PRIVACY Forum Digest Friday, 9 February 1996 Volume 05 : Issue 04
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by the
ACM (Association for Computing Machinery)
Committee on Computers and Public Policy,
"internetMCI" (a service of the Data Services Division
of MCI Telecommunications Corporation), and Cisco Systems, Inc.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
Privacy legislation (Dick Mills)
Tape recording conversations (David J. Coles)
Telecomm Bill and Indecency (Neal J. Friedman)
Internet Censorship Lawsuit (David Sobel)
Access to DMV records by rental car companies (Paul Robinson)
E-mail Privacy Policy (Joe Short)
Privacy Files ABSTRACTS (Pierrot Peladeau)
Call for Papers (Winn Schwartau)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 05, ISSUE 04
Quote for the day:
"Who said anything about heaven?
... this IS the other place!"
-- "Pip" (Sebastian Cabot)
"The Twilight Zone" (original version: 1959-1964)
Episode: "A Nice Place to Visit"
----------------------------------------------------------------------
Date: Mon, 29 Jan 1996 12:46:24 -0500
From: rj.mills@pti-us.com (Dick Mills)
Subject: Privacy legislation
In Privacy Forum Digest V05 #03, the MODERATOR wrote
Assuming this service operates as described, it
but another example of the widespread practice
of making customer information available with
minimal or no security provisions by many entities.
When questioned, firms implementing such systems usually
claim they can't imagine why anybody would be concerned
about the release of such information...
It is unlikely that such systems can be effectively
controlled without new privacy legislation.
What would such legislation look like? As I understand it,
the traditions in privacy law are based on the concept of
"reasonable expectations" of privacy. As the very case
you comment on illustrates, we all have wildly divergent
views of what is reasonable in each scenario.
The accelerating pace of technology creates so many new
and novel scenarios every day, that I despair at the thought
of having to resolve reasonableness disputes case by case
in front of a judge. Before the ink is dry on one case,
a hundred new scenarios will pop up. Even a hundred
Judge Wapners, each disposing of one case every 10 minutes
couldn't keep up :)
How can we formulate privacy laws that:
a) transcend the inventiveness of new technology?
b) are simple and clear enough that the public and business
can understand and apply the law more or less correctly
in their daily lives without consulting a lawyer on
every issue?
--
Dick Mills +1(518)395-5154
AKA dmills@albany.net http://www.albany.net/~dmills
[ It is indeed a difficult area! I submit that a starting point is
to determine to what extent information collected by an entity in
the course of providing a business or information transaction is
"owned" by that entity. Do they (or should they?) have unlimited
rights to use that information internally for marketing and other
purposes? Should they be unconditionally free to sell that
information to other organizations, and/or provide it to third party
databases? What recourse, controls, or choices should the person
about whom the information was collected have regarding these
matters? If we can establish these and related general points, it
may be much easier to deal with specific cases.
-- MODERATOR ]
------------------------------
Date: Tue, 30 Jan 1996 17:23:56 -0500
From: DJC1143@aol.com
Subject: tape recording conversations
I am a teacher in a large school system. Recently I had a conference
with a very abusive parent. The tone and actions of this parent were very
threatening to me. I feel I need some protection at future conferences.
Is it legal for me to tape record future conferences with this parent?
Is it legal to do so without his knowledge? Must I inform him in advance if
I intend to tape the conference? If he refuses, may I still legally tape the
conference?
I am required by my superiors to have these conferences with anyone who
signs up for them. I feel that I have no recourse when a parent can change
or twist anything that is said and I as a teacher can't prove otherwise. I
have been teaching 25 years and this kind of thing has never happened to me
before.
Sincerely,
David J. Coles
djc1143@aol.com
------------------------------
Date: Fri, 2 Feb 1996 17:11:29 -0500 (EST)
From: Neal J. Friedman <njf@commlaw.com>
Subject: Telecomm Bill and Indecency
MEMORANDUM
TO: All Internet Clients
DATE: February 2, 1996
RE: Telecommunications Act Imposes Controls on Indecent and
Obscene Content on the Internet and Online Services
The newly-enacted Communications Decency Act of 1996 states that it
is the policy of the United States to "promote the continued development of
the Internet and other interactive computer services." But, for the first
time, it puts the federal government in the business of regulating the
Internet and online services. The legislation does not go as far as some
had feared, but further than others had hoped.
The statute prohibits the use of interactive computer services to
make or make available an indecent communication to minors. It defines
indecency as: "any comment, request, suggestion, proposal, image, or other
communication that, in context, depicts or describes, in terms patently
offensive as measured by contemporary community standards, sexual or
excretory activities or organs." This definition has been upheld in other
cases involving the broadcast media. The bill's supporters expect that it
will withstand the inevitable Constitutional challenge. Indeed, Congress
provided that any challenge should first go to a special three-judge panel
and then directly to the Supreme Court. The Conference Committee Report
accompanying the bill argues that the new indecency prohibition will "pose
no significant risk to the free-wheeling and vibrant nature of discourse or
to serious literary, and artistic works that can be currently found on the
Internet, and which is expected to continue and grow."
The language requires that the communication must be knowing and
specifically exempts online service providers who merely provide access to
the Internet. The Conference Report states that the intent is to focus on
"bad actors and not those whose actions are equivalent to those of common
carriers." This is good news for those service providers who only host
content for others and exercise no control over the content. But, the
legislation goes on to state specifically that it is not the intent of
Congress to treat online services as common carriers or telecommunications
carriers for other purposes. If the online services were to be considered
as common carriers, they would be insulated from liability for any content
on their systems. Thus, the question of liability of online services for
defamation and copyright and trademark infringement remains unclear.
The legislation also provides a "Good Samaritan" defense for service
providers who have taken "in good faith, reasonable, effective and
appropriate actions under the circumstances to restrict or prevent access by
minors" to prohibited communications or have restricted access to indecent
content by means of a verified credit card, debit account, adult access
code, or adult personal identification number.
The role of the Federal Communications Commission is restricted
under the new law. The FCC is only permitted to describe measures that are
reasonable, effective and appropriate to restrict access to prohibited
communications, but it cannot give its approval to such measures nor can it
penalize any service provider for failing to use the measures.
The new law also prohibits states from exercising control over
content of online services. States can control content entirely within
their borders so long as the control is not inconsistent with the federal
law. Some state legislatures had, in reaction to publicity over alleged
pornographic and indecent content online, considered bills that would have
put tight restrictions on content.
The full text of the entire Telecommunications Act of 1996,
incorporating the Communications Decency Act of 1996, and the Conference
Report are available on our World Wide Web site: http://www.commlaw.com.
Sincerely yours,
PEPPER & CORAZZINI, L.L.P.
By:___________________________
Neal J. Friedman
Neal J. Friedman | Pepper & Corazzini, LLP |Voice:
njf@commlaw.com | 1776 K Street, N.W. | 202-296-0600
Telecommunications| Suite 200 |Fax:
& Information Law | Washington, D.C. 20006 | 202-296-5572
[ The Conference Report and full text of the
enacted Telecom Bill are also available
in the PRIVACY Forum archive. They each run
between 300K and 400K in length.
One thing I can say for certain about the Telecom
Bill--it will have effects and ramifications that
cannot be accurately predicted. More
competition? Massive media concentration? Lower
rates? Higher rates? Greater communication?
Censorship? The court battles have already
begun (see next message).
Regarding the "Communications Decency" aspects of
the legislation, neither the absolute prohibitions
written into the existing act, nor the concept of
100% uncontrolled and totally anonymous access on
demand by anyone to all information, seem likely
to be practical. My personal view is that the
twin goals of protecting minors and allowing
"anonymous" access to information by adults could
be met through a properly designed public-key
based authentication system.
But we have to start talking *to* each other,
rather than past each other, before we can
make any real progress.
-- MODERATOR ]
------------------------------
Date: 6 Feb 1996 16:10:17 -0500
From: "David Sobel" <sobel@epic.org>
Subject: Internet Censorship Lawsuit
A press conference will be held in Washington, DC, on Wednesday,
February 6, to announce a broad-based constitutional challenge to
the recently-enacted "Communication Decency Act." The case will
be litigated by the American Civil Liberties Union and co-counsel
from the Electronic Privacy Information Center (EPIC) and the
Electronic Frontier Foundation (EFF). More than a dozen
organizations will participate as plaintiffs.
The press conference will be held at 10:30 a.m. at the ACLU's
Washington Office:
122 Maryland Ave., N.E.
Washington, DC
(across from the U.S. Supreme Court)
EPIC will issue the following statement at that time:
==================================================================
For Release: Contact:
February 6, 1996, 10:00 a.m. David L. Sobel (202) 544-9240
Internet "Indecency" Legislation: An Unconstitutional
Assault on Free Speech and Privacy Rights
Washington, DC - The Electronic Privacy Information Center
(EPIC) will participate as both plaintiff and co-counsel in
litigation to challenge the so-called "Communications Decency
Act." The lawsuit will be filed in Philadelphia soon after the
President signs the telecommunications bill containing the
Internet "indecency" provisions. EPIC joins the American Civil
Liberties Union and more than a dozen other organizations in
challenging this ill-advised and unconstitutional attempt to
impose governmental content regulation on emerging global
electronic media.
The legislation's vague "indecency" standard will have an
obvious impact upon the free speech rights of millions of
Americans who use computer networks to receive and distribute
information. Less apparent is the assault on privacy rights that
the legislation will engender.
To avoid potential criminal liability under the "indecency"
provision, information providers would, in effect, be required to
verify the identities and ages of all recipients of material that
might be deemed inappropriate for children. The new statutory
regime would thus result in the creation of "registration records"
for tens of thousands of Internet sites, containing detailed
descriptions of information accessed by particular recipients.
These records would be accessible to law enforcement agencies and
prosecutors investigating alleged violations of the statute. Such
a regime constitutes a gross violation of Americans' rights to
access information privately and anonymously.
Less than a year ago, the Supreme Court upheld the right to
anonymous speech in McIntyre v. Ohio Elections Commission.. EPIC
believes that the Court's rationale in that case applies with even
greater force to the Internet "indecency" provisions. The Court
noted that
The decision in favor of anonymity may be motivated by
fear of economic or official retaliation, by concern
about social ostracism, or merely by a desire to
preserve as much of one's privacy as possible. ...
Anonymity is a shield from the tyranny of the majority.
It thus exemplifies the purpose behind the Bill of
Rights, and of the First Amendment in particular: to
protect unpopular individuals from retaliation -- and
their ideas from suppression -- at the hand of an
intolerant society.
Whether the anonymous individuals visiting sites on the World
Wide Web are seeking information on teenage pregnancy, AIDS and
other sexually transmitted diseases, classic works of literature
or avant-garde poetry, they enjoy a Constitutional right to do so
privately and anonymously. The Communications Decency Act seeks
to destroy that right.
EPIC is confident that upon review of the legislation and its
impact upon free speech and privacy rights in emerging electronic
media, the courts will invalidate the measure as fundamentally at
odds with the Constitution.
_________________________
The Electronic Privacy Information Center is a public
interest research center in Washington, DC. It was established in
1994 to focus public attention on emerging privacy issues relating
to the National Information Infrastructure, such as the Clipper
Chip, the Digital Telephony proposal, Internet censorship, medical
record privacy, and the sale of consumer data. EPIC is sponsored
by the Fund for Constitutional Government, a non-profit
organization established in 1974 to protect civil liberties and
constitutional rights. EPIC publishes the EPIC Alert, pursues
Freedom of Information Act litigation, and conducts policy
research.
- 30 -
==================================================================
------------------------------
Date: Fri, 09 Feb 1996 11:53:48 EST
From: Paul Robinson <paul@TDR.COM>
Subject: Access to DMV records by rental car companies
According to a report over the radio, a little-noticed provision of one
of the crime bills which have come out allows a rental car company to
check your driving record.
According to the report, two or three incidents - an accident or certain
types of tickets - is enough to cause you to be blacklisted.
Where are the problems in this?
1. There is no announcement of this practice; you're not likely to find
out until you get to the counter and can't rent a car.
2. There is no appeals process available.
3. There is no means available to provide for corrections or to
determine where or how the error occurred in the event you are caught
short by this happening.
4. No consideration is made as to the severity of the offenses or
whether you were even at fault in the accident; if the information
is there, you walk.
Questions:
5. What proof do we have that those who are inquiring into the database
are authorized to do so, that they are actually looking up the record
for that customer, and what privacy protections do we have against
unauthorized inquiries? Do we have the right to password-protect our
own account?
6. What protections do we have against the risk of erroneous data in
a report?
7. Is this the same data as is available at a DMV or DPS office, and if
not, in what way is it different?
7. Are there rights under law to get errors corrected? For damages for
inconvenience due to errors? Any right to collect damages for
misconduct if knowingly false information is placed in a database?
Or for failure to timely followup inquiries and remove errors?
Government agencies are not known for speed in action unless, like
with large organizations, damages and fines are available to those
who are injured due to error, negligence or misconduct.
Advice:
1. Whenever making a reservation for a car at a rental agency,
book it with multiple agencies, then once you have the car, cancel
or reschedule the ones not needed. (I do this because I have been
extremely inconvenienced when there are conditions imposed at the
rental counter I couldn't meet when I'd booked a car and made plans
weeks in advance; if I had known about them beforehand I could have
done something about them.)
2. If you get caught short in any circumstances, try another agency if
(as is usually the case) asking for a supervisor doesn't help.
3. When making a reservation, ask if they do checking of one's driving
record. If they do, and you want or must use that particular
agency, then ask them to check your record in advance so you can
know if there are any problems.
4. Get a copy of your driving record so you can know if there are any
errors or inaccurate reports. In Maryland, where I live, a 3-year
report costs $5 if uncertified, and $8 if certified; a full-report
of everything on file is $10 and $15, respectively. (My report
showed nothing at all.)
5. The above could also apply to certain issues regarding credit
reports, for the same or similar reasons.
Paul Robinson
------------------------------
Date: Tue, 06 Feb 1996 17:55:50 -0500
From: Joe Short <jshort@fuentez.com>
Subject: E-mail Privacy Policy
Hello,
I need to find information concerning employee e-mail privacy, and related
issues.
As the LAN Manager, I have been asked to draw up a company policy defining
the corporate legal view with regard to privacy of employee e-mail.
The corporate board would like to make legal the practice of monitoring
employee's e-mail.
We had a situation that involved a manager reviewing the e-mail of an
employee that had just been given notice of termination, effective 2 weeks
after the incident.
The employee complained, the manager apologized, and the employee has since
left the company.
I found references to the Electronic Communications Privacy Act (ECPA) of
1986 which explicitly prohibits the above actions by the manager unless
written consent was given by the employee.
I now need to find the ECPA document to back up my initial references.
I assume that the board wants to be assured that employees will 1) use
office e-mail for business purposes, and 2) make the employee aware that
his/her e-mail can and may be monitored at any time.
The employee will be asked to sign a consent form upon being granted an
e-mail account.
I have been in secure environments in the past that had guidelines
explaining that other forms of communications may be monitored, but this is
the first time I have dealt with e-mail privacy/security.
What type of precedents have been set in this area?
If this area has been covered in the past on this list, please refer me to
the appropriate archives.
I would also appreciate it if anyone can point me in a direction to find the
ECPA and other relevant documents.
This is not my area of expertise, and I do not want to make the mistake of
putting together a hastily-built and unresearched policy!
Thanks for your help!!
-- Joe
Fuentez Systems Concepts, Inc.
11781 Lee Jackson Highway
Suite 700
Fairfax, VA 22033
URL: http://www.fuentez.com
Voice: (703)273-1447
Fax: (703)273-2972
[ The PRIVACY Forum archive can be accessed via ftp.vortex.com,
gopher.vortex.com, or www.vortex.com. The latter of the
three access routes also provides keyword searching of the
entire archive. -- MODERATOR ]
------------------------------
Date: Wed, 7 Feb 1996 10:31:22 -0500 (EST)
From: Pierrot Peladeau <pierrot.peladeau@PROGESTA.COM>
Subject: Privacy Files ABSTRACTS
ABSTRACTS and keywords of the contents of current issues of
Privacy Files are now available through a list server.
Privacy Files (ISSN 1203-3225), published 10 times a year, is a
newsletter cum professional magazine. As a newsletter, it is a source of
information of interest to those dealing within or with the Canadian
personal informational space. As a magazine, it presents the opinions
and analyses of professionals, academics and other experts on managing
social, legal, ethical, technical, administrative issues related to
personal information processing and privacy protection.
To receive Privacy Files Abstracts, send the message:
"Add me to 'Privacy Files Abstracts' list < your name >" to:
privacy.files@progesta.com
[ ABSTRACTS est aussi disponible en francais. Pour s'abonner envoyez
le message "Ajoutez-moi a la liste 'Sommaires de Privacy Files'
< votre nom >" a: privacy.files@progesta.com ]
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* PRIVACY FILES office/bureau <privacy.files@progesta.com> *
* 1788 d'Argenson, Ste-Julie (Quebec) CANADA J3E 1E3 *
* tel : +1 (514) 922 9151 fax: +1 (514) 922 9152 *
* tel : (toll free/sans frais: Canada & US): (800) 922 9151 *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
------------------------------
Date: Wed, 31 Jan 1996 22:08:03 -0500
From: winn@Infowar.Com
Subject: Call for Papers
***** CALL FOR PAPERS *****
Please feel free to distribute this widely.
I first want to thank the thousands of people who have been so incredibly
supportive of my work over the last several years, and who have helped the
public debate on Information Warfare gain and sustain the momentum we have
all created.
As a result of the continued interest in the subject, my publisher has asked
if I would create a 2nd. Edition with substantial updates to the original
"Information Warfare" which was published in 1994. I told them that the new
revised edition should include much of the thinking that has evolved on the
topic in the last couple of years. Believe it or not, they agreed!
So, I am asking (begging? :-) for a couple of things.
1. We want to include a comprehensive Appendix "D" to include
references and bibliographic information for those already in and for those
entering the field. We would greatly appreciate any and all types of
references that you feel will be useful for students of Infowar today and in
the future. The kinds of material we hope to include are:
- Web sites, mailing lists, usenet, etc.
- Monographs and their source
- Published papers and their source
- Books with publisher, author,
date, ISDN (oops, ISBN) price and a one
sentence commentary.
- Global resources on the subject.
- Courses (civilian, military, etc.)
- Organizations, private and gov't.
We will also add a credit/acknowledgments page for all of the Information
Warriors who have assisted in this effort. Please supply name, title (or
rank) contact info, and affiliation as you want it to appear in the book.
(If you don't want your name or affiliation to appear, please so indicate
and we will honor your request. (Honest . . . .)
Ideally, we will need to have a hard copy of the materials that we reference.
PLEASE RESPOND TO BETTY@INFOWAR.COM
2. In order to portray the current thinking of Infowar from its many
facets, I am also looking for short commentaries on your particular take on
Infowar - and heavens knows there are so many . . . perhaps googols!
I would like to include a large number of 500-800 word overviews, or
executive summaries of topics of interest to you, comments on my work, or
perhaps on the efforts that you or your org are putting into the field. I am
hoping to find a balance between the civilian viewpoints and military and
international ones so that students and readers can see just how much work
in occurring in the field. Organizations like AFIWC and DISA (and so on)
are invited to submit a similar overview of their efforts in addition to
individual submissions.
It is not necessary to agree with me (that would be heresy in some cases
:-)) but let's be civil about it, OK? The purpose is to get the neurons
vibrating and moving the field forward.
If you take issue with, or relate to specific items/topics/comments in
"Information Warfare" please note page number so we can tie it all together
thematically. There will be suffixes to each chapter, and I am hoping that
many of the responses will comment on or add to each of the chapters.
As for credit, we will list your name, contact info, affiliation etc., along
with your particular contribution. With each submission, please just say
something like, "I hereby give Winn Schwartau, Interpact, Inc., and Thunders
Mouth Press non-exclusive permission to use this work." That keeps the
publisher happy and still lets you own your own words. If it's a personal
opinion, and not an official one of your organization, a simple disclaimer
like, "these are the opinions of the author, and not necessarily those of my
organization." We will provide a general suffix disclaimer to that effect
anyway. If it is the official view of your org, then please indicate so
clearly, so we may make an accurate distinction.
If we decide to edit your piece substantively, we will run it back to you for
approval before printing. All we will ask is a timely return.
To get your brain thinking on the kinds of topics I am looking for:
- Civilian Defense
- "This is an act of War"
- "This is not an act of War"
- Infowar as an alternative to conventional conflict.
- Non-lethal conventional warfare
- Enhancing military efficiency with Infowar
- PsyOps as Infowar
- Hackers: A National Resource
Please consider all three Classes of Infowar when deciding what you want to
say. Since you only have 500-800 words to say it, I suggest that it be
clear, concise and to the point.
Controversy is good. But just as good is if your comments are thought
provoking and stimulate additional discussion about your subject. For each
contribution we accept, (and there will be a lot we will!) we will provide a
free copy of the new revised "Information Warfare: Revised Edition" (or
whatever they decide to call it.)
PLEASE RESPOND TO: BETTY@INFOWAR.COM
3. We have already received a large number of short "pull
quotes" of one or two sentences for the cover and inside covers where we
give full attribution. If anyone is so inclined, we are looking for a few
more that comment on the existing works.
PLEASE RESPOND TO BETTY@INFOWAR.COM
4. Robert Steele at ceo@oss.net has agreed to help me pull
together a "Who's Who" of Information Warfare. Please supply names, contact
information and brief biographies to him at CEO@OSS.NET.
Again, I want to thank everyone out there for their support, and I look
forward to seeing what everyone has to say. Please send your input to
BETTY@INFOWAR.COM no later than February 29, 1996.
Feel free to distribute this widely and/or post as you see fit.
Winn Schwartau
Peace
Winn
Winn Schwartau - Interpact, Inc.
Information Warfare and InfoSec
V: 813.393.6600 / F: 813.393.6361
Winn@InfoWar.Com
------------------------------
End of PRIVACY Forum Digest 05.04
************************
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
