PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest     Saturday, 14 January 1995     Volume 04 : Issue 02

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
        
                     ===== PRIVACY FORUM =====

          The PRIVACY Forum digest is supported in part by the 
              ACM Committee on Computers and Public Policy.


CONTENTS 
        Re: Caller-ID harassment syndrome (Robert A. Rosenberg)
        Re: Orwell, 499 channels, and where privacy begins (David Stodolsky)
        Re: Orwell, 499 channels, and where privacy begins (Peter Knoppers)
        Re: Orwell, 499 channels, and where privacy begins (Derek Atkins)
        Privacy & the blood supply (c_farer@gate.net)
        AIDS & the blood supply (was Orwell, 499 channels...) (Adam Shostack)
        Re: AIDS & the blood supply (Christopher Zguris)
        Mandatory HIV registration (Karl Anderson)
        Cruising for murder (Paul Gloger)
        Looking for testimonals (EricJM)
        Phone bill balance by phone - no security? (Michael W. Gardiner)
        Montgomery Ward Class Action (B. Daniel Lynch)
        Connection Logging by Web Servers (Scott Coleman)
        Communities that discourage privacy (Craig Partridge)
        International Cryptography Institute 1995 (Dorothy Denning)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com/".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW home
page at the URL: "http://www.vortex.com/".
-----------------------------------------------------------------------------

VOLUME 04, ISSUE 02

   Quote for the day:

        "Two men, on a vampire hunt.
         Simple?
         They certainly are."

                -- From the trailer for "The Fearless Vampire Killers
                   or Pardon Me, But Your Teeth Are In My Neck" (1967)
        
----------------------------------------------------------------------

Date:    Sun, 25 Dec 1994 01:33:02 -0500
From:    hal9001@panix.com (Robert A. Rosenberg)
Subject: Re: Caller-ID harassment syndrome

On 19 Dec 1994 at 12:52:01 -0800, Paul Baclace wrote:

>Apparently there is a service that allows one to dial the caller-ID of
>the most recent in-coming call.  The $5 a month service causes *69
>to return the call and requires no special hardware.  Luckily, the number
>is erased after another incoming call, but one woman had her answering machine
>outgoing message state her phone number...
>
>A defense against this is either for everyone to have caller-ID or everyone
>to block the caller-ID when making calls.  Neither option is reasonable and
>doing both is the best defense, but it adds no value to the use of the
>phone system--it simply is an extra cost for a creep-deflector and a
>creep-enabler.

I am sorry to inform Mr. Baclace that *69/Call*Return and *67/Call*Trace
(which prints out a copy of calling number which will then be available to
turn over to the Police when you report a Harassing Phone Call) work even
if the caller has the Call Blocking Feature. All that does is NOT display
it on your Caller*ID Unit. It is still stored for use with the other
features.

There are also issues with the non-optimal (and in some cases fraudulent)
way Caller*ID has been implemented in certain areas. For example, Unlisted
and/or Unpublished numbers may not automatically assign the Caller*ID
All-Calls Blocking Feature to the line (you must request [and possibly pay
for] the feature on your line). Also, in many places the [Un]Block-a-Call
*xx number is just a toggle to switch between the standard line state
(which can be Blocked/UnBlocked) to the other state for the current call.
There is no indication of which state it is selecting. Some places do have
Separate Codes that sets the State for that call to Blocked or Unblocked
(Use of the Code thus Insures the State even if it is the default state for
that line).

------------------------------

Date:    Sun, 25 Dec 94 16:55:42 +0100 (CET)
From:    david@arch.ping.dk (David Stodolsky)
Subject: Re: Orwell, 499 channels, and where privacy begins

Christopher Zguris <0004854540@MCIMAIL.COM> writes in
Subject: Re: Orwell, 499 channels, and where privacy begins:
> karl@reed.edu (Karl Anderson) wrote:
> >I signed up to donate blood when I was 18, before I had ever been
> >tested for HIV.  I was given a questionnaire first.  The fine print
> >mentioned that in accordance with state or federal law
> >something-or-other, names associated with several types of positive
> >tests, including syphillis and HIV, would be forwarded to state or
> >federal agency this-or-that.  Some government official had been
> >recently blathering to himself in the media about quarantine camps and
> >glow in the dark tattoos.  I turned around and walked out.
> 
> This dangerous attitude is obscene. How about my -- and everyone else's --
> right, Karl, to get uninfected blood should we require a transfusion or find
> out if a sexual partner has tested positive so that we may know? AIDS has
> spread like wildfire partly due to the blood supply being such a mess and
> refusal to allow for any sort of partner tracking due to "privacy" concerns.
> If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger to
> the community and anyone he/she may have had sex with. The point of


This is one of those arguments in which both sides have good points,
within the current context. However, one side has a better argument
for changing the current context, which is both possible and seriously needed.

Christopher Zguris exaggerates the risks to the blood supply and to
sexual partners. Chances of receiving HIV contaminated blood are about
one in a quarter of a million in the USA. Sexual partners should always
be assumed to HIV positive, unless there is an exclusive sexual relationship. 

However, not enough has changed in the social relationships surrounding
blood donation to ensure that the next slowly developing virus disease
will be stopped before many people are infected. And we can be reasonably
confident that there will be a next one. Social relationships surrounding
sexually transmitted disease have seen virtually no change in most
places, and HIV transmission is continuing to increase, facilitating
spread of TB and who knows what else.

A restructuring of social relationships to make the protection of
individual rights and of the public's health mutually supportive
are urgently needed. The approach taken by Karl Anderson is one which
could force policy makers to rethink this problem. If people stop
giving blood because of inadequate privacy protection, something will
be done.

I have been working on this problem since about 1979 and have yet
to receive any support. This is the abstract of my recently rejected
research proposal:

        ====================

Security in Blood Donation: 
Privacy Protection and the Safety of Donated Blood.

Improved methods of data collection and improved data security 
can enhance blood donors' privacy. Better privacy for donors 
reduces the risk that sensitive data are withheld and increases 
flexibility in data utilization. Therefore, privacy enhancement 
can improve the safety of donated blood and ease identification 
of new infectious agents. The first phase of this project 
investigates the acceptability and feasibility of computer 
interviewing and improved data security. Rate of elicitation of 
HIV-related risk factors and judged privacy are expected to be 
greater in computer interviews as compared to traditional 
interviews. Perceived desirability of cryptographic data 
security is expected to vary widely among countries because of 
differing data protection regulations. Feasibility of an 
enhanced donor data security system will be assessed in view of 
current chip-card initiatives in different countries.

The second phase integrates computer interviewing into blood 
bank operations and pilot tests the enhanced security system. 
Notification methods which preserve donor privacy will also be 
tested at this stage. Harmonization of data security methods 
among the participating countries will be investigated from a 
comparative ethical and legal perspective. Phase three involves 
deployment of an integrated interviewing, notification, and 
data security system. Data collection started in phase one will 
continue throughout the study. Methods for automatic detection 
of clusters of risk factors and biological markers will be 
investigated. Secure and harmonized data collection will permit 
early warning of risks to the safety of donated blood in the 
cooperating countries.

        ====================



A theoretical paper that deals with the same technology applied to
sexually transmitted disease is under revision. The chances of it
being published in the near future are low, since the referee's 
comments include that it is impossible to do (b), so I must be trying
to explain how to do (x), etc. See below for (b). If you can help 
by commenting the draft, request a copy:

        ======================

Anonymous Partner Notification

    Abstract

The very long latency between HIV infection and the appearance of 
AIDS imposes extensive information processing requirements on 
partner notification efforts. The apparently contradictory needs of 
maintaining the right to privacy of infected persons, while 
simultaneously providing information to persons at risk of infection, 
imposes severe security requirements. These requirements can be 
satisfied by a Contagion Management System based upon networked 
personal computers of a kind now becoming available. Security of 
information is based upon cryptographic protocols that implement 
anonymous partner notification (contact tracing) and privacy preserving 
negotiation. The proposed scheme has the following properties: (a) 
Contact tracing is automated, (b) contacts remain anonymous, (c) 
sensitive information is kept private, and (d) risk conscious users can 
act in a manner indistinguishable from that occurring if secured 
information were made public. Optimal health protection can thus be 
obtained while securing informational rights. Privacy preserving 
negotiation (c & d) is addressed separately (Stodolsky, in review). 


Key terms: Preventative health services, patient data privacy, real time 
systems, distributed data bases, epidemiology.

David S. Stodolsky, PhD               Internet: david@arch.ping.dk
Tornskadestien 2, st. th.       (C)         Tel.: + 45 38 33 03 30
DK-2400 Copenhagen NV, Denmark               Fax: + 45 38 33 88 80

------------------------------

Date:    Mon, 26 Dec 1994 13:36:36 +0100
From:    knop@duteca8.et.tudelft.nl (Peter Knoppers)
Subject: Re: Orwell, 499 channels, and where privacy begins

Christopher Zguris <0004854540@MCIMAIL.COM> wrote:
>karl@reed.edu (Karl Anderson) wrote:
>>I signed up to donate blood when I was 18, before I had ever been
>>tested for HIV.  I was given a questionnaire first.  The fine print
>>mentioned that in accordance with state or federal law
>>something-or-other, names associated with several types of positive
>>tests, including syphillis and HIV, would be forwarded to state or
>>federal agency this-or-that.  Some government official had been
>>recently blathering to himself in the media about quarantine camps and
>>glow in the dark tattoos.  I turned around and walked out.
>
>This dangerous attitude is obscene. How about my -- and everyone else's --
>right, Karl, to get uninfected blood should we require a transfusion or find
>out if a sexual partner has tested positive so that we may know? AIDS has
>spread like wildfire partly due to the blood supply being such a mess and
>refusal to allow for any sort of partner tracking due to "privacy" concerns.

HIV is a sexually transmitted disease. However HIV does not transmit
very easily. There are many diseases that are much more easily trans-
mitted. Dangerous diseases that can be transmitted through airborne
particles, or by a simple handshake require active tracking to find
and cure (or isolate) their bearers. Some forms of tuberculosis do
warrant such measures.

Like Karl Anderson, I would never have donated blood if there was the
least bit of chance that my name would be entered on an HIV list of
some government agency. Of course the blood bank has every right and
need to ensure and protect the quality of its product.

In the Netherlands, the blood bank informs all persons whose blood
turns out HIV-positive of their situation. (This policy is advertised
in very clear terms.) Naturally, the blood bank will no longer take
blood from said persons. The blood banks here ask a lot of questions
each time anyone donates blood. The relevance of these quistions is
very clear: recent infections with HIV can not (yet) be detected with
blood-tests.

All persons donating blood know that their blood (every donation) is
tested for HIV (and quite a few other things) and that they shall be
informed if any of those tests turns out positive. In case of HIV,
the blood bank may suggest some aid-organization that can help you
reorganize your life.

If you want to find out if your sexual partner has tested positive,
_ask_ him or her. If you're not sure whether you'll get an honest
reply, use adequate protection (or don't have sex). This protects
you from HIV and many other sexually transmitted diseases and also
from pregnancy. YOU are responsible for practicing safe sex, not
some government agency.

Peter Knoppers - knop@duteca.et.tudelft.nl

------------------------------

Date:    Mon, 26 Dec 1994 12:25:20 -0500
From:    Derek Atkins <warlord@incommunicado.cambridge.ma.us>
Subject: Re: Orwell, 499 channels, and where privacy begins

> Do you realize what a stupid -- and dangerous -- concept that is? The blood
> supply, as it is, is a mess. "Screening" hasn't done a whole hell of a lot.
> Instead of one organization, you want a bunch of "mom and pop" operations
> collecting blood from whoever using their own guidelines (or lack there-of)?
> Why? Because they'll guarantee _your_ privacy while damning the rest of us
> who may need blood (god help those who do) to whatever disease you may have
> but "choose" not to disclose (I'm not saying you have a disease, I'm making

No, you are extremely confused about what was being said.  The point
is not that blood should not be tested or screened.  The point is that
the information about positive results shouldn't be given to anyone
other than the person whose blood it is!  The Red Cross should just
destroy the blood, or mark it as bad and give it to testing labs, or
whatever.  But they should not go and tell any organization,
government, medical, insurance, whatever, the results of my tests.

The red cross does not need to tell anyone the results of blood tests,
and you can still be assured of gettihg good blood.  The choice is not
privacy vs. good blood.  You can have both.  So why give up your
privacy?

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord@MIT.EDU    PP-ASEL     N1NWH    PGP key available

------------------------------

Date:    Mon, 26 Dec 1994 13:14:52 -0500
From:    c_farer@gate.net
Subject: Privacy & the blood supply

In PRIVACY 03:25, Christopher Zguris <0004854540@MCIMAIL.COM>
takes exception to a post by karl@reed.edu (Karl Anderson), in
which Anderson remarked that he had refused to give blood rather
than face the risk that his blood test results would be forwarded
to various government agencies.  Zguris writes

    Z> How about my -- and everyone else's -- right, Karl, to get
    Z> uninfected blood should we require a transfusion or find out if a
    Z> sexual partner has tested positive so that we may know? AIDS has
    Z> spread like wildfire partly due to the blood supply being such a
    Z> mess and refusal to allow for any sort of partner tracking due to
    Z> "privacy" concerns.

There are at least two issues and one highly questionable
assertion here.  The first issue, ensuring the safety of the
blood supply, can be (and in most places has been) addressed
without reporting test results to any centralized authority.  The
Red Cross can simply not use blood that tests positive for HIV.

The second issue, assuring the safety of sex partners of infected
people, is more reasonably addressed by requiring reporting.  I'd
be interested in seeing some rational discussion of how such
information might be collected and used while assuring that it
wouldn't be abused (for example by the pets of Senators who
advocate the burning of AIDS patients at the stake).

Zguris trivializes such concerns by referring to "privacy" in
quotes.  A reasonable and responsible person, discovering that he
was HIV-positive, would want to ensure his sex partner(s) learned
about it.  He could be excused for wanting to be certain that the
information never became available to the minions of Sen. Helms or
Sen. Thurmond, to name just two.

The questionable assertion is that the spread of AIDS is
attributable, in significant part, to a lack of partner tracking
and blood supply monitoring.  The main reason that AIDS has become
such a problem is that for years it was treated by the Federal
government as a disease of faggots and junkies (without whom the
world would be a better place anyway) of no real concern to decent
people.  If the first couple of hundred AIDS victims had been
heterosexual lawyers or even car salesmen the situation would now
be very different.  (I realize that this last paragraph has little
to do with privacy as such but I couldn't let the implied attack
on privacy concerns pass unchallenged).

------------------------------

Date:    Tue, 27 Dec 94 14:51:07 EST
From:    Adam Shostack <adam@bwh.harvard.edu>
Subject: AIDS & the blood supply (was Orwell, 499 channels...)

| From:    Christopher Zguris <0004854540@MCIMAIL.COM> (In response to
| karl@reed.edu (Karl Anderson) wrote: 
| >glow in the dark tattoos.  I turned around and walked out.
| 
| This dangerous attitude is obscene. How about my -- and everyone else's --
| right, Karl, to get uninfected blood should we require a transfusion or find
| out if a sexual partner has tested positive so that we may know? AIDS has
| spread like wildfire partly due to the blood supply being such a mess and
| refusal to allow for any sort of partner tracking due to "privacy" concerns.

        Its important to note that Karl walked out.  His action poses
danger to the blood supply only in that the supply is slightly smaller
than it would be had he donated.  Its been quite some time since the US
supply of blood was so low that anything beyond voluntary surgery was
affected.  Further, on the order of 5 people got AIDS last year from
blood.  That is a quite small number, compared to the other new cases.
See the AIDS faq for details.
http://www.cis.ohio-state.edu/hypertext/faq/usenet/aids-faq1/faq.html

| If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger to
| the community and anyone he/she may have had sex with. The point of
| contacting "state or federal agency this-or-that" is to try to stop that
| person from unknowingly spreading the disease, and to contact his/her former
| partners to alert them and hopefully stop them from spreading the disease
| further _if_ they're infected.

        There are anonymous testing centers available, and the FDA
recently approved a saliva based test.  It may or may not approve a
home test.  There are ways to be tested without having your name go to
the CDC.

| >If the Red Cross was administered by "mom and pop", who would do
| >nothing with this knowledge except tell me whatever helpful
| >information they knew, then I might not have done so.
| 
| Do you realize what a stupid -- and dangerous -- concept that is? The blood
| supply, as it is, is a mess. "Screening" hasn't done a whole hell of a lot.

        I think your characterization of the state of the blood supply
is incorrect.  Screening, both pre- and post-donation, have done quite
a bit to clean up the blood supply.  The number of people infected by
contaminated blood has dropped substantially since the introcution of
the HIV antibodies test and the introduction of pre-screening
questions about practices that might lead to exposure to HIV.

| Instead of one organization, you want a bunch of "mom and pop" operations
| collecting blood from whoever using their own guidelines (or lack there-of)?
| Why? Because they'll guarantee _your_ privacy while damning the rest of us
| who may need blood (god help those who do) to whatever disease you may have
| but "choose" not to disclose (I'm not saying you have a disease, I'm making
| a point). We're talking about life-and-death here, I can't go along with
| "privacy" concerns outwaying the common good of society as-a-whole. If you
| have a sexually transmitted disease, it should be _required_ that anyone you
| may have exposed be notified, period. I didn't mean to come down on you
| Karl, but this is a subject that really ticks me off.

        There may well be a good to society, the questions involve
what invasion of privacy do you justify for what social good?  I come
down strongly on the side of privacy in this one.  I can't see what
good will be done by your knowing who has AIDS.

        Please note that all comments are mine, and should not be
taken as the opinions of my employer.

------------------------------

Date:    Tue, 27 Dec 94 17:48 EST
From:    Christopher Zguris <0004854540@mcimail.com>
Subject: Re: AIDS & the blood supply

| From:    Christopher Zguris <0004854540@MCIMAIL.COM> (In response to
| karl@reed.edu (Karl Anderson) wrote: 
| >glow in the dark tattoos.  I turned around and walked out.
| 
| This dangerous attitude is obscene. How about my -- and everyone else's --
| right, Karl, to get uninfected blood should we require a transfusion or
find
| out if a sexual partner has tested positive so that we may know? AIDS has
| spread like wildfire partly due to the blood supply being such a mess and
| refusal to allow for any sort of partner tracking due to "privacy"
concerns.

Adam Shostack (adam@bwh.harvard.edu) responds:
>       Its important to note that Karl walked out.  His action poses
>danger to the blood supply only in that the supply is slightly smaller
>than it would be had he donated.  Its been quite some time since the US
>supply of blood was so low that anything beyond voluntary surgery was
>affected.  Further, on the order of 5 people got AIDS last year from
>blood.  That is a quite small number, compared to the other new cases.
>See the AIDS faq for details.
>http://www.cis.ohio-state.edu/hypertext/faq/usenet/aids-faq1/faq.html

I wasn't taking issue with walking out, what disturbed me was thinking it
unacceptable, in the case of a positive test, for health agencies to be
notified so that -- I presume -- partner-tracking could be done.
Partner-tracking occurs with all sexually transmitted diseases -- except
AIDS, due to politics -- in an effort to notify people who may have
unknowingly been infected. This is handled discreetely, there are no public
lists (employers are not notified, etc.).

I challenge the figure of 5 people, it is misleading. I suspect the true
statistic was "5 verified cases", which ignores a great deal of "suspect"
and "unverified" cases. For quite some time, there were "no verified cases"
of health workers getting AIDS from patients until it became a proven fact.
Statistics lie and are warped in the case of AIDS. AIDS has a negative-test
window of up to several years, therefore "5 people got AIDS last year" is a
highly suspect statistic.

| If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger 
to
| the community and anyone he/she may have had sex with. The point of
| contacting "state or federal agency this-or-that" is to try to stop that
| person from unknowingly spreading the disease, and to contact his/her
former
| partners to alert them and hopefully stop them from spreading the disease
| further _if_ they're infected.

Adam Shostack (adam@bwh.harvard.edu) responds:
>       There are anonymous testing centers available, and the FDA
>recently approved a saliva based test.  It may or may not approve a
>home test.  There are ways to be tested without having your name go to
>the CDC.

I said "unknowingly". Why would someone get tested for something they didn't
think they had? The people who are "unknowingly" infected -- as I said --
pose a risk until they know. 

| >If the Red Cross was administered by "mom and pop", who would do
| >nothing with this knowledge except tell me whatever helpful
| >information they knew, then I might not have done so.
| 
| Do you realize what a stupid -- and dangerous -- concept that is? The
blood
| supply, as it is, is a mess. "Screening" hasn't done a whole hell of a
lot.

Adam Shostack (adam@bwh.harvard.edu) responds:
>       I think your characterization of the state of the blood supply
>is incorrect.  Screening, both pre- and post-donation, have done quite
>a bit to clean up the blood supply.  The number of people infected by
>contaminated blood has dropped substantially since the introcution of
>the HIV antibodies test and the introduction of pre-screening
>questions about practices that might lead to exposure to HIV.

I don't think so. The blood supply has been cleaned up quite a bit, but I
wouldn't consider it "safe" and I certainly wouldn't want a transfusion. The
fact that there is a negative-test window of weeks to years should also be
taken into account, I think the safety of the blood supply and success of
screening is suspect because of this. Screening is subjective, uses
intrusive questions that some may find offensive, and as such is open to
errors. 

Somehow, "dropped substantially" does not inspire confidence, maybe someone
who likes to play the odds would take comfort in claims like "dropped
substantially." To me, it sounds like a claim of "new and improved" --
compared to what? Look at the history of the "safe" blood supply, the entire
US hemophiliac population became infected before the blood industry decided
to do anything. 

| Instead of one organization, you want a bunch of "mom and pop" operations
| collecting blood from whoever using their own guidelines (or lack
there-of)?
| Why? Because they'll guarantee _your_ privacy while damning the rest of us
| who may need blood (god help those who do) to whatever disease you may
have
| but "choose" not to disclose (I'm not saying you have a disease, I'm
making
| a point). We're talking about life-and-death here, I can't go along with
| "privacy" concerns outwaying the common good of society as-a-whole. If you
| have a sexually transmitted disease, it should be _required_ that anyone
you
| may have exposed be notified, period. I didn't mean to come down on you
| Karl, but this is a subject that really ticks me off.

Adam Shostack (adam@bwh.harvard.edu) responds:
>       There may well be a good to society, the questions involve
>what invasion of privacy do you justify for what social good?  I come
>down strongly on the side of privacy in this one.  I can't see what
>good will be done by your knowing who has AIDS.

So you're saying it is your exclusive right to decide whether or not you
will tell anyone you may have passed the disease on to? I disagree, but I
think I made that clear. By private email, someone else pointed out my use
of the term "public good" could be mis-interpreted. Let me clarify that: by
"public" I am not talking about lists made available to everyone. I have no
right to know, the public-at-large has no right to know. You need to know,
and _everyone_ you may have passed it on to has a _right_ to know. That was
the point I was trying to make, and I honestly cannot see how that can be
debated.

Christopher Zguris
czguris@mcimail.com

------------------------------

Date:    Mon, 2 Jan 95 00:45 PST
From:    karl@reed.edu (Karl Anderson)
Subject: mandatory HIV registration

The topic seems to have shifted to forced disclosure of whether one's
blood contains HIV antibodies (which is also interesting!).

Christopher Zguris <0004854540@MCIMAIL.COM> wrote:
>karl@reed.edu (Karl Anderson) wrote:
[I had refused to donate blood because I hadn't previously been tested
for HIV, and HIV+ donors were reported to a government agency]

>This dangerous attitude is obscene. How about my -- and everyone else's --
>right, Karl, to get uninfected blood should we require a transfusion

Since my behavior reduced the amount of blood available, I would say
that the government's violation of the privacy of potential donors has
caused a reduction in the amount of voluntary blood donations.

Of course, if it was _my_ refusal to donate that violated _your_
right to my blood, then there wouldn't be anything wrong with holding
me down and opening my veins, would there?  You'd just be exercising
your rights.

>or find out if a sexual partner has tested positive so that we may
>know? 

No.  I refuse to submit to an involuntary search and seizure of my
antibodies because you might wish to have me as a future sexual
partner.  Goodness, if you think that it is your right to know whether
someone has AIDS, then they don't have much grounds for refusing that
glow-in-the-dark tattoo!

If you want to avoid HIV+ sexual partners, you can demand proof of a
negative blood test.  You can refuse to engage in dangerous activities
with a potential partner until that person has accompanied you to a
testing site and shown you their negative result.  I personally prefer
to simply ask potential partners.

AIDS is an epidemic, and yes, anyone who has AIDS and doesn't take
precautions to avoid infecting others is dangerous to our society.
Looking at Typhoid Mary's actions, I would support imprisoning her
against her will.  No responsibility, no rights.

However, there are many people with AIDS who do not recklessly spread
their infection, and who fit perfectly well in our society.  Having
AIDS is not (and should not be) a crime, and there is no reason to
treat people with AIDS like criminals.

I'm honestly surprised that this discussion is taking place.

>Christopher Zguris
>czguris@mcimail.com

karl@reed.edu               http://www.reed.edu/~karl/

------------------------------

Date:    Fri, 6 Jan 1995 02:24:53 PST
From:    Paul_Gloger.ES_XFC@xerox.com
Subject: Cruising for murder

An item from the Associated Press, printed in the Los Angeles Times on Sunday,
January 1, tells of a family, in Memphis, Tennessee, listening to their new
Christmas-gift radio scanner.  They overhear a woman speaking on a cordless
phone to her boyfriend, the two plotting to kill the woman's husband to get rid
of him and collect his life insurance.  The family then scans the same woman in
other phone calls, which enables them to identify the woman.  Sheriff's
deputies have arrested the woman and her boyfriend, and charged them with
conspiracy and attempt to murder.

The article ends with the Sheriff's Captain on the case declaring that "there
was nothing illegal in [the family]'s listening to the cordless phone
conversations because it was a random scanning."

I don't precisely remember the laws regarding the legality of scanning cordless
phones, but I sure don't recall that they're conditioned on whether the
scanning is "random."

Paul Gloger <gloger.esxfc@xerox.com>

------------------------------

Date:    Fri, 6 Jan 95 16:15:16 -0500
From:    "EricJM" <ericjm@gold.tc.umn.edu>
Subject: Looking for testimonals

Dear All:

I am working on a project with the Walker Art Center in Minneapolis which 
exploring the U.S. Bill of Rights.

I am in need of some first-person testimonials/stories by people who feel 
their civil liberties have been violated. I am especially interested in stories 
relating to privacy and/or the Fourth Amendment.

I have read many stories and Supreme Court opinions, but these are too edited, 
and often too unemotional, for our needs. If anyone has any text they can relay,
or suggestions as to where I can find such information quickly, I would be most 
grateful.

Thank you,
Eric JM

------------------------------

Date:    Sat, 7 Jan 1995 17:19:53 -0500 (EST)
From:    "Michael W. Gardiner" <mwg@garnet.msen.com>
Subject: Phone bill balance by phone - no security?

Having managed to mis-place a bill, I called the local phone company 
customer service number to get the information.  I was interested to hear 
that the information I was after was available without talking to an 
operator.  I went theough the system, and, with only my TOUCH-TONED phone 
number (I wasn't calling from home anyway) it gave my current amount due.

Needless to say I routed myself to an operator, then to a supervisor, and 
lodged a complaint.  I doubt that anything will come of this, as they 
don't see what the problem is.  When I asked if anyone could walk into an 
office and get my balance without identification, he said no, but 
couldn't see that this was not a different situation.  He even wondered 
why anyone would be interested in my phone balance.

I mean to pursue this locally, but you might want to check your local 
phone company and see if they are up to this sort of thing also.  It may 
take some detailed explanations, and how effective that will be is 
debateable, as the person I complained to couldn't grasp why a private 
investigator or other nosy type would consider this a nugget in the 
search for information gold.

Mike Gardiner
mwg@msen.com

------------------------------

Date:    Mon, 9 Jan 1995 15:19:51 -0500
From:    BDLLO@aol.com
Subject: MONTGOMERY WARD CLASS ACTION

MONTGOMERY WARD CLASS ACTION FOR CALIFORNIA RESIDENTS ONLY.

If you made a purchase at a Montgomery Ward store in California between July
23, 1992 through December 12, 1994, using a Visa, Mastercard, American
Express or Discover credit card.

How to Make a Claim:  To make a claim, write to Montgomery Ward Class Action,
c/o B. Daniel Lynch Law Office, 301 E. Colorado Blvd., Suite 709, Pasadena CA
91101-1911.  You must include your name, address, city, state and zip code.
 Also state the number of times you received an approximately 2 1/2" wide
transaction form (sales receipt) showing the words PHONE #, or were requested
or required to provide your telephone number or address.

Include for each such transaction a copy of the charge slip, credit card
statement, or other document showing the purchase, or a declaration stating
that you were requested or required to provide your telephone number or
address.  CLAIMS MUST BE POSTMARKED BEFORE JANUARY 24, 1995.

Please contact me at bdllo@aol.com or fax (818)796-1136 if you have any
questions.

Thank you

B. Daniel Lynch
B. Daniel Lynch Law Office
Pasadena, California

------------------------------

Date:    Wed, 28 Dec 94 07:01 PST
From:    asre@uiuc.edu  (Scott Coleman)
Subject: Connection Logging by Web Servers

Neil Briscoe <neil@salmon.demon.co.uk> points out:

> I think the reason that you never hear about the logging facilities 
> of a site are, apart from any conspiracy to just collect the stats, 
> you can connect to a server at any page, you never have to go in via 
> a login page.

A valid point. But there is a common access point for all users,
whether they enter via the web site's home page or not: the web browser
itself. Newer versions of Netscape have a dialog box which pops up when
submitting input to a form. This dialog box informs the user in no
uncertain terms that the method of submission they are about to use is
insecure, and that the contents could be intercepted or monitored by
a third party. A simple way to make people aware that their connections
are being logged would be to employ a dialog box in a fashion similar to
the above.

> The question then arises as to whether the facilities providers, UNC 
> in this case, then make these stats available to the people for whom 
> they are providing pages, or whether they keep this information to 
> themselves and use it merely to provide faster machines, more disk 
> space, as demand arises.

While the motives of UNC are undoubtedly benign and probably helpful, in
cases where a commercial enterprise is both the information provider and
the owner of the site, there is no question - the marketing staff at XYZ
Corp. clearly has access to the stats generated from the http server on
www.xyz.com. The only question is, what will these marketing people,
under constant pressure both from upper management and creative
competitors, DO with this information?

--
Scott Coleman, President ASRE (American Society of Reverse Engineers)
asre@uiuc.edu

------------------------------

Date:    Tue, 27 Dec 94 15:05:29 -0800
From:    Craig Partridge <craig@aland.bbn.com>
Subject: communities that discourage privacy

Over the years I've been interested to observe that there are groups of people
who either by occupation or prediliction live in communities where privacy
of the type often discussed in this digest are discouraged.  At some point
I'd love to find time to actually collect all the instances together and
present a more coherent presentation about such communities and their impact
on privacy concerns, but I think simply pointing out that these communities
exist may be useful.  So here are two examples I've run across:

    * In the Washington DC area, where I grew up, if you work for the
    US Government, anyone can know your salary plus or minus a few thousand
    dollars if you tell them what you do.  The reason is that most people
    know how Government job titles translate to Government Service (GS)
    pay scale classifications, your GS number determines your salary range,
    and the salary ranges are public (indeed, often posted on office bulletin
    boards).

    So growing up in DC, I grew up with the sense that knowing how much
    someone made wasn't a big deal.  (I.e., you didn't talk about salary
    because it was gauche, but you didn't worry about it getting out).

    * While many people try to avoid getting into Government records, folks
    interested in genealogy often are interested in being recorded in more
    detail.  For instance, there were a number of letters to genealogical
    journals complaining that one could not request to fill in the long
    1990 census form rather than the short one.  Genealogists routinely
    use census data for genealogical purposes, and many genealogists wanted
    to ensure that there was at least as much information on them for their
    descendants as they currently have on their ancestors.  Furthermore,
    since genealogists are often trying to trace people to the present
    day from some distant ancestor, they are heavy users of databases that
    contain personal information (such as death records) and work to try
    to ensure records, especially records on the deceased, are kept open.
    New York's recent laws closing access to death certificates for something
    like 25 years is widely deplored among genealogists.  (I'll note that
    genealogists are more sensitive about information on people still living).

Craig Partridge
craig@bbn.com

------------------------------

Date:    Fri, 13 Jan 95 11:25:27 EST
From:    denning@cs.cosc.georgetown.edu (Dorothy Denning)
Subject: INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995

             Call for Participation (Deadline: March 15, 1995)

       INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995: GLOBAL CHALLENGES

                          September 21-22, 1995
                              Washington, DC

                               Presented by
             The National Intellectual Property Law Institute 


The International Cryptography Institute will focus on the cryptography
challenges associated with meeting the information protection needs of
users and the law enforcement and national security needs of nations.
The Institute will address such topics as:

  - national encryption policies and regulations
  - meeting user needs for information security and data recovery 
  - meeting law enforcement and national security needs
  - national and global encryption markets and product availability
  - international approaches and standards
  - creating an international cryptography infrastructure
  - the use of encryption technologies in different countries
  - cryptography in the financial industry and other industries
  - legal and policy issues of digital signatures and digital cash
  - new developments in encryption policies and technologies

Persons interested in speaking at the conference are invited to submit
a proposal to the Institute Chair:
        
              Prof. Dorothy E. Denning, Chair ICI '95
              Georgetown University
              Computer Science Department
              225 Reiss Building
              Washington DC 20057-0997
              ph: 202-687-5703, fax: 202-687-6067
              e-mail: denning@cs.georgetown.edu

Proposals must be received by MARCH 15, 1995, and should include the
following:

  - Name, title, organization, address, phone, fax, and e-mail address
  - Brief biography
  - Title of presentation
  - Abstract of presentation or paper
  - Amount of time requested for presentation and discussion

Notification of acceptance will be made by April 15, 1995.  Papers and
materials for the proceedings will be due on August 15, 1995.
   
Inquiries about registration or the proceedings should be addressed to:

              The National Intellectual Property Law Institute
              P.O. Box 27913, Washington, DC 20038-7913
              ph:  800-301-MIND or 202-962-9494
              fax: 800-304-MIND or 202-962-9495

------------------------------

End of PRIVACY Forum Digest 04.02
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.