PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest        Saturday, 1 June 1996        Volume 05 : Issue 11

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
               The PRIVACY Forum is supported in part by the          
                 ACM (Association for Computing Machinery)
                 Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------

              *********************************************
              * PRIVACY Forum Four Year Anniversary Issue *
              *********************************************


CONTENTS 
        Summer Season Administrivia 
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Caller-ID implementation delayed in California
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Highway tolls and privacy (Phil Agre)
        Crypto Legislation (David Sobel)
        CDA Challenge: A Status Report (Audrie Krause)
        Children's Privacy Bill Introduced, 
           Recent Problems in Direct Marketing Industry,
           New Medical Privacy Bill Introduced [From EPIC Alert]
           (Marc Rotenberg)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 05, ISSUE 11

   Quote for the day:

        "Now repeat after me. 
         I am not a pleasure unit...
         I am not a pleasure unit..."

                        -- Derek Flint (James Coburn) 
                           "Our Man Flint" (20th Century Fox; 1966)

----------------------------------------------------------------------

Date:    Sat, 1 Jun 96 11:26 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Summer Season Administrivia

Greetings.  As we begin to enter the "summer" season, where network
demographics tend to alter somewhat due to the vacations at many
educational institutions, this seems like a good time to reemphasize some
guidelines regarding the PRIVACY Forum.

Lately I've been receiving large numbers of mass-distributed "call for
action" messages from various groups.  These usually encourage the reader to
call, fax, or write some entity or entities to foster a particular point of
view regarding a specific issue, often with suggested wording.  In general
(though there are exceptions), I tend not to run most such items in the
digest.  Such submissions tend to impart only limited information regarding
the subject at hand, and often urge personal action based on limited data.

The PRIVACY Forum digest is not meant primarily as a redistribution mailing
list for the dissemination of such items, on any side of the issues.  Nor is
the digest intended mainly to be a "clipping service" (though items of
interest from other sources do certainly appear; this edition of the digest
is an example).  Submissions from copyrighted material (other than very
brief and properly attributed quotations of limited text) will not be run
unless permission to distribute was received from the copyright
holder/publisher.  Long items covering multiple topics marked "may only be
distributed in its entirety" (or similar wording) will generally not run,
though they may be useful for my own information.

The PRIVACY Forum digest is meant to be a discussion digest, where
individuals inform, interact, query about, and debate the ever-growing
multitude of privacy issues that impact virtually every aspect of our
lives.  This means that participating in the Forum means more than just
copying an item seen in some other source and sending it here.  It means
taking a bit of time to write original material on these topics, and to not
just sit passively and absorb what other folks send in.  Comments,
questions, ideas--all of these are welcome.  If you disagree with a
particular point of view, say so. 

I tend to see a reluctance (possibly fearing harrassing e-mail) on the part
of many persons to ever publicly say something that goes against the
"popular" point of view on many privacy-related topics.  Yet, I know views
on both sides of these issues are out there.  When there's a legitimate
concern along these lines that is keeping an important issue from being
discussed, I am willing to send out selected items on a "Name Withheld"
basis, though this is a mechanism that is to be used sparingly and I reserve
the right to determine whether it is appropriate in any given case where it
is requested (if the determination is negative, the item won't be sent out).

I receive large numbers of messages from people asking how to find
information regarding particular privacy issues (often for specific research
or school projects).  I'd like to remind everyone that a good starting point
is the PRIVACY Forum archive of all back issues and collected papers.  This
can all be accessed via email through the listserv system
(listserv@vortex.com), ftp from "ftp ftp.vortex.com", gopher via
"gopher.vortex.com/", and World Wide Web via "http://www.vortex.com".  Full
boolean keyword searching of the archive is available when accessing the
archive via the Web.  I'm of course available to discuss privacy topics
directly with interested parties, within available time constraints.  A
variety of exciting new features of the PRIVACY Forum are planned to be
announced very soon as well.

Privacy issues cut across all socioeconomic and political lines in a truly
unique manner.  It is our responsibilities, both individually and
collectively as a society, to do our parts to help ensure that these issues
receive appropropriate attention and action as we move forward toward the
(just around the corner!) 21st century.  

--Lauren--

------------------------------

Date:    Sat, 1 Jun 96 11:09 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Caller-ID implementation delayed in California

Today (June 1, 1996) was scheduled to be the activation day for Calling
Number Identification (CNID) services for California telephone subscribers,
on all intra and interstate calls.  The June 1 date was the result of
a six month extension granted to give the local telcos time to comply
with California PUC (CPUC) subscriber notification and education
requirements regarding availability of CNID blocking options.

This date has now apparently been pushed back to July 1, at the request of
the largest local telco in the state, Pacific Bell.  The volume of written
and called-in requests for free per-line ("complete") CNID blocking (which
prevents numbers being sent on all calls unless an unblocking code is
dialed) have completely overwhelmed all of the local telephone companies.
The delay is to give the telcos time to catch up on processing of the
requests.

Anecdotal evidence indeed suggests that a vast number of persons have
requested complete blocking.  Request lines are busy for long periods,
attempts to call the "is my line really blocked" test numbers frequently
result in "all circuits busy" intercepts for long periods, and the 
representatives themselves speak openly about being completely swamped
with callers who want blocking.

Part of the reason for the outpouring of requests is undoubtedly the CPUC
mandated advertisements and radio/television commercials, and multiple telco
mailings, which have been widely disseminating the information that calls
from unblocked lines, including those from unlisted/non-published numbers,
will be passing number information.  Presumably there are still many
persons oblivious to these events, but the public awareness of the issues
seems to be quite high for such a relatively technical matter.  

Pacific Telephone continues to predict that about 8% of their subscribers
will elect to subscribe to CNID delivery services with a few months of
availability, rising to between 8% and 15% within a relatively brief
period.  Whether these predictions will hold true in the face of
apparently very large selection of complete blocking remains to be seen.
No figures on numbers or percentages of subscribers electing complete
blocking have been made available yet.

A few reminders concerning CNID blocking for California subscribers.  Whether
or not you have chosen complete blocking, it is an extremely good idea to
call the telco provided special test number (you should have received it in
mailings by now) to verify your line(s) status.  In a small sampling of lines 
I tested myself, I found about 15% to be set to the incorrect blocking mode,
even though the correct mode had been ordered.  If you find a line that is
blocked or not blocked inappropriately, you should re-order the correct
blocking as soon as possible.  Even though CNID doesn't officially start in
California until July, it is quite probable that some numbers are already
going out (particularly on interstate calls) due to switch
misconfigurations.  

Also, remember that on some calls your number will always be available,
regardless of your blocking mode.  These include 911 (naturally), calls to
operators, and 800, 888, and 900 calls (these toll free and extra-charge
calls use a different system for number identification, which is not subject
to CNID blocking).  In the case of 800 and 888 "toll-free" calls the issues
of calling number privacy are somewhat complex.  Since these are essentially
"collect" calls, the parties receiving them need some way to track usage and
particularly abuse of their numbers.  Recent laws place restrictions on the
release of number information obtained from 800/888 calls, but this is
certainly an area undergoing study and a subject for future discussion.

So CNID is arriving in California, though certainly in a form different than
its original proponents might have anticipated, at least in terms of blocking
choices availability.  It should be interesting to see what transpires.

--Lauren--

------------------------------

Date:    Sun, 26 May 1996 17:23:15 -0700 (PDT)
From:    Phil Agre <pagre@weber.ucsd.edu>
Subject: highway tolls and privacy

The increasingly widespread use of automatic account-based systems
for highway toll collection has led to equally widespread concerns
for personal privacy.  If individually identifiable toll records are
stored in a database then perhaps they can be used for purposes beyond
those originally intended.  To my knowledge this has not yet happened
in the United States.  But it did happen a few years ago in France,
and the story is worth telling.  The details are available in English
on Lexis/Nexis from an Agence France Presse bulletin of 17 August
1993, which I summarize in part here:

Jacques Mellick, mayor of the northern French town of Bethune and
former cabinet minister, provided an alibi in the trial of politician
and businessman Bernard Tapie on charges of trying to bribe a football
coach to throw a match.  He claimed that he and Tapie had met at
Tapie's offices in Paris between 2:30 and 3:30 PM on the date when the
offense had supposedly taken place.  Doubts soon arose about Mellick's
story.  A photo claimed to have been taken 2:00 PM that day placed
Mellick at a ceremony in Bethune.  And, says the story, "the motorway
toll booths between Paris and Bethune had no record of Mellick's car
on the road that day".  Mellick claimed that he had paid the toll
himself because he had been traveling to Paris on private business.
The article does not explain who had checked the records or who had
made the information about them public.  The toll booths in question
used "smart cards", though the article does not say just which
technology was involved.

The point is, even though no record of Mellick's travels showed up
in the toll-collection system, the lack of a record was printed in
the newspapers as circumstantial evidence suggesting that Mellick had
committed perjury.  Fortunately in this case other, more clear-cut
evidence existed.  But plenty of people are having their reputations
dragged through the mud in scandals and pseudo-scandals these days
by "opposition research" organizations with trained researchers and
access to all the databases they can find.  In this context, the
very existence of individually identifiable toll records is a clear
invitation to trouble.  And it's completely unnecessary as well, given
that proven technology exists to collect highway tolls anonymously.

Phil Agre, UCSD

------------------------------

Date:    1 May 1996 18:17:10 -0500
From:    "David Sobel" <sobel@epic.org>
Subject: Crypto Legislation

FOR RELEASE:                             CONTACT:
Thursday, May 2, 1996                    David Sobel
8:00 a.m. EDT                            Dave Banisar
                                         (202) 544-9240

           EPIC APPLAUDS PROPOSED CRYPTO LEGISLATION:
             "NECESSARY STEP" FOR SECURE INTERNET

WASHINGTON, DC -- The Electronic Privacy Information Center (EPIC) today
applauded the introduction of legislation designed to relax export controls
on privacy-enhancing encryption technology.  The "Promotion of Commerce
On-Line in the Digital Era (Pro-CODE) Act," introduced by Sen. Conrad Burns
(R-MT), would place export control authority in the Commerce Department,
rather than the State Department and the National Security Agency (NSA) --
the agencies currently charged with that responsibility.  

The proposed bill would remove out-dated barriers to the development and
dissemination of software and hardware with encryption capabilities.
According to EPIC Legal Counsel David Sobel, "This is a necessary step to
ensure the development of a secure Global Information Infrastructure that
promotes on-line commerce and preserves individual privacy.  EPIC has long
advocated adoption of encryption policies that emphasize the protection of
personal data and encourage the widespread dissemination of
privacy-enhancing technologies."

The proposed legislation comes in the midst of an ongoing debate concerning
U.S. encryption policy and at a time when the need for secure electronic
communications is becoming widely recognized.  The explosive growth of the
Internet underscores the need for policies that encourage the development
and use of robust security technologies to protect sensitive personal and
commercial information in the digital environment.  

EPIC recently joined with other organizations to create the Internet Privacy
Coalition (IPC).  The mission of the IPC is to promote privacy and security
on the Internet through widespread public availability of strong encryption
and the relaxation of export controls on cryptography.  The IPC has launched
the "Golden Key Campaign" to raise public awareness of these issues.
Additional information is available at the IPC website:
http://www.privacy.org/ipc/
  
EPIC is a public interest research center in Washington, D.C.  It was
established in 1994 to focus public attention on emerging civil liberties
issues and to protect privacy, the First Amendment, and constitutional
values.  Additional information about EPIC is available at
http://www.epic.org.

------------------------------

Date:    Mon, 13 May 1996 23:52:50 -0700
From:    akrause@Sunnyside.COM (Audrie Krause)
Subject: CDA Challenge: A Status Report

CPSR Members and Friends,

Craig Johnson, a CPSR member and telecommunications policy analyst in
Washington, D.C., attended closing arguments last Friday in ACLU v. Reno,
which challenges the constitutionality of the Communications Decency Act
(CDA) provisions of the recently enacted Telecommunications Reform Act of
1996.  CPSR is a plaintiff in the ACLU lawsuit, and Craig has served as
CPSR's volunteer contact for this effort.

With his publisher's permission, we are forwarding the report that Craig
filed with the American Reporter after attending the closing arguments.

Audrie

        =======================================================
                   'AS GOOD A BENCH AS WE CAN HOPE FOR'
                           by Craig A. Johnson
                     American Reporter Correspondent

        PHILADELPHIA -- The buzz was loud and the message clear as a panel
of judges in the ACLU v. Reno case heard closing arguments in Philadelphia
and then adjourned to consider the first of two major constitutional
challenges to the Communications Decency Act (CDA) that critics say
threatens free speech on the world-wide Internet.
        The second case, Shea v. Reno, is set for final arguments on June
3 in Federal court in Manhattan.  Both cases are being heard by three-
judge panels and are likely to be consolidated if they reach the Supreme
Court under an expedited review process outlined in the law.  Both cases
were filed immediately after President Clinton signed the huge telecom-
munications reform act, which contains the CDA, on February 8.  The ACLU
case was the first to end.
        As government lawyers headed off into the foggy Philadelphia
afternoon, the words of Judge Stewart Dalzell in Federal court here
Friday still rang in the minds of courtroom observers:  In order to
preserve the Internet "as the most democratic medium that the human mind
has come up with yet, a chilling effect is something we have to consider"
as the panel rules on the CDA.
        "How can we, as a matter of judicial responsibility, sustain
against a chill," Judge Dolores K. Sloviter, chief judge of the Fourth
Circuit Court of Appeals asked government counsel, in the absence of
technology which "would not block appropriate [First Amendment protected]
material for adults?
        "Why doesn't the government concede that a preliminary injunction
would be appropriate," she queried, her exasperation evident.
        The central question of how to "find out whether one is an adult"
was left unanswered throughout the whole case, Sloviter asserted. She
charged that the government was asking the panel "to sustain the statute
based on the defenses," which are not validated by current technical
realities.
        "Until it exists," Judge Sloviter exclaimed, "it isn't working.
Until it works, we don't know how it will work." Judge Dalzell agreed,
stating, "The evidence is quite clear that . . . that there is no
technical way to screen for age based on available technology" which
non-commercial providers can avail themselves of.
        These were the most compelling signs yet that the panel may be
leaning favorably toward the plaintiffs' request for an injunction.  "This
is as good a bench as we can hope for in this situation," ACLU lead
attorney Christopher Hansen told reporters after adjournment.
        The day's arguments covered the entire waterfront of issues from
the facial challenges to the constitutionality of the Communications
Decency Act (CDA) to an animated debate on "defenses" and "safe harbors"
to the disclosure of the recent FBI's "review" of Compuserve at the behest
of the right-wing American Family Association (AFA).
        Hansen and American Library Association/Citizens' Internet
Empowerment Coalition (ALA/CIEC) counsel Bruce J. Ennis hammered home
point after point until finally, it seemed, the government's entire house
of cards had collapsed onto its lap.  The plaintiffs' attorneys
effectively eradicated whatever defenses existed with respect to both the
"indecency" standard's ability to pass Constitutional muster on its face,
as well as the Act's attempt to tack a broadcast standard originally
mandated by the Federal Communications Commission (FCC) onto the Internet.
        Hansen forcefully got across the facial argument that the statute
is an "attempt to prevent adults from having information that they are
constitutionally entitled to."  "All speech," he declared, "would be
brought down to a level acceptable to minors."  Hansen stressed again and
again that the act would "prohibit speech that has serious value,"
notwithstanding the government's contentions to the contrary.
        In his closing remarks, Hansen inveighed further against the
criminalization of speech that would result from the law.  "Libraries and
institutions of higher learning" would be thrown into a witch-hunt
atmosphere, he charged.
        Speaking to reporters after adjournment, Hansen amplified on this,
saying that the CDA was being used by right-wing groups such as Enough is
Enough to "go after libraries and colleges, which are not what we normally
think of as great smut-peddlers."  Religious Right activists recently
tried to ban books online at the University of California - Riverside, a
campus located in one of the most conservative regions of the state.
        Hansen also decried the government's argument that, with
technological development, "it is possible to label speech as decent or
indecent."
        The "notion that Government would impose on all of us, before we
speak"  a criteria as to whether our speech was decent or indecent, he
declared, raises a "serious Constitutional problem," he said.
         ALA/CIEC counsel Ennis argued in closing that "there is nothing in
the pipeline" that will technically work to identify adults in online
newsgroups, chat rooms, and listservs or mail exploders. Second, he said,
the government admitted that tagging is not effective, and even if it
were, it still would not constitute a "safe harbor."
        Furthermore, "it would violate the doctrine against compelled
speech," which states that "attaching a pejorative label to one's own
speech" is something that someone "should never be required to do." There
is no reason to assume, that Congress had any intent to require
self-labelling, he maintained.  In fact, Congress specifically rejected
self-labelling with respect to broadcast speakers.
        The Internet, Hansen urged throughout yesterday's argument, was a
specific medium, which could not tolerate having rules applied to it which
were crafted in the past for other media.  Rather, it is a "democratizing,
many-to-many" medium. One of its real effects, he said is that it "is
making us all speakers and listeners."
        The panel of judges seemed to concur that the CDA was based on
broadcast laws.  Judge Dalzell stated that Congress had "reached into"
past judicial decisions applying to broadcast media and "begat the
Communications Decency Act."  But, if access to "indecent" content is
found not to be "pervasive," which is the primary characteristic of
broadcast media, then how could they sustain this statute in light of the
unique characteristics of the Internet, Judge Dalzell queried?
        This is particularly relevant for chat rooms, news groups, and
list servers or mail exploders.  Plaintiffs' council Ennis argued that
"tagging and registering cannot possibly protect minors" in these fora
unless there is ample parental supervision and control.  If that is
present, Ennis said, then we "don't need the law."
        Judge Sloviter took the questioning one step further, declaring
that to require governmental actions which may militate against the wishes
of parents was "a serious Constitutional question."  She asked:  "What is
the Government's interest in shielding 15-year olds from material that
they want to see and the parents don't care" whether they see?
        Sloviter went on to grill Government counsel on the intent of
Congress to "help the parents."  How, she asked, could this be done if the
Court "found that the evidence does not support the proposition that
there is a significant probability of inadvertently chancing . . ." upon
the material without "a lot of clicks or a warning?"  "What would remain
of the government's compelling interest," she asked.
        The questions largely went unanswered by government lawyers, though
US Atty. Jason R. Baron said that "Congress could draw a bright line"
which would would in fact criminalize some speech with redeeming value.
The Government, he said, may prevent a 14-year old's right to read Henry
Miller's Tropic of Cancer online. Similarly, excerpts from a Broadway play
on AIDS may fall within the statute's boundaries.
        This did not sit well with the judges as they repeatedly emphasized
that the Congressional Conference Committee statement that material
"with no intent to offend" should not be swept under the law.
        At one point, in a direct parallel with the questions at issue in
Shea v. Reno, Judge Dalzell, observing that recent issues of the
Philadelphia Inquirer and the New York Times had pictures and articles
that many people would find "patently offensive," asked government counsel
if he would advocate a "newspaper decency act."
        Dalzell explained to a befuddled counsel that Congress clearly did
not have the power to write a "newspaper decency act."  "What is it
about the Internet media that makes it a completely different ball game,"
he asked.  No persuasive answer was uttered by government counsel.
        The judges returned several times to the government's contention
that effective technology for screening, tagging, and blocking would soon
be available.  Sloviter was unconvinced.  "After five days of testimony,"
she said, "all we got was hypotheticals." The tagging scheme introduced by
one of the government's witnesses, Sloviter suggested, "was the product of
[his] creative imagination," and "thought up . . .  after the government
hired him as a witness."
        In the end the decisive issues were raised in sharp relief by all
three judges.  If the intent of Congress was to help parents prevent their
children from viewing objectionable content, and the technology that is
available cannot do that, what good is a CDA?  If available technology
cannot find a solution for authenticating adults and children, then
doesn't the rationale for the CDA collapse?  And, if the CDA, with its
labelling scheme of "indecency" is overbroad and covers speech which has
value, then isn't it unconstitutional on its face?
        Despite all the roundabout arguments and twists and turns, the
government never effectively answered any of these threshold questions.

                                  # # #

        Copyright 1996 Craig A. Johnson  *  All Rights Reserved
--
Audrie Krause          CPSR Executive Director
PO Box 717   *   Palo Alto, CA     *     94302
Phone: (415) 322-3778   *  Fax: (415) 322-4748
*    *     E-mail: akrause@cpsr.org     *    *
 *  Web Page: http://www.cpsr.org/home.html *

------------------------------

Date:    29 May 1996 14:57:50 -0500
From:    "Marc Rotenberg" <rotenberg@epic.org>
Subject: Children's Privacy Bill Introduced, 
         Recent Problems in Direct Marketing Industry,
         New Medical Privacy Bill Introduced [From EPIC Alert]

            [ From EPIC Alert 3.11; May 29, 1996 ]

=======================================================================
[1] Children's Privacy Bill Introduced
=======================================================================

On May 22, 1996, Representative Bob Franks (R-NJ) and Senator Dianne
Feinstein (D-CA) introduced the Children's Privacy Protection and
Parental Empowerment Act (HR 3508, S. not yet available).  The bill
establishes fair information practices for personal information about
kids and is intended to curb recent abuses by the direct marketing
industry.

At a Capitol Hill press conference, Representative Franks said
"commercial list companies are using that information to develop an
elaborate data base on virtually every child in America.  They're
gathering children's complete names, ages, addresses and phone numbers
-- and often even their personal likes and dislikes."

As with other privacy laws in the United States, the CPPPEA focuses on
a particular industry sector, in this case list brokers who collect
and sell personal information on children.  The Children's Privacy
Protection and Parental Empowerment Act would:

   -- Prohibit the sale or purchase of personal information about 
   children without parental consent;

   -- Require list brokers and solicitors to disclose to parents, 
   upon request, the source and content of personal information on 
   file about their children;

   -- Require list brokers to disclose to parents, upon request, the 
   names of persons or entities to whom they have distributed personal 
   information on that parent's child;

   -- Prohibit prisoners and convicted sex criminals from processing 
   the personal information of children;

   -- Prohibit any exchange of children's personal information that 
   one has a reason to believe will be used to harm or abuse a child; 

   -- Preserve all common law privileges, and statutory and 
   Constitutional privacy rights; and

   -- Establish civil remedies and criminal penalties for violations 
   of the Act.

More information about the CPPPEA is available at:

     http://www.epic.org/privacy/kids/


=======================================================================
[2] Recent Problems in Direct Marketing Industry
=======================================================================

The Children's Privacy bill grows out of reports on recent abuses in
the marketing industry.  In one case, a news reporter for KCBS-TV in
Los Angeles ordered a list of the names, addresses and phone numbers
of 5,000 Los Angeles children from the nation's largest distributor of
lists, Metromail.  It placed the order in the name of Richard Allen
Davis, the man currently on trial for kidnapping 12-year-old Polly
Klaas from her Sausalito home and murdering her.  After providing a
fake name, mailing address and a disconnected phone number, the list
arrived the next day. The cost -- just $277, cash on delivery.

In another case, the direct marketing firm Metromail faces a class
action suit in Texas where the company used prison inmates to process
personal data gathered from consumers.  Beverly Dennis, a 47-year-old
Ohio woman, received threatening and highly offensive telephone calls
from a convicted sex offender. Dennis v. Metromail Corporation, Texas
District Court, No. 96-04451, April 18, 1996).

A report from the Center for Media Education also found that one
data-gathering company adds 67,000 children's names each week. Other
firms sell segmented lists on grade school children and pre-school
children.

Opinion polls also reveal strong public opposition to the unregulated
sale of personal data:

   -- A 1991 Time/CNN poll found that 93% of American consumers 
   believe "companies that sell information to others should be 
   required by law to ask permission from individuals before making 
   the information available;" 

   -- In the same poll, 90% said that "companies that collect and 
   sell personal information should be prohibited by law from selling   
   information about household income," and 68% said that companies 
   "should be prohibited by law from selling information about product 
   purchases."

It is not hard to guess what the poll numbers would say about the sale
of data on children.

In a related matter, Ram Avrahami's case is scheduled to be heard by a
Virginia judge on June 6.  For more information on the case, see:

     http://www.epic.org/privacy/junk_mail/


=======================================================================
[3] New Medical Privacy Bill Introduced
=======================================================================

On May 16, 1996, Rep. Jim McDermott (D-WA) introduced the "Medical
Privacy in the Age of New Technology Act of 1996."  The bill is
designed to "ensure strong protections for the confidentiality of
patient health care information and take into account the threats to
privacy created by emerging technologies and the computerization of
medical records."

The new bill covers all types of medical information including genetic
information.  It requires informed consent before a patient's personal
information can be transferred to any other party, except in very
limited circumstances.  Patients would be allowed to examine and
correct their records.  Guidelines are set to ensure the security of
records.  Unlike previously introduced legislation, S. 1360, under the
new bill states are not prevented from enacting stronger laws.

The bill was introduced after the House of Representatives approved a
bill providing for "administrative simplification" of medical records.
(See EPIC Alert 3.08, "House Passes Health Care Bill") and the Senate
debated S. 1360, introduced by Senator Bennett.  The new bill provides
for a much higher level of privacy protection than either of those two
measures.

The bill has been embraced by consumer groups such as the Coalition
for Patient Rights, which describes it as the strongest medical
privacy bill introduced to date.  It was referred to the Commerce
Committee for review.

More information on the McDermott bill and medical privacy is
available at:

   http://www.epic.org/privacy/medical/

------------------------------

End of PRIVACY Forum Digest 05.11
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.