TUCoPS :: Privacy :: priv_714.txt

Privacy Digest 7.14 8/19/98

The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:



PRIVACY Forum Digest      Wednesday, 19 August 1998      Volume 07 : Issue 14

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
	  	  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	John Gilmore of DES-Breaking "Deep Crack" on PRIVACY Forum Radio
           (Lauren Weinstein; PRIVACY Forum Moderator)
	Privacy Concerns Regarding Netscape Communicator 4.5
           (Lauren Weinstein; PRIVACY Forum Moderator)
        GeoCities Agrees to Settlement with FTC over Privacy Problems
           (Lauren Weinstein; PRIVACY Forum Moderator)
	More Ads Based on Web Usage Tracking On the Way
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	The Texas Department of Health Wants to Track Your Kids;
	   It's Time To Say "No! (Dawn Richardson)
	CallerID in the Netherlands (Daniel van Os)
	Highway privacy round-up (Phil Agre)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


   Quote for the day:

	"In a free society, information is the name of the game.
	 You can't win the game if you're a man short!"

	    --  Deputy Minister Eugene Helpmann (Peter Vaughan)
	 	"Brazil" (Universal; 1985)


Date:    Tue, 28 Jul 98 10:11 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: John Gilmore of DES-Breaking "Deep Crack" on PRIVACY Forum Radio

Greetings.  I'm very pleased to announce that a recent audio interview I
conducted with John Gilmore is now available via PRIVACY Forum Radio.  John
is co-founder of the Electronic Frontier Foundation (EFF) and leader of the
EFF team that built the "Deep Crack" computer, that has solved a DES-encrypted
message in less than three days.  John is a widely known and frank advocate
of strong, non-escrowed encryption systems.

In this half hour interview we discuss the Deep Crack project and the
various pros and cons regarding encryption accessibility, ranging from
technical to more philosophical issues.

This is a very important topic and an interview you definitely won't want to
miss--I think you'll find it very interesting.

To hear the interview over the net via streaming audio, please visit 
PRIVACY Forum Radio via:


Thanks much.

Lauren Weinstein
Moderator, PRIVACY Forum


Date:    Thu, 13 Aug 98 19:49 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Privacy Concerns Regarding Netscape Communicator 4.5 

Greetings.  I recently received a message from a PRIVACY Forum reader who is
very concerned about a privacy matter regarding the new preview version of the
Netscape Communicator web browser.  The browser in question is Communicator
4.5 (preview release 1), which is now available for download from Netscape's
web site.  Web users are being urged to download this version both by
messages at Netscape's site and at many other major sites.

The author of the forwarded text below asked to have their name withheld
since they perform work with Netscape.  Following is the text from the
message itself, followed by the results of my investigation into this issue
and my discussions with Netscape.

	   ---- Forwarded text from [Name Withheld] BEGINS ----

	   Communicator 4.5 (preview release 1) now redirects every
	   mis-typed URL to Netscape's home server so that it can try to
	   look for something similar. For example, if you enter
	   "www.nettscape.com", which doesn't exist, instead of just telling
	   you that the domain name could not be found (as all previous
	   versions have done), Communicator 4.5 launches a new URL:
	   This URL then sends you back a friendly message.

	   Yes, Netscape Communications can be logging every DNS typo you
	   make, noting the IP address and DNS name of who made the typo.
	   Even if you are not scared of Netscape knowing this, how long do
	   you think it will take until they get served with a warrant for a
	   log of all the people who mistyped a domain name for a server
	   that is being investigated by the feds or a local police
	   department? If you're a law enforcement official and you want to
	   find out who's accessing a server, shut off its DNS server for a
	   day and then go ask Netscape for the log, since everyone trying
	   that URL with Communicator 4.5 will be there. Further, now every
	   Communicator 4.5 user is susceptible to anyone snooping
	   Netscape's Internet connection for the same kind of information.

	   I see no way to turn this off in Preview 1. Let's hope it becomes
	   an option before the final release, but I doubt it, since this
	   gives Netscape one more opportunity to put advertising in front
	   of you.  Even if you can turn it off, you probably won't do it
	   until you've mistyped at least one DNS name.

	   ---- Forwarded text from [Name Withheld] ENDS ----

This forwarded message does a good job of explaining both the browser
behavior and the resulting potential privacy problems.  

I took this issue immediately to Netscape through a series of phone calls.
Netscape was extremely prompt in putting the appropriate knowledgeable
persons in touch with me--at one point I had a four-way conference call with
a Netscape media representative, the Netscape Netcenter program manager, and
the program manager for Netscape Communicator.  The following analysis is
based on those conversations.  

There are actually two different aspects of Communicator 4.5 that involve
new types of "automatic" contact between the local Communicator browser and
Netscape's server facilities.  One of these is "Smart Browsing," a system by
which entries typed into the browser's URL line that do not appear to be
actual URLs are sent to Netscape for lookup in their web search engine
database, with the results returned to the user via a page which Netscape
generates.  Netscape informs me that the URL vs. keyword decision is based on
fairly obvious aspects of the entry (e.g., if an entry doesn't include a
".domain" part, it is considered to be an entry for keyword searching).
Smart Browsing is enabled by default, but *can* be disabled via the browser
preferences.  Netscape considers Smart Browsing to be a feature that will
definitely be included in the regular release of Communicator 4.5.

The second automatic lookup is the one that the message text above was
referring to, involving mistyped URLs.  Netscape calls this function "DNS
Help."  Netscape says that the idea was to give the user more helpful
information than just "No DNS entry" type error messages.  DNS Help indeed
*cannot* be disabled in the Communicator 4.5 Preview 1 release.  Netscape
says they do not consider DNS Help to be a definite feature for the regular
release--that it is instead an "experiment" in the Preview 1 version that
will not *necessarily* exist in the same form when Communicator 4.5 starts
its "regular" distribution--but it might.  Netscape acknowledges that there
are privacy concerns regarding this function (including the ones that I
brought up with them), and says these are being taken under advisement.  

In the course of my conversations with Netscape, not only did we discuss
some details of these specific privacy concerns and possible methodologies
to deal with them in a privacy-enhancing manner, but I also took the
opportunity to briefly discuss some "cookie control" issues with them as

So, that's the situation.  Since Netscape is actively evaluating the
"DNS Help" function at this time, it might be useful to express constructive
opinions regarding this functionality, or aspects of the "Smart Browsing"
system, directly to Netscape.  They ask that such messages be sent to:


Further discussion of these issues here in the PRIVACY Forum will of
course appear as events warrant.

Lauren Weinstein
Moderator, PRIVACY Forum


Date:    Fri, 14 Aug 98 14:00 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: GeoCities Agrees to Settlement with FTC over Privacy Problems

Greetings.  GeoCities, a very heavily used provider of a range of Internet
services, has agreed to a proposed settlement (consent agreement) with the
U.S. Federal Trade Commission (FTC) concerning collection of GeoCities'
customers' personal information.  This is the first FTC case relating to
Internet privacy.

According to the Director of the FTC's Bureau of Consumer Protection,
"GeoCities misled its customers, both children and adults, by not telling
the truth about how it was using their personal information."  Issues
involving release of customer information to third parties were apparently
among the key issues.

The proposed settlement would require a number of changes in GeoCities'
operating practices, and a web link, to be present for five years, 
from GeoCities to the FTC's web site.

Details on this story can be obtained at:


Lauren Weinstein
Moderator, PRIVACY Forum


Date:    Sun, 16 Aug 98 09:20 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: More Ads Based on Web Usage Tracking On the Way

Greetings.  It is reported that a new round of sites using targeted ads
based on collected web usage data is about to spring forth.  According to
currently available reports, this would include the Lycos search engine and
Geocities, both very heavily visited sites (it is unclear whether
Geocities' recent agreement with the Federal Trade Commission regarding
privacy problems would relate to this in any way).  Other smaller
sites, such as Ticketmaster, have also reportedly signed up.

These efforts have apparently been organized by CMG Information Services in
the form of a system called "Engage," which judging from descriptions I've
obtained apparently is using cookies as its information targeting carrier,
much like other similar ad services.

A web site to allow users to remove this Engage identification information
will apparently be made available.

Of course, another solution might be to disable cookies in your browser if
this sort of ad system is something in which you do not wish to
participate.  Many persons leave cookies disabled at all times except
occasionally activating them for specific sites which use cookies in manners
acceptable to the particular user.  I have long advocated that web browsers
should allow the choice of cookie handling to be specified on a site-by-site
basis as part of bookmark properties, to make this sort of controlled usage
much more convenient.  Cookies *can* have valid and useful, non-privacy
violating applications, but being able to control them appropriately is very

Lauren Weinstein
Moderator, PRIVACY Forum


Date:    Sun, 16 Aug 1998 01:20:28 -0500
From:    "Dawn Richardson" <prove@swbell.net>
Subject: The Texas Department of Health Wants to Track Your Kids;
	 It's Time To Say "No!"

The controversy surrounding national campaigns for unique health
identifier numbers shows people don't want to be surveilled by
government computers.

The Texas Department of Health's initial attempt to legislate a
statewide immunization tracking system would have mandated the tracking
of our children. Doctors and insurance companies would have been
required to give TDH your child's confidential medical records for a
nationally accessible database. These plans were thwarted when the
legislature astutely amended the legislation to require parental consent
and limit access and release.

Despite the law, TDH has repeatedly circumvented consent requirements.
In February, TDH published rules allowing them to "assume" parental
consent. They wrote provisions which promoted unrestricted data
exchange. Objections from parents and legislators led TDH to withdraw
the rules and re-write them.

In March, parents learned that TDH's tracking registry already held,
without their consent, private identifying information including social
security numbers and children's birth information. A legislative
inquiry revealed that TDH had entered 3.3 million children's records
since 1995. Furthermore, over 700,000 records had been created from the
confidential portion of birth certificate applications without the
parents' knowledge. The legislature had authorized the creation of the
registry unaware of TDH's premature efforts.

TDH's second attempt at rules is now open for public comment until
September 8th. Although they appear to protect private information,
closer examination reveals loopholes which compromise informed consent
and the legislative protections governing the security, collection, and
release of confidential medical information.

The Centers for Disease Control is systematically helping create these
registries in every state to link together into a national immunization
registry network.  Parents everywhere need to be concerned about the
use of immunization tracking as a way of establishing the infrastructure
for more intrusive monitoring and compliance programs. Children don't
have a voice; it's time parents used theirs.

Dawn Richardson
PROVE (Parents Requesting Open Vaccine Education)
P.O. Box 1071
Cedar Park, TX 78630-1071
(512) 918-8760

	[ While there clearly are significant public health problems which
	  might be improved through increased knowledge of immunization
	  patterns, it's also the case that systems which might attempt to
	  collect such data are treading in an extremely personal area.  Any
	  system which is perceived as invasive of medical privacy is likely
	  to be subjected to significant opposition.  To the extent that
	  similar medical data collection is aboveboard and completely
	  voluntary, overall public health objectives are likely to be
	  better served.

		-- PRIVACY Forum Moderator ]


Date:    Tue, 18 Aug 1998 13:11:01 +0000
From:    daj.v.os@gdvdieren.nl (Daniel van Os)
Subject: CallerID in the Netherlands

This August KPN Telecom, Holland's largest telecom company, introduced
Caller-ID ("Nummerweergave") for all subscribers. It only displays the
number of the caller and can be blocked per-call.

After reading the articles in this list, and not being able to remember
anything about complete blocking, I got curious and I phoned KPN.  It turned
out that complete blocking is available, but it has to be activated by KPN.
Subscribers cannot do it themselves.

When I asked for this to be done, all I had to tell the KPN employee was my
telephone number. This surprised me a little, since it apparently means that
anyone can enable or disable Caller-ID on any number.  While Caller-ID is
free of charge, there are other services which aren't free and can be
activated in a similar manner.

Since KPN will send me a letter within 8 days to inform me about the changes
made, unwanted changes will be detected eventually. But it seems that KPN's
policy on abuse is detection by their customers instead of prevention on
their own part.

Daniel van Os


Date: Thu, 25 Jun 1998 18:26:29 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: Highway privacy round-up

Cleaning up my office at the end of the school year, I have finally
pulled together a batch of newspaper clippings from April and May.
Several of these clippings concern the privacy issues that are
starting to arise on public roads.  Although each of these issues may
seem harmless enough in isolation, together they illustrate something
important.  In the fictional world of Big Brother, privacy issues
arise through the centralized plotting of a malevolent bureaucracy.
In the real world, however, privacy issues arise through the
convergence of ten thousand separate forces, each with its own
economics and politics but united in their use of conventional
computer system design practices.  Here are the articles I clipped:

  Virginia Ellis, Thriving trade in fake drivers' licenses poses tough
  problem for DMV, Los Angeles Times, 5 April 1998, pages A1, A26.

Employees are issuing fake drivers' licenses, sometimes for family and
friends but mostly for money; the incentive to create fake licenses
increases as drivers' licenses increasingly become the basic form
of identification from with all other forms of identification can be
derived.  This is, of course, a very old story -- one of those stories
that gets rediscovered every few years as if it were new.  Nothing
much is ever done about it, however, and we can expect to see the same
story written again in a few years -- unless, of course, some vendor
decides that it is time to sell the state on a more invasive form of
identification such as a centralized database of biometric identifiers.

  Roberto J. Manzano, Portable scanner will speed police fingerprint
  checks, Los Angeles Times, 17 April 1998, page B2.

This article describes a hand-held device that a police officer can
use to capture a fingerprint scan and transfer it to a laptop in the
officer's patrol car, from which it can be uploaded by radio to a
database at headquarters, which then radios back any matches.  Now,
one might argue that such devices simply make life more convenient
for those people whose identity the police wish to determine.  But
another, more likely possibility is that cheaper technology for
capturing fingerprints means that more fingerprints will be captured.
A free society, of course needs to trade off crime-fighting against
civil liberties.  In the past, much of that trade-off was provided
automatically by the limitations of the physical world: it was simply
cumbersome and expensive to search, seize, surveil, and so forth.
With the march of progress, however, it becomes necessary to make
more and more conscious judgments about the proper balance point.
Those judgments are hardest when they must second-guess the choices
that police officers make in the field.  As it becomes easier and
easier to identify people in public places, whether by fingerprint
scans or automatic face identification, the very nature of public
space starts to change.

  Leslie Helm, Today the desktop, tomorrow all those other places,
  Los Angeles Times, 24 May 1998, pages D1, D8.

A group at Microsoft is developing standards for the "auto PC", a
PC-like software platform for use in automobiles.  It plugs in to
the slot in the dashboard that would otherwise hold the stereo.  A
Microsoft employee is quoted as saying, "I don't know about you, but
each time I see an automobile, I see 100 million potential customers".
The point of the article is Microsoft's ability to leverage its
existing proprietary de facto standards into control of other markets,
whether they are contested or not.  From a privacy perspective, the
significance of the auto PC is that many of its most useful functions
will surely require it to communicate wirelessly with other computers,
either at the car owner's residence or workplace or at the premises
of vendors.  If the device incorporates GPS tracking then even more
functionalities will be possible.  The likely result is a wide variety
of functionalities that involve the transfer of personal information,
for example what you're listening to on your stereo, to databases
kept by software companies, content vendors, and other firms and
governments with whom you might transact business while on the road.

  Roy S. Johnson, Envirotest aces the competition, Fortune, 25 May
  1998, page 36.

Envirotest is "the nation's largest owner-operator of vehicle emissions
testing centers and creator of a new remote sensing technology (RST)
designed to make auto exhaust testing a no-brainer.  The devices use
infrared light and ultraviolet rays to analyze the tailpipe emissions
of a moving vehicle and photograph its license plate in only half a
second".  This is only one of many technologies that identify passing
cars for one purpose or another.  Some of these technologies require
the car to have an onboard transponder, while others simply photograph
the license plate.  The problem, of course, is the slippery slope that
this immediately sets up.  A device that can check your emissions when
you want it to can also identify your car for other purposes, such
as tracking your travel patterns for the sake of direct marketing, or
for evaluating insurance risks, or for identifying behavioral patterns
that might raise a question mark at work.  Of course these worrisome
scenarios won't happen right away.  But once the technologies are in
place, imaginations will start working overtime and the only barriers
against them will be political.

  New device calls 911 in an auto crash, Los Angeles Times, 12 May
  1998, page D12.

The federal government is testing the device in question, "an electronic
box about 6 inches square and an inch deep under the back seat", in
500 vehicles in Erie County, NY.  The device is capable of beaming its
location, together with information on the nature and severity of the
crash, through the car's cellular phone.  It is hard to object to such
an invention in isolation, of course.  The surprising thing is that
the device is only being designed for such a narrow range of functions.

  Gary S. Becker, Good-bye, tollbooths and traffic jams?, Business
  Week, 18 May 1998, page 26.

This column recycles some old ideas about using market mechanisms to
control traffic congestion.  When it is cheap to collect tolls, Becker
points out, many more roads can become toll roads.  Furthermore, the
tolls themselves can vary depending on the level of demand.  That way
everyone will have an incentive to schedule their lives to trade off
road costs against other factors.  Whether this "congestion pricing"
mechanism really works depends on how sensitive traffic levels are
to price, which depends in turn on the scheduling flexibility of the
events people are driving to.  Becker is much more optimistic about
this than I am.  But from a privacy perspective, what's important
about automatic toll collection is the database of records it leaves
behind.  One virtue of free public roads (and free public parks, and
free public sidewalks, etc) is that they require little surveillance.
As soon as the use of these facilities becomes conditional on paying
money, it becomes necessary to instrument the whole environment to
ensure that payments are made, and to handle the payments themselves.
Road tolls *can* be collected anonymously, of course.  In practice,
however, the standards will be set by vendors who know that drivers
will face little real choice.  Sales of personal information based on
toll records may provide a significant income stream for the operators
of toll roads, particularly when toll payments are pervasive enough
that it becomes possible to construct detailed profiles of drivers'
travel patterns.  Economists like Becker tend to ignore this dimension
of the market, which they assume by default operates costlessly and
without side-effects.  In the real world, however, the costs and side-
effects are considerable and should be taken fully into account.

Phil Agre


End of PRIVACY Forum Digest 07.14

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH