PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest        Saturday, 20 July 1996        Volume 05 : Issue 14

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
               The PRIVACY Forum is supported in part by the          
                 ACM (Association for Computing Machinery)
                 Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
        Personal rights violated? (Andrew J. Mesplay)
        Blocking Cookies (gozer@oro.net)
        Re: Protection and Parental Empowerment Act (Dick Mills)
        "Child Molester Database" on the Web (Dave Brown)
        Discussion Forum on Privacy on the Internet
           (Berliner Datenschutzbeauftragter)
        Lexis-Nexis Drops SSN Sales Plan (Marc Rotenberg)
        Calif. Caller ID News (Beth Givens)
        Mountain Dew beeper promotion for children (Phil Agre)
        Looking for examples where video surveillance is damaging...
           (Steve Mann)
        DENVER POST: "Student Database Called Orwellian" (Peter Marshall)
        Automation of Contagion Vigilance - Draft ready (David Stodolsky)
        Videosurveillance on streets in Amsterdam (ReindeR Rustema)
        Genetic Screening and Privacy (Pierrot Peladeau)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 05, ISSUE 14

   Quote for the day:

        "I promised I'd put her in the film--somewhere."

                        -- Woody Allen
                           "What's Up Tiger Lily?" (1966)

----------------------------------------------------------------------

Date:    Sat, 15 Jun 1996 06:46:25 -0800
From:    "Andrew J. Mesplay" <ajm@alaska.net>
Subject: personal rights violated?

I have recently joined a group of people in Anchorage Alaska who call 
themselves the (A)nchorage (C)hauffeur9s (A)ssociation. We have many 
issues that we want to cover, one being drug testing in the workplace.

We are uniquely subject to this law -- Title 11 -- which demands that 
we deliver a sample of urine for testing no later that two hours after 
being notified that we have been selected for testing. Often people 
are called at home. In other cases, as in my own, people have been 
selected simply because we were at the office of the (D)epartment 
(O)f (T)ransportation for other reasons.

We of the A.C.A. feel that the measures that D.O.T. is taking to 
enforce this section of Title 11 are flagrantly unfair. Are our rights
being violated? What can we do now that we have organized? How can we 
get representation?

Thanks:

Taxi Driver

        [ It isn't clear to me whether your concern is with the presence
          of drug testing in your environment, or strictly with the manner
          in which is has been implemented.  I am not in favor of blanket
          drug testing of populations in non-safety-critical employment, and
          there are obvious concerns about test accuracies as well.
          However, many persons in the transportation industry are in unique
          positions given the trust we place in their hands when we board
          taxis, buses, planes, trains, etc.  It seems inevitable that drug
          testing will continue to play a necessary role in that industry.
          About the best we can do is attempt to ensure that such tests,
          when conducted, are performed fairly and accurately, with a clear
          understanding that there will be errors and that people's lives
          must not be destroyed by a single positive test result.  And we
          must ensure that the tested populations be defined in the
          narrowest necessary terms, and not permit "proliferation" to occur
          into other areas of employment and life where such testing can
          rapidly turn into a fishing expedition, not a true safety issue.

                        -- MODERATOR ]
          
------------------------------

Date:    Sat, 15 Jun 1996 18:11:18 -0700 (PDT)
From:    Runs With Scissors <gozer@oro.net>
Subject: Blocking Cookies

In Volume 05 : Issue 12, hgoldste@bbs.mpcs.com (Howard Goldstein) wrote:

> One of the new features, a security feature strangely categorized as a
> 'network' feature, queries the user before allowing "cookies" to be set.
 
> I was surprised to find that every night for the last two weeks after
> enabling this I've been handed a "cookie" by a site I never knowingly
> visited, at http://ad.doubleclick.net .
 
A company called "PrivNet" (http://www.privnet.com) has a product 
called "Internet Fast Forward" which can selectively block and/or
allow cookies.  It is currently in beta and works only with Netscape
under a couple of flavors of MS Windows.  It is available from the
web site free right now.  It also blocks advertisements.

I am a beta tester but am not otherwise associated with the company.

------------------------------

Date:    Mon, 17 Jun 1996 09:18:18 -0400
From:    rj.mills@pti-us.com (Dick Mills)
Subject: Re: Protection and Parental Empowerment Act

In PRIVACY FORUM 05:12, Mary Ann Davidson wrote:

>I believe it is a worthy goal to protect the privacy of all demographic 
>information and limit resale by direct marketers, but to propose a bill like 
>this on the grounds that children are 'more valuable' or 'more in need of 
>protection' is spurious to other groups (i.e. all the rest of us) who can make 
>similar claims of potential endangerment and violation of privacy. Either we 
>all warrant this sort of legislative protection, or none do.  

Please rethink that "worthy goal" Ms. Davidson.  Would you make it illegal to
resell the "secret" that Florida has more than its share of elderly, or that
America is predominantly populated by Americans?

I too consider myself a privacy advocate.  Direct marketers may be our natural
adversaries, but they have a right to exist and to do direct marketing.  

Our goal shouldn't be to exterminate them but rather to maintain a balance 
of power, and a core of inalienable privacy rights, while promoting the free 
flow of information.  These goals are lofty, but they can be contradictory.
Even I can't tell you the precise definition of these goals I hold dear.

We should use utmost caution before advocating any kind of legislation.

--
Dick Mills +1(518)395-5154    O-   http://www.pti-us.com
AKA dmills@albany.net      http://www.albany.net/~dmills 

------------------------------

Date: Sat, 15 Jun 1996 04:39:51 -0400 (EDT)
From: Dave Brown <dagbrown@calum.csclub.uwaterloo.ca>
Subject: "Child Molester Database" on the Web

   [ From Risks-Forum Digest; Volume 18 : Issue 21  -- MODERATOR ]

Great World Internet Services has announced (in an off-topic posting to a
newsgroup I read, incidentally) that it is keeping an on-line database of
known child molesters at http://www.greatworld.com/public/--presumably for
someone's information.  Apart from the fact that the alleged molesters are
organized by name and not by location, there is a rather alarming touch.
The site invites people to add their own molesters.  What a wonderful way of
anonymously slandering someone.

Great World's disclaimer states that "The responsibility for accuracy
relies entirely with the persons posting the information." In other words,
they come right out and say that their information cannot be trusted.

They also maintain a list of "crooked cops"--presumably also for someone's
information.  Given their information-gathering methods, however, both the
list of crooked cops and child molesters are highly suspect, to say nothing
of being serious privacy concerns.

--Dave

------------------------------

Date:    Tue, 25 Jun 1996 10:51:31 -0700
From:    Berliner Datenschutzbeauftragter <dsb@datenschutz-berlin.de>
Subject: Discussion Forum on Privacy on the Internet

The International Working Group on Data Protection in Telecommunications is
currently working on Data Protection and Privacy on the Internet.

The Group was founded in 1983 and has been initiated by Data Protection
Commissioners from different countries in order to improve Data Protection
and Privacy in Telecommunications. The Secretariat of the Group is located
at the Berlin Data Protection Commissioner4s Office, Berlin, Germany.

At its spring meeting 1996 in Budapest the Group has agreed on a Draft
Report and Guidance on Data Protection on the Internet. It was agreed to
publish the Report on the Net in order to receive comments from the network
community.

The Secretariat of the Working Group has initiated a discussion forum
located at the WWW-Server of the Berlin Data Protection Commissioner
(http://www.datenschutz-berlin.de/diskus/).

The comments received will be published on the server.

We are looking forward to your comments on the report.

Yours sincerely,

Hansj|rgen Garstka
(Chairman of the Group)

------------------------------

Date:    25 Jun 1996 09:33:18 -0500
From:    "Marc Rotenberg" <rotenberg@epic.org>
Subject: Lexis-Nexis Drops SSN Sales Plan

        [ From EPIC Alert 3.12  -- MODERATOR ]

Following a C|NET report and an EPIC post that Lexis-Nexis is selling 
personal data on millions of Americans, the company announced it would 
stop disseminating Social Security numbers in its "P-TRAK" service.  The 
plan had raised concerns about privacy and security, particularly among 
organizations that use the SSN as a quasi-authenticator.  The Social 
Security Administration expressed support for the decision to drop the 
disclosure of SSNs.

The Lexis-Nexis decision is the most recent instance in a recent string 
of cases where commercial developers have backed off plans to sell 
personal data following consumer objection.  Recently, Yahoo dropped 
plans to make unlisted phone numbers available on-line, and Marketry
dumped a plan to sell email addresses gathered from newsgroups.

More information about the Lexis-Nexis decision is available at:

     http://www.cnet.com/Content/News/Files/0,16,1527,00.html

     http://www.cnet.com/Content/News/Files/0,16,1539,00.html

        [ "Unlisted" (non-published) numbers are a complex area.  All that
          the "unlisted" designation really does in most cases is indicate
          that you don't want your number published in the telco phone books
          or available through telco-delivered directory assistance.
          However, name/number information is distributed by telcos (in
          fact, in many cases they're required to do so) to other entities
          involved in providing telephone and related services (an
          ever-expanding list), and of course your number may be collected
          from other sources (forms, purchases, etc.) and placed in
          other non-telco databases.  Most likely the Yahoo plan involved
          these latter types of "commercial", non-telco origin databases.
          There are no laws that I know of that protect phone numbers in any
          general sense.
        
                                        -- MODERATOR ]

------------------------------

Date:    Thu, 27 Jun 1996 18:51:13 -0700 (PDT)
From:    Beth Givens <bgivens@pwa.acusd.edu>
Subject: Calif. Caller ID News

CALLER ID: THE CASE FOR CONSUMER EDUCATION
by Beth Givens, Privacy Rights Clearinghouse

The introduction of Caller ID to California has been an enlightening study
in what happens when consumers are given adequate information to make
meaningful decisions about safeguarding their privacy. The California Public
Utilities Commission (CPUC) has mandated that the local phone companies
educate consumers about the privacy implications of Caller ID.  The CPUC has
also required that the phone companies make both Complete and Selective
Blocking available to consumers at no charge (called Per Line and Per Call
Blocking in other states). 

Since March 1996, radio and TV spots as well as full-page newspaper ads have
repeatedly told California consumers that Caller ID is coming in June 1996,
that free blocking options are available, and that consumers can call an 800
number to choose either Complete or Selective Blocking. Bill inserts
regarding Caller ID Blocking have appeared in customers' monthly phone
bills. Consumer organizations have been funded to educate hard- to-reach
populations. Information about blocking options has been made available in
21 languages.

The results? The customer service phone lines of Pacific Bell and GTE
(California's major local phone companies) have been flooded with calls.
Both companies have had to hire more staff to handle the volume. And now,
the California Public Utilities Commission and the Federal Communications
Commission have agreed to allow Pacific Bell and GTE to delay the
implementation of Caller ID in order to catch up with the onslaught. The
delay will allow the phone companies to send confirmation letters to all
phone customers indicating which blocking option they have selected, or been
assigned by default (a CPUC requirement), and will enable the phone
companies to have all their switches ready.

A recent survey of Californians found that 74% of those polled knew about
Caller ID and that 67% were aware there is a way to prevent the delivery of
their phone number to the called party.  This is a phenomenal rate of
awareness for a three-month public education campaign. Unofficial sources
indicate that about 50% of households are expected to have chosen the
Complete Blocking (Per Line) option, in other words, maximum privacy
protection.

The moral of the story? The CPUC's three-part strategy has been an effective
way to mitigate the privacy impacts of a new technology. That strategy is
outlined as follows: 

Step one is to conduct a privacy impact assessment of the technology (which
the CPUC did in the early 1990s). The second step is to require the entity
which introduces the technology to build in privacy protection mechanisms
(in the case of Caller ID, these are Complete and Selective Blocking). The
third step is to require that extensive consumer education be provided to
consumers to explain the privacy implications of the technology and alert
them to what they can do to protect their privacy.

It should be pointed out that the CPUC insisted that the educational
"message" which the phone companies impart be truly educational, and not a
marketing pitch. The phone companies were not allowed to offer Caller ID
until their plans were approved by the CPUC. The CPUC gathered together a
team of consumer advocates who reviewed phone company plans and educational
materials. It also hired an outside evaluator, Professor Brenda Dervin, an
expert in public communication campaigns from Ohio State University's
Department of Communication, to critique Pacific Bell's education plan. Many
of these individuals' suggestions were incorporated into the education
campaign.

The dark cloud on the horizon of this relatively sunny scene has been the
Federal Communications Commission (FCC). The California Public Utilities
Commission had originally required the phone companies to automatically
provide Complete Blocking to all households with unlisted/unpublished
numbers -- about 50% of California households. The CPUC reasoned that since
these households were already paying a monthly fee to keep their phone
numbers private, they would no doubt want the Complete Blocking option and
should therefore not have to expressly request it. 

But the FCC pre-empted the CPUC and established the weaker privacy measure,
Selective Blocking, as the nationwide blocking standard. (Selective Blocking
is called Per Call Blocking in other states. Callers must enter *67 before
dialing each and every call in which number blocking is desired.) Court
rulings upheld the FCC's position.

The FCC's decision is unfortunate. The California Public Utilities
Commission had undergone an exhaustive technology assessment process,
spanning several years. The CPUC's analysis took into account the unique
nature of California -- for example, the fact that the state has the highest
percentage of unpublished numbers in the country, and that the California
constitution has an exceptionally strong right-to-privacy clause. The FCC's
rather weak argument, that Caller ID with a Per Call Blocking standard is
good for the economy, has prevailed over a much stronger body of evidence.

In the absence of honoring California's technology assessment process, the
FCC would do well study the state's consumer awareness campaign and its
successful results. California has demonstrated that a proactive consumer
awareness campaign can go a long way to lessen the potentially harmful
effects of a new technology.

There have been a couple interesting sidelights to California's Caller ID
awareness campaign. The first involves the public's massive response to the
consumer awareness campaign and the apparent inability of Pacific Bell to
cope with the flood of requests for Complete Blocking. Many consumers who
had requested the maximum blocking option received letters from the phone
company stating erroneously that they had opted for Selective Blocking, the
weaker measure. Confusion reigned. As a result, Pacific Bell decided to
delay its Caller ID implementation date until the matter is cleared up.

The second sidelight involves 800 and 900 numbers. The Caller ID educational
materials have pointed out that blocking does not work with 800 and 900
numbers because a different technology, called Automatic Number
Identification (ANI), is involved. Most consumers are not aware that when
they call 800 numbers, they are transmitting their own phone numbers. Many
contacted the phone company, CPUC, Privacy Rights Clearinghouse and other
consumer organizations to indicate their outrage about ANI and to express
frustration at not being able to block their phone numbers on those calls. 

This only goes to underscore a point made earlier: Consumer education works.
When consumers are given adequate information about the privacy implications
of a technology, they take action.

Let's hope that what California has learned from this unprecedented consumer
awareness campaign is applied to other situations where communications
technologies have the potential to threaten personal privacy. 

Beth Givens                             Voice: 619-260-4160
Project Director                        Fax: 619-298-5681
Privacy Rights Clearinghouse            Hotline (Calif. only):
Center for Public Interest Law             800-773-7748
University of San Diego                    619-298-3396 (elsewhere)
5998 Alcala Park                        e-mail: bgivens@acusd.edu
San Diego, CA 92110                     http://www.acusd.edu/~prc


        [ As I've mentioned in the past, the issues surrounding "caller-ID"
          (or more properly "ANI") as it relates to 800 numbers are somewhat
          complicated, since they are essentially collect calls and can be
          (and often are) subjected to (expensive) abuse by callers.  There
          are some possible middle-grounds for enhancing caller privacy and
          still protecting the entities paying for the 800 (and now, 888)
          numbers, but this is an area where more study is required.

                        -- MODERATOR ]
        
------------------------------

Date:    Sun, 30 Jun 1996 18:35:19 -0700 (PDT)
From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: Mountain Dew beeper promotion for children

The 6/27/96 New York Times (advertising column, in the business section,
by David Barboza) reports that Pepsico is rolling out a new promotion
aimed at young drinkers of the heavily caffeinated soda Mountain Dew.
If they send in 10 proofs of purchase and $30 plus shipping, they get
a beeper and six months of free air time.  The catch is that each beeper
owner will be paged weekly and invited to call a toll free phone number
that will describe a contest and advertise Mountain Dew.  Advocates for
children are reported as being very upset indeed; the marketers are
reported at being very pleased at this "ultimate in one-on-one marketing".
I particularly enjoyed one Mountain Dew marketer's attempt to reframe
the issue this way: "We're not using the beepers as an intrusive device
to advertise to consumers.  We're allowing them to enter a world with a
brand that fits their life style."  The "world", by the way, is called
the Mountain Dew Extreme Network.

I have to say that this article supplied my full weekly requirement for
mixed horror and fascination.  It's brilliant.  On one level it's just
an extension of advertiser-supported media to a medium that had been
overlooked.  One could imagine a stock broker subsidizing investors'
pagers and paging them weekly with a stock tip, for example.  But it's
young people that Mountain Dew is after, and the article makes no mention
on restrictions on minors getting ahold of commonly used drug-dealing
equipment without their parents' consent.  It's also important to see
just how rudimentary the Mountain Dew scheme is, compared to the fully
elaborated model of one-to-one (not "one-on-one") marketing that one
finds in the marketing literature.  The next step might be to personalize
interactions through the beepers based on demographic information and
purchase histories.  If the beepers could be tracked like cellular phones,
and if Mountain Dew made it a condition of the offer that they be allowed
access to the tracking data, then all sorts of excellent tailoring of
marketing messages would be possible.  Several companies, or one large
company marketing many products to similar market segments, could team
up to subsidize the pager together, programming their marketing messages
based on models of consumer behavior and information on specific consumers.
I can't say that I'd be impressed with a grown-up who would sign up for
such a thing, but I can't say that I'd feel right about stopping them
either.  Children, however, are another matter.

Phil Agre

------------------------------

Date:    Wed, 3 Jul 1996 03:38:50 -0400
From:    Steve Mann <steve@media.mit.edu>
Subject: Looking for examples where video surveillance is damaging...

I'm looking for examples where video surveillance has been found to be
damaging to health or the like, either specific studies or specific
examples (e.g. such as perhaps where a corrupt security guard stocked
a victim using surveillance, or the very real use of "traffic" cameras
in China to round up and detain or execute activists), and examples
where illegal surveillance or questionable surveillance has been
encountered (e.g. women's change room at Holy Cross hospital and
Sheraton employee changerooms).

Video surveillance cameras are presented as "public safety"
devices, but I'm looking for at least a few examples where they have
caused deaths, or at least had undesirable health effects.

Mere "privacy" seems to be a weak argument when talking to anyone
involved in the surveillance industry, but if for example, those
responsible for installing a network of surveillance cameras could be
legally held accountable for any damage caused by their system, it
might make them more carefully balance the benefits versus the costs
to society.  The example that comes to mind is the 200 or so cameras
the government's installing in Baltimore to keep a close watch on
citizens' activities.  The problem here, of course, is that by
appealing to legal arguments, we're asking government to stop itself
(maybe there's some other argument we can appeal to --- I'd welcome
some input).

Please email me specific examples, with indication as to whether or
not it is fine to disclose the example.  I'm trying to put together a
video privacy WWW page, and also results would be distributed to
the video-privacy mailing list (email video-privacy-request to join).

Email examples/incidents, etc to: steve@media.mit.edu

        [ Here in Los Angeles, some questions have been raised about the
          large numbers of remote cameras that have been installed along
          freeways and especially at surface street intersections in the
          vicinity of freeways, usually on very high mountings.  The
          official word is that these are all for traffic flow analysis
          related to the freeways and the surrounding environs, not for
          general law enforcement.  But there are indeed areas in L.A., and
          elsewhere in the country, where segments of the populace are
          actively lobbying for the installation of law enforcement cameras,
          ostensibly for control of drug sales, prostitution, and related
          activities.  In one case, merchants put up signs announcing that
          the entire area was under surveillance with video cameras, and were
          outraged when the press reported that the camcorders that were
          going to be used for this purpose (by the merchants) hadn't been
          funded or installed yet.  The merchants claimed that the mere
          presence of the signs had cut down on local crime...

                  -- MODERATOR ]

------------------------------

Date:    Thu, 4 Jul 1996 11:24:04 -0700 (PDT)
From:    Peter Marshall <rocque@eskimo.com>
Subject: DENVER POST: "Student Database Called Orwellian" 

 Student database called Orwellian 
 Colo. plan a threat to privacy, critics say 
 Janet Bingham Denver Post Education Writer
 06/30/96 Denver Post A-01 (Copyright 1996)

     [ Distributed with permission of 
       THE DENVER POST; www.denverpost.com 
                          -- MODERATOR ]

  Imagine a researcher punching a button on a computer and pulling up
most of your child's school history without your consent - schools
attended, disciplinary records, physical or emotional disabilities and
more.
   It could happen under proposals before the Colorado Board of Education
that for the first time would centralize certain information about
Colorado's 656,000 public school students.
   Districts would furnish the information via the Internet to the
education department, accompanied by student name and Social Security or
other identifying number.

[....]   
  
   Colorado is among a growing number of states that are creating
electronic networks for student records. Both critics and advocates
foresee the evolution of a national network that would allow electronic
exchange of records among schools, social services, health and law
enforcement agencies, colleges, the military and even employers.
   But some fear that even the embryonic system being proposed in Colorado
could threaten privacy; they say legal loopholes open the possibility that
personal information could be collected and shared without the consent of
students and their parents.
   "Brick by innocent brick, the edifice of lifelong electronic student
dossiers is being constructed without any recognition by the general
public of what is being done," wrote Gordon Cook, a New Jersey-based
privacy advocate, in a recent report. Cook publishes a newsletter and
reports on privacy issues on the Internet.
   "Privacy issues are debated politely from the sidelines," Cook wrote,
"while the technology juggernaut moves inexorably forward as children
entering kindergarten are asked for their Social Security numbers."

[....]
   
   Others remain wary: "I'm an advocate of data banks and using the power
of technology to work through a lot of the paper shuffling we used to do,"
said Dick Weber, head of the Colorado Association of School Executives.
"But there's a limit here. When it moves to individualizing and
centralizing personal data by name and Social Security number, I have a
problem with that," he said. "When you start tracking people from district
to district or place to place, you have a point of intrusion into people's
lives that I would have difficulty with. ... It starts to smack of Orwell
a little too much."

[....]
   
   Information would include emotional, physical or mental disorders that
result in a child's placement in special education programs; participation
in gifted and talented or remedial programs; expulsion and suspension
history; type of school attended; transfer to or from a private school or
home school; residence in mental health, correctional or detention
facilities; or other factors indicating whether a student attends his
normal district school.

   The  names and identification numbers would allow a central computer to
track individual students from year to year, from school to school and
from district to district.

[....]

   State board of education member Patti Johnson doesn't oppose letting
districts send statistical summaries electronically to the department. But
she said that can be done without including student identification.
   She would let schools send student records electronically to other
schools - but only with family consent. "Individual data should not be
released outside the building unless the student or parent requests it,"
said Johnson, who is a parent.
   
[....]

   Individual student records are protected under federal privacy laws and
cannot be made available to the public without parental consent.
   But a student's disciplinary records may now be shared with officials
in other educational institutions without parental notification.
   And critics noted that privacy laws already permit other exceptions:
School records can be disclosed without parental consent to school
accrediting agencies and organizations "conducting studies on behalf of
education agencies or institutions.
   The records can also be released without consent to another school,
school district or postsecondary institution where th student was enrolled
or intends to enroll; agencies in the state's juvenile justice system;
"authorized representatives" of the U.S. comptroller general, the U.S.
secretary of education and the state department of education; and state
education officials "with a legitimate educational interest in the
records." Critics say that list can be broadly interpreted. But the state
board could adopt its own, more restrictive policy, Johnson said.
   Information has historically been difficult to collect because it was
scattered and reports weren't standardized, so large-scale breaches of
privacy were rare.
   "The more people who have access to such information, the more chances
for breaches of confidentiality," Johnson said.
   Even the consulting firm that recommended a centralized data system for
Colorado and several other states acknowledges that the growing practice
of using Social Security numbers to identify students poses a danger.
   There is "the potential for developing a database that contains massive
amounts of information, making individuals subject to computerized matches
and searches without their awareness or consent," said the report from
CTMG Inc.
   A parent cannot legally be required to give a student's Social Security
number; the state would have to come up with an alternate identification
number for those who decline.
   
[....]

   But Weber warns of letting students "be dogged by an electronic pit
bull" - a record that follows them forever and may limit their ability to
start over in a new environment.
   In Seattle, privacy advocate Janeane Dubuar worries about where student
information ends up. In that state, she said, high school graduates from
36 school districts are being tracked into college, the military and the
workplace - without their consent - using Social Security numbers.
   Dubuar, a member of the Seattle Chapter of Computer Professionals for
Social Responsibility, also points to an incident in Kennewick, Wash.
Behavioral information on 4,000 children was sent, with names, to a
psychiatric care center that contracted with the district to screen for
"at-risk" students who might benefit from its programs. The data, she
said, was sent without parents' knowledge.
   Colorado board member Johnson wants to make sure similar things can't
happen here. "If Colorado is to be in the forefront of computerized data
exchange in order to streamline the process of budgeting and reporting, it
must also be in the forefront of concerns about our right to privacy." 

------------------------------

Date:    Thu, 4 Jul 1996 23:27:13 +0200
From:    DavidS@dk-online.dk (David Stodolsky)
Subject: Automation of Contagion Vigilance - Draft ready

I now have ready a prepublication draft of "Automation of Contagion
Vigilance", which will appear in Methods of Information in Medicine. The
paper is directed toward the AIDS problem, but the approach is also
applicable to computer viruses and other contagion type processes. Requests
for the lastest version go to:
DavidS@dk-online.dk
dss
                                -------

Automation of Contagion Vigilance

David Stodolsky
DavidS@dk-online.dk

Abstract

The very long latency between HIV infection and the
appearance of AIDS imposes extensive information
processing requirements on partner notification efforts. The
apparently contradictory needs of maintaining the right to
privacy of infected persons, while simultaneously providing
information to persons at risk of infection, impose severe
security requirements. These requirements can be satisfied
by a Contagion Management System based upon networked
personal computers of a kind now becoming available.
Security of information is based upon cryptographic
protocols that implement anonymous partner notification
(contact tracing) and privacy preserving negotiation. The
proposed scheme has the following properties: (a) Contact
tracing is automated, (b) contacts remain anonymous, (c)
sensitive information is kept private, and (d) risk-conscious
users act as if sensitive information was public. Optimal
health protection can thus be obtained while securing
informational rights.


Here are main and sub headings for the files
with page numbers (double spaced lines):


1) Automation of Contagion Vigilance

Document Structure                                       4
Definitions                                              5
Individual Rights and Public Health                      8
Partner Notification using Distributed Databases        10
 Classes of Transmissible Agents                        11
  Informational agents demanding attention              11
  Informational agents processible by machine           12
 Communicating Diagnostic Information                   13
  Anonymous partner notification                        13
  Secure partner notification                           17
  Secure and anonymous partner notification             19
Possible Application Development                        23
Rationale and Summary                                   25


2) Appendix: Privacy Preserving Negotiation.

Conditional Privacy              1
Single Stage Models              2
 An ideal physical model         3
 Asymptotically secure models    3
 Amount of information released  4
 Protocol implementation.        5
A Multistage Model               6
Risk of Compromise              10

------------------------------

Date:    Mon, 8 Jul 1996 21:42:51 +0200
From:    rrr@dds.nl (ReindeR Rustema)
Subject: Videosurveillance on streets in Amsterdam

A new phenomenon has just been discovered by the police. In the Red Light
District in Amsterdam, the Netherlands, the owners of the prostitutes'
windows have installed a network of video surveillance camera's pointed at
the street.

Recently the police decided to do a large scale raid in a certain street
because of suspected hard-drugs wholesale, traffic in and abuse of foreign
(illegal) women etc.

Too bad for the authorities but the arrival of the policeforce had been on
the videomonitors of the pimps, criminals and drugdealers minutes in
advance.

Potentially threatening for the privacy of passers-by this isn't much of an
issue. The criminals can't make money with that. (Wholesale in harddrugs
and traffic in women is much more profitable as long as drugs and
prostitution is illegal). The authorities can't do much against these
camera's besides taxing them. The Privacy Chamber in our country reacted
that the law requires that the public should be warned against surveillance
cameras. The cameras will stay, they'll just get a warning sign next to
it like you see them in supermarkets.

ReindeR

(BTW. this criminal square kilometre in downtown Amsterdam is not
particularly unsafe. It attracts thousands of tourists each week. It's in
the self interest of the criminals to keep it quiet so the police won't be
given a reason to turn their businesses inside out. That's why the cameras
are there.)

------------------------------

Date:    Thu, 11 Jul 1996 11:22:19 -0400 (EDT)
From:    Pierrot Peladeau <pelado@progesta.com>
Subject: Genetic Screening and Privacy

In the June 15 issue of Privacy Forum Digest (vol. 5, #12) Phil Agre
<pagre@weber.ucsd.edu> comments a London Sunday Times article entitled
"Mass screening for 'delinquency' gene planned". He concludes: 

        "The privacy issue here concerns labeling. Someone who has been
         diagnosed as possessing certain genetic traits is at risk of
         being stereotyped as a potential aggressor (or whatever the
         gene is supposed to code for) even if no such traits have been
         exhibited. Such a diagnosis could easily stigmatize a person for
         life."

The danger is even greater since the vast majority of physical illnesses
(not to mention behavioral problems) are polygenic and multifactorial.
This means that neither genes nor environment nor behaviors cause disease,
i.e. a study of a particular genetic (or environmental or behavioral)
agent cannot hope to reaveal the cause of the prevalent cases of a
disease. Also, full knowledge about an individual's genetic make-up will
not be adequate to explain the onset, progression, or severity of disease. 
Each case is the consequences of interactions between a particular
combination of genetic and environmental agents. Only in very rare
illnesses affecting very small portions of the population is there any
direct link between a single gene and an illness.

Lets take atheriosclerosis, a very common disease. In US, 600,000 died
from it in 1990 with more than 6 millions with symptoms. The vast majority
of US citizens are likely to carry one of the suspected genes. There are
as many as 200 identified genes (which location are known) that are
candidates as susceptibility genes. But there are a lot of other factors
like smoking, exercices, stress that also play a great role, in fact often
a greater role. So, a person could have many of the identified genes and
never develop the illness (or likely to develop the illness at age of 120,
which makes no difference in practice).  Conversely, a person having
little of those genes but living in a bad environment with unappropriate
habits could develop atheriosclerosis.

If this is true of most physical illness, imagine what it is about
psychological or behavioral inadequacies.

So, from completely false assumptions of the relations between genes and
illnesses, bureaucracies could begin, not only to stigmatize, but also
discriminate and intefere with people's lives. For instance, knowing that
a person has susceptibility genes to atheriosclerosis, health care
insurers could require a control over this person's habits or environment
or else, it would not cover care expenses. Since we are ALL carriers of
genes for some polygenic disease, this kind of logic could affect everyone
of us, not only small minorities. The danger is even greater when we speak
of behavioral inadequacies in which the State, the school system and
employers also have a stake.

It is important to criticize those schemes at their roots, which is a
profound misunderstanding of the complexity of the reality of polygenic and
multifactorial diseases.

So the privacy issue is not only labeling which is only a starting
point. The issues are also about social control, public and individual
knowledge about one's genetic profile and thus autonomous and/or
heteronomous control over one's life.

The case reported by Phil Agre showed that magical thinking in the use of
some technology has taken the upper hand over understanding the complexity
of deliquency. This helps in making "nature" responsible of the problem
instead of the political, social and economical authorities that do have a
responsibility on the "environmental" side of the "disease".

[I borrowed the medical knowledge from the works of Charles F. Sing of the
University of Michigan Medical School he presented at some seminars of a
research project on the complexity of the ethical, legal and social issues
related to polygenic and multifactorial disease in which I participated as
a privacy expert.]
__________________________________________________________________________

        Pierrot Peladeau  <pierrot.peladeau@progesta.com>
        Vice President, R & D, PROGESTA Inc.
        Redacteur en chef/Editor, PRIVACY FILES
        C.P./PO Box 42029 Succursale Jeanne Mance tel : +1 (514) 990 2786
        Montreal (Quebec) CANADA   H2W 2T3        fax : +1 (514) 990 3085

------------------------------

End of PRIVACY Forum Digest 05.14
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.