PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest       Sunday, 1 September 1996       Volume 05 : Issue 16

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
               The PRIVACY Forum is supported in part by the          
                 ACM (Association for Computing Machinery)
                 Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
        NCSL ALERT: Driver's Licenses and Birth Certificates (Janeane Dubuar)
        Re: Credit Card Company Now Marketing "Privacy" Program (V5 #15)
           (John R. Levine)
        Credit Card Protection Plans (Charles Trew)
        Blood and Privacy? (Rex Black)
        Alternatives to Social Security Numbers (Robert Ellis Smith)
        Re: Department of Motor Vehicle records (Johnsrude, RISKS-18.31)
           (Jan Vorbrueggen)
        SSN problem hits a Congressman (Stanton McCandlish)
        FC: Helsingius shuts down anon.penet.fi/ server in Finland
           (Declan McCullagh)
        SSN and Welfare Legislation (Monty Solomon)
        Re: More on CNID (Cliff Sojourner)
        The answer to the cookie problem??  (pt1@grcci.com)
        HRW letter to Singapore government; German telecom URL
           (Monty Solomon)
        Ohio requires privacy waiver and SSN in job apps 
           (Wm Randolph Franklin)
        Fingerprinting by banks (Janeane Dubuar)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 05, ISSUE 16

   Quote for the day:

        "We once laughed at the horseless carriage,
         the airplane, the telephone, the electric light,
         vitamins, radio, and even television!  
         And now some of us laugh at outer space..."

                        -- Criswell
                           "Plan 9 From Outer Space" (1959)
        
----------------------------------------------------------------------

Date:    Fri, 30 Aug 1996 10:51:45 -0700 (PDT)
From:    jd@scn.org (Janeane Dubuar)
Subject: NCSL ALERT: Driver's Licenses and Birth Certificates

This alert came by mail from the National Conference of State Legislatures
in Washington, D.C.  I added an update which includes the names of
House-Senate conferees.  The federal immigration bill (H.R. 2202) is
expected to emerge from conference committee some time during the first
week of September.  Now is the time to act. 

TOWARD A NATIONAL IDENTIFICATION CARD AND MORE RED TAPE:
CONGRESS MANDATES CHANGES TO DRIVER'S LICENSES AND BIRTH CERTIFICATES

On May 2, 1996, the U.S. Senate passed S. 1664 (now called H.R. 2202 -
Senate version), a bill to reform illegal immigration, that proposes
monumental changes to all driver's licenses and birth certificates
(section 118).  These changes will force most U.S. citizens to obtain and
pay for new driver's licenses and birth certificates; compromise each
citizen's right to privacy; violate state and local control over driver's
licenses and birth certificates; and invite discrimination against
minorities.  The Congressional Budget Office estimates that the federal
driver's license mandate alone will shift up to $20 million in costs to
states and localities.  The House also passed an immigration bill, H.R.
2202.  The House bill does not contain the driver's license and birth
certificate mandates.  Both House and Senate immigration staff are
currently reconciling the two bills in an informal conference committee. 
Phone calls to House and Senate Leadership are urgently needed to demand
that the driver's license and birth certificate mandates be deleted from
the final bill. 

What Does the Senate Version of H.R. 2202 Require?

1.  Driver's Licenses  -  State driver's licenses and identification cards
MUST CONTAIN THE APPLICANT'S SOCIAL SECURITY NUMBER.  The federal
government will also create new federal standards for the application
process and design of all driver's licenses and ID cards.  States that
currently retain and verify an applicant's social security number but do
not place the number on the cards are initially exempt from the social
security number mandate.  According to the American Association of Motor
Vehicle Administrators, of the 38 states that do not require the social
security number to be on their driver's licenses, only Massachusetts would
qualify for this exemption; all other states would be required to place
social security numbers on driver's licenses and ID cards.  All states are
required to conform to the other federal standards.  States with cycles of
renewal longer than six years must start October 1, 2006.  After October
1, 2006, NO ONE may use a driver's license or ID card for identification
purposes that does not meet these federal standards. 

2.  Birth Certificates  -  All birth certificates must be printed on
federally-approved safety paper and be certified by the issuing agency.
The federal government will also issue additional provisions requiring
other security features in the future.  Starting in 1999 (three years
after the bill's enactment), birth certificates that do not meet these
federal standards cannot be accepted by any federal agency or by any state
or local agency that issues driver's licenses or ID cards. 

Who Needs a New Driver's License?

Anyone who wants to use their driver's license as a valid form of 
identification after October 1, 2006.  If you need to use a driver's 
license to vote, to apply for a passport, to qualify for a federal school 
loan, license, contract or public assistance program or to meet any other 
federal, state or local requirement you will need a new driver's license.

Will I Have to Put My Social Security Number on My Driver's License?

Yes.  While most states currently give applicants the option of not using 
this number on their driver's license or prohibit its use outright, the 
new federal requirements will force almost every American to put their 
social security number on their license or ID card.  Many citizens are 
concerned by laws that increase the circulation of their social security 
number.  The social security number is a key which provides access to 
vital personal information, which could be misused if it fell into the 
wrong hands.  Others believe that proposals making driver's licenses 
uniform, including social security numbers, are a significant step toward 
a national ID card.  Finally, many minorities contend that they will be 
disproportionately affected by the new requirements because they will be 
asked to show their documents more often than other Americans.

Who Needs a New Birth Certificate?

Anyone who wants to use their birth certificate as a valid form of 
identification after October 1, 1999.  If you need to use your birth 
certificate to establish citizenship, apply for or renew a driver's 
license, passport or other identification documents, obtain a marriage 
license, register to vote, change your name, or many other purposes you 
will need a new certificate.  No matter how old you are, if you need to 
use your birth certificate it must conform to the new federal standards, 
otherwise it is invalid.  Fees will almost certainly be charged for new 
birth certificates to pay for the new federal requirements.  This will 
impose a significant hardship on elderly and low-income Americans.


THE DRIVER'S LICENSE AND BIRTH CERTIFICATE MANDATES IN ILLEGAL 
IMMIGRATION BILL H.R. 2202 (Senate) WILL...

...INCREASE SOCIAL SECURTY NUMBER FRAUD.  H.R. 2202 (Senate version) 
will require the vast majority of automobile drivers in the U.S. to put 
their social security numbers on their driver's licenses.  In the future, 
whenever someone shows their driver's license they will also be exposing 
their social security number.  With the social security number accessible 
to so many people, it will be relatively easy for someone to fraudulently 
use your social security number to assume your identity and gain access 
to your bank account, credit services, utility billing information, 
driving history, and other sources of personal information.  This new 
federal law will compound and exacerbate a disturbing trend reported by 
banks and credit card companies that social security number-related fraud 
is already on the rise.

...INVADE PRIVACY AND THREATEN CIVIL LIBERTIES.  According to the 
Privacy Rights Clearinghouse, when social security numbers were first 
issued in 1936, the federal government assured the public that use of the 
numbers would be limited to social security programs.  The driver's 
license and ID card provisions in H.R. 2202 (Senate version) violate this 
promise, and will dramatically increase the circulation of the social 
security number and its use as a national identifier.  Now more 
corporations, creditors, insurance companies, government officials and 
others will be able to get easier access to vast amounts of personal 
information that can be used to support marketing schemes, determine 
insurance and loan eligibility, gain an advantage in a lawsuit, etc.

...PREEMPT STATE LAWS AND SHIFT COSTS TO STATES AND LOCALITIES.  According
to the Automobile Association of America, 38 states do not require drivers
to put their social security numbers on their driver's licenses. 
Legislation has been introduced in a number of states (including
Mississippi and Hawaii) that require social security numbers on their
driver's licenses to take the numbers off the card because of fraud and
privacy problems.  The new federal law would require all but Massachusetts
to change their laws, taking this option away from the majority of the
nation's drivers and limiting state authority to decide whether this
policy is appropriate for their residents.  The bill also gives the
federal government wide latitude to develop new and more costly
requirements for state driver's licenses, ID cards and birth certificates
in the future.  According to the Congressional Budget Office, the new
unfunded federal mandates in the law will shift up to $20 million in costs
to states and force states and localities to increase fees for birth
certificates to pay for new federal requirements. 

...LEAD TO A NATIONAL ID CARD THAT DISCRIMINATES AGAINST MINORITIES.  By
requiring states to tie the social security number to state-issued
identification documents, the proposal marks a dramatic shift toward using
the number as an identifier.  Today's mandate that the states follow
federal requirements in their identification documents will lead to
tomorrow's mandate:  that the federal government issue the identification
documents itself to ensure uniformity and reliability.  Make no mistake:
this provision is a key building block for national identification
documents, and the national ID card.  If such an ID card is mandated,
Latinos, Asians, and other Americans who "look foreign" or speak with an
accent will be expected to produce this document far more often than other
Americans, especially if they live in border areas.  Increasing
discrimination against our own citizens is no way to deal with the problem
of illegal immigration. 

...TANGLE CITIZENS IN GOVERNMENT RED TAPE.  The federal bill requires any
citizen that needs to use their birth certificate for official
identification to get a reissued birth certificate from their place of
birth by October 1999.  Senior citizens that intend to apply for Medicare
will need to obtain a new birth certificate.  Couples engaged to be
married will need new birth certificates for a marriage license and to
change their names.  Professionals traveling internationally for business
or families going on vacation overseas will need new birth certificates to
obtain passports.  With millions of citizens requesting new birth
certificates, lines and waits for federally-approved birth certificates
will be long.  All recipients will be charged a fee for their new birth
certificates. 
                      -------------------------------

UPDATE:  To study the full text of the Senate's version of H.R. 2202, go
to http://thomas.loc.gov and look up S.1664, section 118.  Write or call
conferees and your own member of the House.  As of Thursday, 8/29/96, 4:30
pm EDT, Senate conferees on the immigration bill were: 

Feinstein, Dianne - California 
Grassley, Chuck - Iowa 
Hatch, Orrin - Utah
Kennedy, Edward - Massachusetts 
Kohl, Herb - Wisconsin 
Kyl, Jon - Arizona
Leahy, Patrick - Vermont 
Simon, Paul - Illinois 
Simpson, Alan - Wyoming
Specter, Arlen - Pennsylvania 
Thurmond, Strom - South Carolina

Likely House conferees include:

Becerra, Xavier - California (30)
Berman, Howard - California (26)
Bono, Sonny - California (44)
Bryant, Ed - Tennessee (7)
Bryant, John - Texas (5)
Conyers, John, Jr. - Michigan (14)
Frank, Barney - Massachusetts (4)
Gallegly, Elton - California (23)
Goodlatte, Bob - Virginia (6)
Hyde, Henry - Illinois (6)
McCollum, Bill - Florida (8)
Smith, Lamar - Texas (21)

Please do not wait to contact House conferees.  The conference report 
could be issued within as little as 24 hours of their final selection.

To be most effective, letters should be postmarked by Saturday, August
31st, or faxed early the following week.  Members' offices also may be
reached by phone through the Capitol Switchboard (202) 224-3121. 
Thanks for your help.

------------------------------

Date:    Sun, 18 Aug 96 21:16 EDT
From:    johnl@iecc.com (John R Levine)
Subject: re: Credit Card Company Now Marketing "Privacy" Program (V5 #15)

>I would be interested in hearing what others think of this service, and if
>anyone has ever heard of CUC  International, Inc., the provider of Wallet
>Security Plus.

CUC used to be known as Comp-U-Card, and runs a variety of discount
shopper's clubs, travel clubs, and the like, many but not all of which are
accessed via your PC.  It is a large company, listed on the NYSE, with
annual revenues well over a billion dollars, mostly from membership fees.
(The stuff you buy through the clubs is all provided by third parties.)
They're at http://www.cuc.com.

Most of the shopping services on the major on-line services as well as
the rebating travel agency on Easy Sabre are owned by CUC.

Their "privacy" program is in all likelihood legit, although as you point
out, it doesn't actually offer very much for the money, something that I've
noticed in some of CUC's other programs.

I would be a teensy bit worried that an organization whose primary business
is targeted direct marketing might find it irresistable to to a little data
mining in the big pile of data their privacy customers' give them.

-- 
John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869

------------------------------

Date:    Tue, 20 Aug 1996 11:00:10 -0400 (EDT)
From:    Charles Trew <ctrew@CapAccess.org>
Subject: Credit Card Protection Plans

     The credit card service plan offered by CUC International to monitor 
credit activity and such has been around for many years. As was noted, 
virtually all of the "services" are already available in one form or 
another for free. To be fair someone with quite a busy schedule and high 
income might find advantages in the program.
     Anyone with questions concerning credit cards should look up Bank 
Card Holders of America, a non-profit outfit in Roanoke, Virginia. 
Membership fees are nominal and they alert members to these types of 
programs and offerings of dubious value. In fact, BHC even provides
this type of service as a regular part of their membership. 
                                                                    
      As for Division of Motor Vehicle records, they are fairly 
available in almost all states. Because of privacy concerns there are 
frequently some restrictions. Many states charge a nominal fee ($5.00 to 
$10.00) and require the requester to identify themselves and give the 
reason for the request. A record is kept of the request. I can tell you, 
however, that there are any number of private investigation services on 
the internet (and elsewhere) that would be willing and able to obtain 
this information and provide it to an anonymous client.
      Many states have used an individual's social security number as 
their driver's license as well. Some states (such as Virginia) now allow 
one to obtain a number other than the SSN as the license number. 
Concerned individuals should call their state DMV and get specific 
details.  

------------------------------

Date:    20 Aug 96 11:27 CDT
From:    Rex Black <Rex_Black@dell.com>
Subject: Blood and Privacy?

I recently received an e-mail message from the corporate fitness 
center inviting me to a blood drive.  I have not given blood 
before, having had a bad reaction to a blood sample as a teenager 
that has left me leery of the idea.
     
What struck me, however, was that this e-mail message asked that we 
show up with our company badges and knowing our social security 
numbers.  I sent back a message saying that I would consider giving 
blood, but only if it was anonymous.  They replied that at least I 
had to bring my driver's license.  (I'll have to remember that this 
is an anonymous ID the next time I get a speeding ticket, so that I 
can just ignore it, right? :-)
     
Anyway, this got me to thinking:  Is this general practice to 
require that donors "tag" their blood with an SSN or other 
traceable indicia?  If so, are there documented cases of abuse of 
this tracing ability?  (As an example, someone flunks the AIDS test 
that blood goes through and becomes tagged as "HIV positive" in 
some database, accurately or inaccurately.)  
     
Regards,
Rex
     
P.S.  I am not speaking in any kind of official capacity as a Dell 
consultant.

------------------------------

Date: Fri, 16 Aug 96 15:24 EST
From: Robert Ellis Smith <0005101719@mcimail.com>
Subject: Alternatives to Social Security Numbers

   [ From Risks-Forum Digest; Volume 18 : Issue 35  -- MODERATOR ]

Last spring, I asked readers of RISKS for suggestions on alternatives to
Social Security numbers in organizations with large data bases of
information about individuals.  Many such organizations find they do not
need to use SSNs, and avoid privacy problems associated with using them.
For a copy of all of the responses, send a request to us and specify whether
you want hard copy or electronic edition of our August issue, and provide
postal address or e-mail address.

Robert Ellis Smith, Publisher, Privacy Journal newsletter,
Providence, RI, 401/274-7861, e-mail 5101719@mcimail.com.

Excerpts from the suggestions follow:

* FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date
concatenated [linked in a chain]) both for driver and vehicle registrations.

* FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by
Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in
Boston, discusses a number of ways in which cryptography- based health care
identifiers can be used to preserve privacy while remaining manageable for
typical medical purposes.  This is publication #49 (in Postscript format) at
http://medg.lcs.mit.edu/people/psz/publications.html.

* FROM YARDLEY, PA.: One way is to use a simple scheme like three letters
from last name, the first initial, and some digits; another is just to use
sequential numbers.  Another is an MD5 hash of the full-name string [a
one-way mathematical function as a stand-in for the name that makes
translation back to the original name impossible].  This is always unique
for a unique string, so you might need to add some numbers.

* FROM MADISON, WISC.: When I was working on the development of the
Wisconsin Student Data Handbook - we tried to develop
 what we called an "SSN surrogate," also of nine bytes per
individual.  It involved an algorithm which combined year,
month, and date of birth with sex and two consonants each
 extracted from the first and middle names.

* FROM CYBERSPACE: I worked with a banking software company that set up
employee records simply by exact hire date and time.  Since they never hired
anyone at exactly the same time, it gave each person a unique number.  You
could do the same for any data base in which records are added gradually one
at a time - just number them based on exact date and time added.

* FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago
not to use SSN for identification except where required by law (payroll
taxes, for example).  We use a unique Stanford University ID (SUID), which
is a lifetime number and applies to all students, alumni, faculty, staff,
and patients.  It serves all the same purposes that the SSN would do if it
were used.  

------------------------------

Date: Mon, 19 Aug 1996 13:12:06 +0200
From: Jan Vorbrueggen <jan@fsnif.neuroinformatik.ruhr-uni-bochum.de>
Subject: Re: Department of Motor Vehicle records (Johnsrude, RISKS-18.31)

   [ From Risks-Forum Digest; Volume 18 : Issue 35  -- MODERATOR ]

Johnsrude writes:

>   This lack of protection distinguishes American law from most European
>   democracies.  "Data protection" is an important part of European human
>   rights law.

A very important point. In Germany, this was actually derived, in the
context of a census, from the constitutional right to freedom from injury by
the Bundesverfassungsgericht (sort-of-analogue of the US Supreme Court). The
laws that were made in response to this decision actually strive to handle
the problem at the correct point, IMO, namely when the data in question is
created.  And there is a distributed system of "watch dogs" whose annual
reports are widely discussed (if not always read).

However, I think the bulk of Johnsrude's contribution and the further
discussion in this thread misses a major point. The DMV database is quite
different from, say, VISA's or your favourite retailer's, in that the DMV
occupies a monopoly, and a publicly mandated one at that. If you don't like
the data handling procedures of whoever offers you a service, in general
there will be a competitor who might have better practices regarding your
objections.  Or you can make a purchase explicitly contingent on data
concerning it not being made available to others, and in the case of
infraction sue for breach of contract (of course, this entails other barrels
of worms, but that's a separate discussion). In the case of the DMV, there
is no alternative, because the DMV itself, as an issuer of drivers'
licenses, serves a public watchdog function, and the service it offers is
not in any practical sense optional, especially in wide parts of the United
States. Putting severe restrictions on the DMV's use of the data entrusted
to it is sensible, for any number of reasons; the technical problems in
distributing data to those that need to know (e.g., police officers) come up
in other situations as well and have well known solutions.

One of the root problems here is that, IMHO, the way legislative
responsibility has been divided in the USA is just crazy. The (I assume)
federally mandated inclusion of the SSN in state controlled DMV records,
without any clauses on how to protect this data, is a case in point; I
suppose this was foisted on the states in a similar way the drunk driving
rules were (according to urban legend, by making federal subsidies for the
interstates contingent on such legislation). Thus, responsibility is divided
-- in a similar way later noted as being the result of the privatization of
the British rail network.

        Jan

------------------------------

Date: Thu, 22 Aug 1996 11:35:54 -0700 (PDT)
From: Stanton McCandlish <mech@eff.org>
Subject: SSN problem hits a Congressman

   [ From Risks-Forum Digest; Volume 18 : Issue 37  -- MODERATOR ]

I received a press call this morning asking about Social Security Numbers
and database privacy in general, from a journalist covering a story that
should have happened years ago.

A US Congressman running for Governor of New Hampshire was found to have 
two SSNs by local journalists, who ran a story on it. (It's illegal to 
obtain 2 SSNs in most circumstances, so one supposes this seemed newsworthy).
After the story ran, it turned out that the other SSN belonged to a teenager,
and that the legislator had been assigned the number (presumably in some 
marketing or DMV or other error-prone database) by mistake. Despite the 
situation not being the legislator's fault, his chances for election to 
the Governor post have been damaged by the bad reportage, possibly ruined.

At this point, I don't have the name of the legislator, nor of the paper 
and journalist(s) who reported on this.

Many obvious RISKs that have come up before plenty of times in RISKS:

1) SSNs are not a good system - they are neither truly unique 
identifiers, nor is the system even close to immune from errors or fraud.

2) Even "minor" data entry errors in databases of personally identifiable
information can ruin careers and otherwise wreck people's lives, but there's
not really any easy way to detect these errors or to fix them until they 
cause a personal, or sometimes far broader, catastrophe.

3) There is no real accountability, even aside from privacy issues. State 
laws are scattershot and disparate, affording little privacy protection 
and even less recourse when negligence wreaks havoc. They are so 
different from state to state that even an industry-generated code of 
conduct doesn't arise. At the federal level, it's even worse.

4) Reporting on technical topics, like information held in databases, can 
be rapidly screwed up if the reporters do not take care to get the facts, 
but simply report what seems obvious on the surface. (C.f. Time's 
"Cyberporn" cover story for another infamous example.)

5) Blind trust in technology - "the computer is always right" - can lead to
quite harmful mistakes. It appears that the reporters who jumped on this 
story accepted it as a given that the legislator had obtained two SSNs 
for some nefarious purpose, and missed the far more likely possibility:
data entry error by a third party.

(This is based on what I've been told about these events and the 
reportage of them. I have yet to see the original articles, though I 
expect to get them shortly.  So, some of this criticism is best considered 
hypothetical, until I do have the articles.  I cannot, of course, be 
certain of the accuracy of the characterization by one journalist of 
another and his/her work.)

As for why I say this should have happened a long time ago, this is the
first time I've heard of something like this happening to a policymaker.
Hopefully the nature of the problem will sink in and we'll see some action
to establish accountability and privacy-protection requirements.  At very
least, the dismal failure of the SSN may become more apparent to Congress,
who have simply not appeared to grasp the nature of the problems to date.
The new crypto-awareness on the Hill could use a strong booster shot of
general privacy awareness.

Stanton McCandlish  Electronic Frontier Foundation  mech@eff.org
"http://www.eff.org/~mech/"

------------------------------

Date: Fri, 30 Aug 1996 13:17:02 -0500
From: declan@well.com (Declan McCullagh)
Subject: FC: Helsingius shuts down anon.penet.fi/ server in Finland

This is a sad day in the history of the Net. Hundreds of thousands of
people had accounts on Julf's pseudonmyous server and many netizens relied
on it daily to preserve their privacy online. (Unlike cypherpunk remailers,
it's not truly anonymous since Julf keeps records of what anon id maps to
what email address.) From Azeem's report and the press release below,
Julf's move seems to be in response to a Finnish court's preliminary
decision that the privacy remailers could be violated by court order --
something the Scientologists have been pushing.

Still, I'd be surprised if Julf's decision wasn't prompted in part by the
hideous London Observer article that falsely accused him of being a
middleman in the distribution of child porn -- check out a scan of the
Sunday cover at:
  http://scallywag.com/

-Declan

   ---------- Forwarded message ----------
   Date: Fri, 30 Aug 1996 17:11:51 +0100
   From: Azeem Azhar <azeem@dial.pipex.com>
   To: azeem@ivision.co.uk
   Subject: [ALERT] Penet is dead

   Hello all,

   I just got off the phone with Johann Helsingius who runs the
   anon.penet.fi/ anonymous e-mail service.

   1. He has decided to close the service.

   2. This is not related to the article in The Observer. It is, in fact,
   due to a decision of a lower Finnish court on petition from the Church
   of Scientology. Penet went to court last week and made the decision
   today. The implication of the decision is that e-mail over the Internet
   is not protect by the usual Finnish privacy laws.

   3. The server is currently down while Julf re-writes the software. Once
   it runs again, it will be phased out for private use, but groups such as
   the Samaritans and human rights agencies should be able to use it.

   4. They are appealing against the decision.

   5. Julf expects that revisions in Finnish law to provide a safe legal
   status for anonymous remailers will be in place at the earliest in
   Spring next year.

   6. Once again: this is unrelated to The Observer's scandalous reporting.

   Your faithful furry friend,

   Azeem

   ---------- Forwarded message ----------

   Date: Fri, 30 Aug 1996 17:15:41 +0100
   From: Azeem Azhar <azeem@dial.pipex.com>
   To: azeem@ivision.co.uk
   Subject: [ALERT} Penet is dead (correction)

   Sorry . . . a slight error:

   > 2. This is not related to the article in The Observer. It is, in fact,
   > due to a decision of a lower Finnish court on petition from the Church
   > of Scientology. Penet went to court last week and made the decision
   > today. The implication of the decision is that e-mail over the Internet
   > is not protect by the usual Finnish privacy laws.

   The implication of the court's decision (rather than Penet's to shut the
   server) is that e-mail over the Internet is not protected by the usual
   Finnish privacy laws.

   Sorry!
   --
 
   [Julf's press release. -Declan]

                                PRESS RELEASE
                                30.8.1996

        Johan Helsingius closes his Internet remailer

        Johan Helsingius from Helsinki has decided to close his Internet
        remailer. The so-called anonymous remailer is the most popular
        remailer in the world, with over half a million users.

        "I will close down the remailer for the time being because the legal
        issues governing the whole Internet in Finland are yet undefined. The
        legal protection of the users needs to be clarified. At the moment
        the privacy of Internet messages is judicially unclear."

        The idea of an anonymous remailer is to protect the confidentiality
        of its users=ED identity. The remailer itself does not store
        messages but serves as a channel for message transmission. The
        remailer forwards messages without the identity of the original
        sender.

        Finland is one of the leading countries in Internet usage. Therefore
        all decisions and changes made in Finland arouse wide international
        interest.

        "I have developed and maintained the remailer in my free time for
        over three years now. It has taken up a lot of time and energy.
        Internet has changed a lot in these three years - now there are
        dozens of remailers in the world, which offer similar services."

        "I have also personally been a target because of the remailer for
        three years. Unjustified accusations affect both my job and my
        private life" says Johan Helsingius.

        He surmises that the closing of the remailer will raise a lot of
        discussion among the Internet community. "These remailers have made
        it possible for people to discuss very sensitive matters, such as
        domestic violence, school bullying or human rights issues
        anonymously and confidentially on the Internet. To them the closing
        of the remailer is a serious problem", says Helsingius.

        Child porn claims proven false

        Last Sunday's issue of the English newspaper Observer claimed that
        the remailer has been used for transmitting child pornography
        pictures. The claims have been investigated by the Finnish police.
        Observer's claims have been found groundless.

        Police sergeant Kaj Malmberg from the Helsinki Police Crime Squad is
        specialized in investigating computer crimes. He confirms that
        already a year ago Johan Helsingius restricted the operations of his
        remailer so that it cannot transmit pictures.

        "The true amount of child pornography in Internet is difficult to
        assess, but one thing is clear: We have not found any cases where
        child porn pictures were transmitted from Finland", Kaj Malmberg
        says.

        Ground rules need to be clarified

        There are several large network projects going on in Finland at the
        moment, such as the TIVEKE project run by the Ministry of
        Communications and the Information Society Forum project run by the
        Ministry of Finance. Johan Helsingius is participating the work of
        these projects. Projects assess the political and social issues of
        networks and the impact of these issues in the long run. These
        projects also need the support of daily, practical work to help
        short-term decision-making.

        Johan Helsingius is now taking an initiative in the development of
        the daily network rules. He wants to set up a task force to discuss
        the practical problems related to ethical and civil rights issues in
        connection with the Internet.

        "I will try to set up a task force which will include Internet
        experts together with representatives of civic organizations and
        authorities. The task force could take a stand on issues such as the
        network's practical operation methods and the misuse of the network.
        I hope that the results of this task force will support the
        development of the network", he says.

        For further information, please contact

        Johan Helsingius
        Oy Penetic Ab
        tel. +358 0400 2605
        e-mail: julf@penet.fi

   [ Regular readers of my various PRIVACY Forum Moderator items will
     already be aware of my concerns over "anonymous" abuses which are
     appearing with increasing frequency on the net.  Libel, propaganda,
     hate materials, and just plain 100% lies, often designed specifically
     to harm individuals, are occurring with increasing frequency.  The
     senders of such materials usually shield themselves through a variety
     of technical mechanisms, only one of which is anonymous remailers.

     The problem is that while there are most definitely situations where
     anonymity is important, there are others where it can be seriously
     abused.  Most newspapers and other mainstream media outlets would avoid
     printing random, unsubstantiated rumors (e.g. "John Rudolph Smith of
     1313 Randolph Street is a child molester"), without knowing where the
     accusation came from and without some form of substantiation.  Even in
     cases of "name withheld" items, it's normally necessary for the party
     making the accusation to identify themselves to the publisher so that
     appropriate responsibilities can be ascertained.  Once false
     information goes out, the damage can be immediate and impossible to
     undo later.

     But in the case of anonymous items mass distributed on the net, there
     is no requirement for source checking, substantiation, author identity,
     or responsibility.  For the vast majority of users who do act in
     responsible manners this isn't a problem.  But with the net's entering
     the mainstream, the small percentage of folks with their own agendas
     and no compunction against outright lies and similar actions can abuse
     anonymity and unfiltered mass distributions in manners that are
     exceedingly damaging.  The actions of these relative few could easily
     wipe out the real benefits and good will of the network in a mass of
     outraged reactions.  

     The solutions?  Discussion of possible solutions might be a suitable
     topic for here in the PRIVACY Forum.  Such solutions are unlikely to be
     purely technical in nature.  For example, in the item above, it's
     stated that the anon server under discussion was configured to not send
     pictures.  Other info on this case suggests that what actually happened
     is that the system was configured to not send individual items larger
     than some arbitrary size--a limit that could presumably be circumvented
     via various programs to split large items into smaller chunks.  No, the
     solutions to balancing privacy and responsibility must be based on
     technical, legislative, and societal grounds.  If we don't start
     working towards reasonable compromises in these areas, our ability to
     have any input at all on these problems is likely to be severely
     curtailed in a rush to "quick fixes" down the line.  Some countries
     are already moving rapidly into the quick fix arena--see the item
     regarding Singapore below...

                        -- MODERATOR ]

------------------------------

Date:    Sat, 24 Aug 1996 00:25:15 -0400
From:    Monty Solomon <monty@roscom.COM>
Subject: SSN and Welfare Legislation

Excerpt from EPIC Alert 3.15

=======================================================================
[3] Welfare Legislation Signed by Clinton
=======================================================================

On August 22, President Clinton signed the Personal Responsibility and
Work Opportunity Reconciliation Act of 1996. The bill includes a
number of sections that expand the use of the Social Security Number
and create new databases of personal information.

The bill requires that states obtain individuals' Social Security
Numbers for many state documents.  It provides that on "any
application for a professional license, commercial driver's license,
occupational license, or marriage license [the SSN] be recorded on the
application."

The new bill also creates a national database of every employee in the
United States.  States are also required to create databases of "new
hires."  The state databases would be uploaded to a federal registry
and the Social Security Administration would verify the SSNs.  The
Commissioner of Social Security is required to develop "a prototype of
a counterfeit-resistant social security card" made of tamper proof
materials for proving citizenship, and to issue a report on the cost
of issuing a new card to all citizens over a three, five or ten year
period.

More information on the welfare bill, the Social Security Number, and
efforts to expand its use is available at:

     http://www.epic.org/privacy/ssn/

------------------------------

Date:    27 Aug 96 11:58:00 -0700
From:    SOJOURNER_CLIFF@Tandem.COM
Subject: Re: More on CNID

In Privacy Digest v05 #14, Beth Givens wrote:

> The introduction of Caller ID to California has been an enlightening study
> in what happens when consumers are given adequate information to make
> meaningful decisions about safeguarding their privacy.

It certainly has been enlightening to discover that the ernest,
well-intentioned efforts have mostly failed!

We bought a telephone that answers "PRIVACY" labelled calls on the
second ring with a short message, something like "the number you have
dialed does not accept anonymous calls.  Please disable your call
blocking feature and call again."

A large number of the calls we get are blocked.  Very few of the
callers are able to figure out what the message means and call back
with the blocking disabled.  Frequently we get complaints "I couldn't
get through to you, some message on your phone number".  My response
to that is "you mean after a three month education campaign with bill
inserts, radio, TV, and newspaper advertising, you can't figure out
how to operate your telephone?"

Smartass answers aside, I believe that CNID in California is a dismal
failure.  The "public education" didn't work: people don't know how
to enable or disable call blocking, even when they know it exists.
The "public education" only served to frighten people enough that
they ordered complete blocking, even for their business lines!

Further, the CNID information delivered by Pac Bell does not include
the name, and calls from pay phones, PBXs, and centrexes (like we have
at work) are labeled "OUT OF AREA".  The reason we ordered CNID
delivery was to screen out telemarketer calls and get a special ring
sound on calls from well known phone numbers (like our work numbers,
mothers-in-law, friends, etc.).  CNID is useless for this.

(Pac Bell must not have educated its people on CNID, selective vs.
complete blocking, etc., because people who asked Pac Bell about our
message could not get a correct answer.)

Cliff Sojourner

------------------------------

Date:    Sun, 18 Aug 1996 20:54:22 -0400
From:    pt1 <pt1@grcci.com>
Subject: The answer to the cookie problem??

I may have the solution to the cookie problem. I have tried this for 
three weeks now, and it seems to work! I used 'edit.com' under DOS to 
read my cookies.txt file in netscape. It was full of information. I 
deleted everything in the file and replaced it with "STAY OUT OF MY 
BUSINESS- WHO ARE YOU TO READ MY FILES?". I then used windows to protect 
the file to 'Read Only'. Now when a site tries to send a file and it 
arrives in my netscape program and it tries to alter the file, it can 
not, because the file is write protected to be read only! If the site 
reads my cookies.txt file, the just get my message above to get out of my 
life!

Does anyone know why this won't work? It seems to work for me. BTW, I 
really enjoy the great posts in privacy forum.

        [ While there definitely are privacy abuses involving cookies,
          there are also a number of completely innocent reasons for sites
          to send cookies for their own use (web page info sequencing, for
          example), and there are various useful services that might even
          appear to be cookies but really aren't.  A complete blocking of
          all cookies through such techniques may be likely in the long
          run to have a variety of unintended and undesirable consequences.
          The most serious privacy issues with cookies tend to involve
          cookies passed between different sites, where one site collects
          the information "dropped off" by another site during a previous
          web page visit by the particular user.

                        -- MODERATOR ]

------------------------------

Date:    Tue, 20 Aug 1996 00:46:38 -0400
From:    Monty Solomon <monty@roscom.COM>
Subject: HRW letter to Singapore government; German telecom URL

Begin forwarded message:

From:   IN%"declan@well.com" 14-AUG-1996 22:53:36.15
To:     IN%"cypherpunks@toad.com"
Subj:   HRW letter to Singapore government; German telecom URL

Attached is the letter Human Rights Watch/Asia sent to Singapore yesterday.
Kudos to HRW for taking the lead in calling attention to the actions of the
censorhappy Singaporeans. More background is at:
  http://www.eff.org/~declan/global/

Also, you can find an English version of the German telecommunications act
at:
  http://www.government.de/inland/ministerien/post/tkge00.html

-Declan

   ---

August 13, 1996

BY FAX: +65-375-7765

Mr. George Yeo
Minister for Information and the Arts
460 Alexandra Road, 37th Story
PSA Building
Singapore 119963

Dear Mr. Yeo,

     I am writing on behalf of Human Rights Watch/Asia to protest the recent
decision by the Singapore government to establish strict controls on Internet
use. The implementation of the Class License Scheme, which, according to a
July 11 government news release, "will focus on content which may undermine
public morals, political stability and religious harmony,"ensures a leading
role for Singapore among international promoters of online censorship. This is
a particularly unfortunate role for Singapore, which has been a leader in the
development and promotion of Internet use in Asia. It places Singapore in the
same category as countries like China, where Internet users must endure
onerous restrictions.

     One of the most unique and valuable characteristics of the Internet is
its ability to establish easy, inexpensive and practically instantaneous
communication between the farthest points of the earth. By prohibiting
connections between its citizens and various Web sites outside its borders,
Singapore is in essence removing itself from the global Internet. If, as will
surely happen, its example is followed in other countries, the Internet, which
held such promise as the world's first truly global medium, will be nothing
more than a set of country-specific networks where local prejudices and fears
are reinforced by technology.

     Our specific objections concern Singapore's decision to regulate the
Internet as if it were a broadcast medium. Unlike broadcast media, the
Internet is the first truly mass medium. Through e-mail, it allows individuals
with nothing more than a computer and a modem to express their views to an
international audience. Even the World Wide Web differs significantly from a
broadcast medium in that individuals are not confronted with a particular site
upon connecting to the Web--they may choose whichever sites they choose to
visit. As with other forms of Internet communication, anyone may put up his or
her own site on the Web. The Singapore government's own use of Web pages
demonstrates how the Internet can be used to propound a particular point of
view. Its citizens, so long as they are not using their site to incite to
violence, should have the same opportunity to express views as their
government. As stated in Article 19 of the Universal Declaration of Human
Rights:

     Everyone has the right to freedom of opinion and expression: this
     right includes freedom to hold opinions without interference and
     to seek, receive and impart information and ideas through any
     media and regardless of frontiers.

     We are particularly concerned that restrictions have been placed on
Singaporeans who wish to discuss religious and political ideas online. It is
only through unrestricted discussions of such serious topics by all members of
society, no matter how unpopular their views, that these subjects become less
explosive. Forbidding discussion--in effect, treating its citizens like
children--will, on the other hand, ensure that dangerous topics remain just
that.

     We are also concerned that the extraordinarily broad categories of
forbidden content, as outlined by the SBA, will encourage arbitrary
restrictions on communication. According to the Internet Content Guidelines,
the following topics are banned.

     Public Security and National Defense

          a.   Contents which jeopardize public security or national
               defense.
          b.   Contents which undermine the public confidence in the
               administration of justice.
          c.   Contents which present information or events in such a
               way that alarms or misleads all or any of the public.
          d.   Contents which tend to bring the Government into
               hatred or contempt, or which excite disaffection
               against the Government.

     Racial and Religious Harmony

          a.   Contents which denigrate or satirize any racial or
               religious group.
          b.   Contents which bring any race or religion into hatred
               or resentment.
          c.   Contents which promote religious deviations or occult
               practices such as Satanism.

          Public Morals

          a.   Contents which are pornographic or otherwise obscene.
          b.   Contents which propagate permissiveness or
               promiscuity.
          c.   Contents which depict or propagate gross exploitation
               of violence, nudity, sex or horror.
          d.   Contents which depict or propagate sexual perversions
               such as homosexuality, lesbianism, and pedophilia.

By banning such subjects a chill will be sent through the online community in
Singapore, and will render the Internet essentially useless in allowing any
kind of serious discussion.

     In addition to forbidding particular content, the government has also
announced that some sites will be banned. Internet service providers were
given the deadline of September 14, 1996, to begin using proxy
servers--devices that can prohibit connections to specified sites--to
connect all their
subscribers.

     Although the government has promised to use a light hand in regulating
the Internet, its activities even at this early stage indicate otherwise. A
July 12 posting in the Usenet newsgroup "soc.culture.singapore" was reportedly
removed at the request of the SBA, who asked local Internet service providers
for its removal because it alleged that lawyers at a local law firm were
incompetent. The request came, according to the Straits Times, after the law
firm complained to the government. Despite the removal from the newsgroup, the
message is still widely available to Singaporeans through other Internet
sources, indicating that content control will be difficult unless Internet
access is restricted even further.

     We hope that the Singapore government will retract these repressive new
regulations, and support the development of an unfettered Internet. Instead of
using its power to restrict Internet use, the government could play a truly
useful role by devising ways to expand its use to even the most disaffected
members of its population.

                                   Sincerely,
                                   Sidney Jones
                                   Executive Director

cc:  Mr. Goh Liang Kwang, Chief Executive Officer, Singapore Broadcasting
       Authority
     Ambassador Bilahari Kausikan, Permanent Mission of Singapore to the
       United Nations

------------------------------

Date:    Tue, 27 Aug 1996 17:14:38 -0400
From:    Wm Randolph Franklin <wrf@ecse.rpi.edu>
Subject: Ohio requires privacy waiver and SSN in job apps

The State of Ohio requires job applicants to sign a notarized
waiver of privacy rights:

   "I hereby waive all provisions of law forbidding my
   physician... colleges...  past employers... from disclosing any
   information... relevant to my employment..."

What's the point of legal protections if governments can require
you to waive them?  Saying that working for the government is
voluntary doesn't seem entirely satisfactory; the government is
not the same as a private employer.

Ohio also requires applicants to give their SSNs, but doesn't give
a privacy act notice.  This seems illegal.

The application form is accessible from 

        http://www.state.oh.us/hr/emprec.html

------------------------------

Date:    Fri, 30 Aug 1996 10:34:03 -0700 (PDT)
From:    jd@scn.org (Janeane Dubuar)
Subject: fingerprinting by banks

SEATTLE WEEKLY

Copyright 1996 - used with permission

July 24,1996  -  "Quick and Dirty"
column by Eric Scigliano

Thumbprint, retinal or body-odor scan, sir?

If you think those "Go to Jail" charity slumber parties are a scream, you 
may get a kick out of cashing checks after September 11.  That's when US 
Bank will start requiring that non-customers cashing its checks consent 
to be finger--or, rather, thumb--printed.  Other local banks are expected 
to join US Bank on the new security frontier in September, and at least 
one, Seafirst, plans to start taking thumbprints next year in step with 
its California parent, Bank America.  The thumbprinting scheme is being 
pushed by the Washington Bankers Association, which wants all its members 
to take the plunge together.  As Dan Doyle, regional manager over US 
Bank's Western Washington branches, notes, "I'm not sure any one bank 
wants to be the one to step out and do it--it probably sounds cold, hard, 
and not very customer-friendly."  Indeed.  "But it's really to protect 
customers."

That protection is supposed to come from deterrence.  Very few, if any, 
check forgers actually get caught via thumbprints in those states (most 
notably Texas, Nevada, and Arizona) whose banks already take them.  
Tellers can't (yet, anyway) check the prints for known forgers; the 
prints will merely be saved (on the checks themselves) for investigation 
in the event of a bounce.  But Bruce Koppe, the Bankers Association's 
executive director, reports that bogus-check losses have declined by 40 
percent in those states.  Doyle says US Bank has charted 45 percent 
reductions in states where it's tried the system, and fewer than 1 
percent of those asked decline to give prints.  Some retailers, and 
reportedly at least one local credit union, are already taking prints on 
checks.  

Customers can at least be reassured that they won't have to bear the 
telltale black stains of traditional fingerprinting; the new "inkless"  
printing leaves no visible mark on the skin.  Still, fingerprinting is, 
in the words of American Civil Liberties Union lobbyist Jerry Sheehan, 
"the archetypal metaphor of criminality, along with the mug shot and 
lineup."  Some tellers are already grumbling at the prospect of having to 
do it.  The banks take heart that they won't be demanding prints of their 
current customers.  But the ill will may still come around to bite them; 
those are all potential customers they stand to infuriate, and 
account-holders may not like the idea of their checks being valid only 
when backed by thumbprints.

And thumbprinting may be just the nose under the tent.  That mixed bodily 
metaphor suits the brave new world of "biometric" identification in which 
we will, very soon, find ourselves.  Down in Olympia, a working group of 
the joint Legislative Transportation Committee is considering what kind 
of biometric and/or computer technology to adopt in upcoming "smart" 
driver's licenses; its findings are due in December, preparatory to the 
next legislative session.  Possibilities include a bar code or magnetic 
strip; a store scrutinizing your check or a cop writing a ticket could 
scan your full digitalized profile.  All the drivers' license data that 
now fills a state warehouse could be consolidated in a single data base.  
And all those sci-fi and privacy-protectionist warnings about personal bar 
codes and instant snooping will come true.  

Transportation Committee staffer Jennifer Joly says that fingerprinting 
is still the most common form of biometric ID.  But more exotic 
techniques are coming in: hand geometry scans, retinal scans, iris scans, 
computerized facial recognition, and (I am not making this up) body odor 
measurement.  It seems unlikely that those who take IDs will stop at 
thumbprinting checks.  Joly reports that bankers, retailers, and 
law-enforcement groups have joined in a coalition to weigh in on the new 
drivers' licenses.

"We'll be pushing for legislation imposing severe restrictions" on 
fingerprinting, the ACLU's Sheehan vows.  And they'll "continue to resist 
these pressures to create uniform identification papers from a document 
intended for driver's certification." [...]

July 31, 1996  -  "Quick and Dirty"
column by Eric Scigliano

[...]
They want to know it all

If you feel queasy about being fingerprinted by a bank, imagine how 
tellers feel about all the information they're supposed to disclose.  US 
Bank asks employees to fill out an "extortion readiness card" listing all 
their cars (by number and "markings") and neighbors, the names, schools, 
and daily routes and schedules of their children, and any meetings they 
themselves regularly attend.  US Bancorp spokeswoman Mary Ruble says 
taking such data is a longtime standard banking practice done for the 
employees' "own safety," to protect them in "hostage situations" and to 
help authorities "follow up if a claim of kidnapping is made."  She adds 
that US Bank has never encountered such a situation, but believes other 
banks have.  The cards are kept confidential in a central office, and 
filling them out is "voluntary for employees."  But one bank worker who 
objected recalls being told to fill out the card anyway, and got the 
feeling, despite the explanation, that the intent was really to guard 
against crimes by, rather than against, employees.  "The extortion 
readiness card has nothing to do with embezzlement," says Ruble.

------------------------------

End of PRIVACY Forum Digest 05.16
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.