|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Sunday, 27 September 1992 Volume 01 : Issue 20
Moderated by Lauren Weinstein (lauren@cv.vortex.com)
Vortex Technology, Topanga, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
PRIVACY Briefs (Moderator--Lauren Weinstein)
Scientific American article, 'Achieving Electronic Privacy'
(Dan Huber)
Credit reports, phone bills, credit card bills for sale
(Dan Ellis)
SG Debate Centers on ACCESS Card Issue (John G. Otto)
Tracking mail (Allen Smith)
Comments on draft ACM whitepaper (Craig Partridge)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines. Submissions without appropriate and relevant
"Subject:" lines may be ignored. Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com". Mailing list problems should be
reported to "list-maint@cv.vortex.com". All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com/",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.
For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------
VOLUME 01, ISSUE 20
Quote for the day:
"I'm wearing a cardboard belt!"
-- Max Bialystock (Zero Mostel)
"The Producers" (1968)
----------------------------------------------------------------------
PRIVACY Briefs (from the Moderator)
---
Last week's edition of CBS's "48 Hours" program centered on the issues of
technological invasions of privacy. The emphasis was on the ease with which
information could be collected on particular "targeted" individuals by
"private detectives" via legal and illegal means (databases, public
photography and tracking, cellular phone interception, etc.) The program
was not primarily concerned with the broader issues of privacy as they
affect the population at large, and was rather disappointing. However,
any program that gets people thinking about privacy issues has value.
Some Internet readers may recall a message circulating around the net months
ago when CBS was attempting to find someone to demonstrate the (illegal)
practice of cellular interception for that program. Obviously they found
their man--his disguise, consisting of dark sunglasses and a fake "Castro"
beard, was definitely worth a few chuckles.
---
Regular readers of the PRIVACY Forum will already be familiar with the
"FBI Wiretap Bill" (a.k.a. "Dial-A-Wiretap"). This proposed legislation
would mandate direct, remote monitoring access to virtually all
domestic telecommunications networks and systems for court-approved
wiretaps. Many privacy advocates have expressed grave concerns
regarding the potential for abuse and misuse of such a system, among
other serious problems.
Rumors are now circulating that due to perceived potential difficulties in
obtaining approval for the bill as separate legislation, an attempt may be
made to attach essentially the complete language of the bill as
an amendment to some other legislation with a higher probability
of "low-scrutiny" passage (e.g. federal omnibus crime legislation).
------------------------------
Date: Thu, 24 Sep 92 09:51 EDT
From: DMHuber@DOCKMASTER.NCSC.MIL
Subject: Scientific American article, 'Achieving Electronic Privacy'
I read an interesting article in the Aug 92 issue of 'Scientific
American' by David Chaum that discussed using what he called 'blind
signatures' in electronic cash and credential verification applications.
I'm relatively new to this topic and would like to get reaction/opinions
of others on this idea. Perhaps someone could review it in the Privacy
Forum digest.
thanks,
Dan Huber
------------------------------
Date: Thu, 24 Sep 92 10:07:41 -0400
From: "Dan Ellis" <dpwe@media.mit.edu>
Subject: Credit reports, phone bills, credit card bills for sale
I heard an alarming interview on NPR's "Fresh Air" on Tuesday night.
Unfortunately I didn't take notes, but the gist was that a journalist
who works for Business Week (?) called something that sounded like
Geoffrey Rothvader has written a book called "Privacy for sale"(?)
based on his research in accessing private records via 'legitimate'
information-pooling businesses.
He described a class of organization he called 'superbureaus' which
gather and merge information from better known sources such as the
credit reporting agencies but also phone companies and credit card
companies. He was able to buy an account with apparently complete
access to these databases on the grounds that he worked for a reputable
publishing company (McGraw Hill) and that he wanted to check up on
some potential employees. He was then able to inspect the credit report
for J Danforth Quale (without knowing anything more than an old
address from a Who's Who), but more alarmingly, was able to see
Dan Rather's credit card bill for the past month - showing stores and
amounts etc. He said that phone records were similarly available, and
it had cost him $300 to get the information.
He suggested that the credit card bill and phone bill information must
be being supplied by unauthorized sources within the appropriate companies,
and that such companies should give more thought to audit trails and
access restrictions in their internal information systems.
Perhaps this is old hat, but I was shocked by the amount of information
that was, in practice, available. The author emphasized that these are
above-board businesses and there was nothing illegal or even particularly
exotic in what he did.
Apologies for anything I have distorted or misremembered in the two days
since the program.
Dan Ellis, MIT Media Lab <dpwe@media.mit.edu>
------------------------------
Date: Thu, 24 Sep 92 12:55:41 EDT
From: John G. Otto <otto@systems.cc.fsu.edu>
Subject: SG Debate Centers on ACCESS Card Issue
Wednesday, 1992-09-23
Florida Flambeau (Box 29287; Tallahassee, FL 32316; 904-681-6692)
(distributed with permission of the editor)
SG Debate Centers on ACCESS Card Issue
by Matt Grimison
The Seminole ACCESS card is a fascist pariah that keeps a Big Brother-like
watch on students - or it's a high-tech Godsend that will make the Florida
State University campus safer.
Those were the 2 sides to just 1 of many issues discussed Tuesday during
a debate a the student Union between 3 parties vying for student senate
seats in today's elections.
Representatives of the Monarchy, Osceola and Alliance parties, as well as
4 independent candidates, argued about the ACCESS card and a controversial
constitutional amendment on the ballot when they squared off in what turned
out as more of a question and answer session than a head to head debate.
Opinions turned bilateral when Osceola and Monarchy agreed to disagree with
Alliance on the 2 issues.
Jeanne Campbell of Monarchy and Joe Gillespie of Osceola united in
condemning the ACCESS program, saying it takes advantage of students by
keeping the money earned in interest from their accounts. They also said
it's too expensive to implement and contains too much personal information.
"It infringes on students' privacy.", Gillespie said. "They have students'
biographical information, credit history and social[ist in]security
numbers and can track students' movement on campus. It is dangerous as an
information source.
But Fred Maglione of Alliance said that while the system is not trouble
free, it's still worth while because it will help make FSU a cash free
campus. [That's worth while?!?!?!?!?...jgo]
"After the problems are worked out, it will run smoothly.", Maglione said.
"We are very pleased with the ACCESS card. Once the bugs are worked out
it will make for a better and safer campus environment."...
jgo John G. Otto otto@systems.cc.fsu.edu
------------------------------
Date: Thu, 24 Sep 1992 22:32 EST
From: ALLEN SMITH <ALLENS%EARLHAM.BITNET@UICVM.UIC.EDU>
Subject: Tracking mail
In regards to the privacy issue of automated mail tracking, it
occurs to me that that sort of system is rather easily disrupted by simply
sending fake mailings to various "interesting" locations. That admittedly
won't cure the problem that various interfering agencies, etc., can tell
that you're doing _something_ they're interested in, but it can confuse
them (until they get a warrant/whatever to actually open the mail) on
_what_ you're doing. It does also cost a bit, admittedly.
-Allen
------------------------------
Date: Fri, 25 Sep 92 10:11:58 -0700
From: Craig Partridge <craig@aland.bbn.com>
Subject: comments on draft ACM whitepaper
Hi:
I read through the draft and felt it had an important limitation.
It does not discuss when data gathering is beneficial (to the public or
even to individuals). The overall tone of the first half of the document
left the impression that data gathering, in and of itself, may be bad.
Yet when I read the principles of the Code of Fair Information Practices,
it was clear that it was carefully designed to permit data collection,
subject to some basic safeguards.
It seems to me that a professional body such as ACM has an obligation to
recognize and try to understand all sides of the issue, even if ACM favors
a particular perspective.
I do not claim to be an expert in this area, but let me try a couple
of points suggesting where data collection is useful:
* Better business bureaus and other organizations which track complaints
against business. Consumers, in general, benefit from being able
to check on the perceived quality of a business they propose to
deal with.
* Credit bureaus. We can (and should) make much of the failure of
credit bureaus to keep accurate information and sufficiently
protect it (indeed, their propensity to sell it). However,
just as it is useful for consumers to check on businesses, it
is beneficial to business to be able to check on the creditworthness
of individuals who are asking for credit.
* Utility records. There's been some fuss here in Northern California
about access to utility bills. Some newspapers have been printing
lists of people and organizations whose water bills indicate
exceptionally high consumption (we're in the midst of a drought).
There have been benefits to this information. For example, we've
learned that utilities are giving odd preferential billing schemes
(such as special water rates to golf courses) which are probably
not in the public interest. There are arguably harmful effects
too: a reputedly hard-of-hearing individual who had not heard
water running from a broken pipe under his home ran up a large
bill one month and was distressed by the publicity his bill got.
But there's a powerful argument that the greater public interest
in seeing careful water use during the drought was served by
publishing the list.
* Legal decisions. Our legal system is based on precedent. Collecting
legal opinions on-line makes it easier for lawyers to locate relevant
prior decisions. However, decisions also often contain personal
information about parties in the case, so there's a privacy risk
here (though I believe rather small).
Perhaps one may disagree with this particular list. That's fine, but I think
some discussion of cases where data collection is beneficial is needed if
the ACM white paper is to fully present the issues around privacy.
I hope this is useful.
Craig Partridge
past editor, ACM Computer Communication Review
E-mail: craig@aland.bbn.com or craig@bbn.com
------------------------------
End of PRIVACY Forum Digest 01.20
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.