PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest      Wednesday, 29 June 1994       Volume 03 : Issue 12

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
        
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.


CONTENTS 
        Cell Phone Privacy (Lauren Weinstein; PRIVACY Forum Moderator)
        New York PSC letters to FCC and V.P. Gore regarding CNID 
           (Anthony Grego)
        Caller ID (Monty Solomon)
        Brooks Statement on Crypto (David Banisar)
        Privacy: Your Secrets For Sale (Les Earnest)
        Request for Social Security # by video rental store 
           (Michael McClennen)
        Re: Newsgroup censorship (Jerry Leichter)
        Security in Blood Donation (David Stodolsky)
        RE: Thank you, France Telecom (Geoffrey Pike)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "gopher.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 03, ISSUE 12

   Quote for the day:
        
        "I just want to get on with my life."

                -- Michael Fay, explaining why he's refusing to accept any
                   money for interviews or other projects related to his
                   recent caning in Singapore.  He also insists that he was
                   innocent (no evidence was ever presented other than his
                   confession and his being fingered by another youth, who
                   was never available for cross-examination).  Fay also
                   insists that he was physically tortured and subjected to
                   racial slurs by police during extended interrogations and
                   signed the confession only out of fear of further abuse
                   at the hands of Singapore authorities--abuse that he says
                   was actually worse than the caning itself.

                   ("Larry King Live" -- CNN -- 6/29/94)

----------------------------------------------------------------------

Date:    Wed, 29 Jun 94 10:28 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Cell Phone Privacy 

Greetings.  As a suggested topic for possible discussion, it might be
interesting to spend some time on the subject of cellular phone privacy
issues.  We all (hopefully) know that analog cell phones are easily
monitored by readily available equipment.  In areas of large user
populations where cells have become quite thickly spread (here in L.A. they
supposedly are about a mile or less apart on average) use of the system to
track the detailed physical location of a phone, even if not making calls
(so long as it is powered on) is also not at all complex.  

Fewer people realize that called number information (that is, the numbers
you call from your phone, whether or not it is a cell phone) is not
protected information in the sense most people would expect (though recent
FCC decisions have apparently limited the ability of the telcos to release
such number data to telecom service and equipment vendors without subscriber
permission).

We've seen some discussion on all sides of these issues here in PRIVACY Forum
before, but the recent O.J. Simpson events have brought the topic back into
public focus.  One particularly interesting aspect of the Simpson case was
that shortly after the now famous "chase" down the freeways, one local L.A.
television station was showing, in detail on the air, the complete cell
phone outgoing call records (time, number called, etc.) from the Simpson
vehicle.  They were also calling those numbers to try interview the people
who were called from that phone.  A few days later, they demonstrated that a
voice mail "hacker" had apparently gained access to Simpson's voicemail and
had changed the outgoing message to something rather obnoxious.

Discussion of these and related telecom privacy issues, from all sides of
the spectrum, might well be worthwhile.

--Lauren--

------------------------------

Date:    Wed, 22 Jun 1994 15:14:45 +0500
From:    gregoa@lucas.emi.com (Grego)
Subject: New York PSC letters to FCC and V.P. Gore regarding CNID

   [ This message was received directly from the NY PSC for
     publication in PRIVACY Forum.  Please be sure to send any
     replies to the postal address indicated, not to the email
     address of the sender.  -- MODERATOR ]

          These attached letters from New York State Public Service
Commission Chairman Peter A. Bradford to Federal Communicatons
Commission Chairman Reed Hundt and Vice President Albert Gore are
being forwarded to alert you to a recent FCC ruling (Docket 91-281)
that could affect the privacy interests of telephone consumers if
it takes effect as planned.  Send comments to:  NYS PSC, Consumer
Services Division, 3 Empire State Plaza, Albany, NY  12223.
 
_____________________________________________________________________


                             STATE OF NEW YORK
                         PUBLIC SERVICE COMMISSION
                               ALBANY  12223





                                 June 1, 1994




Reed Hundt, Chairman
Federal Communications Commission
1919 M Street, N.W.
Washington, DC   20554

Dear Chairman Hundt:

          I am writing to express my concern about the Federal
Communications Commission's recent decision (Docket #91-281)
limiting the range of privacy protections available to telephone
callers in connection with Call ID service.  The potential
preemptive features of this decision undermine  sensible allocation
of responsibility between state and federal jurisdictions, namely
that the federal government preempt only where issues of overriding
national concern are clearly at stake and then only after strong
proof that no alternative approach will protect the national
concerns.

          All of these essential elements (clear national concern,
strong proof, and the absence of other alternatives) are lacking
here.  Instead, the casual reasoning and the destructive remedy
mock stated Clinton Administration eagerness to work with the
states to assure that telecommunications decisions are sensitive to
important consumer issues.

          The FCC's decision appears to ignore the states'
considerable experience with Call ID.  Prior to its authorization
of Call ID, the New York Public Service Commission (like many other
states) conducted extensive customer outreach and education
programs to determine how best to balance the privacy interests of
the calling and called parties.  Many witnesses, including
psychiatrists, social workers, police, other public safety
officials, as well as family violence crisis centers, saw danger
and/or nuisance in Call ID without the option of per line blocking.

          These hearings established that privacy protection
consisting only of per call blocking represents the worst of all
worlds.  The harassing caller is unlikely to forget to use per call
blocking.  It is the customer who does not realize the implications
of the availability of Call ID to commercial number gatherers (or
others who may abuse it) who is likely to make his or her telephone
number inadvertently available.  As a result, we concluded that in
New York callers should have the option of both per call and per
line blocking.  Since Call ID service was approved with these
options two years ago, no complaints have been received from either
Call ID subscribers or callers on the issue of blocking. 
Furthermore, the market for Call ID does not seem to be hurt by the
availability of per line blocking, for subscription rates are at
least as high in states with per line blocking as elsewhere.

          Nevertheless, the FCC decision contemplates preemption of
state requirements inconsistent with a federal per-call-blocking-
only regime.  Since per line blocking only for intrastate calls
does not seem feasible, New York's standard (and those of some 40
other states) will be preempted.  Protracted litigation over the
FCC decision is certain and may impede the introduction of
interstate Call ID service.  Several states, including New York,
are seeking reconsideration of the FCC decision and California has
challenged the FCC order in court.  Customer confusion and
disappointment with limitations on privacy options will spawn a
host of complaints.

          Furthermore, it will be hard for state regulators to
justify the current surcharge for unpublished listings while
telephone companies market a service that compromises the value of
those listings.  I have enclosed a recent New York notice raising
this concern for parties in two major cases.  Telephone companies
are not likely to go forward with Call ID if they must forego tens
of millions of dollars per year in charges for unpublished numbers.

          I hope that the FCC will think again about the impact of
this decision.  It is likely to damage the prospects for Call ID,
and it is certain to damage federal-state relations in the
communications area at a time when much depends on our mutual trust
and cooperation.

                                 Sincerely,



                                 Peter Bradford


Enclosure

_____________________________________________________________________


                             STATE OF NEW YORK
                         PUBLIC SERVICE COMMISSION
                              ALBANY   12223





                                 June 6, 1994




The Honorable Albert Gore
Vice President of the United States
Old Executive Office Building
Washington, DC   20510

Dear Mr. Vice President:

          During your meeting in early March to discuss
telecommunications issues with a group of state utility regulators,
you emphasized in firm and welcome terms that the Clinton
Administration would not be using federal preemptive authority in
alliance with particular economic interests to centralize
telecommunications policymaking in Washington.  Since then, NARUC
has worked productively with your office on a number of issues.

          Unfortunately, the divisive preemption issue has now
manifested itself again in an FCC decision that will sweep aside
diverse privacy protections carefully crafted over several years
(without adversely affecting the market for the service in
question) to suit the differing privacy needs and expectations of
our consumers.  The matter is explained in more detail in the
enclosed letter to Chairman Hundt at the FCC.

          Having chaired public hearings on this issue myself, I
know how strong the concerns around the Call ID issue are.  For
every consumer who views this technology as the best deterrent to
obscene callers, another consumer foresees a surge in nuisance
calls as a result of number trapping by those compiling lists for
sales to telemarketers.  For every consumer who believes that this
technology will allow them to let unwanted calls go unanswered,
another (perhaps a family violence center, a probation officer or
a psychiatrist) fears inadvertently disclosing a home telephone
number to someone threatening.

          Here in New York, the Public Service Commission and the
Legislature put a lot of time and effort into balancing the
potentials of the technology with the expectations of different
consumer groups.  In Maine, public concern was so great that the
privacy protections were written into state law.  In Pennsylvania
they were a subject of Supreme Court review.  The FCC decision
purports to eliminate the balancing achieved by these agencies,
legislatures and courts as well as those of many other states.

          Furthermore, this undertaking is likely to backfire
expensively on the technology that it is intended to promote, as
did past federal preemptive lunges on such topics as atomic power. 
Any telephone company choosing to offer Call ID without per line
blocking may have to forego much of its revenue from charges for
unpublished numbers, since the value of such numbers will be
reduced or eliminated if their privacy protection is not
maintained.  Because the revenues lost will not be made up by
revenues from Call ID, the fate of the service and the technology
that the FCC is trying to promote is at best uncertain.

          I appreciate that the FCC is an independent regulatory
agency.  However, the National Telecommunications and Information
Administration and the Department of Justice have been involved in
this proceeding, so avenues do exist for a clear Administration
reiteration of the need for flexibility and responsiveness to local
consumer concerns.  Indeed, NTIA has already asserted that FCC
preemption here would be "premature" and wisely advocates learning
from experience about the possibility that somewhat different
federal and state standards can coexist.

          Thanks for any assistance that you can give us on this
matter.
                                 Sincerely,




                                 Peter Bradford


Enclosure

_____________________________________________________________________

------------------------------

Date:    Wed, 29 Jun 1994 11:27:12 -0400
From:    Monty Solomon <monty@roscom.COM>
Subject: Caller ID

Excerpts from EPIC Alert 1.03

=======================================================================
 [3] FCC Caller ID Decision Appealed
=======================================================================

Several state utility commissions, including New York's and
California's, have petitioned the Federal Communications Commission to
reconsider its controversial Caller ID decision. The petitions ask the
FCC to reverse its decision mandating per-call blocking for interstate
calls and its preemption of state regulations. The commissions are
concerned that the federal regulation will limit consumer privacy
protection for intra-state calls.

It is uncertain if the FCC will take the unusual action of accepting
the petitions. Since the Caller ID decision was released in April, two
new commissioners have joined the FCC. A total of 48 parties,
including telephone companies who are concerned about which party is
charged the cost of transmitting the information, have filed petitions
asking the FCC to reconsider its decision.

Per-call blocking, which is favored by telephone companies, requires
that a caller to enter a series of numbers into their telephone before
each call to prevent their number from being distributed. Under
per-line blocking, privacy blocking is the default and the caller may
opt to release their number.

The New York Public Utility Commission's petition notes that "there is
no technological bar to enabling each state to designate per line or
per call blocking and have that privacy notation affixed to that
caller's phone calls both intra and interstate." The PUC calls on the
FCC, which did not hold a single hearing on Caller ID, to review the
decisions of the many states that did hold hearings.

Professor Rohan Samarajiva of Ohio State University, who also filed
for reconsideration, found that 46 states held hearings on Caller ID
before the FCC issued their final decision. He found that as
information became more available on Caller ID, the state utility
commissioners increasingly required that per-line blocking be offered
in addition to per-call.  By 1994, 33 jurisdictions developed rules
with stronger privacy protection than the FCC decision. 18 states
require per-line blocking be offered to all consumers, including
Pennsylvania, Ohio, California and New York.

CPSR has also filed a petition asking the FCC to revise its decision.
CPSR calls for free per-line blocking and note the additional burden
of per call blocking will cost consumers who have unlisted telephone
numbers $1.2 billion each year through the disclosure of unlisted
numbers.  They describe the FCCUs suggestion that consumers who wish
to ensure that their numbers remain private purchase equipment as
Runreliable and discriminatory.S

In addition, the California PUC has filed suit in the 9th Circuit
Court of Appeals, asking the court to overturn the ruling and prevent
its implementation.

The FCC decision on Caller ID and the CPSR Petition for
Reconsideration are available from cpsr.org. See below for details.

------------------------------

Date:    Tue, 14 Jun 1994 14:20:25 -0400
From:    David Banisar <Banisar@epic.org>
Subject: Brooks Statement on Crypto

  The following statement by Rep. Jack Brooks (D-TX) was today 
  entered in the Congressional Record and transmitted to the 
  House Intelligence Committee.  Rep. Brooks is Chairman of the 
  House Judiciary Committee and played a key role in the 
  passage of the Computer Security Act of 1987 when he served 
  as Chairman of the House Government Operations Committee.
  
  David Sobel <sobel@epic.org>
  Legal Counsel
  Electronic Privacy Information Center
  
  
  =============================================================
  
                 ENCRYPTION POLICY ENDANGERS U.S. 
              COMPETITIVENESS IN GLOBAL MARKETPLACE
  
  
       For some time now, a debate has been raging in the media 
  and in the halls of Congress over the Administration's 
  intention to require U.S. corporations to use and market the 
  Clipper Chip, an encryption device developed in secret by the 
  National Security Agency.
  
       The Clipper Chip will provide industry and others with 
  the ability to encode telephone and computer communications.  
  The use of the Clipper Chip as the U.S. encryption standard 
  is a concept promoted by both the intelligence and law 
  enforcement communities because it is designed with a back 
  door to make it relatively easy for these agencies to listen 
  in on these communications.
  
       The law enforcement and intelligence communities have a 
  legitimate concern that advances in technology will make 
  their jobs more difficult.  But the issue here is whether 
  attempts to restrict the development, use and export of 
  encryption amounts to closing the barn door after the horse 
  has already escaped.
  
       The notion that we can limit encryption is just plain 
  fanciful.  Encryption technology is available worldwide -- 
  and will become more available as time goes on.
  
       First, generally available software with encryption 
  capabilities is sold within the U.S. at thousands of retail 
  outlets, by mail, even, over the phone.  These programs may 
  be transferred abroad in minutes by anyone using a public 
  telephone line and a computer modem.
  
       Second, it is estimated that over 200 products from  
  some 22 countries -- including Great Britain, France, 
  Germany, Russia, Japan, India, and South Africa -- use some 
  form of the encryption that the Government currently 
  prohibits U.S. companies from exporting.  According to the 
  May 16, 1994 issue of _Fortune_, not only are U.S. companies 
  willing to purchase foreign encryption devices, American 
  producers of encrypted software are also moving production 
  overseas to escape the current export controls.
  
       Third, encryption techniques and technology are well 
  understood throughout the world.  Encryption is routinely 
  taught in computer science programs.  Text books explain the 
  underlying encryption technology.  International 
  organizations have published protocols for implementing high 
  level encryption.  Actual implementations of encryption -- 
  programs ready to use by even computer novices -- are on the 
  Internet.
  
       The only result of continued U.S. export controls is   
  to threaten the continued preeminence of America's computer 
  software and hardware companies in world markets.  These 
  restrictive policies jeopardize the health of American 
  companies, and the jobs and revenues they generate.
  
       I support, therefore, the immediate revision of current 
  export controls over encryption devices to comport with the 
  reality of worldwide encryption availability.
  
       I believe law enforcement and the intelligence community 
  would be better served by finding real, and targeted ways to 
  deal with international terrorists and criminals rather than 
  promoting scattershot policies, which restrict American 
  industries' ability to design, produce and market technology.
  
       Now -- more than ever -- we cannot afford to harm our 
  economic competitiveness and justify it in the name of 
  national security.

------------------------------

Date: Sun, 12 Jun 94 17:39:31 -0700
From: Les Earnest <les@sail.stanford.edu>
Subject: Privacy: Your Secrets For Sale

   [ From RISKS-FORUM Digest, Volume 16 : Issue 15, 15 June 94 
                                                  -- MODERATOR ]

ABC's Nightline programs on June 9 & 10 focussed on invasions of privacy that
are facilitated by computers and other electronic media.  The program mainly
covered things that we are familiar with but performed a valuable service, I
believe, by bringing some important privacy issues to the attention of the
general public in a fairly clear and direct way.

The program began with Ted Koppel presenting results of a public opinion poll
on two questions:

  Is the sale of records to mail order companies an invasion of privacy?
    YES - 73%  NO - 27%

  Are you concerned about threats to your privacy?
    YES - 85%  NO - 15%

Koppel went on to assert that the amount of personal information that is
available online is currently quadrupling each year.  An interview followed
with an information broker named Al Schweitzer, who they mentioned is
currently on probation for bribery in connection with information gathering.
They gave him names and social security numbers of a couple of people and he
showed that in less than 24 hours he could get a great deal of information
about them from legal sources, including their residential addresses going
back a number of years, the amounts of all outstanding loans and credit card
debts and terms of a divorce settlement.

Schweitzer could not resist mentioning that he could get additional
information, including detailed phone bills and lists of credit card purchases
through illicit but readily accessible channels and could get the person's
income through another such channel at a cost of $50.  He showed a list of
kinds of information, both legal and illegal, that are available and the
schedule of fees for these services.

There was a discussion of the fact that state and local governments sell a
great deal of information to direct marketers, including voter registration,
property owners lists, court records, and (in many states) motor vehicle and
drivers license registrations.  These agencies derive a great deal of income
from selling this information, which has assisted direct marketers to keep
track of 80 million Americans.  Thus they have a mutually beneficial
relationship, arguably at the expense of the public.

It was mentioned that Barbara Boxer's bill, which has passed the U.S.  Senate,
would restrict dissemination of information by all state departments of motor
vehicles.

They interviewed a "reformed hacker" named Ian Murphy who is now a security
consultant.  Murphy pointed out that all calls to 800 or 900 numbers make the
caller's phone number available and that with a computer and an available
database this can be mapped into the subscriber's name and address.  He also
discussed how it was possible to intercept a telephone conversation from a
specific cellular phone.  He noted that this is illegal but that it is almost
impossible to catch anyone who does it.  He concluded that "Laws can't keep up
with technology."

In a discussion of the Clipper Chip there was a short interview with John
Perry Barlow in which he remarked that with it "The government can sit in your
living room and hear everything you say."

A woman from Houston, Texas, named Carol Gibbs told her horror story about
having her credit usurped by another person and the fact that it has taken her
two years to get her life back together.

It was pointed out that even though it is now illegal to sell video rental
records, it is perfectly legal to sell personal medical records!

The second program concluded with a discussion between Koppel, Schweitzer,
Sally Katzen of the "Clinton Privacy Group" and Representative Ed Markey, who
discussed his proposed "Privacy Bill of Rights."  Markey said that this bill
would impose two requirements:

(1) That individuals must be given knowledge that information is being
    gathered about them electronically;

(2) Individuals must be given notice when information that has been
    gathered is proposed to for a use other than the one for which it
    was gathered.

Katzen mentioned that it has been over 20 years since the Code of Fair
Information Practices was developed and that technology has changed
substantially: in 1973-74 most records were paper-based but computer-based
records now dominate.  She asserted that the law has to catch up.

In parting it was mentioned that a representative of one of the "big three"
credit information houses had originally agreed to participate in the
discussion but decided not to come after learning who else would be there.

        -Les Earnest

------------------------------

Date:    Mon, 13 Jun 1994 10:56:19 -0400
From:    Michael McClennen <michaelm@eecs.umich.edu>
Subject: Request for Social Security # by video rental store

Since I finally broke down and bought a VCR last year, I recently
joined a video rental club operated by a national video rental chain
(the way these stores operate, you have to be a member of the club in
order to rent videos).  Among the items on the application form was a
request for my social security number.

As an astute reader of PRIVACY and RISKS, I proceeded to point out to
the clerk that this was a problematic request on their part since it
gives both the company and any employees who happen to see the number
an easy means to steal my money, information, and identity should they
be so inclined.  Her response was that company policy is to demand a
social security number from each member, since that is the only
reliable means they have of tracking someone down if they leave town
without returning rented videos.

My question is this: does this seem like a reasonable policy, from the
perspective of society as a whole?  They seem to want my social
security number precisely so that they can invade my privacy if they
believe I have absconded with their merchandise, rather than going
through the legally available (if slower and less certain) channels
for recovering same.

BTW, I wimped out and gave it to them anyway.  I eventually decided
that anyone who really wants my SS# can probably find it out anyway.

Michael McClennen
EECS Department
The University of Michigan

------------------------------

Date:    Mon, 13 Jun 94 08:57:06 EDT
From:    Jerry Leichter <leichter@lrw.com>
Subject: re: Newsgroup censorship

Thomas Swiss argues that for a university to provide Usenet services, but to
refuse to carry certain newsgroups, is at least close to censorship, based on
the following analogy:  What would be our reaction if the university library
subscribed to the Wall Street Journal, but removed the editorial page?

The problem with such an analogy - as with any analogy - is that first one
has to argue that the analogy itself is apt.  Is it censorship if the univer-
sity library subscribes to the Journal and the New York Times, the Washington
Post, and a number of other major newpapers - but declines to subscribe to the
National Enquirer?  If it subscribes to the Atlantic, Scientific American,
and hundreds of other journals, but chooses not to subscribe to Big Boobs and
Spread Legs?  I doubt many would feel it is.

What is the basis for viewing the entire constellation of Usenet newgroups
as a single entity, which one must take whole (alt.sex.bestiality along with
sci.physics.research) or not all?  The only thing the two have in common
is the technology used to deliver them - about what Physical Review Letters
and Spread Legs have in common.

Traditional publications have a unity that stems from the ownership and con-
trol of the publication by a particular person or organization.  We think of
the publication itself as having a characteristic point of view.  This point
of view is always evident in the general subject matter of articles that the
controlling entity chooses to publish; depending on the publication, it may or
may not be evident in things like political slant.  Similarly, most individual
newsgroups have at the least a characteristic and recognizable subject matter.
In the case of moderated groups, there is even a controlling entity, not very
different from a traditional magazine's editor.  But such an identity is seen
by readers to exist even in unmoderated groups, as should be clear from the
reactions to Canter's "Green Card" advertising.

I submit that "Usenet" is no more a publication with any discernable identity
than the collection of all the magazines on the racks at the corner store is
a publication.  It is thus a complete misapplication of the word "censorship"
to apply it to the choice of newsgroups carried by a university server.

                                                        -- Jerry
------------------------------

Date:    Sun, 12 Jun 94 22:57:10 +0200 (CET)
From:    david@arch.ping.dk (David Stodolsky)
Subject: Security in Blood Donation

This is the abstract of a research proposal submitted
to the Nordic Council's social science committee for 
comparative research. It includes participants from all 
Scandinavian countries. I am now looking for additional funding
options and for participants from other countries.
---------------------------------------------------

Security in Blood Donation: 
Privacy Protection and the Safety of Donated Blood.

Abstract

Improved methods of data collection and improved data security
can enhance blood donors' privacy. Better privacy for donors
reduces the risk that sensitive data are withheld and increases
flexibility in data utilization. Therefore, privacy enhancement
can improve the safety of donated blood and ease identification
of new infectious agents. The first phase of this project
investigates the acceptability and feasibility of computer
interviewing and improved data security. Rate of elicitation of
HIV-related risk factors and judged privacy are expected to be
greater in computer interviews as compared to traditional
interviews. Perceived desirability of cryptographic data
security is expected to vary widely among countries because of
differing data protection regulations. Feasibility of an
enhanced donor data security system will be assessed in view of
current chip-card initiatives in different countries.

The second phase integrates computer interviewing into blood
bank operations and pilot tests the enhanced security system.
Notification methods which preserve donor privacy will also be
tested at this stage. Harmonization of data security methods
among the participating countries will be investigated from a
comparative ethical and legal perspective. Phase three involves
deployment of an integrated interviewing, notification, and
data security system. Data collection started in phase one will
continue throughout the study. Methods for automatic detection
of clusters of risk factors and biological markers will be
investigated. Secure and harmonized data collection will permit
early warning of risks to the safety of donated blood in the
cooperating countries.

David S. Stodolsky, PhD      Internet: stodolsk@andromeda.rutgers.edu
Inst. of Political Science               Internet: david@arch.ping.dk
Univ. of Copenhagen, Rosenborgg. 15            Tel.: + 45 32 97 66 74
DK-1130 Copenhagen K, Denmark                   Fax: + 45 31 59 76 44

------------------------------

Date:    Sun, 12 Jun 94 14:59:41 PDT
From:    Geoffrey Pike <t-geoffp@microsoft.com>
Subject: RE: Thank you, France Telecom

>From:    Technology Strategy & Architecture
>[...]
>Wednesday at the airport I was trying urgently to reach someone by phone,
>but kept getting a busy signal.  I took my card out of the phone and walked
>away.  Later I came back to the same phone, inserted my card, and pressed
>the redial button.  It not only redialed my number, it displayed it on the
>screen.
>
>Obvious privacy risk.  It was convenient at the moment, but I'd far rather
>the number be erased when the card is removed from the phone.

It may be obvious to you, but it isn't to me. When you push the redial button,
what number is redialed: the last number that was dialed using your card
or the last number that was dialed on that phone? Either interpretation is
consistent with your story.  It makes a big difference.

Geoff Pike
pike@cs.berkeley.edu

------------------------------

End of PRIVACY Forum Digest 03.12
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.