|
PRIVACY Forum Digest Saturday, 20 April 1996 Volume 05 : Issue 09 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Caller ID in Calif. (Beth Givens) Janet Reno's New Cyberwar Policy (nmunro@technews.com) EFF Opposes Ridiculous and Anti-Net Trademark Bill in Georgia (editor@eff.org) State-level med/priv note (Peter Marshall) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 05, ISSUE 09 Quote for the day: "I do believe in spooks!" -- The Cowardly Lion (Bert Lahr) "The Wizard of Oz" (MGM; 1939) ---------------------------------------------------------------------- Date: Mon, 8 Apr 1996 11:35:15 -0700 (PDT) From: Beth Givens <bgivens@pwa.acusd.edu> Subject: Caller ID in Calif. FOR IMMEDIATE RELEASE Contact: Beth Givens April 4, 1996 (619) 260-4160 CALLER ID: COMING SOON TO A PHONE NEAR YOU Privacy Rights Clearinghouse Funded to Conduct Education Campaign The Privacy Rights Clearinghouse joins a statewide campaign in California to spread the word about the privacy impacts of Caller ID. It is one of 43 consumer-related organizations to receive grant funds from Pacific Bell and GTE as part of the massive consumer awareness campaign required by the California Public Utilities Commission. "Telephone privacy is precious to many Californians," said Beth Givens, director of the Privacy Rights Clearinghouse. "Half of the households in the state have unlisted numbers, the highest percentage of any state." Starting June 1 in California, telephone numbers will be transmitted when calls are made. Those who subscribe to the Caller ID service and who purchase a special display device will be able to see and capture the calling party's number. Phone users who do not want their number to be released can take advantage of blocking options, offered free. The purpose of the consumer education campaign is to alert consumers to those blocking options -- Complete or Selective Blocking (called Per Line and Per Call Blocking, respectively, in other states). "Our job, and that of the other grantees, is to reach people who might not be aware of the announcements on TV, the radio and newspapers," said Givens. "The Clearinghouse is especially concerned about those who are at risk from the release of their phone number -- victims of domestic violence and stalking, and the shelters which serve them; people who want to remain anonymous when calling hotlines for AIDS counseling, suicide- prevention, and the like; and people in professions like law enforcement, mental health counseling, and teachers who need to shield their phone numbers when calling clients from home." The Clearinghouse offers an 8-page guide called "Caller ID and My Privacy." Consumers can call (800) 773-7748 (California only, elsewhere 619-298-3396) to order. The guide provides an in-depth discussion of the many privacy implications of Caller ID. The Privacy Rights Clearinghouse is a grant-funded program administered by the University of San Diego Center for Public Interest Law. In operation for over 3 years, it has received 33,000 calls from California consumers. It offers 19 guides on a variety of consumer privacy issues, including privacy in cyberspace, telemarketing, credit reporting, government records, workplace privacy and medical records. ### NOTE: The fact sheet "Caller ID and My Privacy" is on the Clearinghouse's Web site: URL:http://www.acusd.edu/~prc (Click on fact sheets / English / number 19.) Beth Givens Voice: 619-260-4160 Project Director Fax: 619-298-5681 Privacy Rights Clearinghouse Hotline (Calif. only): Center for Public Interest Law 800-773-7748 University of San Diego 619-298-3396 (elsewhere) 5998 Alcala Park e-mail: bgivens@acusd.edu San Diego, CA 92110 http://www.acusd.edu/~prc [ Informal reports have indicated that the two main California telcos, Pacific Bell and GTE, have been swamped with calls from people wishing to establish the "complete blocking" service. No actual figures have apparently been made available yet. -- MODERATOR ] ------------------------------ Date: Mon, 15 Apr 1996 16:20:20 -0400 (EDT) From: nmunro <nmunro@technews.com> Subject: Janet Reno's New Cyberwar Policy Attorney General Janet Reno has asked several cabinet members to createt a cyberspace defense "entity" and to help establish a national cyberwar defense policy. If approved by the cabinet members - and by President Bill Clinton - the policy would be drafted by a government task force, according to Reno's March 14 memo. The task force would be chaired by a civilian appointed by Clinton, and would recommend a national cyberspace defense policy within 12 months, following discussions with national security and law-enforcement agencies, industry executives and privacy advocates. Reno's memo represents the latest government effort to counter what intellligence and defense officials say is a new national security threat - the threat of destructive hacker-attacks against the nation's electronic infrastructure. Government officials say that the nation's phone system, power-grid, and other critical information-based networks could be wrecked by hacker attacks sponsored by foriegn countries. The cyberspace defense "entity" suggested by Reno would be headed by the FBI, and is intended to provide advice and technical help to agencies seeking to protect their critical information networks. Reno made her request in a March 14 memo to the secretaries of commerce, energy, treasury and transportation. The memo was also sent to John Deutch, the Director of Central Intelligence, John White, the deputy secretary of defense, Louis Freeh, director of the FBI, and six other senior officials. The memo was created after a White House battle debate lasting at least one year, during which Deutch, White and others tried to win President Bill Clinton's approval for a formal Presidential Review Directive on "Information Assurance." If it had been approved, the PRD would have created a government-wide board to study the dedvelopment of a national cyberspace defense policy. Further information about the policy - and the rise and fall of the proposed PRD - can be found at Washington Technology's website - http://www.wtonline.com/wtonline. Email nmunro@technews.com if you want a fax of the memo, complete with Reno's signature. The NYT has already been faxed a copy of the memo. Washington Technology is a biweekly newspaper covering the business and politics of information technology for its 40,000 subscribers, and is based in Vienna, Va. ------------------------------ Date: Wed, 17 Apr 1996 17:48:01 -0700 From: editor@eff.org Subject: EFF Opposes Ridiculous and Anti-Net Trademark Bill in Georgia [ From EFFector Online Volume 09 No. 04 -- MODERATOR ] Note: That's the US state of Georgia, not the Republic of Georgia. Many state and local governments have passed legislation that appear to be unconstitutional restraints on speech sent over the Internet. One state that recently passed a Bad Law is Georgia. Georgia House Bill 1620 currently sits on the governor's desk awaiting his signature. EFF weighed in and voiced our concerns about this legislation, asking the governor to veto the bill. Among the problems with this legislation is that it would not only make it a crime to use someone else's trademark in user IDs, domain names, and other online contexts - regardless of the fact that in most cases the trademarks in question would not even apply, and it would also criminalize the use of pseudonyms, and furthermore make it illegal to link from your homepage to another site without permission. The constitutionality of the law, as well as it's wisdom, is highly questionable, as is the compatibility of it with existing intellectual property law (for example it could essentially grant the first to trademark a term or name in a particular field a monopoly on online use of that term or name, in *all* fields, despite that fact that any number of non-competiting companies can have nearly identical trademarks in completely different areas of commerce.) Incidentally, BellSouth appears to be a major mover-n-shaker behind this legislation, and has filed suit (two days before announcing plans to enter into the Internet service market, no less) against an online service, realpages.com, for alleged trademark violation (BellSouth's tradmark is "The Real Yellow Page". Confusingly similar? Applicable at all? Not likely.) Very similar legislation has existed in draft form in California for some time, and may hit other states and countries soon. Keep and eye out! EFF Staff Counsel Shari Steele send the following letter to Georgia Governor Zell Miller, explaining the problems with the new act and encouraging a veto. Electronic Frontier Foundaton 1550 Bryant Street, Suite 725 San Francisco, CA 94103 (415) 668-7171; (415) 668-7007 (fax) Internet e-mail: eff@eff.org Governor Zell Miller State Capitol Atlanta, GA 30334 April 16, 1996 Via Facsimile: (404)656-5948 Dear Governor Miller, I am writing to you in my capacity as Staff Counsel for the Electronic Frontier Foundation (EFF) to ask that you veto Georgia House Bill 1630, Computer or telephone network; transmitting misleading data. EFF was founded in July of 1990 to work on protecting the free speech and privacy rights of users of new technology. Since that time, EFF has been involved in numerous battles against laws and actions that restrict the free speech rights of users of electronic bulletin board systems (BBSs) and the Internet. I fear that the Georgia legislature has just passed a bill which, if signed into law, will significantly hamper the development of the Global Information Infrastructure (GII, frequently referred to the Information Superhighway) and will result in an unconstitutional restraint on the free speech rights of the citizens of Georgia, the United States, and the global Internet. To help you understand the ramifications of this legislation, I'd like to take a minute to explain some basic things about electronic communications. First, individuals are not identified online by their "real world" names. Instead, they are identified by electronic mail addresses, which are composed of a "user ID" and the "location" of the individual's network access provider. Sometimes an individual gets to choose his or her own e-mail user-ID. But sometimes a random user ID is assigned to the individual by the service provider. For example, the online service provider CompuServe assigns user IDs like 102527.2327 and 75223.2153, which do not clearly identify the sender of the electronic message. Even where an individual gets to select his or her own user ID, it is rare that a person identifies him or herself by full name. In fact, many people identify themselves instead by words or heroes in which they have a personal interest. For example, I know a person whose user ID is calliope. I know another whose user ID is mnemonic, named for the character "Johnny Mnemonic" in the science fiction novel of the same name by William Gibson. I know yet another whose user ID is elvis. Even my user ID, which is ssteele, does not clearly distinguish me from others with the last name of Steele and the first initial "S." This brings us to the first problem with the current bill. The language of the bill makes it illegal for a sender of a message to "falsely identify" him or herself. All of the user IDs I've mentioned are false identifications, similar to the "handles" people use on citizen's band radios. It is and has always been legal for people to use any name they choose as long as it isn't for a fraudulent purpose. I can be Samuel Clemens to one set of people and Mark Twain to another set and nobody is harmed. Or Andrew Hamilton and Publius. Or ssteele@eff.org and Shari Steele. While it is true that some people may be harmed when others intentionally create confusion, by sending a message designed to look like it came from an identifiable other person, the bill criminalizes a vast array of everyday conduct in its attempt to reach this harm. Besides, there are already laws on the books that make it illegal to commit fraud or to fraudulently use the likeness of another that can be enforced where harm has occurred. Georgia House Bill 1630 makes criminals of the vast majority of us who communicate online. Next, the Internet is comprised of thousands of computers connected to one another. The World Wide Web is a graphical area of the Internet that allows users to move seamlessly from site to site by simply clicking on a mouse button. This is often referred to as "surfing the net" and is a basic quality to the World Wide Web. For example, I could get to Wired magazine's web site by clicking on a button at the Electronic Frontier Foundation's web site. I then would be seamlessly transported to Wired's site. Wired magazine loves this arrangement, because the more people they get visiting their web site, the more successful the site is. Which brings us to the second problem with the current bill. The language of the bill would make it illegal to create a button on our web site with Wired's "trade name" or "logo" without first obtaining "permission or authorization" from Wired magazine. Of course Wired magazine would give us permission -- they do not want to have a web site that no one visits. In fact, the more sites that "link" to Wired's site, the better it is for Wired. It's like making it illegal to take a copy of a newspaper that is labeled "free" on the top without first obtaining permission from the publisher. Or like making it illegal to look up a friend's phone number in the phone book and put it into a neighborhood directory or a bridge club newsletter. The problem is that H.B. 1630 would make criminals out of virtually everyone with a web site (for all web sites link to others) when the sites being linked to would always give permission for the link. Furthermore, because of its vague language, it appears that the bill would make it a crime even to mention Wired magazine in writing an electronic review of their magazine or their articles without first obtaining their permission. The right to criticize other peoples' work is basic to our open society; it is how errors are corrected and differences of opinion are aired. It would be senseless to have the right to criticize a story from the New York Times without being able to mention that the story was printed in the New York Times! Even if reviewers went to the effort contemplated in the bill of contacting the company and asking its permission, many companies would refuse permission to use their names in reviews that disagreed with the companies. This sabotages the whole process of critical review that keeps our society tending toward truth. Finally, the entire purpose of the bill seems to be to protect intellectual property, such as trademarks and logos. But there are already laws in place on both federal and state levels that protect these things. The legislature has created a poorly crafted, unconstitutional law to protect something that is already protected. There is no rational reason to make criminals out of all users of the Internet. I hope that I have helped shed some light on the dangers of this legislation. The Electronic Frontier Foundation urges you to veto H.B. 1630 as an unnecessary and unconstitutional restriction on the free speech right of Internet users. I invite you to contact me if you have any questions or concerns about the legalities surrounding electronic communications as you consider your actions regarding this bill. My telephone number is (301)375-8856. And you can reach me via Internet e-mail at ssteele@eff.org. Thank you for your consideration. Sincerely, Shari Steele Staff Counsel Electronic Frontier Foundation cc: Ms. Mary Beth Westmoreland, Georgia Department of Law, fax: (404) 651-6459 Mr. Michael Bowers, Attorney General, fax: (404) 657-8733 ------------------------------ Date: Thu, 18 Apr 1996 18:40:20 -0700 (PDT) From: Peter Marshall <rocque@eskimo.com> Subject: state-level med/priv note WA State seems to pride itself on its Basic Health Plan and seemed to also deserve privacy strokes for its all-too-unusual policy of *not* asking applicants to disclose their SSNs. Indeed, the BHP is quite willing to assign a non-SSN identifier. The BHP's application packet even contains some examples of how an applicant's SSN could be used should one choose to disclose it. So far so good.... But, curiously perhaps, according to state sources, the take-rate for those opting *not* to disclose their SSN in these circumstances is a mere 1.5% of the 60,000 "families" the state says are currently enrolled. Erosion of "expectation of privacy" and all that? Perhaps--at least to an extent.... But services under the BHP are--of course--provided through HMOs. It turns out that the state seems to omit to disclose subsequent uses of one's SSN by participating *HMOs*; thus raising questions not only about adequacy of disclosure, but also about informed consent, relationship to that 1.5% take-rate; and, perhaps most interestingly, to what at first--and superficial blush--is what *looks like* a "progressive" posture toward personal information-privacy. That, they said, is what some of their consumer research told them WA's citizens wanted, after all.... Peter Marshall ------------------------------ End of PRIVACY Forum Digest 05.09 ************************