PRIVACY Forum Digest Tuesday, 15 April 1997 Volume 06 : Issue 05
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by
the ACM (Association for Computing)
Committee on Computers and Public Policy,
"internetMCI" (a service of the Data Services Division
of MCI Telecommunications Corporation), and Cisco Systems, Inc.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
Privacy and Remote Sensing Ethics (Terry Slonecker)
Article on new encryption bills (David J. Loundy)
Privacy [Going?] Down Under (Roger Clarke)
OECD Crypto Guidelines (Marc Rotenberg)
FCC Releases staff Working Paper on Internet policy
(Kevin Werbach)
Social Insecurity (Simson L. Garfinkel)
Criminals' names&addrs on WWW (also privacy vs. criminals)
(Mark Seecof)
Iris scanning (Phil Agre)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 06, ISSUE 05
Quote for the day:
"I never forget a face."
-- Khan (Ricardo Montalban)
"Star Trek II: The Wrath of Khan" (Paramount; 1982)
----------------------------------------------------------------------
Date: Thu, 27 Feb 1997 16:25:09 -0500
From: Terry Slonecker <tslonecker@NMDHQMAILT.ER.USGS.GOV>
Subject: Privacy and Remote Sensing Ethics
Privacy And Remote Sensing Ethics
Terrence Slonecker
Environmental Scientist
U.S. Environmental Protection Agency
The science of remote sensing is defined as methods that employ
electromagnetic energy to detect, record and measure characteristics of a
target, such as the earth's surface (Sabins, 1986). Aerial photography and
satellite imaging, two of the more traditional forms of remote sensing, have
been frequently employed for purposes such as weather forecasting, mapping,
intelligence gathering, global process research, land use planning,
conservation, and drug interdiction and control. Additionally, a new
generation of increasingly sophisticated remote sensing techniques are
likely to play an increasingly significant role in the future of an
information-driven society. Of particular significance is the expanding use
of remote sensing technology as related to personal privacy, constitutional
guarantees against unreasonable search, and law enforcement.
Remote sensing techniques offer inherent advantages to the practice of
monitoring through the efficiency of areal perspective, temporal definition,
change detection, and accurate mensuration capabilities. Aerial photographs
dating back to the 1930s and satellite images from the 1960s and 1970s are
routinely available and have long played a key, albeit subtle, role in
public programs and policy development. Aerial photographs and data from
satellite systems have been successfully used for a variety of litigation
purposes (Brennan and Macauley, 1995).
Remote sensing is currently undergoing a dramatic revolution in terms of
technical monitoring capabilities. Advances in spectral and spatial
resolutions, new sensors, new platforms, and continually improving digital
analysis and communications techniques are changing and expanding the level
and types of detail that may be extracted from raw imagery. Previously
fundamental imaging restrictions on scale, resolution, availability, location
and cost are becoming largely irrelevant. Also, the growing number of
orbital and airborne sensors and the subsequent volume of available imaging
data is dramatically changing the overall global capability for overhead
monitoring.
There is also an evolving and dramatic change in terms of remote sensing
information management, data control and communication. The current
economic restructuring of the remote sensing community has resulted in a
clear trend of foreign governments and multi-national corporations entering
the remote sensing market. This diversification, coupled with the
development of a global information infrastructure, has created a
fundamentally different world in the distribution and analysis of high
resolution spatial and spectral data.
These developing changes in spatial and spectral monitoring capabilities,
coupled with emerging global information management systems, have created a
significant potential for the misuse of remotely sensed data (Slonecker and
Shaw, 1996)
To this end, the American Society for Photogrammetry and Remote Sensing
(ASPRS), one of the leading professional societies in the field of remote
sensing, has recently agreed to review and possibly revise its professional
code of ethics. At the Denver GIS/LIS meeting in November 1996, the ASPRS
Executive Committee and Board of Directors agreed in principle to revising
the Society's Code of Ethics. Especially important to the privacy concept is
the wording of Item 7 of the current ASPRS Code of Ethic:
"Recognize the proprietary interests and rights of others." (ASPRS 1996)
Potential New Wording of Item 7:
"Recognize the proprietary interests and rights of others. This not only
refers to adoption of these principles in the general conduct of business
and professional activities, but also as they relate specifically to the
appropriate and honest application of photogrammetry, remote sensing,
geographic information systems and related technologies. Subscribers to
this Code shall not condone, promote, advocate, or tolerate any
organization's or individual's use of these technologies in a manner that
knowingly contributes to:
a. Deception through data alteration;
b. Circumvention of the law;
c. Transgression of reasonable and legitimate
expectation of privacy;
d. Deterioration of environmental quality or
deleterious exploitation of natural resources;
e. Exacerbation of human conflict, injustice, or
suffering."
(Lillesand 1996)
In an age where the gradual erosion of individual privacy rights seems to be
commonplace, the ASPRS should be commended for its vision and initiative in
dealing with potential privacy problems that its members may soon face with
the explosion of remote sensing data and technology. Additional background
information may be found in Brennan and Macauley (1995) and Slonecker and
Shaw (1996).
REFERENCES
ASPRS, 1996. Code Of Ethics Of The American Society For
Photogrammetry And Remote Sensing.
Photogrammetric Engineering and Remote Sensing, 62(5):548.
Brennan, T.J. and M.K. Macauley, 1995. Remote Sensing Satellites
and Privacy: A Framework For Policy Assessment.
Resources For The Future. Washington D.C.
Lillesand T. 1996. Electronic Communication.
Sabins, Floyd F. Jr., 1986. Remote Sensing: Principles and
Interpretation. W. H. Freeman and Company, New York.
Slonecker, E.T. and D.M. Shaw. 1996. Emerging Legal Issues In
Advanced Remote Sensing Technology. IN PROCEEDINGS: PECORA XIII,
Sioux Falls, South Dakota, August 20-22, 1996. (In Press)
NOTICE: The U.S. Environmental Protection Agency (EPA), through its Office
of Research and Development (ORD), funded and performed the work described
here. It has been subjected to the Agency's peer review and approved by EPA
for publication. Mention of trade names or commercial products does not
constitute endorsement or recommendation for use.
------------------------------
Date: Tue, 25 Mar 1997 15:02:01 -0500
From: "David J. Loundy" <David@Loundy.com>
Subject: Article on new encryption bills
Published in the Chicago Daily Law Bulletin, March 13, 1997 at page 5.
Reprinted with permission.
Congress scrambles to address encryption issues.
Copyright 1997 by David Loundy
Past columns archived at http://www.Loundy.com/
Once again, Congress is being faced with a crucial though somewhat
esoteric issue-- U.S. encryption policy. Three bills have recently been
introduced in Congress that would liberalize current export
restrictions and derail some of the Clinton administration's attempts
to guarantee access to encrypted communications. The results of the
debate will have profound implications on electronic commerce,
communications, and law enforcement.
At the heart of the issue is how the law should be updated to account
for changes in technology and the political environment. Electronic
commerce and the security of electronic messages rely on encryption.
Traditionally, encryption was used by spies and governments during the
Cold War to keep secret plans to sink submarines and blow up embassies
and the like. With this in mind, encryption hardware and software,
certain technical data, and discussions of the higher math that forms
the basis of cryptography have been treated by the U.S. as munitions.
Nowadays, however, much stronger forms of encryption than those which
were used during the last few world wars are used to protect the $5
smart-card you may use to buy a Slurpee at the local 7-11. Nonetheless,
the law has not changed to match the evolving role of the technology,
or the environment in which that technology is used.
The Clinton administration has been broadly criticized over its
policies concerning data security and privacy. The Clinton
administration's initial "Clipper Chip" data standard would require
use, in some situations, of a secret encryption standard which would
necessitate that the government have access to the content of your
secret messages when proper conditions are met. The Clipper Chip plan
started to unravel not so much due to the popular outcry against the
government's standard, but as a result of scientists demonstrating that
the standard was flawed and would not work as promised.
The initial Clipper Chip proposal was followed by "Clipper II" and
"Clipper III." All the while, the Clinton administration has maintained
its need for access to encrypted communications in order to thwart the
four horsemen of the Internet apocalypse-- the money launderer, the
drug dealer, the child pornographer and the international terrorist.
Some legislators decided that this was entirely the wrong idea, and
proposed legislation to liberalize controls on cryptography. The
legislation was never passed.
In the mean time, lawsuits were filed in two federal courts over export
controls on encryption, and a third suit was filed over restrictions on
teaching about encryption-- in the U.S.-- in classes with foreign
students enrolled.
Finally, at the end of last year, the Clinton administration changed
its policy again, loosening export controls if the governments' "key
recovery" plan is used to allow government decryption of any messages
using the stronger means of encryption which would now be allowed for
export.
Needless to say, this plan was also not well received. Not only did the
plan go against the findings various security experts who have
suggested substantially more secure forms of encryption and who oppose
any "key-recovery" or "key escrow" plan, but the latest Clinton
administration encryption plan also ignores studies commissioned by the
same administration which recommended loosening of restrictions on
cryptography and its export.
Furthermore, one manufacturer of security software offered a reward to
the first person who could crack the strongest level of encryption
which would be readily allowed for export under the administration's
liberalized policy-- it took a college student only three and a half
hours to collect.
While U.S. residents may use more robust encryption schemes (which use
longer and therefore more secure encryption keys) these schemes may not
be exported, as has been mentioned. What this means is that software
companies must either use the weaker forms of encryption in products
intended for international distribution, or they must create domestic
and international versions of their software using different strengths
of encryption in each version.
At the same time, their foreign competitors do not have such
restrictions-- they may create one version of their software for
internal or foreign use, and they may use strong encryption. U.S.
software companies argue that this has the affect of putting U.S.
companies at a competitive disadvantage-- in essence, U.S.
cryptographic policy amounts to 'export jobs, not cryptography.'
All of these concerns bring us to the current proposed federal
legislation. On February 12, Congressman Bob Goodlate, R-Va.,
re-introduced H.R. 695, the Security and Freedom Through Encryption
(SAFE) Act, which is identical to legislation he had proposed last
year. The broad bi-partisan support for the bill (55 initial
co-sponsors) includes Representatives Tom Ewing and Don Manzullo, both
Republicans from Illinois.
The SAFE bill begins by spelling out that any U.S. citizen shall have
the right to use encryption, of any type, and of any strength or "key
length" and in any medium. It also prohibits federal and state
governments from requiring that users of encryption products turn over
their keys to an escrow agent. The bill does, however, provide
additional penalties for anyone who uses encryption in the furtherance
of the commission of a criminal offense. Furthermore, the legislation
eases export restrictions on any "generally available" or public domain
software with a cryptographic component unless there is "substantial
evidence that such software will be (A) diverted to a military end-use
or an end use supporting international terrorism; (B) modified for
military or terrorist end-use; or (C) reexported [without any required
authorization]."
The second bill is S376 IS, the Encrypted Communications Privacy Act of
1997, proposed on February 27, 1997 by Senators Patrick Leahy, Conrad
Burns, Patty Murray, and Ron Wyden. This bill also guarantees the right
to use encryption of any strength or form domestically. The bill also
prohibits federal or state governments from mandating any form of key
recovery or escrow of people's secret keys. As does the SAFE bill, this
bill would provide similar loosening of export controls on readily
accessible encryption software. The bill would also provide for
additional penalties for persons caught using cryptography to impede
law enforcement investigation of a felony.
This Encrypted Communication Privacy Act bill goes further than the
SAFE bill in that it provides sections which address the responsibility
of an escrow agent who is voluntarily entrusted with the responsibility
of holding the secret key to an individuals encrypted data. The
provision provides for civil and possibly criminal liability for an
unauthorized disclosure, and it provides a procedure for law
enforcement access to an escrowed key in certain circumstances.
The final bill entitled the Promotion of Commerce Online in the Digital
Era (or Pro-CODE)-- S. 377, was also introduced on February 27, 1997 by
Senators Burns and Leahy (and 16 other co-sponsors). This bill is
similar to legislation with the same name that the senators introduced
last year. While this bill shares many of the same traits as the other
two, there are some noticeable differences. The Pro-CODE bill would
prohibit the Secretary of Commerce from establishing an encryption
standard or policy for any group other than the government itself-- in
other words, it prohibits a Clipper IV.
Another difference that has resulted in this bill being more popular
among civil liberties groups than some of the others is that it does
not contain additional sanctions or punishments for those who use
encryption in the course of committing acts that are already illegal
and subject to punishment. The Pro-CODE bill also calls for the
creation of an information security board to foster coordination
between government and industry, and to collect and disseminate
non-proprietary information about cryptography.
The Pro-CODE bill has created some controversy, however, as a result of
one of the exceptions contained in the bill. In addition to the
exceptions that the SAFE or Encrypted Communications Privacy Act bills
contain preventing export of cryptography products if they are likely
to be coopted for military or terrorist use, this bill would prohibit
export of certain software or hardware to an individual, organization,
or country if the Secretary of Commerce determines that there is
substantial evidence that the software or hardware will be used
intentionally "to evade enforcement of United States law or taxation by
the United States or by any State or local government." Such a
prohibition would actually constitute an extension of current law, and
critics claim the bill could be used to outlaw untraceable electronic
cash or anonymous remailers (which strip identifying information off of
e-mail messages before passing them on to their destinations).
While all of these bills have certain strengths and weaknesses, what is
important is what they represent-- an awareness that this is a
foundational technology behind the future of commerce and business
conducted in a networked environment. The currently exportable standard
of encryption does not provide adequate protection for particularly
sensitive data. Harder math is more secure. An important element behind
a good cryptographic system is not needing to trust others to preserve
your privacy-- which is one reason why any sort of key-escrow or
key-recovery is so antithical to many users and designers of
cryptographic products. Trust math, not the government.
On the other hand, the government does have a legitimate concern in its
desire to allow law enforcement to do its job. The Constitution,
however, provides for a right to privacy-- not a right for the
government to be able to read my mail. Thus, I believe these bills
offer a promise to do more good than evil.
--
David J. Loundy | E-Mail: David@Loundy.com
| WWW: http://www.Loundy.com/
------------------------------
Date: Thu, 27 Mar 1997 15:35:42 +1100 (EST)
From: Roger Clarke <Roger.Clarke@anu.edu.au>
Subject: Privacy [Going?] Down Under
During the mid-1990s, Australian industry and privacy advocates have been
in agreement that the country's privacy legislation needed to be extended
beyond government agencies, to cover the private sector.
They were even agreed on the approach to be taken, namely industry codes of
practice developed in consultation with the Privacy Commissioner and
administered by the industry, supervised by the Privacy Commissioner, and
subject to statutory backing. The term being used in Australia for that
approach is 'co-regulatory'.
A series of government and parliamentary reports recommended action, and
the approach was adopted in the platforms of both major parties. In
September 1996, a Discussion Paper was issued by the Attorney-General,
indicating the intended shape of the initiative. See:
http://www.agps.gov.au/customer/agd/clrc/privacy.htm
It therefore appeared that action was imminent. For a brief review, see:
http://www.anu.edu.au/people/Roger.Clarke/DV/FedLeg.html
But, abruptly on 21 March 1997, the dry-as-a-bone Prime Minister issued a
four-para. press release, announcing that "the Commonwealth will not be
implementing privacy legislation for the private sector", and citing
compliance costs as the justification for the decision.
This announcement appears to have been made without consultation with the
Cabinet, the Attorney-General or the Privacy Commissioner. It would appear
that the Prime Minister was captured by a narrow and uninformed lobby
group, most likely the major banks. [A review of the financial system by
people from the right end of town is about to report ('the Wallis
Enquiry'), and the finance sector lobbyists feel that they're on a roll].
A summit of privacy advocacy groups has been held, and plans are being
formulated as to how to correct the Prime Minister's aberration, and get
the process back on the right track. The summit's co-ordinators are:
Chris Connolly <chrisc@socialchange.net.au>
Tim Dixon <tdixon@magna.com.au>
Further details follow.
Some key facts are:
- - the Liberal Party was elected on a platform that included the adoption
of "a co-regulatory approach to privacy within the private sector,
comparable with best international practice"
- - the Attorney-General's Discussion Paper of late 1996 envisaged a scheme
consistent with that platform, and held that line in speeches as late
as 19 February and 12 March
- - associations representing relevant parts of the private sector have
been arguing for just such an approach, including formal submissions
in response to the Discussion Paper
- - privacy interest groups have been arguing for just such an approach
- - successive reports by government and parliamentary committees have
recommended that action of this kind be taken
- - at least two State Governments are encouraging just such an approach,
as a means of balancing privacy against other interests, and to ensure
public confidence in applications of information technology generally,
and of electronic services delivery in particular
- - the European Union's Directive has the effect that Australia needs to
enact privacy laws that satisfy international norms; otherwise
Australian companies will be disadvantaged in international trade.
This argument was run by The Australian Financial Review on 27 March.
__
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
http://www.etc.com.au/Xamax/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 1472, and 288 6916 mailto:Roger.Clarke@anu.edu.au
Visiting Fellow, Faculty of Engineering and Information Technology
The Australian National University Canberra ACT 0200 AUSTRALIA
Information Sciences Building Room 211 Tel: +61 6 249 3666
------------------------------
Date: Thu, 27 Mar 1997 16:46:02 -0500
From: Marc Rotenberg <rotenberg@epic.org>
Subject: OECD Crypto Guidelines
The OECD Cryptography Policy Guidelines were formally announced
today, following an intensive year-long negotiation.
EPIC will be posting a complete copy of the Guidelines at our
web site [http://www.epic.org/] along with a detailed analysis.
Journalists interested in a briefing should contact the Communications
Division of the OECD. For further information and inquiries, please
contact the Information, Computer and Communications Policy Division
(fax (33) 01 45 24 93 32).
General information about the OECD may be found at the OECD web site
[http://www.oecd.org]. Specific information about the work of the OECD
in the areas of security, privacy, intellectual property, and cryptography
is available at http://www.oecd.org/dsti/iccp/legal/top-page.html. The
OECD Privacy Principles are online at
http://www.oecd.org/dsti/iccp/legal/priv-en.html
Among the key outcomes:
-- Recognition of commercial importance of cryptography. The Guidelines
recognize that cryptography is an effective tool for the secure use
of information technology by ensuring confidentiality, integrity and
availability of data and providing authentication and non-repudiation
mechanisms.
-- Rejection of key escrow encryption. The US sought endorsement
for government access to private keys. Initial drafts of the
guidelines included this recommendation. The final draft does
not. OECD countries rejected this approach.
-- Endorsement of voluntary, market-driven development of crypto
products. The OECD emphasized open, competitive markets to
promote trade and commerce in new cryptographic methods.
-- Endorsement of strong privacy safeguards. The OECD adopted one of
strongest privacy principles found in any international agreement,
including the obligation to apply the OECD privacy principles to
crypto products and services. The OECD also noted favorably the
development of anonymous payment schemes which would minimize the
collection of personal data.
-- Removal of Restriction on Cryptography. The OECD urged member
countries to remove, and avoid creating, obstacles to trade
based on cryptography policy. This guideline should lead to
further liberalization of export control policies among the
OECD member countries.
EPIC will also provide briefings for organizations interested
in the intent and application of the OECD Cryptography Guidelines.
Marc Rotenberg
Director, EPIC
Member, OECD ad hoc Expert Panel on Cryptography Policy
------------------------------
Date: Thu, 27 Mar 1997 12:44:40 -0600
From: Kevin Werbach <KWERBACH@fcc.gov>
Subject: FCC Releases staff Working Paper on Internet policy
News Release -- March 27, 1997
DIGITAL TORNADO:
THE INTERNET AND TELECOMMUNICATIONS POLICY
FCC Staff Working Paper on Internet Policy
The FCC's Office of Plans and Policy (OPP) today released a
staff working paper analyzing the implications of the Internet for the
FCC and telecommunications policy. OPP Working Paper No. 29,
"Digital Tornado: The Internet and Telecommunications Policy,"
was written by Kevin Werbach, Counsel for New Technology
Policy. OPP periodically issues working papers on emerging areas
in communications; these papers represent individual views and are
not an official statement by the FCC or any FCC commissioner.
"Digital Tornado" represents the first comprehensive
assessment of the questions the Internet poses for traditional
communications policy. A central theme running through the paper
is that the FCC, and other government agencies, should seek to limit
regulation of Internet services. In framing his approach, Werbach
states: "Because it is not tied to traditional models or regulatory
environments, the Internet holds the potential to dramatically change
the communications landscape. The Internet creates new forms of
competition, valuable services for end users, and benefits to the
economy. Government policy approaches toward the Internet should
therefore start from two premises: avoid unnecessary regulation, and
question the applicability of traditional rules."
After providing an analytical framework to understand the
forces driving Internet growth, and describing the Internet's
development and architecture, the paper addresses three primary
areas:
CATEGORY DIFFICULTIES
Policy and legal questions arising from the fact that Internet-
based services do not fit easily into the existing classifications
for communications services under federal law or FCC
regulations.
PRICING AND USAGE
Policy questions arising from the economics of Internet
access, including assertions by local telephone companies that
current Internet pricing structures result in network
congestion, and arguments by Internet service providers that
telephone companies have not upgraded their networks to
facilitate efficient transport of data services.
AVAILABILITY OF BANDWIDTH
Regulatory and technical issues affecting the deployment of
technologies promising to enable high-speed Internet access to
the home and to businesses, including the implications for the
Internet of the FCC's role in promoting universal service.
The paper is available on the FCC World Wide Web site,
<http://www.fcc.gov/>. The file is available for online viewing in
PDF (Adobe Acrobat) format at
<http://www.fcc.gov/Bureaus/OPP/working_papers/oppwp29.pdf>,
or for downloading in WordPerfect format at
<http://www.fcc.gov/Bureaus/OPP/working_papers/oppwp29.wp>.
Copies may also be purchased from International Transcription
Services, Inc., 1919 M Street, NW, Room 246, Washington, DC
20554, (202) 857-3800.
-FCC-
News media contact:
Meribeth McCarrick or David Fiske at 202/418-0500.
Office of Plans and Policy contact:
Kevin Werbach at 202/418-1597.
------------------------------
Date: Mon, 7 Apr 1997 09:22:47 -0700
From: "Simson L. Garfinkel" <simsong@vineyard.net>
Subject: Social Insecurity
USA Today, 07 Apr 1997 [Reprinted by permission of the author.
Simson's book on Web Security & Commerce will be published in June
by O'Reilly & Associates.]
Few key bits of info open Social Security records
By Simson L. Garfinkel
The Social Security Administration, trying to speed service and cut costs by
using the Internet, inadvertently has compromised the financial privacy of
tens of millions of Americans.
Social Security's month-old on-line service is handy for taxpayers looking
for instant access to their financial records. But it also gives nosy
neighbors, ex-spouses, prying relatives and just about anyone else the
ability to view those same files if they have some very basic information.
What could they see? How much someone earned every year, going back to
1951. How much someone will get in Social Security benefits after
retirement. How much their families would get now if they died.
Nearly 28,000 people requested the free information on-line in March at
http://www.ssa.gov.
"As soon as crooks start exploiting this service to get other people's
information, Social Security is going to have a real problem on its hands,"
warns Evan Hendricks, chairman of the U.S. Privacy Council, a Washington
D.C.-based federation of privacy activists.
As use of the Internet expands, its lure of convenience is breaking promises
of privacy. And as on-line exchanges become as accepted as faxes or
automatic teller machines, critics say, the drive to provide new services
will continue to outpace appropriate restraints.
In this instance, people familiar with the new Social Security system
say, there is danger for abuse from many directions: a legal adversary,
an employer seeking to learn about an employee's outside income, an
ex-spouse contemplating adjustments in support.
"I like to see this sort of easy access to your own personal information,"
Hendricks says, "but we need something to discourage the wolves."
Social Security officials don't see a problem.
"We have confidence that in the huge majority of cases, the people
requesting these things are the right people," says John Sabo, the Social
Security Administration's director of the Electronic Services Staff.
Last year, the Social Security Administration mailed some 4 million
financial reports to taxpayers at a cost of $5.23 each, Sabo says.
Delivering the same report over the Internet costs a fraction of a penny.
'Social Security numbers are easy' to get
But it's virtually impossible to know if the on-line version of the
financial reports, called PEBES - Personal Earnings and Benefit Estimate
Statement - is being abused. It's also just about impossible to track down
an abuser.
The key to opening PEBES: a Social Security number, mother's maiden name and
state in which a person was born.
That information is not exactly a state secret.
"Social security numbers are easy" to get, says Beth Givens, manager of the
Privacy Rights Clearinghouse in San Diego.
Information vendors used by banks, credit agencies and private detectives
can deliver a Social Security Number for a small fee. They also frequently
are known by co-workers or spouses. And driver's license numbers in many
states are the same as Social Security numbers.
A mother's maiden name and place of birth can show up in court papers,
marriage licenses or divorce decrees.
"Many states have a vital statistics department. You could get it that
way. These documents are public record," she says.
Mark Welch, an engineer at Netscape Communications in California, makers of
popular Internet software, says he's disturbed to see the information so
readily available.
"I was just thinking of all the ways that people could misuse this
information," Welch says.
"A potential employer could use this to determine my salary history. My
co-workers could use this to determine how much I was making relative to
them. My landlord could use this report to decide if I'm making enough money
to be able to rent an apartment. I could make a decision on whether or not
to sue someone based on how much money I thought they had.
"Private investigators would love this kind of information."
"It would be a tremendous asset to people who know how to obtain this
information," says Paddy Calabrese, owner of Inter-tel Detective Agency in
Seattle.
"If somebody calls me up and says they want to know somebody's income, I
just pop into this thing, I charge them $2,000 and it costs me nothing."
Where are the penalties for snooping?
There are supposed to be penalties for snooping.
A warning appears when someone enters the PEBES website: "I certify that I
am asking for information about by my own Social Security record. I
understand that if I deliberately request information under false pretenses,
I may be guilty of a federal crime and could be fined and/or imprisoned."
The warning is nearly identical to banners used on many government agency
websites, permitting those entering wrongly to be prosecuted under the
Computer Security Act.
Prosecutions are exceedingly rare, in part because it is difficult to trace
an on-line user, and there is little deterrent to outweigh great potential
interest. Officials say they have no evidence that anyone has wrongly
accessed a PEBES file.
But they probably wouldn't know. With libraries, schools and even coffee
shops now giving access to the Internet - as well as access available
worldwide - it would be practically impossible to track down a person
illegally requesting files.
Still, not all privacy advocates are disturbed by PEBES.
Marc Rotenberg, director of the Electronic Privacy Information Center, says
the ability of people to easily obtain the information outweighs concerns
about the few who abuse it. "Promoting first-party access to personal
information is often times as important as . . . restricting access," says
Rotenberg. "By making these systems more transparent, the government gives
individuals greater control over information that has an important impact on
retirement planning. I'd like to see more agencies set up these services,
though I'd draw a line at tax records and medical information."
Other organizations that hold sensitive financial information on Americans
have decided against putting their files on the Internet - at least for now.
One of the problems in trying to make PEBES more secure is that the current
state of technology and government restrictions on the use of encryption, or
data scrambling, make it difficult to make the information any tougher to
get at. "Ideally, we would prefer if we could authenticate people through
some sort of digital identity," says Bruce Carter, who runs the website for
the Social Security Administration. "But there just isn't the infrastructure
available for that yet."
SSA says complaints are of too tight security
Here's how a computer user can access PEBES:
An Internet user goes to the Social Security Administration's website,
clicks a button labeled "PEBES," wades through two pages of warnings and
then responds to queries - full name, address, phone number, Social Security
Number, mother's maiden name and state of birth. After the information is
entered, the user clicks a button on the computer's screen and views the
taxpayer's entire financial history - how much has been paid into Social
Security, how much into Medicare, expected benefits, yearly income. The
Internet user then can print the information or request that the report be
sent through the mail.
Carter says that while the Social Security Administration has received some
complaints about the privacy of the system, most of the complaints received
have been that the security is too good: roughly 30% of the people who have
attempted to view their reports failed because the information they provided
did not exactly match the spelling stored in government computers. After
eight failed attempts to view a report, the system locks out the user for 24
hours.
Eight attempts is far too many, says Hendricks of the Privacy Council. "I
think that this is really a good case of three strikes and you're out," he
says. "When you step back, you see that the Social Security Administration
has not thought through the privacy and security implications of this."
By Simson L. Garfinkel, Special for USA TODAY http://www.packet.com/garfinkel
[ Within a day of the largescale publicity regarding this service,
hit counts at the SSA site went through the roof. Within another
day or so, the site was taken offline due to public concerns over
the privacy issues. SSA announced a 60 day period of public
hearings and study to determine how to provide the information
online with more acceptable security and privacy.
-- MODERATOR ]
------------------------------
Date: Thu, 10 Apr 1997 21:16:25 -0700
From: Mark Seecof <Mark.Seecof@latimes.com>
Subject: Criminals' names&addrs on WWW (also privacy vs. criminals)
The National Rifle Association's CRIMESTRIKE project's CrimeWatch Weekly
v.3 no.14 (4/8/97) reports (citing Corrections Digest as the source) at
http://www.nra.org/pub/ila/1997/97-04-09_crimestrike_killers_life_prison
that the State of Florida will place the names and residence plans of more
than 2000 about-to-be-released convicts on the WWW (the page will be under
http://www.fdle.state.fl.us ).
A number of states (including Florida) have previously placed sex-offenders'
names & addresses on the WWW and (since the U.S. gov't has pressed them to)
the rest of the states will soon do likewise. (California plans to release
a CD-ROM with 57,000 names, addresses, and digitized photos of sex offenders
very soon. It will probably end up on the WWW.) "Wanted posters" too now
appear on gov't and private web sites. However, Florida's plans represent
a substantial broadening of exposure for those previously caught, convicted,
and imprisoned for non-sexual crimes. (Mind you-all, I (Seecof) do not oppose
this.)
In the past, mass-media coverage of momentarily infamous criminals (e.g.,
Jason Brooks in Orange County, California) conveyed such information in spurts,
but it was difficult for people outside "law enforcement" who "missed that
day's paper" to either track specific criminals or monitor the flux of known
criminals in particular places. The ability to offer such data to everyone
constitutes a computer RISK.
Such information will permit neighbors to shun convicted criminals (or even,
unlawfully, to harrass them) and some people (such as Elizabeth Schroeder of
the So. Cal. ACLU, writing in the Los Angeles Times 1/28/1997, p.B7) do not
approve of this. They suggest that publicity after imprisonment constitutes
extra punishment, improperly imposed. On the other hand, the "social control"
which many analysts suspect (see James Q. Wilson or even Gertrude Himmelfarb)
inhibits crime in less crowded and anonymized societies than our present large
cities relies on the flow by informal means of just the information which the
"publicity" advocates hope to disseminate via the WWW. It may be that this
information will enable, albeit with some rough spots and some metamorphosis,
a new and valuable form of "social control" to inhibit crime. Perhaps fear of
ostracism will deter criminals more effectively than fear of prison. (Even if
it does not, potential victims who use the information to avoid criminals gain
and therefore society also gains.)
I think that the criminal publication movement ties in with the general
diminution of privacy which seems to be the fallout from deployment of
information-retrieval systems such as the WWW in the absence of any political
consensus as to where we should draw the boundaries between "public" and
"private" data. I consider myself a "hard core" privacy advocate. I remain
deeply opposed to the distribution of personal information (broadly defined,
including address, medical, financial, and other data) without informed,
positive, and generally revocable consent from the subject. However, I think
we can properly consider criminals who prey on others to have waived their
claim to privacy (or alternatively to be liable to punishment by deprivation
of privacy). Criminal attacks are public acts by definition--the criminal
imposes his selfish interests on unconsenting others, violating the rules of
civilized society.
At the same time, I recognize the notion that "ex-criminals who have paid
their debt to society" ought to enjoy thereafter the same privacy as other
citizens. So long as we (everyone including marketeers and politicians) cannot
agree on whether law-abiding citizens (~95% of population) hold/deserve privacy
rights, we cannot really decide how much, if any, privacy we should afford
criminals. I think we ought to draw the line at crimes of serious violence or
effects-like-violence (the latter to catch corporate polluters, those like
Charles Keating who rob with pens rather than clubs, and sex-offenders). We
should keep the felony/misdemeanor distinction (and stop promoting so many
little crimes or offenses-against-bureaucratic-impositions like resisting EPA
to felonies). Only serious felons should lose their privacy. But they should,
indeed, lose it--to the extent that their names, addresses, likenesses, and
criminal histories should be widely available. (I think that even criminals
should be able to keep their medical records and chequeing accounts private).
Mark Seecof
------------------------------
Date: Fri, 11 Apr 1997 09:10:41 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: Iris scanning
An article in the 4/11/97 San Francisco Chronicle (Peter Sinton, ATM Cash
For Your Eyes Only: New Device IDs a Customer's Iris, page A1) discusses
the use of iris scanning for identification of bank customers. According
to the article, the major selling point of the technology is that people
can be identified without knowing it.
The article quotes Kevin McQuade, who it identifies as "vice president of
Sensar, which first developed the technology to detect motion for the U.S.
military", as saying, "The real sexiness of this technology is that it is
unobtrusive; you don't have to say anything or do anything". Citicorp Chief
Technology Officer James Zeanah is quoted as saying, "A lot of people who
walk into banks feel we communicate distrust when we ask them for
identification. This device could help banks be a lot friendlier". To this
end, the article suggests, "Sophisticated iris scanners could spot customers
in a crowd and tip off bank personnel to their identity without having to
ask for identification". This is because the iris scanners can operate
reliably at a distance, which the article reckons at 36 inches although it
discusses applications that would require more.
The problem here is not the use of biometric identification. Biometric
identification can protect privacy rather than eroding it, for example
by indexing the individual's biometric signature to a cryptographic key
rather than a social security number or other personal identifier. The
problem, instead, is the idea of using iris scanning to deceive patrons.
People who feel that a bank is expressing distrust by asking them for
identification before disbursing their money are fools; organizations
routinely draw attention to these people because they help portray all
sorts of privacy invasions in warm fuzzy terms as responses to popular
demand. It's fitting that this new technology of deception originated in
a military context, which presupposes a grossly adversarial relationship
between the owners of a system and the people whose persons and lives are
represented in the system's records. It would be much better, I think,
to get beyond this mentality and design systems that are based on the
well-known fair information principles of openness, clear notification,
and collection of the minimal information needed to do the job.
It's also useful to imagine what could be accomplished by setting up an
iris scanning machine on a street corner, or at the front door of a shop.
Once databases of individual iris signatures become available, it would
become possible to track people's movements surreptitiously. I can almost
imagine the PR people explaining to us that participation in this service
is perfectly voluntary, given that everyone has the option of wearing
sunglasses.
Phil Agre, UCSD
------------------------------
End of PRIVACY Forum Digest 06.05
************************
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
