PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest     Monday, 28 December 1992     Volume 01 : Issue 30

         Moderated by Lauren Weinstein (lauren@cv.vortex.com)
                Vortex Technology, Topanga, CA, U.S.A.
        
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.


CONTENTS
        PRIVACY Briefs (Lauren Weinstein; PRIVACY Forum Moderator)
        Thought for the day (David Peretz)
        Car searches require probable cause (Mel Beckman)
        Use of SSNs on Drivers Licenses (Ronni Rosenberg)
        California privacy law (Larry Seiler)
        Reports on Ames Raid Available (David Sobel)


                 *********************************
                 ***** BEST WISHES FOR 1993! *****
                 *********************************


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
RELEVANT "Subject:" lines.  Submissions without appropriate and relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a message
consisting of the word "help" (quotes not included) in the BODY of a message
to: "privacy-request@cv.vortex.com".  Mailing list problems should be
reported to "list-maint@cv.vortex.com".  All submissions included in this
digest represent the views of the individual authors and all submissions
will be considered to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "cv.vortex.com/",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 01, ISSUE 30

   Quote for the day:

        "Will the people in the cheaper seats clap your hands?
         All the rest of you, if you'll just rattle your jewelry."

                        -- John Lennon
                           At the Royal Variety (Command) Performance
                           November 4, 1963

----------------------------------------------------------------------

PRIVACY Briefs (from the Moderator)

---

In PRIVACY Forum V01 #29, we reported on a new federal law placing various
restrictions on both automated and live telemarketing, which had just gone
into effect.  However, enforcement of that law by the FCC has been suspended
for now due to a court action.  A small business owner, who made
considerable use of automated telemarketing machines, has challenged the law
on the grounds that it discriminates against small businesses who are much
less likely to have the financial resources to hire live telemarketers than
larger firms (which mainly use live telemarketing agents).  Under the terms
of the law, automated telemarketing machines would have been totally banned,
and restrictions regarding call-backs would have been placed on live
telemarketers.

---

Reports out of the San Jose, California area are expressing concern over the
apparent practice of some utility companies of routinely turning over
"unusual" utility bills to law enforcement agencies.  It seems that above
average (that is, above the norm for the customer class) use of water and/or
power may be considered to be a possible indication of illegal drug
activities.  At least some utility companies apparently consider consumer
utility bills to be public information and not subject to privacy
considerations.

------------------------------

Date:    Sat, 26 Dec 92 00:52:19 PST
From:    david_peretz@freemf.eskimo.com
Subject: Thought for the day.

Hello!

My name is David Peretz and I've just discovered the PRIVACY Forum
Digest.  I thought I would share with you one of my favorite quotes
from that great preserver of personal privacy and individual
rights. . .

      "Many things are necessary to lead a full, free life.  But none of
these is more important than the most basic of all individual rights: The
Right to Privacy.  At no time in the past has our Government known so much
about so many of its individual citizens.  Government bureaucracies seem to
thrive on collecting additional information.  That information, is now
stored in over 7,000 Government computers.  And the names of over 150
million Americans are now in computer banks scattered across the country. 
In short, data banks affect nearly every man, woman and child in the United
States today.  Here is the heart of the matter: A system that fails to
respect its citizens' right to privacy, fails to respect the citizens
themselves.
      Careers have been ruined, marriages have been wrecked, reputations
built up over a lifetime have been destroyed by the misuse or abuse of data
technology in both private and public hands.  Advanced technology has
created new opportunities for America as a nation, but it has also created
the possibility for new abuses of the individual American citizen.  Adequate
safeguards must always stand watch so that man remains the master, and never
becomes the victim, of the computer."

                                 -- President Richard M. Nixon
                                      Privacy Address, 1974

-- Via DLG Pro v0.995
UUCP -- david_peretz@freemf.eskimo.com

                        [ The PRIVACY Forum always appreciates quotes
                          from such acknowledged champions of privacy 
                          rights! -- MODERATOR ]

------------------------------
                        
Date:    Sat, 26 Dec 92 10:01:54 PST
From:    mbeckman@mbeckman.mbeckman.com (Mel Beckman)
Subject: Car searches require probable cause

Brian Larkin writes:
> It got me to thinking though about if I had not consented, would
> he had had to have gotten a warrant to search my car?  Would I
> have been forced to sit by the side of the road while they went to
> get a warrant to search my car?  If he HAD found something of an
> illegal nature, could it be used against me in court?

I'm certain many will respond to this. The answer is that no, the officer
may not search your car without a warrant, and he can't get a warrant
unless he has probable cause. Probable cause has been specifically determined
to exclude such logic as "anyone who won't consent is hiding something"
or "he looks guilty". It requires specific evidence that a crime may have
been committed (e.g. bullet holes in the trunk). 

Note that if the officer does find probable cause, in most states he is
allowed to hold you until a warrant is obtained. This could be several days.
The "hold for warrant" delay tactic, in fact, is used often enough that
several civil rights cases have been brought against agencies using it.
In one case, a couple's entire apartment was dismantled and put into storage
until a judge could inspect the property and determine if a warrant was,
er, warranted. (The couple were civil rights workers in the south in the
60's; the material was primarily handouts on racial issues. More than a
year passed before the property was returned).

  -mel
___________________________________________________________________
| Mel beckman                  |    Internet: mbeckman@mbeckman.com |
| Beckman Software Engineering |  Compuserve: 75226,2257            |
| 1201 Nilgai Place            |       Voice: 805/647-1641          |
| Ventura, CA 93003            |         Fax: 805/647-3125          |
|____________________________|__________________________________|
 "Internet is big.  Really Big.  It gives the idea of
  infinity much better than infinity itself." 
   (with apologies to Douglas Adams)

------------------------------

Date:    Wed, 23 Dec 1992 13:16:31 EST
From:    Ronni Rosenberg <ronni@ksr.com>
Subject: Use of SSNs on Drivers Licenses

A bill is before the MA legislature that would prohibit continued use of
Social Security numbers on drivers licenses.  At the request of the Mass.
Public Interest Research Group (MASSPIRG), I sent the following letter on
behalf of CPSR/Boston.  I just received word that despite opposition, the
bill passed the state Senate; it will be considered next by the House.

                        ----------------
CPSR/Boston
                                                23 December 1992

Dear Representative:

I am writing in support of S. 1779, An Act Prohibiting Use of Social
Security Numbers on Massachusetts Drivers Licenses and Identification Cards.
I write on behalf of the Boston chapter of Computer Professionals for Social
Responsibility (CPSR).  CPSR is a national, public-interest group of computer
professionals and others concerned about the effects of computerization on
society.  CPSR's membership is about 2,500; the Boston chapter has several
hundred members.  I am a past Director of CPSR, and I have a Ph.D. from the
Electrical Engineering and Computer Science Department of the Massachusetts
Institute of Technology.

S. 1779 would prohibit the use of Social Security numbers (SSNs) for an
unintended purpose that is particularly widespread and dangerous: on MA motor
vehicle licenses and registry-issued identification cards.  This is desirable
because it enhances privacy, without inhibiting legitimate needs to access
data (e.g., for law-enforcement purposes).

In July 1973, the U.S. Department of Health, Education & Welfare issued a
seminal report, "Records, Computers, and the Rights of Citizens," the work
of an advisory committee on Automated Personal Data Systems.  That report
led to the enactment of the Privacy Act of 1974, the major piece of privacy
legislation in the U.S.  The report's findings and recommendations remain
current.

For instance, the DHEW report noted that the SSN cannot qualify as a universal
identifier, because it is not unique.  The Social Security Administration
itself estimated that more than 4.2 million people had two or more SSNs, and
there are many cases of multiple people being issued or using the same SSN.
Also, the SSN is unreliable: it has no validity-checking feature, it cannot
always be verified, and a valid SSN is indistinguishable from most randomly
chosen nine-digit numbers.  Thus, SSNs are highly prone to undetectable errors
of transcription and oral reporting.

These deficiencies are not very surprising-the SSN was created for the limited
purpose of identifying retirement accounts managed by the Social Security
Board, which covered a minority of the population and even of civil servants.
While the use of SSNs has been expanded greatly over time, insufficient
attention has been paid to its unsuitability as an identifier.  The result is
a long list of horror stories of people whose identities were confused with
someone who used the same SSN.  People have been wrongly arrested and thrown
in jail, wrongly denied benefits to which they are entitled, wrongly denied
employment, and more, because of SSN inaccuracies.  People in such situations
have little redress, and typically it is a frustrating, time-consuming battle
to re-establish their rightful "data identity."  Encouraging more uses for
SSNs lengthens the list of horror stories.

The DHEW report made specific recommendations for use of SSNs, urging Congress
to be "sparing" in mandating its use: "[The Congress] should weigh carefully
the pros and cons of any proposed use, and should pay particular attention to
whether effective safeguards have been applied to the automated personal data
systems that would be affected by the proposed use of the SSN."  Without
doubt, the automated data systems affected by the use of SSNs on MA drivers
licenses do not have effective safeguards, either for maintaining correct and
complete data, or for preventing and punishing inappropriate disclosures of
confidential data.

Using an identifier other than the SSN for licenses will not create new
problems for people with a legitimate need to access government records, e.g.,
criminal-justice records.  As many studies have shown, the real problem with
those records is that they are riddled with inaccuracies and misleadingly
incomplete and outdated information.  Because SSNs are not unique, using
them to access such sensitive records is an invitation to mismatches, false
accusations, and liability for those false accusations.  Requiring a different
identifier would give the registrar the opportunity to design a truly unique
identifier, which might help avoid some mismatches that would otherwise occur
when Registry data is linked with that of other systems.

Each additional application of the SSN is a step on the road to a single,
national databank.  In the past, the desire to keep this country from turning
into a "dossier society" led the U.S. Congress to prohibit both the creation
of a national databank and the use of a universal identifier, and public
opinion has been steadfastly opposed to such proposals.  Since these early
discussions, however, it has become trivial technically to create a de facto
national databank by linking separate systems, a process facilitated by common
identifiers.  Unintended uses of SSNs tighten the web of information tracking
that increasingly surrounds each of us, and the consequences for individuals
of enhanced data linkage are not benign.  Excessive surveillance has a
chilling effect on an entire society; it must be discouraged by people who
value highly an open society and individual privacy.  The DHEW committee's
warning is still timely:

        "Until effective safeguards against the abuse of computer-based
        personal data systems have been established, and until there has
        been full public debate of the desirability of an SUI [standard
        universal identifier], this is the point at which the situation
        must be held in check."

Thank you for your consideration.

                                                Sincerely yours,

                                                Ronni Rosenberg, Ph.D.

                [ While SS#s are not used on California drivers licenses,
                  a recent state law requires that all drivers provide
                  their SS# when obtaining or renewing their license.
                  The stated purpose of this is to simplify locating 
                  persons who are behind in child support payments.
                  -- MODERATOR ]

------------------------------

Date:    Wed, 23 Dec 92 15:03:51 EST
From:    "Larry Seiler, x223-0588, MLO5-2  23-Dec-1992 1446"
         <Seiler@rgb.enet.dec.com>
Subject: California privacy law

I got a pleasant surprize with my latest alumni directory.  The directory
has two sections:  a list of current addresses etc., and a listing by
year and major of all graduates (it's a small college).

The pleasant surprize was a card stating that, as per California law,
the only people in the address listing are those who returned a signed
authorization form!  I believe this law is relatively new, since my last 
alumni directory didn't include any such caveat.

What I particularly like about this is the explicit division of data into 
that which is public and can be disclosed to anyone (when I graduated), 
and that which is private and can only be disclosed with my permission
(where I live).  I wonder how the California law is really worded?

Now, if we could only enforce such a rule on the credit industry...

        Enjoy,
        Larry

------------------------------

Date:    Tue, 22 Dec 1992 13:47:06 EDT
From:    David Sobel <dsobel@washofc.cpsr.org>
Subject: Reports on Ames Raid Available

Last month I posted a NASA statement concerning the unannounced
"security review" conducted at the Ames Research Center this past
summer.  The CPSR Washington Office recently obtained electronic
copies of two NASA reports on the incident, which are now
available through the listserver.  To obtain these files, send
the following message to <listserv@gwuvm.gwu.edu>:

        GET <filename> 

using the following filenames and filetypes:

        Filename Filetype Lines Description
        -------- -------- ----- -----------
        AMES-MR  REPORT    861  MANAGEMENT REVIEW OF THE AMES RESEARCH
                                CENTER - August, 1992

        AMES-MR  ASSESSMT  565  ASSESSMENT PANEL REPORT ON THE NASA AMES
                                MANAGEMENT REVIEW - November 6, 1992


        *******************************************************

David Sobel
Legal Counsel
CPSR Washington Office

        [ These two documents have also been placed in the PRIVACY Forum
          archives for FTP or listserv access.  For anon FTP, the pathnames
          (on Internet site "cv.vortex.com/") are:

                /privacy/ames-mr.rpt.Z    (Management Review Report)
                /privacy/ames-mr.asmt.Z   (Assessment Panel Report)

          As always when retrieving compressed (".Z") files, be sure
          to use FTP "binary" or "image" mode.  If you don't have an
          "uncompress" program, specify the filenames above without
          the ending ".Z" and they'll be sent to you uncompressed
          (don't use binary/image mode in this case).

          For listserv access, send an e-mail message to:

                listserv@cv.vortex.com

          with the start of the message BODY consisting of either:

                get privacy ames-mr.rpt
                        or
                get privacy ames-mr.asmt

           The appropriate document will be mailed back to you 
           automatically.  Only one document may be specified in
           a single e-mail message.

           The documents make fascinating reading, especially when
           subjected to the classic "compare and contrast" analysis.
           Thoughtful comments regarding the documents would be
           welcome here in PRIVACY Forum. -- MODERATOR ]
                
------------------------------

End of PRIVACY Forum Digest 01.30
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.