PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page

PRIVACY Forum Digest        Monday, 6 July 1992        Volume 01 : Issue 07

         Moderated by Lauren Weinstein (
                Vortex Technology, Topanga, CA, U.S.A.
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.

        PRIVACY Forum digest now affiliated with ACM
           (Moderator--Lauren Weinstein)
        PRIVACY Forum materials are available via anonymous FTP
           (Moderator--Lauren Weinstein)
        Re: Chronicle Crypto Article [PRIVACY 01.06] (Thomas Zmudzinski)
        Monitoring In The Workplace (Bonnie J. Johnson)
        CPSR Challenges Virginia SS (Dave Banisar)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "".  Mailing list problems should be
reported to "".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which now includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to, call (310) 455-9300, or FAX
to (310) 455-2364.


    Quote for the day:

        Dr. McCoy:     "Why is it called the M5?  Why not the M1?"

        Dr. Daystrom:  "Multitronic units number one through
                        four were not entirely successful.
                        This one is."

              "Star Trek" (1966-1969)
              Episode: "The Ultimate Computer"


Date:    Mon, 6 Jul 92 18:45 PDT
From: (Moderator--Lauren Weinstein)
Subject: PRIVACY Forum digest now affiliated with ACM

Greetings.  I'm pleased to announce that the PRIVACY Forum digest is
now supported in part by the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy.  This is the same committee
under whose auspices the renowned Risks Digest appears.

As its name suggests, the ACM Committee on Computers and Public Policy is
concerned with a variety of computer-related policy issues, such as risks
involving security, privacy, reliability, human safety, and financial



Date:    Mon, 6 Jul 92 19:00 PDT
From: (Moderator--Lauren Weinstein)
Subject: PRIVACY Forum materials are available via anonymous FTP

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is now available via anonymous FTP from site
"", in the "/privacy" directory.  Use the FTP login "ftp" or
"anonymous", and enter your e-mail address as the password.  The typical
"README" and "INDEX" files are available to guide you through the files
available for FTP access.



Date:    30 Jun 92 10:16:00 EST
From:    "zmudzinski, thomas" <>
Subject: Re: Chronicle Crypto Article [PRIVACY 01.06]

      D E F E N S E   I N F O R M A T I O N   S Y S T E M S   A G E N C Y

                                        Date:     30-Jun-1992 10:02 EDT
                                        From:     Thomas Zmudzinski
                                        Dept:     DNSO/DISM
                                        Tel No:   703 285 5459  (DSN) 356


CC:  PRIVACY@CV.VORTEX.COM                ( REMOTE )
CC:  EDTJDA@CHRON.COM                     ( REMOTE )

Subject: Re: Chronicle Crypto Article [PRIVACY 01.06]

The 21 June 1992 Houston Chronicle article stated:
> The matter is being considered by the House Judiciary
> Committee, chaired by Rep. Jack Brooks, D-Texas, who is
> writing a revision to the Computer Security Act of 1987,
> the government's first pass at secure computing.
                   ^^^^^ ^^^^ ^^ ^^^^^^ ^^^^^^^^^
Oh,  come on!  The 1987 Act isn't even the Government's "first
pass" at  _UNCLASSIFIED_  secure computing.   Go check out the
Computer Security Acts of 1984 and earlier!  BTW, if one reads
PL 100-235, one finds that it is basically an amendment to the
Federal  Property and  Administrative  Services Act of 1949(!)
with some necessary updates to the NBS (NIST) charter of 1901.
If you have go beyond the proper titles, why not say that it's
the U.S. Government's most well known secure computing effort?
                      ^^^^ ^^^^ ^^^^^    
Tom Zmudzinski                     ZmudzinskiT @ UVAX.DISA.MIL/
Defense Information Systems Agency              (703) 285-5459


Date:    Tue, 30 Jun 92 11:01:19 EDT
From:    "Bonnie J. Johnson" <>
Subject: Monitoring In The Workplace

As I was reading the Telecom Digest this am I came across the following
Survey being conducted by Lorrayne Schaefer (
(703-883-5301) which I think might be interesting to us all, particularly
the results!

To recite the e-mail verbatim, states Lorrayne Schaefer:

"For your information, this has been posted on some newsgroups a few
months ago. This survey has also been distributed to various conferences
over the past few months. All results will be in the form of statistical
information and keywords. All participants will remain anonymous.


The purpose of this survey is to collect data for a presentation that
I will give at this year's National Computer Security Conference in
October. I would like to thank you for taking the time to fill out
this survey. If you have any questions, you can call me at
703-883-5301 or send me e-mail at Please
send your completed survey to:

     Lorrayne Schaefer
     The MITRE Corporation
     M/S  Z213
     7525 Colshire Drive
     McLean  VA 22102

1.  What is your title?
2.  What type of work does your organization do?
3.  Does your organization currently monitor computer activity? (Y/N)
    a.  If Yes, what type of monitoring does your company do (e.g.,
        electronic mail, bulletin boards, telephone, system activity,
        network activity)?
    b.  Why does your company choose to monitor these things and how
        is it done?
4.  If you are considering (or are currently) using a monitoring tool,
    what exactly would you monitor?  How would you protect this
5.  Are you for or against monitoring?  Why/why not?  Think in terms
    of whether it is ethical or unethical ("ethical" meaning that it
    is right and "unethical" meaning it is wrong) for an employer to
    monitor an employee's computer usage.  In your response, consider that
    the employee is allowed by the company to use the computer and the
    company currently monitors computer activity.
6.  If your company monitors employees, is it clearly defined in your
    company policy?
7.  In your opinion, does the employee have rights in terms of being
8.  In your opinion, does the company have rights to protect its assets
    by using a form of monitoring tool?
9.  If you are being monitored, do you take offense?  Managers: How do
    you handle situations in which the employee takes offense at being
10. What measures does your company use to prevent misuse of monitoring
    in the workplace?
11. If an employee is caught abusing the monitoring tool, what would
    happen to that individual?  If your company is not using any form
    of monitoring, what do you think should happen to an individual
    who abused the tool?
12. Is it unethical to monitor electronic mail to determine if the
    employee is not abusing this company resource (e.g. suppose the
    employee sends personal notes via a network to others that are
    not work related)?  Why or why not?"

I find all the issues which Lorrayne brings up are very valid
questions and have quite frankly called the FCC for some answers on
electronic mail myself a couple years back.  Telecom has come up
with guidelines on monitoring (beep tone and at least one other
person knowing they are being monitored).  Any thoughts on how long
it will be for a standard to be set for e-mail?

What are groups thoughts on some of the questions?

I will send an e-mail to Lorrayne requesting a copy of the results
in October and pass them along to the group if there
is any interest.


Date:    Sat, 4 Jul 1992 17:16:20 EDT
From:    Dave Banisar <>
Subject: CPSR Challenges Virginia SS 

  CPSR Challenges Virginia SSN Practice


June 30, 1992

CPSR Challenges Virginia SSN Practice

        WASHINGTON, DC -- A  national public interest organization has
filed a "friend of the court" brief in the federal court of appeals,
calling into question the Commonwealth of Virginia's practice of
requiring citizens to provide their Social Security numbers in order to
vote. Computer Professionals for Social Responsibility (CPSR) alleges
that Virginia is violating constitutional rights and creating an
unnecessary privacy risk.

        The case arose when a Virginia resident refused to provide his
Social Security number (SSN) to a county registrar and was denied the
right to register to vote.  Virginia is one of a handful of states that
require voters to provide an SSN as a condition of registration.  While
most states that require the number impose some restrictions on its
public dissemination, Virginia allows unrestricted public inspection  of
voter registration data -- including the SSN.  Marc A. Greidinger, the
plaintiff in the federal lawsuit, believes that the state's registration
requirements violate his privacy and impose an unconstitutional burden
on his exercise of the right to vote.

        The CPSR brief, filed in the Fourth Circuit Court of Appeals in
Richmond, supports the claims made by Mr. Greidinger.  CPSR notes the
long-standing concern of the  computing community to design safe
information systems, and the particular effort of Congress to control
the misuse of the SSN.   The organization cites federal statistics
showing that the widespread use of SSNs has led to a proliferation of
fraud by criminals using the numbers to gain driver's licenses, credit
and federal benefits.  The CPSR brief further describes current efforts
in other countries to control the misuse of national identifiers, like
the Social Security number.

        Marc Rotenberg, the Director of the CPSR Washington Office said
that "This is a privacy issue of constitutional dimension. The SSN
requirement is not unlike the poll taxes that were struck down as
unconstitutional in the 1960s.  Instead of demanding the payment of
money, Virginia is requiring citizens to relinquish their privacy rights
before being allowed in the voting booth."

        CPSR argues in its brief that the privacy risk created by
Virginia's collection and disclosure of Social Security numbers is
unnecessary.  The largest states in the nation, such as California, New
York and Texas, do not require SSNs for voter registration.  CPSR points
out that California, with 14 million registered voters, does not need to
use the SSN to administer its registration system, while Virginia, with
less than 3 million voters, insists on its need to demand the number.

        David Sobel, CPSR Legal Counsel, said "Federal courts have
generally recognized that there is a substantial privacy interest
involved when Social Security numbers are disclosed.  We are optimistic
that the court of appeals will require the state to develop a safer
method of maintaining voting records."

        CPSR has led a national campaign to control the misuse of the
Social Security Number.   Earlier this year the organization testified
at a hearing in Congress on the use of the  SSN as a National
Identifier.  CPSR urged lawmakers to respect the restriction on the SSN
and to restrict its use in the private sector.   The group also
participated in a federal court challenge to the Internal Revenue
Service's practice of displaying taxpayers' SSNs on mailing labels. CPSR
is also undertaking a campaign to advise  individuals not to disclose
their Social Security numbers unless provided with the legal reason for
the request.

        CPSR is a national membership organization, with 2,500 members,
based in Palo Alto, CA.  For membership information contact CPSR, P.O.
Box 717, Palo Alto, CA 94303, (415) 322-3778,

For more information contact:

Marc Rotenberg, Director 
David Sobel, Legal Counsel 
CPSR Washington Office 
(202) 544-9240

Paul Wolfson, attorney for Marc A. Greidinger 
Public Citizen Litigation Group 
(202) 833-3000


End of PRIVACY Forum Digest 01.07

PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.