|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Sunday, 1 August 1993 Volume 02 : Issue 27
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Topanga, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
CPSR Urges Revision of Secrecy System (David Sobel)
Credit Reports and National Security (Dave Banisar)
Medical privacy and the DMV (Brett Glass)
Re: Name & Address from Phone Number in Chicago (Chris Johnston)
Call for Papers: Computer Network Use and Abuse Conference
(Paul Higgins)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com". All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com/".
For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------
VOLUME 02, ISSUE 27
Quote for the day:
"Book him, Dano."
-- Steve McGarrett (Jack Lord)
"Hawaii Five-O" (1968-1980)
----------------------------------------------------------------------
Date: Thu, 15 Jul 1993 16:58:33 EST
From: David Sobel <dsobel@washofc.cpsr.org>
Subject: CPSR Urges Revision of Secrecy System
Computer Professionals for Social Responsibility (CPSR) has
called for a complete overhaul in the federal government's
information classification system, including the removal of
cryptography from the categories of information automatically
deemed to be secret. In a letter to a special Presidential task
force examining the classification system, CPSR said that the
current system -- embodied in an Executive Order issued by
President Reagan in 1982 -- "has limited informed public debate on
technological issues and has restricted scientific innovation and
technological development."
The CPSR statement, which was submitted in response to a
task force request for public comments, strongly criticizes a
provision in the Reagan secrecy directive that presumptively
classifies any information that "concerns cryptology." CPSR notes
that "while cryptography -- the science of making and breaking
secret security codes -- was once the sole province of the
military and the intelligence agencies, the technology today plays
an essential role in assuring the security and privacy of a wide
range of communications affecting finance, education, research and
personal correspondence." With the end of the Cold War and the
growth of widely available computer network services, the outdated
view of cryptography reflected in the Reagan order must change,
according to the statement.
CPSR's call for revision of the classification system is
based upon the organization's experience in attempting to obtain
government information relating to cryptography and computer
security issues. CPSR is currently litigating Freedom of
Information Act lawsuits against the National Security Agency
(NSA) seeking the disclosure of technical data concerning the
digital signature standard (DSS) and the administration's recent
"Clipper Chip" proposal. NSA has relied on the Reagan Executive
Order as authority for withholding the information from the
public.
In its submission to the classification task force, CPSR
also called for the following changes to the current secrecy
directive:
* A return to the "balancing test," whereby the public
interest in the disclosure of information is weighed
against the claimed harm that might result from such
disclosure;
* A prohibition against the reclassification of
information that has been previously released;
* The requirement that the economic cost of classifying
scientific and technical be considered before such
information may be classified;
* The automatic declassification of information after
20 years, unless the head of the original classifying
agency, in the exercise of his or her non-delegable
authority, determines in writing that the material
requires continued classification for a specified
period of time; and
* The establishment of an independent oversight
commission to monitor the operation of the security
classification system.
The task force is scheduled to submit a draft revision of
the Executive Order to President Clinton on November 30.
The full text of the CPSR statement can be obtained via
ftp, wais and gopher from cpsr.org, under the filename
cpsr\crypto\secrecy_statement.txt.
CPSR is a national organization of professionals in the
computing field. Membership is open to the public. For more
information on CPSR, contact <cpsr@cpsr.org>.
------------------------------
Date: Sat, 24 Jul 1993 14:13:08 EST
From: Dave Banisar <banisar@washofc.cpsr.org>
Subject: Credit Reports and National Security
Last week, the Senate Intelligence Committee approved a provision that
allows for FBI access to credit reports using only a letter instead of a
judical warrant in cases that they say involved national security. There is
concern that this will be subject to abuse and that the necessity has not
been proven. Several privacy and consumer groups sent this letter opposing
the provision.
I was unable to easily find the actual text but will get it after I come
back from vacation.
Dave Banisar
CPSR Washington Office
July 12, 1993
The Honorable Dennis Deconcini
Chairman
Senate Select Committee on Intelligence
United States Senate
SH-211 Hart Senate Office Building
Washington, DC 20510-6475
Dear Chairman DeConcini;
We are writing to voice our strong opposition to the
Administration's legislative proposal to amend the Fair Credit
Reporting Act (FCRA) to allow the Federal Bureau of Investigation
(FBI) to obtain consumer credit reports in foreign
counterintelligence cases.
The FBI seeks a national security letter exemption to the
FCRA to obtain personal information from consumer reporting
agencies without a subpoena or court order. A national security
letter gives the FBI the authority to obtain records without
judicial approval and without providing notice to the individual
that his or her records have been obtained by the Bureau.
Similar FBI proposals were rejected in previous years after
Congressional leaders expressed concern over the civil liberties
issues raised.
Although the current draft proposal is more comprehensive
than those circulated in previous years, the changes and
additions do not alter significantly the central character of the
proposal. The Administration's 1993 proposal includes explicit
limits to'dissemination of obtained information within the
goverrment, penalties for violations including punitive damages,
and reporting requirements. These provisions are positive
changes from the legislation put forward in previous years, but
they do not save the proposal from its intrinsic flaws.
Therefore, the reasons for our fundamental opposition to the
current proposal remain the same: 1) the FBI has not demonstrated
a compelling need for access to consumer credit reports; and 2)
legislation that implicates civil liberties should be addressed
separately and not as part of the authorization process.
There are only two instances in which Congress has
authorized the FBI, in counterintelligence investigations, to
obtain information about individuals pursuant to a national
security letter but without a subpoena, search warrant or court
order. First, the Electronic Communications Privacy Act (ECPA)
of 1986 included a provision requiring common carriers to
disclose subscriber information and long distance toll records to
the FBI in response to a national security letter. Second,
congress included in the 1987 Intelligence Authorization Act an
amendment to the Right to Financial Privacy Act (RFPA) that
requires banks to provide customer records to the FBI in response
to a similar letter. In that case, the FBI presented to Congress
its case for obtaining financial records in foreign counter-
intelligence cases and the difficulty of obtaining those records
without a court order.
In both instances when congress has previously authorized
the national security letter, Congress recognized that the
procedure departs dramatically from the procedure necessary to
obtain a court order.
The FBI's current proposal seeks similar access to
individuals' credit records held by consumer reporting companies.
The FBI has yet to adequately justify its need to add such highly
personal, sensitive information to the narrow category of records
subject to the national security letter exemption.
The Bureau claims obtaining credit reports will allow it to
more easily determine where a subject of an investigation banks
-- information the FBI claims will help them effectuate their
ability to access bank records under the RFPA. We opposed the
national security letter exemption in the RFPA and do not endorse
the FBI's slippery slope approach to ensuring that they can more
easily obtain financial information in foreign
counterintelligence cases. This information can be and is
routinely gained without credit reports. We do not believe
convenience is a sufficient justification for this significant
exception to the law.
The FBI further argues that obtaining banking information
through a credit report is preferred because it is actually leas
intrusive than those investigative methods that would otherwise
be used. While we too are frustrated that other information-
gathering techniques are frequently too intrusive, our objections
to the other techniques do not lead us to endorse yet another
technique that is also intrusive and that weakens existing
privacy law.
Finally, we object to using the authorization process as the
vehicle for pursuing this change. The national security latter
exemption, because it diminishes the due process and privacy
protections for individuals, must be given the most careful
consideration. The FBI's proposal should be introduced as
separate legislation on which public hearings can be held. only
in this way can the Committee test thoroughly the FBI's case for
the exemption and hear from witnesses who object to the change.
We urge you to reject the FBI's proposal in its current
form. We are available to work with you on this issue.
Sincerely,
Janiori Goldman Michelle Meier
Privacy and Technology Project Consumers Union
American civil Liberties Union
Marc Rotenberg Evan Hendricks
Computer Professionals for U.S. Privacy Council
Social Responsibility
cc: Members, Senate Select Committee on Intelligence
The Honorable George J. Mitchell
Senate Majority Leader
The Honorable Donald W. Riegle, Jr., Chairman
Senate Committee on Banking, Housing and Urban Affairs
The Honorable Patrick J. Leahy, Chairman
Subcommittee on Technology and the Law
------------------------------
Date: Sun, 25 Jul 93 20:30:15 PST
From: "Brett Glass" <Brett_Glass@ccgate.infoworld.com>
Subject: Medical privacy and the DMV [Subject field chosen by MODERATOR]
In a recent PRIVACY Forum Digest, Waybe Madsen describes an incident in
which an EMT reported a fainting spell to the DMV. It's lucky for the poor
victim (who suffered from a brain tumor) that he didn't live in California,
where doctors are required to report ANY loss of consciousness -- no matter
what the cause -- to the DMV. After such a report has been made, it is
nearly impossible to get a driver's license again -- EVER. It's the law.
[ This seems like a rather broad statement. Some specifics
regarding this issue, by anyone who knows the details,
would be appreciated in this forum. -- MODERATOR ]
------------------------------
Date: Tue, 27 Jul 93 17:03:23 CDT
From: Chris Johnston <chris@cs.uchicago.edu>
Subject: Re: Name & Address from Phone Number in Chicago
I would expect automated Customer Name and Address (CNA) would
work like the current CNA service. Call 312-796-9600, tell the
operator the telephone number, operator either tells you it is a
non-published number or reads the name and address without zipcode,
Illinois Bell collects 35 cents.
I use it regularly to look up numbers that appear on my pager. Or
I could walk to the library and look it up in the criss cross
directory.
regards,
cj
312-786-4889
------------------------------
Date: Mon, 26 Jul 1993 16:31:36 EDT
From: Paul Higgins <VALUES%GWUVM.BITNET@VTVM2.CC.VT.EDU>
Subject: Call for Papers: Computer Network Use and Abuse Conference
CALL FOR PAPERS
The National Conference of Lawyers and Scientists (NCLS) invites
proposals for original papers to be presented at a two-and-a-
half-day invitational conference on "Legal, Ethical, and
Technological Aspects of Computer and Network Use and Abuse."
The conference, which will include 40 participants representing a
diverse set of perspectives and areas of expertise, will be held
in southern California in mid-December 1993. Up to three
successful applicants will receive travel expenses and room and
board at the conference. Papers will be included in the
conference proceedings and may be published subsequently in a
book or journal symposium.
The conference will focus on the ways in which the law, ethics,
and technology can contribute to influencing and enforcing the
bounds of acceptable behavior and fostering the development of
positive human values in a shared computer environment. Primary
attention will be on unwanted intrusions into computer software
or networks, including unauthorized entry and dissemination of
viruses through networks or shared disks. Discussions will deal
with such issues as access to information, privacy, security, and
equity; the role of computer users, academic institutions,
industry, professional societies, government, and the law in
defining and maintaining legal and ethical standards for the use
of computer networks; and a policy agenda for implementing these
standards.
Papers are invited on any aspect of the conference theme.
Especially welcome would be papers reporting on empirical
research, surveys of computer users, and case studies (other than
those that are already well-known). Interested persons should
submit a summary or outline of no more than 500 words, together
with a brief (one-page) resum and a statement (also brief) of
how one's expertise or perspective might contribute to the
meeting. Proposals will be reviewed by an advisory committee
convened by NCLS and successful applicants will be asked to
prepare papers for the meeting. Papers must be the original work
of the author, not previously published, in good academic form,
and between about 5,000 and 8,000 words (25-30 double-spaced
pages) in length.
Deadline for receipt of proposals is 5 p.m. Eastern Time,
September 15, 1993. Applicants who are selected to prepare
papers will be informed by October 1, 1993. Draft papers will be
due December 3, 1993. Final versions of the papers, revised in
light of conference discussions, will be due approximately two
months after the conference.
NCLS is an organization sponsored jointly by the American
Association for the Advancement of Science and the American Bar
Association, dedicated to improving communication between members
of the legal and scientific/technical professions and exploring
issues at the intersection of law, science, and technology.
Funding for this meeting has been provided by the Program on
Ethics and Values Studies of the National Science Foundation.
For further information please contact Deborah Runkle,
Directorate for Science & Policy Programs, American Association
for the Advancement of Science, 1333 H Street, NW, Washington, DC
20005. Phone: 202-326-6600. Fax: 202-289-4950. E-mail:
values@gwuvm.gwu.edu.
------------------------------
End of PRIVACY Forum Digest 02.27
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.