|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Saturday, 28 January 1995 Volume 04 : Issue 03
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
===== PRIVACY FORUM =====
The PRIVACY Forum digest is supported in part by the
ACM Committee on Computers and Public Policy.
CONTENTS
Blood Tests and AIDS disclosure (dgh@BIX.com)
Mandatory HIV disclosure (Joe Bates)
Re: Phone bill balance by phone - no security? (Philip H. Smith III)
Chips (well, smart cards) with everything? (Stella Page)
DOJ Computer Seizure Guidelines (Dave Banisar)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com". All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive. All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com/". Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW home
page at the URL: "http://www.vortex.com/".
-----------------------------------------------------------------------------
VOLUME 04, ISSUE 03
Quotes for the day:
"God doesn't play dice with the universe."
-- Popularized translation to English of a quote
attributed to Albert Einstein. This quote
is often mentioned in connection with Einstein's
not embracing aspects of quantum mechanics theories.
"One problem with working on quantum mechanics is that you
can't buy the socket sets at Sears."
-- Anonymous quantum mechanics researcher
----------------------------------------------------------------------
Date: Sat, 14 Jan 1995 23:23:13 -0500 (EST)
From: dgh@BIX.com
Subject: Blood Tests and AIDS disclosure
Christopher Zguris ends his reply to a number of responders with:
>and _everyone_ you may have passed it on to has a _right_ to know. That was
>the point I was trying to make, and I honestly cannot see how that can be
>debated.
If the Red Cross sends the name of a person who donated HIV-positive blood
to the CDC, what is the CDC going to do with the information? They don't
know who that person has had sex with, so how does providing the name to the
CDC protect anyone? The CDC won't have a clue as to who to contact, so the
only way the information could be useful is if people could use a computer
to see if a prospective, or past, partner is on the list. But that means
that anybody could access the information, which is not acceptable to
privacy advocates.
------------------------------
Date: Sun, 15 Jan 1995 16:52:27 -0500
From: Joebates@aol.com
Subject: Mandatory HIV disclosure
I would suggest that we split this topic into three seperate discussions.
1) Once testing (for whatever reason) has revealed that the test subject has
HIV infected blood, should it be required by law that the previous partners
be found, notified (partner tracking) and be required to be tested with
possible further notification and treatment for their partners? (This is
currently required by law for other venereal diseases.)
2) Whether the results of HIV and/or other STD (Sexually transmitted
disease) tests should be made available to persons or organizations other
than the health professionals directly involved in the notification, testing
and treatment procedures. If the results are disseminated, should it be in
statistical form only or should some persons from government, industry,
research or other fields be able to obtain the identities of those tested and
the results of the individual tests?
3.) Whether blood collection agencies have the right to collect lifestyle
information and test donor blood for contagious diseases of any type in an
attempt to screen out potentially unacceptable donors. Additionally, are the
results of these screens the property of the blood collection agency for
further use as they see fit, or does the "screenee" have the right to control
the use of the information (or somewhere inbetween)?
Joe Bates
------------------------------
Date: Mon, 16 Jan 95 07:21:40 EST
From: PHILS@RELAY.RELAY.COM (Philip H. Smith III, (703) 506-0500)
Subject: Re: Phone bill balance by phone - no security?
"Michael W. Gardiner" <mwg@garnet.msen.com> wrote about calling the
phone company and being able to get a phone bill balance. I'm not that
sure myself what someone else could do with this information, though
clearly it's none of their business.
In any case, a more interesting -- and perverse -- case is that of my
wife's VISA. I tend to write the checks for our bills, and was calling
recently to check on whether a large charge that had been reversed but
had shown up on the latest bill had, indeed, been reversed. Since it
was by far the largest charge she'd had on the card in recent months,
all I needed to know was the current balance to know whether the
reversal had taken place.
So I called the 800 number and got a human, and explained that I needed
the balance on the account. The response was to ask if I was the
cardholder; I explained that no, my wife was, but that I was writing the
check now and just needed the balance.
They responded that they could only disclose the balance to the
cardholder. I asked for a supervisor and for a justification for this,
given that I had the bill in my hand, and could provide them with any
information they would like to verify this. No go.
OK, fair enough, privacy. Then I got a wild hare and called back, using
the ACD instead of a human being, and got the balance by providing one
Highly Secret Datum: our zipcode!
Called back, talked to supervisor, of course no comprehension of why
this was a problem.
For that matter, had I simply said I was the cardholder, they would have
been hard-pressed to say otherwise: my wife happens to have a very deep
voice, and has constantly been mistaken for a man on the phone
throughout her career.
...phsiii
------------------------------
Date: Thu, 19 Jan 95 11:45:15 GMT
From: Stella Page <sp@csr.city.ac.uk>
Subject: Chips (well, smart cards) with everything?
Articles in the Guardian newspaper (UK broadsheet, serious) on Monday
16th January and Tuesday January 17th 1995 have been discussing
a 17-page report from the Government Centre for Information Systems (a
Whitehall agency under the control of the Cabinet Office).
The fact that the copy of the confidential report which was obtained
by the paper came, with other Cabinet papers, from a drawer in a
government-surplus filing cabinet bought in a second-hand shop in
north London, has itself a privacy interest! At first, according to
the Guardian, spokespeople for the Government were sceptical of the find,
but later ministers confirmed that a `green paper' announcing proposals
for national identity cards would be published in the spring, and would
contain options described in the document.
The main Guardian article "Whitehall looks at smart card ID by year 2000"
(January 16th) reported that the UK Government has 22 pilot studies into
an identity programme. The government report apparently shows a big
research programme for introducing smart cards for identity purposes by
the turn of the century.
According to the Guardian, the report contains the proposed design of
the card, including the fact that ministers believe they can produce a
three-year renewable identity smart card at a cost of \pounds 5 for
each citizen.
The government report indicates that the card, which it says would be
voluntary, could replace the current driving licence, passport, pension
book and medical card of everyone who wanted to buy one. The estimate
is that for a cost of \pounds 400 million (recoverable if a charge was
made) 50 million people in Britain could receive their first smart
cards now.
[Note: although the report states that the card would be
voluntary there are many supporters of compulsory ID cards.
As I recall, the first public mootings were about compulsory
cards - the concept of the "voluntary" card came later. However,
I would not like to bet on how long before "voluntary" becomes
"volunteered".
In fact one of the Guardian's articles confirms that the Prime
Minister is backing identity cards, and is aiming to include
proposals in the next Conservative manifesto. The current
Home Secretary (Michael Howard) is also a supporter.
On the other hand the Foreign Secretary (Douglas Hurd) is
said to be less keen.]
Apparently there are plans for smart cards from the following government
departments and UK industries:-
* The Department of Transport (in the lead). Seven pilot
studies, including road tolls (expected to be introduced after
the next general election), driving licences (which are already
due to be replaced with a photo identity card), and monitoring
of vehicles and taxation discs. Co-operating with them, the
transport industry has plans to introduce smart cards to
replace bus and train tickets, to protect car radios and to
reduce car theft.
* The Department of Health (the second largest programme). They
are looking at applications to replace organ donor cards, and
to store prescription information and medical records.
* The Home Office (with the Passport Agency and Immigration Service).
They are looking at: electronic photographic recognition for
passports; replacing the British visitor's passport with a smart
card; automatic passenger processing at ports and airports;
replacing residents' permits with a smart card.
* Social Security. Considering electronic benefit payments
and the use of smart cards to identify claimints at Post
Offices and reduce fraud.
* Departments of Employment and Education. Electronic benefit
payment for training schemes; a card that could store a student's
training credits, and security cards for the payment of grants.
The Guardian went on to say that the report says that fraudulent casual
use of smart cards could be contained at a very low level and quoted
the following from the report.
"The addition of photographs to credit and debit cards has shown how
a simple expedient using physical characteristics can markedly lower
the level of casual fraud. The use of this, other biometrics, and
passwords will make it virtually impossible for lost or casually
stolen cards to be misused."
The proposed measures to counter fraud include using handwriting and
fingerprint identities. Apparently some of the `more exotic' recognition
methods, such as hand geometry and the voice, were rejected on the
grounds of insufficient reliability,
According to the Guardian the report suggests that the driving licence
[as indicated, a photo-card replacement is already planned] would be ideal
for the first cards, with people voluntarily [the `magic' word again! S.P.]
adding information to cover other uses. Another quote from the report:-
"The cardholder would obtain the `primary use' card ... and
subsequently have it validated for its secondary use or uses by
appropriate authorities.
"The cards would need to be reissued every three to five years, to
cope with wear and tear and to provide up-to-date photographs, which
would have the dual advantage of allowing fraud to be forestalled
by changing encryption mechanisms, and allowing greater capacity to
be provided at each change."
The report expects that the underlying technology will continue to expand
capacity for at least a decade (stating it believes it is approximately
doubling capacity every two years) and concludes:
"This would stimulate growth in the infrastructure ... and provide
UK companies with the opportunity to demonstrate world-leading
capabilities in an important new technology."
----
Stella Page email: s.page@csr.city.ac.uk
Centre for Software Reliability, City University,
Northampton Square, London EC1V OHB, England.
------------------------------
Date: Fri, 20 Jan 1995 21:08:18 EST
From: Dave Banisar <banisar@washofc.epic.org>
Subject: DOJ Computer Seizure Guidelines
EPIC Analysis of New Justice Department Draft Guidelines on Searching and
Seizing Computers
Dave Banisar
Electronic Privacy Information Center
The Electronic Privacy Information Center (EPIC) has obtained the
Department of Justice's recently issued draft "Federal Guidelines for
Searching and Seizing Computers." EPIC obtained the document under the
Freedom of Information Act. The guidelines provide an overview of the
law surrounding searches, seizures and uses of computer systems and
electronic information in criminal and civil cases. They discuss current
law and suggest how it may apply to situations involving computers. The
draft guidelines were developed by the Justice Department's Computer
Crime Division and an informal group of federal agencies known as the
Computer Search and Seizure Working Group.
Seizing Computers
A major portion of the document deals with the seizure of computers. The
draft recommends the use of the "independent component doctrine" to
determine if a reason can be articulated to seize each separate piece of
hardware. Prosecutors are urged to "seize only those pieces of equipment
necessary for basic input/output so that the government can successfully
execute the warrant." The guidelines reject the theory that because a
device is connected to a target computer, it should be seized, stating
that "[i]n an era of increased networking, this kind of approach can lead
to absurd results."
However, the guidelines also note that computers and accessories are
frequently incompatible or booby trapped, thus recommending that
equipment generally should be seized to ensure that it will work. They
recommend that irrelevant material should be returned quickly. "[O]nce
the analyst has examined the computer system and data and decided that
some items or information need not be kept, the government should return
this property as soon as possible." The guidelines suggest that it may
be possible to make exact copies of the information on the storage
devices and return the computers and data to the suspects if they sign
waivers stating that the copy is an exact replica of the original data.
On the issue of warrantless seizure and "no-knock warrants," the
guidelines note the ease of destroying data. If a suspect is observed
destroying data, a warrantless seizure may occur, provided that a warrant
is obtained before an actual search can proceed. For "no-knock"
warrants, the guidelines caution that more than the mere fact that the
evidence can be easily destroyed is required before such a warrant can be
issued. "These problems . . . are not, standing alone, sufficient to
justify dispensing with the knock-and-announce rule."
Searching Computers
Generally, warrants are required for searches of computers unless there
is a recognized exception to the warrant requirement. The guidelines
recommend that law enforcement agents use utility programs to conduct
limited searches for specific information, both because the law prefers
warrants that are narrowly tailored and for reasons of economy. "The
power of the computer allows analysts to design a limited search in other
ways as well . . . by specific name, words, places. . . ."
For computer systems used by more than one person, the guidelines state
that the consent of one user is enough to authorize a search of the
entire system, even if each user has a different directory. However, if
users have taken "special steps" to protect their privacy, such as using
passwords or encryption, a search warrant is necessary. The guidelines
suggest that users do not have an expectation of privacy on commercial
services and large mainframe systems because users should know that
system operators have the technical ability to read all files on such
systems. They recommend that the most prudent course is to obtain a
warrant, but suggest that in the absence of a warrant prosecutors should
argue that "reasonable users will also expect system administrators to be
able to access all data on the system." Employees may also have an
expectation of privacy in their computers that would prohibit employers
from consenting to police searches. Public employees are protected by
the Fourth Amendment and searches of their computers are prohibited
except for ""non-investigatory, work related intrusions" and
"investigatory searches for evidence of suspected work-related employee
misfeasance."
The guidelines discuss the Privacy Protection Act of 1980, which was
successfully used in the Steve Jackson Games case against federal agents.
They recommend that "before searching any BBS, agents must carefully
consider the restrictions of the PPA." Citing the Jackson case, they
leave open the question of whether BBS's by themselves are subject to the
PPA and state that "the scope of the PPA has been greatly expanded as a
practical consequence of the revolution in information technology -- a
result which was probably not envisioned by the Act's drafters." Under
several DOJ memos issued in 1993, all applications for warrants under the
Privacy Protection Act must be approved by a Deputy Assistant Attorney
General of the Criminal Division or the supervising DOJ attorney.
For computers that contain private electronic mail protected by the
Electronic Communications Privacy Act of 1986, prosecutors are advised to
inform the judge that private email may be present and avoid reading
communications not covered in the warrant. Under the ECPA, a warrant is
required for email on a public system that is stored for less than 180
days. If the mail is stored for more than 180 days, law enforcement
agents can obtain it either by using a subpoena (if they inform the
target beforehand) or by using a warrant without notice.
For computers that contain confidential information, the guidelines
recommend that forensic experts minimize their examination of irrelevant
files. It may also be possible to appoint a special master to search
systems containing privileged information.
One important section deals with issues relating to encryption and the
Fifth Amendment's protection against self-incrimination. The guidelines
caution that a grant of limited immunity may be necessary before
investigators can compel disclosure of an encryption key from a suspect.
This suggestion is significant given recent debates over the Clipper Chip
and the possibility of mandatory key escrow.
Computer Evidence
The draft guidelines also address issues relating to the use of
computerized information as evidence. The guidelines note that "this
area may become a new battleground for technical experts." They
recognize the unique problems of electronic evidence: "it can be created,
altered, stored, copied, and moved with unprecedented ease, which creates
both problems and opportunities for advocates." The guidelines discuss
scenarios where digital photographs can be easily altered without a trace
and the potential use of digital signatures to create electronic seals.
They also raise questions about the use of computer generated evidence,
such as the results of a search failing to locate an electronic tax
return in a computer system. An evaluation of the technical processes
used will be necessary: "proponents must be prepared to show that the
process is reliable."
Experts
The DOJ guidelines recommend that experts be used in all computer
seizures and searches -- "when in doubt, rely on experts." They provide
a list of experts from within government agencies, such as the Electronic
Crimes Special Agent program in the Secret Service (with 12 agents at the
time of the writing of the guidelines), the Computer Analysis and
Response Team of the FBI, and the seized recovery specialists (SERC) in
the IRS. The guidelines reveal that "[m]any companies such as IBM and
Data General employ some experts solely to assist various law enforcement
agencies on search warrants." Other potential experts include local
universities and the victims of crimes themselves, although the
guidelines caution that there may be potential problems of bias when
victims act as experts.
Obtaining a Copy of the Guidelines
EPIC, with the cooperation of the Bureau of National Affairs, is making
the guidelines available electronically. The document is available via
FTP/Gopher/WAIS/listserv from the EPIC online archive at cpsr.org
/cpsr/privacy/epic/fed_computer_seizure_guidelines.txt. A printed version
appears in the Bureau of National Affairs publication, Criminal Law
Reporter, Vol. 56, No. 12 (December 21 1994).
About EPIC
The Electronic Privacy Information Center is a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues relating to the National Information
Infrastructure, such as the Clipper Chip, the Digital Telephony proposal,
medical record privacy, and the sale of consumer data. EPIC is sponsored
by the Fund for Constitutional Government and Computer Professionals for
Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports,
pursues Freedom of Information Act litigation, and conducts policy
research on emerging privacy issues. For more information email
info@epic.org, or write EPIC, 666 Pennsylvania Ave., S.E., Suite 301,
Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional rights.
Computer Professionals for Social Responsibility is a national membership
organization of people concerned about the impact of technology on
society. For information contact: cpsr-info@cpsr.org.
Tax-deductible contributions to support the work of EPIC should be made
payable to the Fund for Constitutional Government.
_______________________________________________________________________
David Banisar (Banisar@epic.org) * 202-544-9240 (tel)
Electronic Privacy Information Center * 202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301 * ftp/gopher/wais cpsr.org
Washington, DC 20003 * HTTP://epic.digicash.com/epic
------------------------------
End of PRIVACY Forum Digest 04.03
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.