|
PRIVACY Forum Digest Sunday, 22 December 1996 Volume 05 : Issue 22 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS "Hidden agendas" in web blocking software (Lauren Weinstein; PRIVACY Forum Moderator) Maiden name renewal shortcuts (Howard Goldstein) Anonymous opinions (Karin Hansson) OPPOSITION: FRC on Supreme Court News (Todd Lappin) Resolution Regarding Implementation of the CSU One Card (Phil Agre) Dog-mounted video camera (Phil Agre) CHRC bumbles into the Net (Mich Kabay) CEPIS Statement: Governmental Restrictions on Encryption Products Put Security at Risk (Kai Rannenberg) ANNOUNCEMENT: New low-noise cryptography mailing list (Perry E. Metzger) Online Personal Databases (David Kulp) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 05, ISSUE 22 Quote for the day: "It's not easy having a good time." -- Dr. Frank-N-Furter (Tim Curry) "The Rocky Horror Picture Show" (20th Century Fox; 1975) ---------------------------------------------------------------------- Date: Fri, 20 Dec 96 15:23 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: "Hidden agendas" in web blocking software Greetings. While the ability of parents to control their children's access to web pages via specialized "blocking" software has been widely touted, it's becoming apparent that problems are already appearing. First, there seem to be a variety of "rating" services, all promoting their own mechanisms (and logos of course) to web sites. A site operator might be excused for throwing up his or her hands at the confusion and being rather reluctant to deal with any of them. Now it's becoming known that at least some of the available blocking software packages apparently include what might be called "hidden agendas". These silently block not only obvious topics like "porn", but also access to animal rights, feminist, liberal, and other sites that have been identified as being on various conservative and other "hit" lists. What's of particular concern (regardless of one's personal political leanings) is that the users of such packages may not even be aware that such broad blocking is going on--or who is being blocked. In one case, the manufacturer of such software threatened legal action when the software's database of blocked sites was "decrypted" and the list published. The same manufacturer also reportedly added an entire ISP's domain to the software's block list, apparently because that was the ISP where the entity publishing the list (and associated information about the blocking) had their web site and e-mail addresses. Such episodes could tend to cast a shadow on the entire category of "parental control" software. Clearly, the ability of parents to control access by their children to materials on the net is important. But it's also important that it be completely clear exactly what and who is being blocked, and that hidden political or economic motives not be embedded within such software. I would therefore recommend that parents only use blocking software where the *complete* list of default blocked sites and site "certification" criteria are made publicly available by the manufacturer, without any special provisos or conditions. Such software should also allow the parent to modify and update that list (either to add or delete arbitrary specific sites as they choose, regardless of whether or not a site bears a particular "stamp of approval" from a "certifier"). Any blocking systems that do not meet these criteria should be considered unacceptable. --Lauren-- ------------------------------ Date: Sun, 24 Nov 1996 23:54:24 -0500 From: Howard Goldstein <hgoldste@mpcs.com> Subject: Maiden name renewal shortcuts Rex Black's <Rex_Black@dell.com> item in issue 21, vol 5 of the digest (regarding SSNs floating around in SW Bell files) reminded me of an phone call around a month ago. Seems I had neglected the many solicitations to renew a subscription to one of those freebie electronics trade publications and someone claiming to be from the magazine phoned to offer me renewal. I accepted and when I thought the call was coming to end the nice lady asks whether she can have my mother's maiden name. When I recovered from the shock I asked why and she said it was for "verification purposes." At that point I told her that no, she may not have the maiden name and in an annoyed voice I'm told "well I'll just put down `refused' to which I said `cool.'" A small part of me hopes it was an attempted scam because it's troubling to think of what a large database of name/address/phone #/mother's maiden name could do. And imagine merging it with Mr. Black's phone company's list of SSNs... [ Of course, with the confused data in many databases you might start receiving your magazines addressed to "Howard Refused Goldstein"... -- MODERATOR ] ------------------------------ Date: Sun, 08 Dec 1996 21:36:33 +0100 From: karin@it.kth.se Subject: anonymous opinions I am writing a paper for The Swedish Agency for Administrative Development, the subject is "The government as a base in the creation of the public sphere" - about Internet and democracy. I will bring up examples from "community networks" and public discussions on the Internet in general, and put them in the context of the Swedish model of democracy. In my search for information on the subject I came in contact with Mirko Labbri (MILLION Project Manager, labbri@www.omega.it) who told me about the community network in Bologna (http://www.comune.bologna.it/)where they among other things support the citizents with free email-accounts. What is special though are the conditions for this. Each person is given a pseudonym, and the tracability is very restricted. Only if a user has committed a crime and this has gone to court, the police has got the right to know the true identity of the user. I am know searching for other similar exemples where the government act as a kind of "anonymous remailer". (This far without success.) If you have heard of any such attemts or other, planed project, or something that have anything to do with "anonymous discussions", please drop me a note. Thanks for your attention! Kind regards, Karin Hansson www.it.kth.se/~karin +46-8-6509908 Fleminggatan 73, 112 33 Stockholm, Sweden ------------------------------ Date: Fri, 6 Dec 1996 16:21:07 -0700 From: --Todd Lappin-- <telstar@wired.com> Subject: OPPOSITION: FRC on Supreme Court News We're not the only ones who are excited about the pending Supreme Court case on the constitutionality of the Communications Decency Act. Turns out, the CDA's proponents are also looking forward to having their day in court. The following press release from the Family Research Council gives their side of the story, complete with Cathy Cleaver's usual rantings about the dangers of online smut. Remember... despite what the FRC says, "indecency" is NOT a synonym for pornography. Work the Network! --Todd Lappin--> Section Editor WIRED Magazine ------------------------ FOR IMMEDIATE RELEASE: Dec. 6, 1996 CONTACT: Kristi S. Hamrick, (202) 393-2100 For Radio, Kristin Hansen SUPREME COURT TO REVIEW COMPUTER PORN RULING WASHINGTON, D.C. -- The Supreme Court announced Friday that it will review the Reno v. ACLU decision to enjoin the Communications Decency Act made earlier this year by a three-judge panel in Philadelphia. Family Research Council Director of Legal Studies Cathy Cleaver said that the Department of Justice's appeal of the Philadelphia ruling is the right thing to do, and that now the Supreme Court has the opportunity to "reverse the radical ruling which gave Bob Guccione the right to give his Penthouse magazine to our children on the Internet." Cleaver continued, "Laws against selling porn magazines to kids are not unconstitutional. Why should we have to tolerate the same degrading images of women being given to those same kids on-line?" Family Research Council presented a "friend of the court" brief with the Philadelphia judges in ACLU v. Reno defending the cyberporn provisions of the Communications Decency Act. Cleaver said the Philadelphia decision contradicts previous Supreme Court decisions on the distribution of indecent material through the media. The Communications Decency Act: * Prohibits adults from using a computer to send indecent pornography directly to a known child * Prohibits adults from knowingly displaying indecent pornography to children * Defines "indecent material" as material, which in context, depicts or describes sexual or excretory activities or organs in a patently offensive manner * Imposes fines, prison sentences (up to 2 years), or both on violators * Exempts those who merely provide access to a network or system over which they have no control * Provides limited defenses for employers and those who make a reasonable and effective effort to restrict children's access to pornography * Expands telephone harassment prohibitions to include harassment by computer Arguments will likely be heard in early spring. Family Research Council and other pro-family and anti-pornography groups will be filing briefs in support of the Justice Department's defense of the law. FOR MORE INFORMATION OR INTERVIEWS, CALL THE FRC MEDIA OFFICE. ------------------------------ Date: Mon, 9 Dec 1996 14:14:34 -0800 (PST) From: Phil Agre <pagre@weber.ucsd.edu> Subject: Resolution Regarding Implementation of the CSU One Card [ The forwarded portion of this message has been significantly reformatted from its original doublespaced format for distribution in this digest. -- MODERATOR ] Some background: many universities are contemplating or implementing "One Card" systems whereby all of the means of identification issued by various campus entities are consolidated to a single card, which is then used for access to automated service kiosks and many other purposes. These cards have the potential to simplify tasks and provide new services, but they also raise very significant privacy issues, particularly when their use is extended to include new functionalities such as opening doors and making phone calls. The California State University system is currently planning a unified One Card system that would potentially apply to all of the CSU system's 20+ campuses and 300,000+ students. The system would be funded by including the functionalities of a telephone calling card and a bank debit card with the student ID card, and then allowing long-distance phone companies and banks to bid for access to potentially 300,000+ new customers. The California State Student Association, which consists of student government representatives from all of the CSU campuses, has raised several objections to the One Card plan, and these are described in the resolution whose text I have enclosed. I was an invited speaker at a CSSA meeting just before the meeting where this resolution was considered, and I offered some advice about how certain parts of the resolution might be framed. The resolution itself, however, is the students' work, and I myself do not take any position on the issue. --- Forwarded Message Begins --- Date: 2 Dec 1996 10:17:21 -0800 From: "Ginny Whitby" <ginny_whitby@qmbridge.calstate.edu> Subject: One Card Resolution [...] RESOLUTION REGARDING IMPLEMENTATION OF THE CSU ONE CARD November 10, 1996 Whereas, It is not the California State University system's mission to provide convenience banking, long distance calling plans or debit card services to its students; and Whereas, Education through public institutions should be free from undue influence by private industry in order to ensure the preservation of intellectual freedom and academic integrity; and Whereas, The One Card potentially jeopardizes regional business communities thereby compromising local economies and availability of jobs; and Whereas, The services promised in the One Card proposal are readily available in the surrounding communities, should the individual student desire such services; and Whereas, Offering concession contracts to outside companies, such as vending and food services, could have negative impacts on the auxiliaries of some CSU campuses which currently derive revenue from these activities; and Whereas, Current Federal and State laws are inadequate to ensure the security and privacy of students' confidential information and therefore put at risk the privacy and personal autonomy of individuals within our CSU community; and Whereas, Some schools have already adopted the One Card without adequate student consultation; and Whereas, The principles of consultation, open dialogue and sharing of information between the CSU and students need examination; therefore be it Resolved, That the CSU, with adequate student participation, should assess and detail how One Card systems will comply with "Fair Information Practices"; be it further Resolved, That a Privacy Impact Statement should be prepared to describe, in detail, all anticipated and unanticipated effects and outcomes regarding privacy as it relates to implementation of the One Card; be it further Resolved, That the CSU should formally adopt a Privacy Code, which is developed in consultation with and the approval of the students of the CSU. Such a Code must not only define how privacy will be handled, but must also provide for a system of auditing data security as well as detailed penalties for violation of the Code; be it further Resolved, That the afore mentioned Code should guarantee due process where information from the One Card system is used for law enforcement purposes or for other investigative procedures; be it further Resolved, That the afore mentioned Code should guarantee that information generated by the One Card system and its vendors will be prohibited from unauthorized use by outside companies or use for purposes of creating profiles for private or commercial use either inside or outside the CSU; be it further Resolved, That the CSU should provide a rational assessment of the application of One Card technologies and address the use of privacy measures such as digital cache and pseudo-identification; be it further Resolved, That the Chancellor's office should provide CSSA with a RFP to conduct independent research, including on-site visits, in order to investigate experiences with similar information systems on other campuses nation-wide; be it further Resolved, That, with the adequate consultation of its student government, every campus must have the independent choice to decide whether or not to implement the One Card; be it further Resolved, That where implementation occurs, specific safeguards be included which ensure the integrity of the academic environment of our public school system, and which render it free from undue corporate influence including corporate ownership, control or profiteering through the use of state assets including, but not limited to, computers, card readers, databases, related equipment, software and information; be it further Resolved, That the CSU administration should not use the 330,000 students of the CSU system as a leveraging tool to attract private investment in the CSU's infrastructure; be it further Resolved, For those campuses where implementation has already occurred, or is projected to occur, that the administration of any net revenues derived by the CSU or individual campuses from these ventures be overseen by the Student Fee Advisory Committee; be it further Resolved, That copies of this resolution be sent to CSU Chancellor Barry Munitz; all CSSA Representatives; all CSU Associated Students Presidents and Councils; all CSU Campus Presidents; the CSU Board of Trustees; the Honorable Tom Hayden; the Honorable Leroy Green; the Honorable Brian Sentenich; the Honorable Valerie Brown; the Honorable Stephen Peace; the Honorable Brooks Firestone; the Honorable Margeritte Archie Hudson; the Honorable Cruz Bustamante; the Honorable Louis Caldera; the American Civil Liberties Union; Beth Givens, Privacy Rights Clearinghouse; Phil Agre, U.C. San Diego; and all media. ------------------------------ Date: Sun, 1 Dec 1996 14:49:48 -0800 (PST) From: Phil Agre <pagre@weber.ucsd.edu> Subject: dog-mounted video camera High-technology reporter Dave Barry has revealed that a company in England (Moran Security Support Services Ltd, 47 Livingstone Road, Hove, East Sussex BN3 3WP, UK; phone +44 (0) 1273 321631; fax +44 (0) 1273 208898) is selling a dog-mounted video camera for security purposes. The system, which Dave absolutely swears is called Wireless Operational Link and Video Exploration System, or WOLVES, sells for approximately US$11,450. This report has very serious privacy implications, which I will explain in Part 2 of this message. Phil Agre [ I will, with considerable restraint, refrain from imparting to the readership the range of jokes that immediately sprang to mind upon reading this message. -- MODERATOR ] ------------------------------ Date: 25 Nov 96 21:25:11 EST From: Mich Kabay <75300.3232@CompuServe.COM> Subject: CHRC bumbles into the Net >From the _Globe and Mail_ newspaper, a major national daily in Canada: Human rights panel to probe Zundel's Web site by Dennnis Brueckert, Canadian Press _Globe and Mail_ 96.11.23, p. A5 OTTAWA -- In an unprecedented move, the Canadian Human Rights Commission has ordered hearings into complaints that Holocaust denier Ernst Zundel is promoting hatred on the Internet. The author explains the following key points: o Head of the Commission, Max Yalden, said on Friday 22 Nov that his Commission has jurisdiction over the racist site despite its location on a computer physically situated in California. o "The signal's being picked up here, and where it's originating doesn't make any difference," Yalden said. o Apparently the Commissioner is arguing that because the Canadian Human Rights act does allow the Commission to regulate hate speech being transmitted through the phone systems, and the Internet functions largely through telephone systems, therefore the Commission should be able to stop access to the Web site. [Comments from MK: Before RISKS is inundated with diatribes from residents and citizens of the United States about 1st Amendment guarantees of free speech, please remember that Canada has its own laws. We don't have as wide a latitude to incite hatred against identifiable groups as residents of the U.S. do. The Commissioner's statements about "picking up the signal" may be an oblique reference to cases in which Canadian neo-nazis moved a banned telephone answering machine from its Canadian location to a United States location to circumvent a court ban on their hate messages. They were slapped with contempt of court citations for so doing. Although I am not a lawyer -- and this is not legal advice <g> -- it seems to me that the only force the Canadian government will have is on residents of Canada. They may be able to demand that Zundel remove his materials from the US site but I cannot see how they are going to have any extra-territorial powers whatever over the Internet Service Provider where his (nauseating) materials are physically located. In fact, I wonder what will happen if Zundel agrees to remove his stuff but someone else in the US posts a copy of them (ostensibly) without his permission?] M. E. Kabay, Ph.D. / Director of Education National Computer Security Association (NCSA) http://www.ncsa.com ------------------------------ Date: Tue, 26 Nov 1996 01:16:51 +0200 From: kara@telematik.iig.uni-freiburg.de (Kai Rannenberg) Subject: CEPIS Statement: Governmental Restrictions on Encryption Products Put Security at Risk The Council of European Professional Informatics Societies (CEPIS) - with nearly 200,000 professionals in its 20 member societies, the largest European association of professionals working in information technology (IT) - has agreed on a Cryptography Policy Statement. It gives an analysis of crypto restriction methods and concludes with the following recommendations. (1) The use of cryptography for identifying data corruption or authenticating people/organisations should be free of restrictions and encouraged by governments. (2) All individuals and organisations in the private and public sectors should be able to store and transmit data to others, with confidentiality protection appropriate for their requirements, and should have ready access to the technology to achieve this. (3) The opportunity for individuals or organisations in the private and public sectors to benefit from information systems should not be reduced by incommensurable measures considered necessary for the enforcement of law. (4) The governments of the world should agree on a policy relating to their access to other people's computerised data, while seeking the best technical advice available in the world on: (4.1) whether and which access mechanisms to computerised data are an effective, efficient and adequate way to fight (organised) crime and mount effective prosecution of criminals, and (4.2) how to implement the policy whilst minimising the security risks to organisations and individual citizens. (Evaluation and implementation of the policy will require regular review as the technology evolves). The full statement is available in the WWW in ASCII and HTML form. Easiest access is via the web page of the CEPIS "Legal & Security Issues" Network (CEPIS LSI Network), who prepared the statement: http://www.wi.leidenuniv.nl/~verrynst/cepislsi.html. Further there is a press release based on the statement. It can be reached via the CEPIS LSI Network web page, too. For more information on CEPIS please view http://www.bcs.org.uk/cepis.htm or contact Mrs. Peta Walmisley (E-Mail: cepis@bcs.org.uk, Tel/fax: +44 171 637 5607). Kai Rannenberg, Secretary CEPIS LSI Network (kara@iig.uni-freiburg.de) PGP key available on request and in http://www.iig.uni-freiburg.de/~kara/ ----------- begin statement --------- Council of European Professional Informatics Societies (CEPIS) POLICY STATEMENT ===================================================================== Governmental Restrictions on Encryption Products Put Security at Risk ===================================================================== Worldwide, there is a political debate regarding the virtue or otherwise of a control of encryption, in particular whether the import, export, and production of cryptographic tools and their use should be restricted. In several countries legal regulations exist, in some others steps are undertaken towards such regulations. At present an OECD Committee is drafting guidelines on cryptographic policy. But there are concerns; the Council of European Professional Informatics Societies (CEPIS) - with nearly 200,000 professionals in its 20 member societies, the largest European association of professionals working in information technology (IT) - has agreed the following statement: Should one wish to employ electronic communication as the main vehicle for commercial and personal interaction, then one ought to be assured, and be able to prove, that messages are - not disclosed to unauthorised recipients (confidentiality), - not tampered with (integrity), - shown to be from the senders stated (authenticity). It has always been an aim of secure reliable communication to comply with these requirements. The more the information society becomes a reality, the more enterprises, administrations and private persons urgently need the absolute assurance that these requirements are met. To achieve this, so called "strong" cryptography is available. Several tools based on strong crypto-algorithms are in the public domain and offered on the Internet, others are integrated within commercial products. A different technique for confidential and even unobservable communication is to use steganography, where secret data are hidden within larger inconspicuous everyday data in such a way that third parties are unable even to detect their existence. Hence there is no way of preventing unobservable secret communication. To enable surveillance of electronic messaging, many criminal and national security investigators, i.e. police and secret services, demand access to keys used for encrypted communication. In order for this to be effective, escrowing (bonding) of these keys is advocated. However, for the reasons given above, key escrow (i.e. depositing copies of the keys with a "trusted third party",including back ups) cannot even guarantee effective monitoring. Moreover, key escrow already constitutes a risk for the secrecy of the keys and therefore for the secrecy of the data. This risk is exacerbated in cases of central escrowing. Besides, the burdens of cost and administrative effort as well as the loss of trust in communications could be significant and are prone to deter individuals and organisations, especially small business users, from gaining the benefits of modern information and communications systems. Effective electronic surveillance of digital networks is difficult and time consuming, and requires extensive resources. In particular, closed groups such as criminal organisations might even use steganographic techniques to avoid any detection short of physical access to the terminals they use. Thus restrictions on encryption may be of very limited help in the fight against organised crime. On the other hand, the essential security of business and private communication may be seriously imperiled and economically hampered should they be subjected to insufficiently secured key escrow. On these grounds, CEPIS recommends the following: (1) The use of cryptography for identifying data corruption or authenticating people/organisations should be free of restrictions and encouraged by governments. (2) All individuals and organisations in the private and public sectors should be able to store and transmit data to others, with confidentiality protection appropriate for their requirements, and should have ready access to the technology to achieve this. (3) The opportunity for individuals or organisations in the private and public sectors to benefit from information systems should not be reduced by incommensurable measures considered necessary for the enforcement of law. (4) The governments of the world should agree on a policy relating to their access to other people's computerised data, while seeking the best technical advice available in the world on: (4.1) whether and which access mechanisms to computerised data are an effective, efficient and adequate way to fight (organised) crime and mount effective prosecution of criminals, and (4.2) how to implement the policy whilst minimising the security risks to organisations and individual citizens. (Evaluation and implementation of the policy will require regular review as the technology evolves). Further Information: Council of European Professional Informatics Societies (CEPIS) 7 Mansfield Mews GB London W1M 9FJ United Kingdom Tel/fax: +44 171 637 5607 E-mail: cepis@bcs.org.uk URL: http://www.bcs.org.uk/cepis.htm The CEPIS Legal & Security Issues Network URL: http://www.wi.leidenuniv.nl/~verrynst/cepislsi.html E-mail: Kai Rannenberg (kara@iig.uni-freiburg.de), Secretary 1996-10-20 ----------- end statement --------- Kai Rannenberg (kara@iig.uni-freiburg.de) PGP key available on request and in http://www.iig.uni-freiburg.de/~kara/ Abteilung Telematik Phone: -4926 Institut fuer Informatik und Gesellschaft Fax: +49-761-203-4929 Universitaet Freiburg Secr.: -4964 Friedrichstr. 50 D-79098 Freiburg ------------------------------ Date: Mon, 2 Dec 1996 22:16:52 -0500 (EST) From: "Perry E. Metzger" <perry@piermont.com> Subject: ANNOUNCEMENT: New low-noise cryptography mailing list "Cryptography" is a low-noise mailing list devoted to cryptographic technology and its political impact. WHAT TOPICS ARE APPROPRIATE: "On topic" discussion includes technical aspects of cryptosystems, social repercussions of cryptosystems, and the politics of cryptography such as export controls or laws restricting cryptography. Discussions unrelated to cryptography are considered "off topic". If you subscribe, please try to keep your postings "on topic". In order to assure that the quality of postings to the mailing list remains high, repeated postings "off topic" may result in action being taken by the list moderators. MODERATION POLICY: In order to keep the signal to noise ratio high, the mailing list will be moderated during its initial weeks of operation. This will be changed if it appears that the list will remain on topic without moderation. TO SUBSCRIBE: send mail to majordomo@c2.net with the line subscribe cryptography in the body of your mail. If you wish to subscribe a mailing address other than the one you are sending from, send a message with the line subscribe cryptography [address] ------------------------------ Date: Sat, 21 Dec 96 17:48:17 -0800 From: dkulp <dkulp@cse.ucsc.edu> Subject: Online Personal Databases The other day, I received an email from Phil Agre's Red Rocker Eater News Service (rre-help@weber.ucsd.edu) from John Handler who had recognized the potential harm of the numerous online databases that provide personal information -- mostly email addresses, postal addresses, and telephone numbers. While this concern is certainly familiar to the readers of this forum, a secondary issue regarding accuracy seems to receive less attention. What steps do these database maintainers plan to take to ensure that the personal data that they offer is accurate? I surveyed several of the web sites and queried on my name. At www.four11.com, 5 different email addresses were returned for me, of which only two were currently active. The address identified as "most relevant" was disactivated in 1990! On another site, www.switchboard.com, a query on my name returned two residential addresses and phone numbers, neither correct; the most recent address listed I occupied 1 1/2 years ago. It seems to me that we should at least be equally concerned about the spread of *dis*information about us. These database companies have provided mechanisms for removing and updating your listing, but in both cases the onus is on the individual instead of the company to maintain the database. In my opinion, this places an undue burden and threatens the privacy of the individual. Following this note is an exerpt from the RRE posting which includes a list of databases sites and contacts for removing your listing if you so desire. regards, -david kulp. [ The problem of inaccurate or otherwise "stale" data in databases is a subject of continual discussion. However, it isn't completely clear which is worse in any given case--accurate data about yourself in a database where you'd prefer it wasn't... or *inaccurate* data about yourself in that same database. In the long run, the only answers would seem to revolve around consumers gaining the legal right to inspect, correct, and where appropriate control the information about themselves stored, interchanged, and sold via privately maintained databases. -- MODERATOR ] http://www.four11.com email/phone support@four11.com http://www.whowhere.com email/phone/address delete-entry@whowhere.com http://www.switchboard.com email/phone/address webmaster@switchboard.com (DELETE in the subject line) http://bigfoot.com email/phone/address/map overexposure@bigfoot.com http://www.searchamerica.com This service requires a subscription to view information. Their information page claims that they track names, addresses, and telephone numbers. webmaster@searchamerica.com http://www.abii.com/lookupusa/adp/peopsrch.htm phone/address/map consumerupdate@abii.com ------------------------------ End of PRIVACY Forum Digest 05.22 ************************