|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Friday, 13 September 1995 Volume 04 : Issue 22
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy,
and the Data Services Division
of MCI Communications Corporation.
CONTENTS
Privacy Brief (Lauren Weinstein; PRIVACY Forum Moderator)
Re: SSNs for E-mail addresses! (Mark W. Eichin)
Where Caller ID Is Headed (Beth Givens)
Electronic road taxation in Singapore (Phil Agre)
Announcement: Alert Mailing List (Christopher Klaus)
National Privacy & Public Policy Symposium
(RAKEROYD@csunet.ctstateu.edu)
------------------------------
--- Happy Friday the 13th! ---
------------------------------
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com/". Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW
server at the URL: "http://www.vortex.com".
-----------------------------------------------------------------------------
VOLUME 04, ISSUE 22
Quote for the day:
"It's much too dangerous to jump through
the fire with your clothes on."
-- Lord Summerisle (Christopher Lee)
"The Wicker Man" (1973)
----------------------------------------------------------------------
Privacy Brief (Lauren Weinstein; PRIVACY Forum Moderator)
---
The federal appeals court in Denver has ruled that it is unconstitutional
for police to scan homes with heat-sensing equipment in an attempt to detect
suspected criminal activity, without a warrant. The case involved the use of
infrared imaging equipment where marijuana growth within a home was
suspected. In its 3 to 0 decision, the court also noted that four federal
appeals courts in other circuits have ruled in exactly the opposite manner,
which would appear to make the long-term impact of this decision somewhat
questionable, to say the least. No evidence was suppressed in this case,
since other valid grounds for a search warrant, which were not related to
the thermal imaging, were found to be valid.
------------------------------
Date: Sat, 30 Sep 1995 12:05:28 -0400
From: "Mark W. Eichin" <eichin@cygnus.com>
Subject: Re: SSNs for E-mail addresses!
I was once told that Bell Atlantic used a compressed form of SSN (==
Employee ID number) as part of the email address. (Perhaps they still
do, though I've seen more normal addresses as well.) I don't recall
the exact encoding, but I note that a 9 digit number easily fits in 7
lower case characters or if you allow numbers as well, 6 characters.
(I believe they use the latter with a prefix, though if you break up
the pieces, 999-99-9999 could encode as 11-c1-hz1 if 0->a, 25->z,
26->0 through 36->9.)
And of course just about everyone has their email address printed on
their business card...
------------------------------
Date: Mon, 9 Oct 1995 13:13:29 -0700 (PDT)
From: Beth Givens <bgivens@pwa.acusd.edu>
Subject: Where Caller ID Is Headed
Thanks to the many readers of this forum who have responded to my
recent posting asking how Caller ID works in your states. (FYI,
California is one of only two states which does not now have Caller
ID, although it is likely to be offered here in the coming months.)
The information you have provided is most useful.
You might be interested in a recent Caller ID story from Missouri.
Southwestern Bell, the major local telephone company in that state,
recently announced a new service called Caller Intellidata, which
would be available to businesses. It is essentially "an
embellishment of Caller ID," according to Jerri Stroud, a reporter
for the St. Louis Post-Dispatch. She described the service in
stories appearing October 5 and 6, 1995. Here are excerpts:
"The new service would package the Caller ID information with the
caller's address and demographic information compiled by Equifax
Inc., a national credit reporting and information service....
"Bell proposes to sell businesses monthly reports about their
callers. The reports would include the date and time of each call,
the caller's name, telephone number, street address, city, state,
nine-digit zip code and whether the number is a resident or
business....
"The company would also give businesses a statistical profile of
their customers as a group, using demographic information from
Equifax...The information would include income, lifestyle,
education, neighborhood and other information from census reports.
A Bell spokesman said the demographic information cannot be tied to
a specific caller..."
The Public Counsel for Missouri, Martha Hogerty, objected to the
service, saying that it "smacks of Big Brother." She said
"Consumers should not be forced to become statistics in a marketing
study merely by placing a telephone call." She called the service
"an abuse of the company's local telephone monopoly."
The next day Southwestern Bell withdrew its plans and said it would
reintroduce Intellidata after the regulators have a chance to
understand it better.
Apparently Caller Intellidata is already in place in other
Southwestern Bell cities: Houston and Austin, Texas, and Wichita
and Topeka, Kansas.
It should be noted that phone customers in the state of Missouri do
not have the ability to use Per Line Blocking for their outgoing
telephone numbers, only Per Call Blocking. This means that for each
call they make, they must dial *67 before dialing the phone number
in order to prevent their calling number ID from being transmitted
to the display device of the call recipient.
In most other states, phone customers can sign up for Per Line
Blocking, which automatically blocks every number from being
delivered. Customers can unblock the number by entering another
code before dialing the number.
Southwestern Bell's use of Caller ID data in its Caller Intellidata
service is, I believe, a good indicator of what is yet to come on
a much larger scale. This type of transaction-generated data is far
too lucrative for business marketing applications to be allowed to
be limited strictly to billing purposes.
One of the many things that concerns me about the proposed
Southwestern Bell use of Caller ID data is that phone customers
were apparently not going to be notified about the proposed usage.
Nor were they going to be given the opportunity to opt-out of such
usage. In addition, they do not even have the ability to put the
Per Line Blocking feature on their phone line.
Beth Givens Voice: 619-260-4160
Project Director Fax: 619-298-5681
Privacy Rights Clearinghouse Hotline (Calif. only):
Center for Public Interest Law 800-773-7748
University of San Diego 619-298-3396 (elsewhere)
5998 Alcala Park e-mail: bgivens@acusd.edu
San Diego, CA 92110
[ In a phone conversation Beth and I had recently regarding
this "service", a couple of other interesting points were
discussed. First, while we assume that customers with
non-published telephone numbers are protected from having
their addresses disclosed by the telco, this is not made
clear from available information regarding the service.
Beth pointed out that such a service, at least in terms of
the telephone company releasing customer addresses, would
probably not be possible to such an extent in areas (such
as California) where more stringent regulations concerning
the release of customer information have been put into
place. However, it is still possible that a great deal of
information, much of it probably "stale" (inaccurate through
age) might be tied to customer phone numbers through third
party sources.
-- MODERATOR ]
------------------------------
Date: Thu, 12 Oct 1995 09:49:39 +0100
From: agre@laforia.ibp.fr
(AGRE Phil 44.27.71.39 Professeur invite d'A Collinot)
Subject: electronic road taxation in Singapore
The International Herald Tribune reports that the government of Singapore
has awarded a S$197 million (US$140 million) contract to Philips Singapore,
Mitsubishi Heavy Industries, Miyoshi Electronics, and its own Singapore
Technologies group to build the first phase of an electronic system for
automatic collection of taxes ("tolls") aimed at regulating demand for the
country's road capacity. The full reference is:
Michael Richardson, Singapore moves toward electronic tolls for vehicles,
International Herald Tribune, 10 October 1995, page 4.
Such systems have raised significant civil liberties concerns because, unless
care is taken in their design, they can lead to the creation of electronic
records of drivers' movements. The article does not comment on the civil
liberties aspects of the Singapore system or on the Singapore government's
highly controversial record on privacy and other civil liberties issues. It
does say that the "smart cards", which "will be slotted into small holders
mounted inside the windshield", will be debit cards from which "charges will
be deducted from credit stored in the cards" by means of interactions with
"electronic scanners mounted on gantries leading to congested areas and busy
highways". It does not say how compliance with the system will be enforced.
Nonetheless, the system does create one clearly ominous precedent: these cards
will be "installed on all of Singapore's 650,000 motor vehicles" (emphasis
added). This kind of coercion is needed, for all practical purposes, to
implement an electronic road-use taxation system, also known by the somewhat
misleading term "congestion pricing". Transportation officials in the United
States have repeatedly asserted that such systems in this country will be
"voluntary", yet moves toward congestion pricing are under way in several
parts of the country. It is not at all clear how these two trends will
be reconciled -- unless, of course, submitting to electronic monitoring of
one's road travel is "voluntary" in just the same sense that driving a car at
all is voluntary. In any event, the developments in Singapore redouble the
urgent need to develop, implement, and standardize technologies for anonymous
electronic toll collection systems.
Phil Agre
------------------------------
Date: Mon, 9 Oct 1995 16:13:20 +1494730 (PDT)
From: Christopher Klaus <cklaus@iss.net>
Subject: Announcement: Alert Mailing List
Announcing a new security mailing list - The Alert.
The Alert will be covering the following topics:
- Security Product Announcements
- Updates to Security Products
- New Vulnerabilities found
- New Security Frequently Asked Question files.
- New Intruder Techniques and Awareness
To join, send e-mail to request-alert@iss.net and, in the text of your message
(not the subject line), write:
subscribe alert
To remove, send e-mail to request-alert@iss.net and, in the text of your message
(not the subject line), write:
unsubscribe alert
This is a moderated list in the effort to keep the noise to a minimal and
provide quality security information.
If your site is interested in network security, we put out several
FAQes (Frequently Asked Question) that cover the following main areas
of topic:
Vendor Contacts
- Who is the security contacts at IBM, HP, Dec, Motorola, etc.
- Web page at: http://iss.net/iss/vendor.html
Patches
- List of all security related patches catergorized by OS type.
- Web page at: http://iss.net/iss/patch.html
Compromise
- Check list of things to do if your machines are compromised.
- Web page at: http://iss.net/iss/compromise.html
Anonymous FTP Security
- How to correctly set up FTP and check for vulnerabilities.
- Web page at: http://iss.net/iss/anonftp.html
Sniffers
- What they are. How they work. How to detect them. And solutions.
- Web page: http://iss.net/iss/sniff.html
Security Mailing Lists
- A comprehensive list of security mailing lists.
- Web page: http://iss.net/iss/maillist.html
If possible, it might be a good idea for you to add links to the above
web pages on your own Web server and point people who need to know
some of the network security issues to the web page. It is
possible to point to all of the FAQ pages at:
http://iss.net/iss/faq.html
--
Christopher William Klaus Voice: (770)441-2531. Fax: (770)441-2431
Internet Security Systems, Inc. "Internet Scanner lets you find
2000 Miller Court West, Norcross, GA 30071 your network security holes
Web: http://iss.net/ Email: cklaus@iss.net before the hackers do."
------------------------------
Date: Wed, 11 Oct 1995 19:12:50 -0400 (EDT)
From: RAKEROYD@csunet.ctstateu.edu
Subject: National Privacy & Public Policy Symposium -- Registration Form
NATIONAL PRIVACY AND PUBLIC POLICY SYMPOSIUM
HISTORY IN THE MAKING -- Privacy is a vague concept that has assumed an
increasingly important role in many areas of national debate. From questions
of abortion and crime prevention to international commerce and emerging
technologies, policy-makers are confronting ever more and difficult choices
involving the sanctity of the person on the one hand, and societal efficiency
on the other. Yet privacy has neither been studied nor defined comprehensively
to address both traditional relationships and the many new ones produced by a
rapidly evolving society.
The Connecticut Foundation for Open Government, Inc. ("CFOG"), a tax exempt,
non-profit corporation, is sponsoring a first-ever symposium to effectively
remedy this omission. The ultimate goal of the symposium is to create a
comprehensive definition of "privacy," tailored to contemporary and foreseeable
needs, that can be used in formulating public policy on a broad range of
privacy-related issues. To meet this goal, the symposium for the first time
will bring together some of the best minds and leading experts from a host of
disciplines to explore and discuss the many complex issues that ought to be
considered in a comprehensive definition.
THE PROGRAM -- The program will consist of plenary sessions, focused panels and
featured speakers. Participants represent a broad spectrum of perspectives and
backgrounds. The first plenary session will present a social and legal history
of privacy. This will provide the intellectual setting for consideration of a
new and comprehensive definition of privacy. In addition to featured speakers
at some meals, there will also be a series of concurrent panel discussions
covering an array of disciplines in which privacy issues are a significant
concern. The disciplines and key privacy issues that will be discussed include:
Bio-technology and Medicine Info. and Communications Technologies
! Euthanasia and prolongation of life
! "Information superhighway"
! Genetic engineering and testing ! "Smart cards"
! Medical "smart cards" ! Transmitting personal information
! Physician-patient relationship ! Wiring car, home and person
Business Journalism
! Credit and customer information ! Primacy of privacy or news
! Direct and targeted advertising ! Privacy and "live" journalism
! Employee drug testing ! Private and public figures
! Institutional security ! Public places and private property
Economics of Information Law
! Accurate, secure personal data ! Future of the tort law of privacy
! Computer matching ! Government and the family
! Databases: too much information? ! Government and one's body
! Use and ownership of personal data ! Government and one's home and
property
Gov. Information Practices and FOI National Security and Law Enforcement
! Accurate, secure personal data ! "Clipper chip"
! Collecting and revealing personal ! Criminal history information
data ! Electronic "bugging" and surveillance
! Privacy rights of the deceased ! Intelligence dossiers and databases
! Social security numbers
The final plenary session will consist of reports by each panel chairperson and
a moderated discussion that will attempt to synthesize the various issues and
positions into a comprehensive definition of privacy.
The Symposium Reporter will prepare a final report which will include the
history of privacy, pre-symposium papers for each panel, a summary of the final
plenary session, an analysis of the work of the symposium, and a comprehensive
definition of privacy.
THE FACULTY
Moderator -- Claire L. Gaudiani, Ph.D. Dr. Gaudiani is the President of
Connecticut College, a prestigious liberal arts college located in New London,
CT. She has become widely known as an advocate of global civic virtues. She
was responsible for Connecticut College's sponsorship of the first
International Conference on Ethics in Government held in Washington in 1994.
Most recently she participated in the United Nations Summit on Global Social
Development in Copenhagen. Dr. Gaudiani has an expertise in public policy
development, a knowledge of the concepts of privacy and the facility to lead a
diverse group of exceptionally able people in a structured, yet open, discourse.
Privacy Scholar -- Professor Alan F. Westin. Professor Westin is Professor of
Public Law and Government at Columbia University. He is perhaps the preeminent
scholar of privacy in the United States, having specialized for four decades in
the social, ethical and legal impacts of information on individuals,
organizations and society. He also maintains a continuing special interest in
medical confidentiality and health-information-systems privacy issues. Among
his many publications, Professor Westin's award-winning book Privacy and
Freedom is considered the leading work in its field. Professor Westin is the
founder and Publisher of Privacy and American Business, a non-profit bi-monthly
national report and information service and is senior advisor and consultant to
numerous government panels and national and multi-national companies.
Reporter -- Harry A. Hammitt. Mr. Hammitt is both a lawyer and a journalist.
He is Publisher and Editor of Access Reports and is internationally recognized
as a leading expert in the field of information access and privacy.
Panel Chairpersons -- Thomas Blanton, Executive Director, National Security
Archives (National Security and Law Enforcement); Anne Wells Branscomb, Center
for Information Policy Research, Harvard University (Economics of Information);
Ann Cavoukian, Assistant Commissioner for Privacy, Ontario, Canada
(Bio-technology and Medicine); Robert Gellman, privacy and information policy
consultant (Government Information Practices and Freedom of Information);
Janlori Goldman, Deputy Director, Center for Technology and Democracy
(Business); Victor Kovner, partner, Lankenau, Kovner and Kurtz (Law); Paul Evan
Peters, Executive Director, Coalition for Networked Information (Information
and Communications Technologies); and Herbert Strentz, Professor, Drake
University School of Journalism and Mass Communication(Journalism).
Panelists Include -- Alan Adler, Attorney, Cohn & Marks; Edward Appel, chief of
counterintelligence, National Security Council; Kathleen A. Callaghan, former
Dir., Hawaii Office of Information Practices; James X. Dempsey, Dpty. Dir.,
Center for National Security Studies; Mark Effron, V.P. and News Director, WFSB
TV; Ralph G. Elliot, Attorney, Tyler Cooper & Alcorn; John Fanning, Policy
Analyst, Public Health Service; John A. Ford, V.P., Equifax, Inc.; Robert J.
Freeman, Ex. Dir., N.Y. State Committee on Open Government; Gerald Gates,
Chair, Privacy Group, National Information Infrastructure Advisory Committee;
Gerald R. Green, Professor of Economics, Harvard University; Jane Kirtley, Ex.
Dir., Reporters Committee for Freedom of the Press; Steven Levy, Fellow,
Freedom Forum Media Studies Center, Columbia University; David Malkin, MD,
Hospital for Sick Children Foundation; Kate Martin, Ex. Dir., Center for
National Security Studies; Roger G. Noll, Professor of Economics, Stanford
University; Barbara A. Petersen, Ex. Dir., Florida First Amendment Foundation;
Robert Ellis Smith, Publisher, Privacy Journal; George B. Trubow, Professor of
Law, John Marshall Law School; Hal Varian, Dean and Professor of Economics,
University of California at Berkeley; Tom Wright, Information and Privacy
Commissioner, Ontario.
Featured Speakers -- U.S. Senator Joseph I. Lieberman; Francis Aldhouse, Deputy
Data Protection Registrar, United Kingdom; Vice President Albert Gore (invited).
WHEN, WHERE AND HOW -- The symposium will be held on Friday, November 3 and
Saturday, November 4 (until noon) 1995 at the Aetna Life and Casualty Company's
Conference Center and Home office, a world-class facility in Hartford, CT. The
approximately 400 people who will attend the symposium will represent a virtual
"Who's Who" of business, information and communications technologies, the
medical, health care, legal and journalism professions, academia and government.
-----------------------------------------------------------------
REGISTRATION FORM
Complete and Return to:
National Privacy a
d Public Policy Symposium
18-20 Trinity Street, First Floor
Hartford, Connecticut 06106
(Name) (Mailing Address)
(Title) (City, State, Zip Code)
(Organization) (Telephone and Fax Numbers)
Check the Appropriate Box(es)
[ ] Please register me for the symposium; make checks payable to CFOG.*
List in order of preference the designation letters (A-H) listed below of the
three concurrent panels you would most like to attend. Depending on response,
it is possible that some registrants' first choices cannot be honored. All
decisions will be made based on the date of receipt of registration. Every
attempt, however, will be made to honor each registrant's first choice. You
will be notified in the event your first choice cannot be honored.
[ ] First Choice [ ] Second Choice [ ] Third Choice
Panel Selections
(A) Bio-technology and Medicine (E) Info. and Communications Technologies
(B) Business (F) Journalism
(C) Economics of Information (G) Law
(D) Gov. Information Practices and FOI (H) National Security and Law Enforcement
[ ] I cannot attend, but would like to obtain symposium publications and/or
tape recordings.
*The registration fee is $350 (U.S.) and must be enclosed with this form to
confirm your registration. The fee covers attendance at the symposium, all
printed publications and the cost of two breakfasts, one lunch, and one
reception (cash bar) and dinner. Full refunds will be made for cancellations
received before October 25, 1995. A service charge of $50 (U.S.) will be
assessed for any cancellation made between October 25, 1995 and November 2,
1995. No refunds can be made thereafter.
The Aetna Conference Center has a number of comfortable and convenient rooms
available at reasonable rates. If you are interested in booking a room at the
conference center, please call Pam Sakow at (203) 236-6034.
------------------------------
End of PRIVACY Forum Digest 04.22
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.