PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest      Saturday, 1 August 1998      Volume 07 : Issue 13

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         http://www.vortex.com 
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
                  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
        PRIVACY Briefs
           (Lauren Weinstein; PRIVACY Forum Moderator)
        The Caller-ID Wars Continue
           (Lauren Weinstein; PRIVACY Forum Moderator)
        American Express cancels marketing plan
           (Lauren Weinstein; PRIVACY Forum Moderator)
        British Government Supports Voluntary Youth ID Card
           (Jason Ross)
        Watching the cameras watching you (Keith Parkins)
        Pharmacy freely gives out Rx info (Lewis Lorton)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 07, ISSUE 13

   Quote for the day:

        "Anything different is good."

                -- Phil MacDowell (Bill Murray)
                   "Groundhog Day" (Columbia; 1993)

----------------------------------------------------------------------

Date: Mon, 27 Jul 98 08:57 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: PRIVACY Briefs

Greetings.  Here are a few briefs involving privacy-related issues...

---

Identity Fraud and Misrepresentation
Internet Content Controls and Minors
Copyright Laws
FBI and Cell Phones
Names, Numbers, and ID Cards

                                ------

Identity Fraud and Misrepresentation

In a limited move toward protecting personal information, a bill has been
introduced in the U.S. House of Representatives which would make it a
federal crime to obtain or attempt to obtain customer information
fraudulently from a financial institution, i.e., through misrepresentation of
one's identity.  This is mainly aimed at persons who operate businesses that
routinely call around to gather such information for third parties.  These
operations typically claim to be the customer involved, and then apply
pressure to phone reps to give out data (the "oh, I forgot my password"
technique).  Given that so many institutions will provide masses of info
with only verification like Social Security Number, mother's maiden name,
zip code, and other widely disseminated data, the problem has grown to large
proportions.

This bill does not address the vast amounts of data on individuals bought,
sold, traded, distributed, and maintained in databases legally by commercial
firms, only fraudulent attempts to access certain data.

---

Internet Content Controls and Minors

What many are calling "CDA II" passed the Senate quietly, setting on the
legislative path another attempt to control children's access to Internet
sites.  Unlike the original Communications Decency Act struck down by the
Supreme Court, this version targets commercial web sites who distribute
"harmful" material to minors.  If this legislation is enacted, court
challenges are inevitable.  The vagueness of the term "harmful," combined
with freedom of speech issues, suggests that the probability of this
legislation surviving in its present form may be fairly low.  

In related actions, legislation passed in the Senate that would require
schools and public libraries taking advantage of federal subsidies for
Internet access to use (unspecified) filtering software to limit minors'
access to the net.  In the case of libraries, there would need to be at
least one computer designated for children's use that ran the
filters--computers that would be used only by adults would not need to be
filtered, as I understand the legislation.  

However, the problems of filtering software (sometimes with "secret" block
lists which appear to implement political or religious agendas) which also
block political or sex-safety related sites, and other serious inherent
problems with such filtering methodologies, continue to be matters of strong
concern.  We all know at the gut level that there is material on the net to
which children should not be exposed in an unsupervised environment--or in
any environment in some cases, for that matter.  But people's views on what
that material is will differ widely.

---

Copyright Laws

The House of Representatives' Commerce Committee has approved a bill
designed to bring the U.S. into conformance with international copyright
rules.  After a great deal of controversy, the current legislation includes
exceptions to allow for certain types of encryption research, circumvention
of software security systems to protect personal information, and a two year
evaluation waiting period before the implementation of broad prohibitions
against reverse engineering.  Whether such provisions will exist in the
final bill as it moves through Congress is unclear at this time.

---

FBI and Cell Phones

The FBI is asking Congress to explore possible changes in existing law to
allow law enforcement access to physical location data of cell phone users,
without court order, under certain "emergency" conditions.  As has been
reported here in the PRIVACY Forum in the past, mandated 911 requirements
are leading toward the the ability of cell phone carriers to track, and
potentially record, the movements of all powered-on cell phones, regardless
of whether or not calls are in progress.  It was inevitable that this data
would be desired by various parties for other purposes, in realtime and
perhaps retrospectively as well, in criminal, civil, and perhaps even
commercial contexts.

It would seem prudent to begin a detailed examination and open discussion of
these issues before making such potentially sensitive data available for any
purposes beyond that for which it was originally collected--helping find
people calling 911 from cell phones.

---

Names, Numbers, and ID Cards

ID cards have been a hot topic lately.  On one hand, proposed rules from the
U.S. Department of Transportation would establish uniform standards for
collection and verification of Social Security Number data for state
drivers' licenses.  The proposal does not appear to actually require that
the SSN be present on the license in human readable or electronic form, but
does require collection at point of issuance and verification that the SSN
is valid.  Some states (like California) have been collecting SSN for
driver's licenses for quite sometime, as a result of "deadbeat" parents
financial responsibility legislation.  The DoT is proposing the new rules to
comply with recent immigration reform legislation. 

We see here the twin prongs of the problem--on one hand, many people are
upset about undocumented persons taking jobs in this country.  On the other
hand, there are persons upset about being required to identify themselves in
a variety of situations.  These concepts can fundamentally conflict with
each other at a very basic level.

On a related front, the facets of a 1996 health insurance reform law that
would require all persons in the U.S. to be issued "unique health
identifier" numbers have been the subject of renewed controversy.  This
number, which might be SSN or some new number, would be used to correlate
health-related data throughout the country.  At least one legislator is
talking about introducing legislation to repeal this provision.

In both of these ID cases, it's possible to postulate some pretty grim "Big
Brother" scenarios for the future.  Most people react negatively and in many
cases viscerally against being numbered.  Of course, largely equivalent
identifiers are already pretty much available on every American.

Proposals that would make a bad situation even worse should certainly be
avoided.  Individuals should definitely make their thoughts known (pro or
con) to their legislators regarding these ID card and number plans.
However, rather than concentrating solely on the issue of the cards and
numbers themselves, it's also important to focus on how information
collected on persons will be stored, exchanged, cross-referenced, sold, and
otherwise used (or abused) in both commercial and non-commercial contexts.
The legal vacuum regarding the use of most collected data is a critical
issue that needs to be addressed broadly, deeply, and immediately.

---

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date: Mon, 27 Jul 98 08:57 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: The Caller-ID Wars Continue

Greetings.  It's starting to look pretty clear--there's a new war over
caller-ID, especially for California telephone subscribers.  When per-call
ID blocking was mandated nationally, and complete (all-call, with selective
unblocking) blocking was made available in states like California, it looked
like the protracted battle over caller-ID was over.  Far from it.

As has been discussed in the PRIVACY Forum in the past, there have been
increasing reports of what some would call "high pressure" sales tactics by
Pacific Bell representatives attempting to sell caller-ID services, and also
attempting to convince persons to switch from complete to "selective"
(per-call) blocking--the latter sends the ID on all calls by default.

PacBell's latest hope to increase their caller-ID related services is the
implementation of "anonymous" call blocking, which blocks incoming calls
unless the caller is willing to provide the number of the phone line they are
calling from (and often now the name associated with that line) to the
caller.  In a fascinating move, PacBell is even marketing this service to
people who don't subscribe to caller-ID and couldn't see the number/name of
the line calling in any case!

PacBell has gotten extremely aggressive in their add-on services sales to
any subscriber that calls for almost any reason--I can verify this myself.
Unfortunately, reports are that they're even pushing some of these expensive
services on persons who call to order low income "lifeline" plans.  The
problems have reached a level where the California Public Utilities
Commission (CPUC) has begun looking into PacBell's sales tactics.  

The problems, risks, and failures associated with caller-ID services have
been well documented in the past here in the PRIVACY Forum in previous
issues, so there's no point to reiterating them here.  But this escalation
in PacBell's aggressive sales efforts seems to be correlated with their
acquisition by Southwest Bell (SWB), who apparently has set very specific
goals to try to drastically raise the number of subscribed "features" per
telephone subscriber in California.  SWB is used to much higher rates of
caller-ID service penetration in their home state of Texas, where per-line
complete blocking is not available.  It obviously is distressing to them to
have to deal with a state like California, where about half the phones lines
are subscribed to complete blocking, and more than half the lines are
reportedly non-published.

When I recently spoke at length with PacBell spokesman John Britton, he made
it clear that PacBell had every intention of marketing these services to
their utmost, and suggested that the excessively high-pressure sales tactics
reported by some were aberrations by individual sales representatives, not
company policy.  He seemed to blame the high percentage of complete blocking
in California on the educational campaign that the CPUC had mandated.

I asked him about a statement from the San Jose Mercury News where he was
quoted as saying, "If consumers don't like it, they can stand up.  They
don't need a lot of pushy people at ORA [Office of Ratepayer Advocates]
standing up for them."  He acknowledged the essential accuracy of the quote,
but admitted that, in retrospect, he perhaps should have left out that
comment about the ORA.  

Pacific Bell certainly has a right to market their services.  But given that
they still operate in what amounts to effectively a monopoly position when
it comes to residential local service (theoretical competition in local
service notwithstanding), I think it's reasonable to hold them to the
highest standard in their dealings with their subscribers in this and
other areas.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Tue, 28 Jul 98 10:46 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: American Express cancels marketing plan

Greetings.  American Express (AmEx) has cancelled plans for a customer
information marketing partnership with KnowledgeBase Marketing.  The plan
was reported here in PRIVACY Forum last May (V07 #09) and was subjected to
broad criticism from many quarters due to concerns over AmEx cardholder
privacy.

AmEx says that the plan was cancelled due to concerns over profitability,
not privacy issues.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Mon, 20 Jul 1998 23:03:52 +0100
From:    "Jason Ross" <Jason.Ross@btinternet.com>
Subject: British Government Supports Voluntary Youth ID Card

The British Government has lent its support to a scheme to introduce a
national identity card for teenagers, ostensibly to help stamp out the
under-age purchase of alcohol, cigarettes, videos etc.

The Citizen Card will be available to children of 12 and above, since that
is the youngest age which needs to be confirmed in order to buy or rent 12
certificate videos.

It is intended to be used until the age of 21, as many night clubs stipulate
this as a minimum age.

The card will bear a photograph and a hologram, and will cost five pounds to
buy.  Apparently up to seven million people could end up using it.

The Government' Consumer Affairs Minister Nigel Griffiths was quoted as
saying "I strongly support this initiative ... I am keen on anything that
helps the retailer to know the age of young people they are dealing with."

I can see that this card will benefit the retailers - after all many of them
display signs saying 'We cannot sell tobacco to anyone who is, or appears to
be, under 16 years old", and similarly with alcohol.  Many of them get
caught out and fined by Trading Standards officials, who, if they receive
reports of the shop selling to under-age children, deliberately send
under-age children to buy from the shop.  They then prosecute the
shopkeepers for selling to the children.  Pubs and bars caught selling to
under-age drinkers also face the possibility of their license to sell
alcohol being revoked.

This card would help them regain the trade that they lose by mistakenly
turning away people who look under-age but are not.  I'm sure that the fact
that the customers are paying for the privilege of spending their money
legitimately is appreciated as well.

A similar photocard scheme featuring the holder's name and, I believe, date
of birth has been in use for several years, but to my knowledge did not
arouse the interest of the last Government.  I have not yet found any
difference between the two cards in principle, but I find the interest of
the Government disconcerting.

The British Government has made many noises in the past with regard to the
introduction of a national ID card, to be carried by all British citizens.
It always wheels out the same reasons, i.e. prevention of crime and
terrorism etc.  These have always been met with opposition by civil
liberties groups.

Could the path of this scheme be following that of the Government's TTP
cryptography policy ?  Initially it will be voluntary, but in a few years
time it could prove to have been an easy let-in for a compulsory National ID
scheme, eroding even more of the limited privacy and rights that those of us
in Britain still have.

It would certainly be a politically 'softer' way into a national ID scheme
than that being introduced in one of the other Commonwealth countries, New
Zealand (see PRIVACY Forum Digest V07 #11, "NZ to Introduce Photo-ID
Drivers' Licenses" by Patrick Dunford).  After all, initially no-one would
be taking our rights away, we would be giving them up of our own accord.

Jason Ross
jason_ross@bigfoot.com

------------------------------

Date:    Mon, 29 Jun 1998 18:26:11 +0100
From:    Keith Parkins <keith@redkbs.com>
Subject: Watching the cameras watching you

At Barry (a small town in south Wales) hidden cameras have had to
be installed to keep watch on the town's CCTV [Closed Circuit Television]
to record acts of vandalism against the CCTV.

Keith Parkins

        [ It's "Candid Camera" gone mad!  
          Where's Allen Funt when we need him? 

              -- PRIVACY Forum Moderator ]

------------------------------

Date:    Sun, 28 Jun 1998 09:11:48 -0400
From:    Lewis Lorton <llorton@hostnet.org>
Subject: Pharmacy freely gives out Rx info

Innocently, I called my pharmacy (in a large supermarket chain) to find out
how to check on some back information [in order to catch up on
reimbursements from my medical plan.] I honestly expected to have to give
detailed information and then show up with some sort of picture ID to get a
list of prescriptions filled.

Instead, to my amazement, some anonymous pharmacist asked me what I wanted
to know and gave me an oral history of my prescription medications filled
at that store.

Amazing!  

This is an example of the real problem in privacy - where policy exists and
isn't enforced. 

LL
Lewis Lorton
        
        [ I don't find it amazing--it's unfortunately completely typical.
          Frankly, given the state of the law regarding medical information,
          and the "it doesn't really matter" attitude of most
          of the involved entities, I'd have been surprised if they had
          bothered to really perform any significant identity verification.

                -- PRIVACY Forum Moderator ]

------------------------------

End of PRIVACY Forum Digest 07.13
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.