
The greater the percentage of traffic that is non-voice, the more
practical it is for automated procedures to be used to watch over
larger numbers of circuits. Data, fax, telex, and similar
communications all fall into the easily automated category (I believe
that something on the order of over half of overall international
communications traffic now consists of faxes). It also seems
reasonable to speculate that developments in continuous-speech,
speaker-independent speech recognition systems may have evolved
to the point where they could at least be used for monitoring
of many circuits for keywords of interest, which would then trigger
further monitoring by humans.
But again, all this doesn't answer the fundamental question
of how much routine monitoring goes on, since it's something
that most governments would not be exactly anxious to publicize
if it were occurring.
For a fascinating historical perspective on this subject and
related topics, I recommend reading "The Puzzle Palace" (1982)
by James Bamford.
-- MODERATOR ]
------------------------------
Date: Tue, 17 Oct 95 11:16:46 -0400
From: Graystreak <wex@media.mit.edu>
Subject: Who owns your name?
[culled from CPSR's EPIC Alert newsletter...]
The Marketry company of Bellvue, Washington is now selling email
addresses of Internet users obtained from Newsgroup postings. From
the company's press release:
"These are email address of individuals who are actively using
the Internet to obtain and transfer information. They have
demonstrated a substantial interest in specific area of information
on the Internet. They are regularly accessing information in their
interest areas from newsgroups, Internet chats and websites. . . .
The file is anticipated to grow at the rate of 250,000 E Mail
addresses per month, all with Interest selections."
What are the interest areas currently available? "Adult, Computer,
Sports, Science, Education, News, Investor, Games, Entertainment
Religion, Pets." The release notes that "additional interests areas
will be added, please inquire." Activities of US and non-US Net users
will be included in the Marketry product.
The Washington Post reported that the president of Markertry, Norm
Swent, would not disclose who the actual owner of the list is. "That
really is confidential information," Swent said, "and we are obviously
bound by confidentiality agreements with the list owner."
WHAT YOU CAN DO:
(a) Sit back, let your newsgroup postings get swept up by the data
scavengers and watch the junk email pile high on your system, or
(b) Send email to Marketry and tell them to STOP SELLING PERSONAL
DATA GATHERED FROM THE NET. Send email to: listpeople@marketry.com
and tell your friends to send email. And tell your friends' friends.
It's your name. It's your mailbox. Think about it.
[ It's important to always remember that public postings are just
that, *public*. Entities are free to collect, index, store, and
otherwise use such materials quite freely, as long as they don't
violate applicable laws (of which very few relate to this area).
Of more concern is the use of data collected by servers in the
course of essentially "non-public" transactions, such as World
Wide Web browsing. More on that in a future digest.
-- MODERATOR ]
------------------------------
Date: Tue, 17 Oct 95 11:30:12 PDT
From: aa2du@netcom.com
Subject: Caller ID/New Worries
Greetings:
I received a rather disturbing communication enclosed in my latest
NYNEX telephone bill. This came in the bill for my business account
and I haven't seen it in my residential account bills. The flyer
describes the the new "Call ID Deluxe Service."
According to NYNEX, the new service allows the user to see
the name and telephone number of the caller, *even if the caller's
number is non-published.* (emphasis NYNEX's) The flyer does
say that you can block the service using Per-call restrict or All-call
restrict, which is available in NY State.
If the non-business customer is not made aware of this, the implications
for loss of privacy should be obvious to everyone. I really question
the need for this, but I suppose NYNEX will make more millions as
a result of these actions. As a final note, NYNEX does say that
they have not yet received Public Service Commission approval for this
latest invasion of our privacy. I urge everyone to contact the NY State
PSC and advise them against approving such a plan.
With regards,
J.P. Kleinhaus
aa2du@netcom.com
J.P. Kleinhaus, AA2DU ARRL CAC hudson Div. Rep.
E-mail: aa2du@netcom.com
Compu$erve: 74660,2606
[ This is pretty much the case in many areas.
Where CNID or enhanced (name/address CNID) systems
are available, efforts to require all non-pub
numbers to be blocked by default have been
vigorously opposed by local telcos. The reason
is obvious--in major metro areas an extremely
high percentage of lines may be non-pub, which
would result in very high numbers of lines
CNID blocked from day one, reducing the perceived
value of the service to potential customers.
-- MODERATOR ]
------------------------------
Date: Wed, 18 Oct 95 13:44:52 +0100
From: kaiser@acm.org
Subject: France: change in cryptography policy
Until recently, the French government has considered cryptographic software
to be war material -- specifically Class II munitions, like a live ground-to-
air missile -- and one was not permitted to use it without the proper license
and along with registering all keys. This has apparently just changed a bit,
if one can believe an article yesterday in Nice-Matin, the local newspaper
for the Cote d'Azur. In part it reads (my translation):
France: Internet will be accessible at the price of a local call
The government wants to render Internet accessible to everyone in
France at a cost that is both attractive and uniform for the entire
country, said Frangois Fillon, minister of information technologies,
yesterday from an interagency committee on the information
superhighway.
[...]
Finally, the interagency committee was able to specify the
regulation of encrypting information, indispensable especially for
encoding bank card numbers on online services.
Cryptology is no longer war materiel, the government text specifies,
and when it has to do with protecting a password, an access code, or
a bank card number, a simple declaration from the vendor will be
enough, in place of prior authorization.
This obviously begs the question of how good such cryptographic techniques
will be permitted to be (RSA 40-bit? 128-bit? 12-bit?), but perhaps someone
has seen a better newspaper with more details.
___Pete
kaiser@acm.org
+33 92.95.62.97, FAX +33 92.95.50.50
------------------------------
Date: 2 Nov 1995 11:21:11 -0500
From: "Marc Rotenberg" <rotenberg@epic.org>
Subject: FBI Unveils National Wiretap Plan
The New York Times reports today that the FBI has proposed "a
national wiretapping system of unprecedented size and scope that
would give law enforcement officials the capacity to monitor
simultaneously as many as one out of every 100 phone lines"
in some regions of the country. ("FBI Wants to Vastly Increase
Wiretapping," NYT, Nov. 2, 1995, at A1)
The story follows the October publication in the Federal Register
of the FBI plans to implement the Communications Assistance
for Law Enforcement Act, the controversial "digital telephony"
bill that was opposed by many groups last year but supported by
an industry association called the "Digital Privacy and Security
Working Group" after the government put up $500,000,000 to pay
for the new surveillance features. (See EPIC Alert 2.12)
The Times article also notes that there is now some question about whether
the law will ever go into effect. A provision to provide funding was
deleted last week after "several freshman Republicans, including
Representative Bob Barr of Georgia, a former federal prosecutor,
said he objected to the way the money for wiretapping would be raised
and that he had concerns about how the FBI might use such a sweeping
surveillance ability."
The article also says that "The scope of the FBI plan has startled
industry telephone executives, who said it was difficult to estimate
how much it would ultimately cost to carry out the capacity
increases."
EPIC is urging the on-line community to object to implementation of
the wiretap plan. More information can be found at our web page:
http://www.epic.org/privacy/wiretap/.
Marc Rotenberg
rotenberg@epic.org
------------------------------
Date: Wed, 1 Nov 1995 13:46:33 -0500
From: Monty Solomon <monty@roscom.COM>
Subject: Controversy Over Medical Records Legislation
[ Editing for length by MODERATOR ]
Begin forwarded message:
Date: Wed, 1 Nov 1995 10:41:37 -0500
From: James Love <love@Essential.ORG>
Subject: Controversy Over Medical Records Legislation
-----------------------------------------------------------------
TAP-INFO - An Internet newsletter available from listproc@tap.org
-----------------------------------------------------------------
TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE
November 1, 1995
- Senator Robert Bennett and several cosponsors introduce legislation
on medical records privacy. S. 1360 would allow millions of law
enforcement officials, social workers, graduate students and other health
care researchers, government fraud investigators and probably
congressional staff to obtain access to computer databases with the
medical records for most Americans who pay for care under health insurance
programs. The Center for Patient Rights, the Massachusetts ACLU, EPIC,
and the Consumer Project on Technology (CPT) have expressed opposition to
the bill, as have several privacy experts. However, the legislation is
enthusiastically endorsed by the Center for Democracy and Technology
(CDT), which was involved in the drafting of the bill, and some other
groups have apparently endorsed the legislation. The Consumer Project on
Technology is working on a statement about the legislation. Here is the
statement about the legislation released yesterday by the Massachusetts
ACLU. jamie <love@tap.org>
... [ ACLU statement removed for length -- you can presumably
obtain full texts at the contact addresses below -- MODERATOR ]
TAP-INFO is archived at gopher.essential.org in the Taxpayer Assets
Project directory, and at http://www.essential.org/tap/tap.html
Subscription requests to tap-info to listproc@tap.org with
the message: subscribe tap-info your name
---------------------------------------------------------------------
Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036
v. 202/387-8030; f. 202/234-5176; internet: tap@tap.org
---------------------------------------------------------------------
[ I received an item directly from CDT that supported this
legislation, however it was not appropriate for inclusion
without some editing for length, and was marked with a
"must be distributed in its entirety" label, so it's not
here.
I invite the parties on both sides of this issue to submit
concise items to the Forum describing their points of view.
-- MODERATOR ]
------------------------------
Date: Thu, 19 Oct 1995 15:28:23 CST
From: "Andy Erickson" <ANDY@action-lane.com>
Subject: Businesses monitoring employee e-mail
Are there any articles, courtcases, .... anything.... relevant to the
unethical ... perhaps illegal ... monitoring of employee's electronic
mail?
Andy
[ Articles regarding the current
state of the laws in this topic
area are invited. -- MODERATOR ]
------------------------------
End of PRIVACY Forum Digest 04.23
************************
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
