PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest     Sunday, 13 December 1992     Volume 01 : Issue 28

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
        
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.


CONTENTS
        PRIVACY Brief (Lauren Weinstein; PRIVACY Forum Moderator)
        Mobile Homes & The Supreme Court (A. Padgett Peterson)
        Re: DOJ Authorizes Keystroke Monitoring (Larry Seiler)
        DoJ Has NOT "Authorized" Keystroke Monitoring (Dennis D. Steinauer)
        FWD: A Discouraging Word on FCC under Clinton
           (GRANTH@BROWNVM.brown.edu)
        Other Perspectives on Clinton FCC Transition Pick (Andrew Blau)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com/",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 01, ISSUE 28

   Quote for the day:

        "They're probably foreigners with ways different than our own.
         They may do some more... folk dancing!"

                        -- Brad Majors (Barry Bostwick)
                           "The Rocky Horror Picture Show" (1975)

----------------------------------------------------------------------

PRIVACY Brief (from the Moderator)

---

A recent report by the U.S. House of Representatives Committee on Government
Operations has triggered new controversy regarding the Postal Service
practice of providing mailers with corrected addresses for persons
who have moved.  The Post Office is prohibited by law from selling mailing
lists.  However, it is considered legal for the post office to provide
corrections for existing mailing lists from the change of address
forms that most persons file when they change residences.

About 2 billion items are forwarded annually by the Postal Service to the new
addresses of persons who have moved.  The Postal Service says that without
the address correction service, this number would double, greatly increasing
costs and causing other problems.

Privacy issues that have been raised revolve around the ability of 
businesses to "follow" a person through the change of address service,
and the practice of some companies of separating the changed addresses
from their master mailing lists and then selling the result to
other companies as "recently moved" lists.

The Postal Service responds that nobody is forced to file a change of
address and make use of mail forwarding, since persons can always take
responsibility for doing their own notifications of only those persons whom
they want to have their new address.

Your moderator, by the way, has mixed feelings about this issue,
and sees some validity to the arguments on both sides.

------------------------------

Date:    Wed, 9 Dec 92 10:34:56 -0500
From:    padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: Mobile Homes & The Supreme Court

>from the Moderator

>In a unanimous decision today, the Supreme Court ruled that the U.S.
>Constitution's protection against unreasonable police searches and seizures
>can apply to the taking of property, even when the owner's specific privacy
>rights were not violated.

While one might think that this ruling might have an effect on the seach
and seizure of computers as has happened many times in recent months, this 
does not follow necessarily because of what is in the second paragraph.

>The decision reinstated a civil rights lawsuit that had been brought by an
>Elk Grove, Illinois family after their mobile home was hauled away from a
>trailer park (by trailer park employees accompanied by Cook County
>sheriff's deputies) before the required eviction notice had been obtained.

The key here is the last line: "... before the required eviction notice had 
been obtained." i.e. the deputies acted without authorization. Secondly 
(and admittedly from logic and not knowlege of the law since I am not a 
lawyer). It sounds like the trailer was not merely removed from the park
(evicted) but moved to some other location and the owners denied access. 

In other words, the deputies exceeded their authority and if such actions
had been properly authorized, they would then have been legal.

Now without all of the details and knowlege of the law, it is difficult
to say exactly what happened and it is possible that the Supreme Court
could be setting the stage for more sweeping announcements (such as making
illegal the seizure of property such as computers, cash, etc without the 
filing of any criminal charges) but don't hold your breath. (Random stops
of vehicles and seizure of cash without any charge or even a traffic ticket
has been much in the Florida news lately).

                                        Warmly,
                                                Padgett

           "all rules are unfair to someone"

------------------------------

Date:    Wed, 9 Dec 92 14:14:45 EST
From:    "Larry Seiler, x223-0588, MLO5-2  09-Dec-1992 1239" 
         <seiler@rgb.enet.dec.com>
Subject: Re: "DOJ Authorizes Keystroke Monitoring" (issue 27)

I find it highly disturbing that it would be thought necessary to print
a 14 line banner message to protect the right to monitor unauthorized
access to a computer.  Maybe I should post a similar statement on my
front door warning that anyone who enters is liable to have their
fingerprints lifted from the furniture if I investigate a burglary.

I suspect that any system administrator who takes this seriously will
abbreviate the message down to a statement that any use of the system
authorizes arbitrary monitoring of that use.  And then goodby to any
privacy rights of valid users of the system!

I am opposed in general to keystroke monitoring, primarily because it is
very easy to abuse if used to judge employee performance.  However, it
seems obvious to me that keystroke monitoring to investigate unauthorized 
access is just as valid as it would be for me to set up a hidden camera
in my own home to record unauthorized access -- or for a company to put
video cameras on entrance doors.  Although, I don't belive it would be
appropriate to use such data other than to check for unauthorized entry.

Conclusion: public policy toward privacy needs to include a clear
understanding that there is no right to privacy when committing
illegal acts or making unauthorized use of someone else's property!
Also, I believe that privacy protection laws should mostly define allowed
usages of information, rather than restricting the ways that it can 
be gathered or processed. 

        Enjoy,
        Larry

------------------------------

Date:    Fri, 11 Dec 92 16:14:09 EST
From:    dds@csmes.ncsl.nist.gov (Dennis D. Steinauer)
Subject: DoJ Has NOT "Authorized" Keystroke Monitoring

The Subject line on the recent reposting by David Banisar of the 7 Dec 92
advisory from CERT/CC is highly misleading and inappropriate.  As with some
newspapers, it is important that people read more than just the headlines.

The Department of Justice hasn't "authorized" anything.  Rather, they are
advising system administrators that certain activities, namely the
monitoring or recording of user-to-computer session transmissions (hence
"keystroke monitoring") MAY be found illegal in certain circumstances and
that notice should be given to users.

The CERT advisory was extracted from a letter to the National Institute of
Standards and Technology (NIST) from DoJ.  Justice asked NIST in its role of
providing computer security guidance to Government to circulate the letter
and provide appropriate guidance.  We have made the letter available,
without comment, through several government and other channels (including
CERT, I4, etc.). 

The letter is intended to advise system administrators of an ambiguity in
U.S. law that makes it unclear whether session monitoring, often conducted
by system administrators who suspect unauthorized activity, is basically the
same as an unauthorized telephone wiretap.  I repeat, the law is unclear
-- and the fact that one can argue either way on the issue does not clarify
the law as currently written.  DoJ advises, therefore, that if system
adminstrators are conducting session monitoring or anticipate the need for
such monitoring, they should ensure that all system users be notified that
such monitoring may be undertaken.

The DoJ advice, therefore, is not "authorizing" anything -- even implicitly.
They have simply observed the types of activities that diligent system
managers often undertake (a la Cliff Stoll in "The Cuckoo's Egg") in an
attempt to protect their systems from unauthorized users, and they have
rendered some prudent legal advice.

Clearly, there are lots of issues here -- technical and otherwise -- that
will need to be discussed and sorted out.  Indeed, changes in
agency/organizational policies and even the law are probably needed.
However, none of this changes the fact that system administrators need now
to be aware of the potential impact of their activities, and the DoJ advice
attempts to do this.

We (NIST) are developing additional guidance for system administrators to
assist them in implementing the DoJ recommendations.  I expect that others
will be doing likewise.  We also hope to encourage discussion of the related
technical and other issues.  In the meantime, system adminstrators are well
advised to read the basic DoJ advice and examine their systems and agency
policies to determine if, where, and how notices should be provided to users.
We welcome comments and suggestions, particularly regarding approaches that
various organizations take in dealing with this issue.

=====
Dennis D. Steinauer
National Institute of Standards and Technology
A-216 Technology
Gaithersburg, MD 20899 USA
(301) 975-3359
(301) 948-0279 Facsimile
DSteinauer@nist.gov (e-mail)
NIST Security BBS: 301-948-5717 (cs-bbs.nist.gov/)

------------------------------

Date:    Wed, 9 Dec 92 07:30:53 -0500
From:    GRANTH@BROWNVM.brown.edu
Subject: FWD: A Discouraging Word on FCC under Clinton

Originally posted to the THINK mailinglist by Rick Crawford.

     *    Communications Daily article on Clinton transition
          appointment for Federal Communications Commission (F.C.C.)

The following article, written by Art Brodsky (202/872-9202,
x252), is reprinted from the December 7, 1992 issue of
Communications Daily, with permission.  Communications Daily is
published by Warren Publishing, Inc., 2115 Ward Court, N.W.
Washington, DC  20037.

`Far End of Spectrum'

            PLESSER TRANSITION APPOINTMENT DRAWS FIRE

     Public interest groups friday criticized naming of
Washington attorney Ronald Plesser to head up communications
issues for Clinton transition effort (CD Dec4, p1).  Groups said
Plesser, partner in Washington office of Baltimore law firm Piper
& Marbury, represents clients that characterize Washington
special interests.  As might be expected, Plesser's appointment
was defended by Clinton confidants.

     Plesser will head one of 2 groups in science and technology
transition section led by ex-astronaut Sally Ride.  Other group
in Ride's section will evaluate hard science agencies such as
NASA and National Science Foundation.  Those transition groups
were established to assess policies and agencies, not to make
appointment recommendations.  Personnel matters for permanent
jobs are to be handled by ex-S.C. Gov. Richard Riley (CD Nov 20
p1).

     Clinton confidants praised Plesser's designation.  "He's the
right guy," we were told.  "He'll take a snapshot of the agency,"
covering budget needs, personnel and similar matters.  Transition
team "will look to Ron for insights.  He's the guy."  Referring
to much speculation in press about what Clinton has in mind and
who his appointments might be, source said:  "I wonder what on
earth motivates some of this stuff...most of which is wildly
inaccurate."

     Most criticism of Plesser centers on his advocacy on behalf
of Direct Marketing Assn. (DMA) and Information Industry Assn.
(IIA), particularly for advocating private sector control of
databases constructed by public agencies.  Taxpayer Assets
Project Dir. James Love said Plesser "himself is the architect of
the basic privatization policies that came about in the Reagan
Administration."  Plesser, he said, is "most ferocious opponent
of librarians, citizen groups and the research community, who
want to broaden public access to government, taxpayer-supported
information systems.  He's the devil himself when it comes to
government information policy."

     Similarly, Marc Rotenberg, dir. of Washington office of
Computer Professionals for Social Responsibility (CPSR), said
that "while there is personal regard for Ron Plesser, there is
not happiness about this decision."  Rotenberg said that
Plesser's clients have great deal at stake at FCC, including
decisions on 800 number portability and automatic number
identification (ANI) that affect direct marketers, as well as on
video dial tone and access to networks.  Plesser represents "a
far end of the spectrum in the policy debates," Rotenberg said.
He said CPSR's main concerns are in areas of privacy protection,
public access to govt. information, communications
infrastructure.  In each of those areas, "Ron has been from our
viewpoint on the opposite side of the issue."

     Rotenberg said that if transition effort is merely to be
brief fact-finding exercise, Clinton team could have sought out
"someone with less bias," perhaps in academic community.  Jeff
Chester, co-dir. of Center for Media Education, said his group is
"very concerned" about Plesser because "of the special interest
lobbying baggage he carries with him."  Chester said his group
believes that Plesser's appointment "places an extra burden, a
double duty on the Clinton Administration, to find people for the
FCC and other telecommunications policy positions who don't come
with any kind of lobbying baggage and reflect the kind of public
interest concerns the Commission definitely needs."

     Transition team still having difficulty deciding how to
apply its proposed tough ethics requirements for Presidential
appointees (CD Nov 5 p1).  There's still been no decision as "to
how deep the 5-year restriction will be applied," we're told.
That means, according to sources, restrictions--when they finally
come out--may not go below Cabinet level.  As for FCC appointees
and top staffers (such as bureau chiefs) brought in, it hasn't
been decided whether attempt will be made to extend period they
couldn't practice or lobby agency to 5 years from one year.
Proposal has been roundly criticized by Democrats who are know to
be, or expect to be, in line for top jobs in Clinton
Administration.

======================================================================


Taxpayer Assets Project
Information Policy Note
December 7, 1992


SUMMARY

     *    Lobbyist for Information Industry appointed
          to key Clinton Transition Post

     *    Ronald Plesser named to head transition effort on
          Federal Communications Commission (F.C.C.)

     *    Public Interest Groups register opposition to
          appointment

BACKGROUND

     On Friday (12/4/92) Communications Daily reported
information industry lobbyist Ronald Plesser has been appointed
to a key Clinton/Gore transition post involving federal
information policy.  According to the friday CD article, attorney
Ronald Plesser will head the Clinton transition efforts on
communications issues, as part of a Science and Technology group
headed by former astronaut Sally Ride.   According to officials
at Plesser's law office and the Clinton Transition office Plesser
has been appointed as a Deputy Director of the Science and
Technology group, in charge of the Federal Communications
Commission (F.C.C.).

     Plesser has close ties to a wide range of commercial data
vendors and other information industry clients.  He is considered
a key architect of Reagan Administration efforts to privatize the
dissemination of government information, through:

     a)   restrictions on individual access to federal
          databases and information systems,

     b)   restrictions on the types of "value added" services
          that agencies can use to enhance public access to
          federal information, and

     c)   restrictions on the types of electronic information
          products and services that are distributed to the
          federal depository library program.

Plesser has also spearheaded efforts to weaken privacy laws.
Plesser's clients include:

     -    Information Industry Association (IIA).
          Plesser is legislative counsel for (IIA), a
          trade group representing commercial data
          vendors, telephone companies, and cable
          television companies.

     -    Direct Marketing Association (DMA).  Plesser
          represents DMA on a wide range of issues
          relating to privacy.

     -    Mead Data Central.  Plesser is a lobbyist for
          Mead (owners of LEXIS/NEXIS and contractor
          for the ill conceived SEC EDGAR system) on a
          wide range of topics, including the issues
          relating to public access to government
          information and the development of national
          telecommunications infrastructure, including
          the implementation of the recently funded
          National Research and Education Network
          (NREN).

     -    Knight Ridder.  Plesser is a lobbyist for
          TRANSAX, a vendor of government tariff
          information.  In 1989 Plesser used his close
          ties to the House Subcommittee on Government
          Information to block efforts by the Federal
          Maritime Commission (FMC) to allow shippers
          to have access to the FMC's new Automated
          Tariff Filing Information (ATFI) system.
          (John Markoff, "Giving Public U.S. Data:
          Private Purveyors say No," 3/4/89, NYT,
          Government Publications Review, Vol. 19,
          1992, pp 400-403).

     Plesser's appointment to shape F.C.C. policy was greeted by
surprise and alarm by a wide range of citizen and library groups
who have locked horns with Plesser on the past on issues ranging
from public access to government information to privacy.  In an
article in monday's Communications Daily, written by reporter Art
Brodsky (202/872-9202, ext. 252), James Love, Director of the
Taxpayer Assets Project, Marc Rotenberg, Washington Director of
Computer Professionals for Social Responsibility, and Jeff
Chester, Director of the Coalition for Media Education,
registered strong opposition to the appointment.  Rotenberg said
Plesser was far out of the mainstream of opinion on information
policy issues.

     Before launching a highly successful lobbying career,
Plesser ran Ralph Nader's Freedom of Information Clearing House.
In recent years he helped raise corporate funding for the ACLU's
"Information Technology Project" from large information industry
companies.  In 1991 the ACLU's project was transferred, staff and
funding intact, to the Electronic Frontier Foundation (EFF).
This project reportedly has focused on issues relating to the
development of new telecommunication infrastructure, including
but not limited to NREN.

==============================================================
James Love, Director              voice     215/658-0880
Taxpayer Assets Project           fax       call
12 Church Road                    internet  love@essential.org
Ardmore, PA  19003
==============================================================

------------------------------

Date: Sat, 12 Dec 1992 13:46:00 -0500
From: Andrew Blau <blau@eff.org>
Subject: Other Perspectives on Clinton FCC Transition Pick 

TELECOM Digest V12, #895 reprinted an article from {Communications
Daily} by Art Brodsky on the FCC transition.  Here's a follow-up
article that fills out the picture a bit, by the same writer. It
appeared in the December 9, 1992 issue of {Communications Daily}.  I
am posting it here with permission.  Communications Daily is published
by Warren Publishing, Inc., 2115 Ward Court, N.W.  Washington, DC
20037.

                Copyright 1992 Warren Publishing, Inc.  
                        Communications Daily

                    December  9, 1992, Wednesday

SECTION: Vol. 12, No. 237; Pg. 2

HEADLINE:  Plesser  Praised;
CLINTON TRANSITION TEAM STARTS REVIEW AT FCC

 BODY:

   Transition team for Clinton Administration paid first visit to FCC
Tuesday, meeting with Chief of Staff Terry Haines. FCC transition team
currently is composed of eight persons and its charge has been
described as effort to take "snapshot" of operations at agency, rather
than go into great policy detail or make personnel recommendations.
"Their mission is to come up to speed with what's going on at the
Commission and report back to superiors," we were told.  Team has been
assigned office space on 5th floor of FCC hq.

   Composition of team makes clear that effort is being made to work
closely with Congress, even before Clinton takes office. About half of
team members are congressional staffers. Senate Commerce Committee is
represented by Antoinette (Toni) Cook (who has been mentioned often as
possible FCC chmn.)  and John Windhausen, while House side is
represented by David Leach from Commerce Committee and Gerald Waldron
from Telecom Subcommittee. (Telecom Subcommittee staffer Larry Irving
also will be working on telecommunications infrastructure issues for
another part of transition). Transition team at FCC also includes
Howard U. Prof. Clay Smith, ex-chmn. of Equal Employment Opportunity
Commission (husband of Patti Smith, who is deputy dir. of policy and
planning for FCC associate managing dir.) and Prof. Henry Parrett of
Villanova U. Others will be named later.

   Transition team leader is attorney Ronald Plesser of Washington
office of Baltimore law firm Piper & Marbury. His appointment was
strongly criticized by public interest groups (CD Dec 7 p1), who cited
his positions on policy issues and suggested conflicts of interest in
his representation of clients Information Industry Assn. (IIA) and
Direct Marketing Assn. (DMA).  Plesser met Tues. at FCC with Haines.
Later, Haines met with bureau and office chiefs and commissioner aides
to inform them what is going on, and asked them to give full
cooperation.

   However, others in public policy sector praised Plesser, who was
strong supporter of ACLU's Information Technology Project and who once
worked for consumer advocate Ralph Nader. Cathy Russell, counsel for
Senate Technology Subcommittee, said Plesser was "sensitive to privacy
considerations."  While acknowledging he's "strong advocate for his
clients," she said Plesser understands privacy concerns and works to
"bring clients to the table with the ACLU to hash things out."
Plesser, she said, has been "very reasonable with us" and she was
surprised that public interest groups "would attack him on that."

   Similarly, Jerry Berman, head of Washington office of Electronic
Frontier Foundation, called Plesser "one of the leading advocates of
the Freedom of Information Act, and a supporter of making an
electronic Freedom of Information Act."  Plesser has brought IIA "much
further toward recognizing public access to information than they
[IIA] originally were doing, and brought DMA to the table in signing
off on some privacy rights," Berman said. "I don't think that's an
accurate description [to say he is out of mainstream]. [ Plesser]
makes a great effort to balance interests." Sheryl Walter, gen.
counsel of National Security Archive, said Plesser did significant pro
bono work on case for her group on Freedom of Information Act on
behalf of reporter Raymond Bonner, who was working on book about
Philippines Pres.  Marcos. In terms of experience with Archives,
"we've found him to be very supportive of government disclosure."

   OMB Watch Exec. Dir. Gary Bass said it "makes good sense" to have
Plesser and others familiar with issues involved. Bass said he would
like to see more public interest sector representation in transition,
but said critics of Plesser are "reacting because of his institutional
role." If Plesser were "the sole person deciding policy, I would have
a real problem with that," Bass said, but transition team focus is
narrower.

   James Davidson, former staff dir. for House Judiciary Committee and
ex-Senate staffer who wrote much of Privacy Act in 1974, said of
Plesser: Ron Plesser has won more cases upholding freedom of
information than any litigator in the country. Davidson added: "There
is no more good advocate for good information policy" than Plesser.

------------------------------

End of PRIVACY Forum Digest 01.28
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.