TUCoPS :: Privacy :: priv_704.txt

Privacy Digest 7.04 2/20/98

The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:



PRIVACY Forum Digest      Friday, 20 February 1998      Volume 07 : Issue 04

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
	  	  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	AT&T alters phone lookup database after PRIVACY Forum article
	   (Lauren Weinstein; PRIVACY Forum Moderator)
        Driver Privacy Protection in Maryland
           (Senator Brian E. Frosh / David Brewster)
        New Book on Telecommunications Privacy (Jud Wolfskill)
        McCain Introduces Internet School Filtering Act;
	   U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy
           (EPIC-News List)
        Satellites (Ross Kerber)
	Conferences of Interest (Susan Evoy)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  

Access to PRIVACY Forum materials is also available through the Internet
World Wide Web (WWW) via the Vortex Technology WWW server at the URL:
"http://www.vortex.com"; full keyword searching of all PRIVACY Forum files
is available via WWW access.


   Quote for the day:

	"If you're going to be a monster, be the *best* monster!"

		  -- Dr. Zachary Smith (Jonathan Harris)
	             "Lost in Space" (Episode: "The Flaming Planet")
		     (CBS; Original airing: 2/21/68)


Date:    Sat, 14 Feb 98 17:49 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: AT&T alters phone lookup database after PRIVACY Forum article

Greetings.  Regular readers of the PRIVACY Forum may remember my recent
discussion of an AT&T database, available to their business customers, which
revealed names associated with most phone numbers, including unlisted
numbers.  This database was designed to provide a way for customers to
investigate "unknown" numbers on their bills, but failed to verify that
entered numbers were actually on any bill.  Instead, it allowed any numbers
to be entered (one after another) and happily read out the names for entries.

At the time of my initial query to AT&T regarding the privacy problems
inherent in this system, I was informed that I was the first person to draw
this to their attention.  However, while they thanked me for my query, they
made no promises regarding any changes, and in fact implied that they did
not feel that the operations of the database constituted a privacy problem.
I've been told that AT&T gave similar responses regarding the "non-problem"
nature of the database to other PRIVACY Forum readers who contacted AT&T on
this issue after reading my original article.

So it was with considerable surprise that I recently received a call from
AT&T media relations, informing me that they have now taken the primary step
I had recommended--they have restricted their database lookups to numbers
actually on customer bills.  While it is obviously true that it is possible
to get virtually any number onto your bill (by calling it and getting it
answered), it is also definitely the case that such an event is not a major
problem scenario.

Although some of the other privacy problems associated with the database may
still be present, the most serious privacy issue associated with the
database has apparently been eliminated by the imposition of the new

The PRIVACY Forum readers who expressed their opinions to AT&T about the
database after my original article are to be congratulated, and AT&T's
action in correcting the most serious privacy flaw in their database is
definitely a positive step.

Lauren Weinstein
Moderator, PRIVACY Forum


Date:    Fri, 06 Feb 1998 14:15:48 -0800
From:    "Senator Brian E. Frosh" <Brian_Frosh@SENATE.STATE.MD.US>
Subject: Driver Privacy Protection in Maryland

Legislation recently introduced in the Maryland General Assembly by
Senator Brian Frosh and Delegate Nancy Kopp will provide new protections
for personal information in the State's Motor Vehicle Administration
Under the proposal, MVA won't be able to release personal information
without the individual's consent except for limited purposes such as
auto recalls, insurance claims, and the like.

The bill also establishes a new classification called "sensitive
personal information"--social security numbers and data concerning
physical appearance, medical conditions and disabilities--and puts added
restrictions on disclosure.

Hearings are likely in February.

Bill text and hearing schedule updates are available through the General
Assembly's web page: http://mlis.state.md.us/
The Senate bill number for the Motor Vehicle Administration Privacy Act
of 1998 is SB 159.  The House number is HB 354.

David Brewster


Date:    Wed, 28 Jan 98 16:24:55 EST
From:    wolfskil@MIT.EDU (Jud Wolfskill)
Subject: New Book on Telecommunications Privacy

The following is a book which readers of this list might find of interest.
For more information please visit

Privacy on the Line
The Politics of Wiretapping and Encryption
Whitfield Diffie and Susan Landau

Telecommunication has never been perfectly secure, as the Cold War culture
of wiretaps and espionage taught us. Yet many of us still take our privacy
for granted, even as we become more reliant than ever on telephones,
computer networks, and electronic transactions of all kinds.  Whitfield
Diffie and Susan Landau argue that if we are to retain the privacy that
characterized face-to-face relationships in the past, we must build the
means of protecting that privacy into our communication systems.

The development of such protection, however, has been delayed--and may be
prevented--by powerful elements of society that intercept communications in
the name of protecting public safety. Intelligence and law-enforcement
agencies see the availability of strong cryptography as a threat to their
functions.  In fact, the US government has used export control to limit the
domestic availability of cryptography, and has made legal attempts to limit
encryption to forms that provide a "back door" for government wiretapping.

Diffie and Landau examine national-security, law-enforcement, commercial,
and civil-liberties issues.  They discuss privacy's social function, how it
underlies a democratic society, and what happens when it is lost. They also
explore how intelligence and law-enforcement organizations work, how they
intercept communications, and how they use what they intercept.

Whitfield Diffie, the inventor of public-key cryptography, is Distinguished
Engineer at Sun Microsystems, Inc. Susan Landau is Research Associate
Professor in the Department of Computer Science at the University of
Massachusetts in Amherst.

February 1998
352 pp.
ISBN 0-262-04167-7
MIT Press * 5 Cambridge Center * Cambridge, MA  02142 * (617) 625-8569


Date:    Mon, 9 Feb 1998 23:44:35 -0500
From:    "EPIC-News List" <epic-news@epic.org>
Subject: -- McCain Introduces Internet School Filtering Act
	 -- U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy

   [ From EPIC Alert 5.02  -- PRIVACY Forum Moderator ]

McCain Introduces Internet School Filtering Act

On February 9, Senator John McCain (R-AZ) introduced "The Internet
School Filtering Act."  The proposed legislation would require schools
and libraries receiving federal Internet subsidies to install systems
"to filter or block matter deemed to be inappropriate for minors."
The bill is co-sponsored by Senators Ernest Hollings (D-SC), Dan Coats
(R-IN) and Patty Murray (D-WA).

Libraries would be required to certify that at least one computer uses
a filtering system so that "it will be appropriate for minors' use."
A library would have to inform the Federal Communications Commission
within 10 days if it decided to change its filtering system or drop
its use completely.

A number of surveys have shown that all current filtering and rating
systems block out thousands, if not millions, of  web pages that are
not obscene or indecent.  A recent study of a popular filtered search
engine conducted by EPIC found that it filtered out 99 percent of
material on non-controversial topics such as the American Red Cross,
the Boy Scouts, and pages created by elementary school students.

More information on the McCain bill and filters is available from the
Internet Free Express Alliance web page at:


U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy

A federal appeals court ruled on February 3 that a government research
laboratory that secretly tested employees for various genetic and
medical conditions had violated their privacy.  The U.S. Court of
Appeals for the Ninth Circuit ruled that the testing of administrative
and clerical workers for syphilis, sickle cell trait and pregnancy
without their consent was a violation of Federal and State
constitutional rights to privacy and the Civil Rights Act of 1964.

The employees had consented to a general medical exam as a condition
of being hired and filled out questionnaires.  The court found the
genetic tests were intrusive and that completing the questionnaire was
not sufficient grounds to justify the intrusion:

    [I]t is not reasonable to infer that a person who answers a
    questionnaire upon personal knowledge is put on notice that
    his employer will take intrusive means to verify the accuracy
    of his answers.  There is a significant difference between
    answering on the basis of what you know about your health
    and consenting to let someone else investigate the most intimate
    aspects of your life . . .

    That one has consented to a general medical
    examination does not abolish one's privacy right not to be
    tested for intimate, personal matters involving one's health --
    nor does consenting to giving blood or urine samples, or
    filling out a questionnaire.  As we have made clear, revealing
    one's personal knowledge as to whether one has a particular
    medical condition has nothing to do with one's expectations
    about actually being tested for that condition.

The court also found that the state constitutional right to privacy
was violated.  In the matter of black and female employees who were
given additional tests, the court found that those tests violated the
Civil Rights Act of 1964.  A claim based on the Americans with
Disabilities Act was rejected.  The appeals court directed the lower
court to make additions findings on the adequacy of the notice given
to the employees.

More information on medical privacy is available at:



Date: Tue, 27 Jan 1998 13:04:00 -0500
From: Ross Kerber <Ross.Kerber@news.wsj.com>
Subject: Satellites

   [ Used with permission of WSJ author. -- PRIVACY Forum Moderator ]

  When is a Satellite Photo
  An Unreasonable Search?
  By Ross Kerber
  Staff Reporter of The Wall Street Journal

The Wall Street Journal via Dow Jones

  Over the years, satellite photos have plotted the course of Soviet warships
and tracked the movements of Iraqi troops.

  Last year, they also nailed Floyd Dunn for growing cotton on his Arizona
farm allegedly without an irrigation permit.

  Mr. Dunn contends that he did have the required permits but paid the $4,000
fine to maintain good relations with the Arizona Department of Water
Resources.  "You can't argue with a satellite," he says. "Being caught like
I was caught is kind of unfair."

  As state and local agencies make more use of satellite imagery -- for
everything from surveying illicit crops to detecting unauthorized building --
they're raising questions about the propriety of spying on American civilians
from the sky.

  "It certainly has a `Big Brother Is Watching You' flavor to it," says Larry
Griggers, a director at the Georgia Department of Revenue. "But it prevents
us from having to spend money for other types of enforcement." The state tax
authority plans to use National Aeronautics and Space Administration
satellites to check all 58,910 squares miles of the state for unreported
timber cutting. It also plans to share the photos with any state agency that
asks, which could lead to a wide variety of enforcement actions.

  Does taking satellite photos of private citizens and their property --
generally without their knowledge-violate the Constitution's Fourth Amendment
protections against unreasonable searches? The American Bar Association has
organized a task force to explore that question, as well as such issues as
how long photos can be kept on file and how freely they can be shared with
police.  Because U.S. Justice Department officials are on the task force, the
recommendations are expected to influence how law-enforcement authorities and
civil agencies use the new images and at what point they require warrants.

  Use of satellite images has increased markedly since the early 1990s, when
the Russian space agency, Sovinformsputnik, began selling spy-quality photos
to raise cash. The U.S. lifted its own restrictions on sale of
high-resolution satellite photos in 1994, which encouraged entreprenuers to
launch satellites of their own that could compete with the Russian imagery.

  Those efforts may soon pay off. This year a joint venture of Lockheed
Martin Corp. and Raytheon Co. hopes to launch a satellite that will yield
imagery detailed enough to distinguish sedans from minivans. Another firm,
Earthwatch Inc. of Longmont, Colo., says it is proceding with plans to
launch a similar satellite in 1999 -- despite the recent loss of radio
contact with a less-advanced model the firm launched in December. Both
enterprises decline to discuss their public-sector clients.

  Some state and local agencies have been purchasing photos from French,
Indian and U.S. government satellites since the 1980s, and increasingly
powerful computer software is allowing them to make better use of the

  The Arizona Department of Water Resources spotted Mr. Dunn's cotton crop,
for example, because it routinely obtains photographs from the French
government's SPOT satellites of 750,000 acres of central Arizona farmland.
State officials then compare the images with a database of water-use permits
to determine which farmers might be exceeding water-use rules.

  "A week doesn't go by where somebody doesn't propose a new use," says John
Hoffman, whose Raleigh, N.C., business, Aerial Images Inc., has become the
main reseller of images taken by Russian intelligence satellites.

  Much of what Mr. Hoffman has available is old imagery of Western cities.
But he says he can also take orders for new photos on upcoming missions.
Price:  $6,500 to photograph 10 square kilometers with resolution of about
six feet.

  In North Carolina several counties are using Mr. Hoffman's photos to find
unreported building activities, agricultural development and other property
improvements that would raise property-tax assessments. Demand from state and
local agencies in his region is so strong, he says, that Sovinformsputnik,
the Russian space agency, has scheduled a Feb. 17 launch of a satellite that
will concentrate mainly on photographing the Southeastern U.S.

  Pictures taken from airplanes at lower altitudes are often more revealing,
but satellite imagery can be much more costeffective. Photographing an area
the size of a small town, for example, can cost tens of thousands of dollars
by airplane, approximately twice the cost by satellite. Some satellite
imagery is faster as well. Although the satellites Mr. Hoffman works with
use conventional film that is developed after the satellite returns to
earth, newer camera platforms can transmit images digitally just minutes
after they are taken.

  To date, there have been few legal challenges to the use of satellite
imagery.  But the technology of overhead photography is evolving faster than
the law.  Courts have allowed government officials to take detailed pictures
from airplanes flying as low as 1,200 feet. And in 1986, the U.S. Supreme
Court ruled that the U.S. Environmental Protection Agency was permitted to
photograph a Dow Chemical facility in Midland, Mich., because the EPA used
relatively conventional airplane-camera equipment.

  But the high court raised a red flag in that case: "It may well be . . .
that surveillance of private property by using highly sophisticated
surveillance equipment not generally available to the public, such as
satellite technology, might be constitutionally proscribed absent a warrant."

  The ABA task force is exploring just these questions. Sheldon Krantz,
chair of the task force and a partner at Piper & Marbury LLP in Washington,
says that it will propose in April that law-enforcement agencies be required
to obtain warrants to use "satellite cameras [that] can focus on images of a
few feet across." That standard would probably include most advanced
satellite images, although the task force has yet to agree on more specific

  "We need to make some big value judgments about these practices before they
become so widespread," says Mr. Krantz.

  Some businesses say they welcome oversight from space. Georgia-Pacific
Corp.  and other big timber concerns support the Georgia Department of
Revenue's forest survey, saying it will help to disprove accusations that
they have secretly cut trees without paying taxes.

  Several small timber owners already have been fined a total of $2,000 in a
test of the statewide program that took place in Wayne County, near Savannah.
And as sharper-resolution photos become available, some Georgia officials
suggest the program could be used to look for objects as small as backyard
porches, to check if homeowners have their construction permits in order.

Copyright (c) 1998 Dow Jones and Company, Inc.


Date:    Fri, 6 Feb 1998 23:23:39 -0800
From:    Susan Evoy <sevoy@Sunnyside.COM>
Subject: Conferences of Interest

Below is a schedule of upcoming conferences, events, and publications that
may be of interest to those interested in Computer Professionals for Social

We are posting this, now, to CPSR-ANNOUNCE, which consists of
thousands of people who want to hear of our work, but, in the future it
only will be sent to CPSR members and the press with email addresses on
record on our database. As a nonprofit membership-based organization, we
depend on membership dues and donations for our existence.

CPSR membership will give you notices of upcoming events,The CPSR
Newsletter, and other benefits of membership. To join, please check out
our web pages at http://www.cpsr.org,  and/or write to cpsr-info@cpsr.org.

Members of the press should write to cpsr@cpsr.org with their name, title,
company, address, phone, and email address to be included in future postings
of announcements.

Computers, Freedom, and Privacy, Austin, TX, Feb. 18-20.  
Contact:  http://www.cfp98.org        512 475-6700      512 475-6876.

Connecting All Americans for the 21st Century:  Telecommunications
Links in Low Income & Rural Communities, Washington, DC, Feb. 24-26.  
Contact:  http://www.pulpny.org/CAM/      800-255-7857.

K-12 Networking:  Realizing the Promise, Washington, DC, Feb. 26-28.  
Contact:  http://www.cosn.org        202-466-6296  ext. 55     202-462-9043 

Avoiding the Digital Potholes:  Empowering People to Make Choices,
Washington, DC, Feb. 26-28.  Contact:  apt@apt.org      202-408-1403.

Association for Practical and Professional Ethics, Dallas, TX, Feb 26-28.  
Contact: appe@indiana.edu     812-855-6450.

Community Networking / Networking Communities, Victoria, 
AUSTRALIA, Feb. 27-28.  
Contact:  www.vicnet.net.au/~vacab/callpap1.htm      vacic@vicnet.net.au      

Workshop on Societal, Ethical, and Policy Dimensions of Information 
Technology, Computer Science Dept, Princeton University, Feb. 28 -Mar 1.
Contact:  http://dimacs.rutgers.edu/Workshops/Ethical/index.html.

Universal Service:  New Conceptions for a New Age  A Special Issue of 
the Information Society.  Deadline for submissions: March 15, 1998.  
Contact:  hsawhney@indiana.edu      812-855-0954      812-855-7955 (fax).

New Information Technology, Hanoi, VIETNAM, March 24-26.  
Contact:  cchen@simmons.edu.

Ethical Issues of Information Technology, THE NETHERLANDS, 
March 25-27.  
Contact:  www.ccsr.cms.dmu.ac.uk      ccsr@dmu.ac.uk      44-116-250-6143.

Ethical Issues of Information Technology, Erasmus University, 
THE NETHERLANDS, March 25-27.  
Contact:  www.ccsr.cms.dmu.ac.uk/conf/ethicomp/eth98-anmt.html      

Socioeconomic Dimensions of Electronic Publishing Workshop:  Meeting 
the Needs of the Engineering and Scientific Communities, Santa Barbara, 
CA, April 23-25.  
Contact:  christine.nielsen@rollins.edu     j.herkert@ieee.org.

Information Infrastructure, Beijing, CHINA, April 26-29.  
Contact:  zyx@bupt.edu.cn      8610-6228-2023      8610-6228-5008 (fax).

Security and Privacy, Oakland, CA, May 3-6.
Contact: http://www.nrl.navy.mil/ITD/5540/ieee/index.html

ACM Policy98, Washington, DC, May 10-12.  
Contact:  http://www.acm.org/usacm/events/policy98/reginfo.html        

Information Society:  Looking Ahead: Promises and Achievements, 
Strasbourg, FRANCE, June 10-12.  
Contact:  ufr-info-p6.ibp.fr/~creis/      nolod@ccr.jussieu.fr      

Wiring the World:  The Impact of Information Technology on Society, 
South Bend, IN, June 13-14.  
Submission Deadline:  Jan. 15, 1998.  Contact:  kperusich@iusb.edu

Digital Libraries U98, Pittsburgh, PA, June 23-26.  Contact:  dl98@ks.com

Teaching Research Ethics, Bloomington, IN, June 24-27.  
Contact:  www.indiana.edu/~poynter       pipmple@indiana.edu     

Advances in Social Informatics and Information Systems, Baltimore, MD, 
Aug. 14-16.  
Contact:  http://info.cwru.edu/rlamb/ais98cfp.htm    rel@po.cwru.edu      

The Human Factors and Ergonomics Society, Chicago, IL, Oct. 5-9.  
Subsmission deadline: March 9.  Contact:  http://hfes.org        

CPSR Annual Conference - Internet Governance, Boston, MA, Oct. 10-11.
Stay tuned to http://www.cpsr.org, CPSR-ANNOUNCE, and The CPSR 
Newsletter for details.

>From the Universities to the Marketplace:The Business Ethics Journey, 
Chicago, IL
Oct. 29-31.  Contact:  lpincus@wppost.depaul.edu.

PDC '98, Seattle, WA, Nov. 12-14.  
Contact:  http://www.cpsr.org/conferences/pdc98       pdc98@cpsr.org.
Stay tuned to CPSR-ANNOUNCE, and The CPSR Newsletter for details

Computer Supported Cooperative Work, Seattle, WA, Nov. 14-18.
Contact:  http://www.acm.org/sigchi/cscw98/


End of PRIVACY Forum Digest 07.04

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH