|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Saturday, 5 December 1998 Volume 07 : Issue 19
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
http://www.vortex.com
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by
the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy,
"internetMCI" (a service of the Data Services Division
of MCI Telecommunications Corporation),
Cisco Systems, Inc., and Telos Systems.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
Image Recognition on the streets of London (Jason Ross)
Re: Image Recognition on the streets of London
(Lauren Weinstein; PRIVACY Forum Moderator)
Dejanews also uses "click-through" urls (Andrew Isaacson)
Swedish (and EU) privacy protection provisions (Klaus Rieckhoff)
NW Frequent Flyer Miles are publically accessible--and usable
(Sandy Antunes)
Crypto policy in Finland (Jaakkola Joel)
Public utilities' use of social security numbers (C Matthew Curtin)
ACLU Special Web Collection on 'Civic Morality' (Jessica Botta)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 07, ISSUE 19
Quote for the day:
"Doesn't anything work around here?"
-- Chief Supervisor (Alan Oppenheimer)
"Westworld" (1973)
----------------------------------------------------------------------
Date: Wed, 18 Nov 1998 07:47:38 -0000
From: "Jason Ross" <jason_ross@bigfoot.com>
Subject: Image Recognition on the streets of London
In PFD V07 #18, Keith Parkins submitted the article "CCTV", detailing a
scheme now in use in Newham, London to automatically identify criminals as
they walk along the road.
I've obtained a little more information which focuses more on the technical
side of the system, and which I thought may be of interest.
The #60,000 ($96,000 approx.) system, which was launched on 14 October, uses
the council's 140 CCTV cameras. The images from these cameras are fed into
SSI's Mandrake Face Recognition Software, running on council-owned PCs. The
software the compares these faces with a set of 'mugshots' which it also
holds. Currently 100 images from two police stations are on file. If any
of the faces prove to be an 80% match or better, a council camera operator
is alerted to call the police.
I believe this system was also mentioned earlier this year in Computing
Magazine, when the trials first started. Apparently the system uses,
amongst other things, the distances between, and sizes of, the eyes, nose
and mouth. Therefore you can't just grow a beard to avoid being recognised.
Newham has received enquiries from twenty councils and eight police forces
so far. Their emergency services manager believes many of the 250 councils
in the CCTV User Group would also adopt the technology in the near future.
Charles Nisbet, the secretary to the Association of Chief Police Constables'
IT Committee said that his group had held talks on face recognition software
during the summer, and had supported local police force moves to introduce
it. However, he did say that there were no plans to create a national
system linked to the police's central database of 5.7 million known
offenders, 'in the near future'.
There are both privacy and risks implications with this system. The UK's
Data Protection Registrar wants a meeting with the Metropolitan Police on
the issue. Jonathan Bamford, the assistant data protection registrar was
quoted as saying "People are being compared to convicted felons - there are
clear civil liberties implications," He also pointed out that the 80%
threshold left a sizeable scope for error. Personally, having seen the
quality of images from CCTV cameras, especially in poor weather or at night
under sodium or IR floodlights and when someone is standing some distance
away from them, I'm surprised that they can claim an accuracy of even that
high.
So, we now have a local council in the UK whose computer system watches
every face that passes any of its CCTV cameras, and has an operator call the
police if it recognises convicted felons, or anyone who looks enough like
one of the ones on its database.
I feel it is important to point out that the camera operators are employed
by the local council. Prospective police officers are investigated to find
any criminal records they may have. I do not believe that council camera
operators are investigated in the same way, so there seems little to prevent
convicted criminals from operating the system.
I would also assume that, due to the intended purpose of the system, it
could also track a given face, or group of faces, as they make their way
around. If it cannot already do so, I don't think it would take a huge
amount of engineering effort to add such a feature.
The police have said that there are no plans to create a national system 'in
the near future'. They have not totally discounted the idea, and will no
doubt implement it when the price of the technology has decreased enough to
bring it within their budget. It may take a few years, but it will happen.
Then it will be possible for the police, and anyone else who can get to the
records, to find where you were at any given time, on any given day, and
where you were before and afterwards.
Naturally, the "If you have nothing to hide you have nothing to worry about"
brigade will be ecstatic when such a system is introduced. After all, it's
only the convicted criminals who have to worry isn't it?
------------------------------
Date: Wed, 18 Nov 98 08:36:30 PST
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Re: Image Recognition on the streets of London
> Currently 100 images from two police stations are on file. If any
> of the faces prove to be an 80% match or better, a council camera operator
> is alerted to call the police.
> ...
> clear civil liberties implications," He also pointed out that the 80%
> threshold left a sizeable scope for error. Personally, having seen the
> quality of images from CCTV cameras, especially in poor weather or at night
> under sodium or IR floodlights and when someone is standing some distance
> away from them, I'm surprised that they can claim an accuracy of even that
> high.
Greetings. In the previous message (excerpted above), Jason Ross discusses
the London CCTV system which is programmed to "scan" for particular
individuals. As described, that 80% figure quoted by the London authorities
says nothing about the actual accuracy of the system in performing that
task. The system accuracy, in terms of actually alarming only when it has
really found a targeted person, could be 0%, for all we know. All that the
80% number appears to mean is that when the system gets an 80% or better
match between the data points in the image and the data points in their
database, it triggers an alarm. But that doesn't tell us whether or not the
person who triggered that match actually is the person for whom the
database was targeted.
To judge the real accuracy of the system, you'd need to know
(for real world situations, not laboratory environments):
(a) how often the system claims it has found a match and it turns
out that it was incorrect (alarmed on the wrong person)
(b) how often the system fails to recognize a targeted
person within its view
One also has to wonder exactly what actions are taken when such an
alarm sounds. Do the authorities rush out to that location, hoping
the target will still be in the area? How often will a wanted
person be apprehended thanks to this system? How often will an
innocent person be confronted?
I agree with the stated skepticism.
--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com
------------------------------
Date: Sun, 1 Nov 1998 17:01:17 -0500
From: Andrew Isaacson <adisaacs@mtu.edu>
Subject: Dejanews also uses "click-through" urls
On Sun, Nov 01, 1998 at 12:40:00PM -0800, PRIVACY Forum wrote:
> Meanwhile, the trend towards search engines wanting to keep track of the
> links you select seems to be spreading. As reported earlier, the Netscape
> "What's Related" system already does this. Now it appears that "Hotbot" has
> begun doing something similar. The link choices returned are clearly
> routing back through Hotbot, even though the plain text versions of the URLs
> in the displayed summary information show direct addresses without the
> Hotbot redirection.
Dejanews does this as well. If a document contains a URL, it will be
displayed as the straight URL, but clicking on it takes you to (for
example) http://x9.dejanews.com/jump/http://www.tux.org/ .
-andy
--
Andy Isaacson adisaacs@mtu.edu adi@acm.org Fight Spam, join CAUCE:
http://www.csl.mtu.edu/~adisaacs/ http://www.cauce.org/
[ The trend towards "trapping" of selected URLs in this manner
clearly seems to be expanding. Of course, there's no way to judge
(externally) whether such actions are used only to maintain a
numerical count of persons choosing a URL, or whether more
detailed data on the users choosing these links are also archived
and/or cross-referenced with other data.
-- PRIVACY Forum Moderator ]
------------------------------
Date: Thu, 5 Nov 1998 10:32:45 -0800
From: Klaus Rieckhoff <k_rieckhoff@sfu.ca>
Subject: Swedish (and EU) privacy protection provisions
Forwarded message:
Sender: Lars Aronsson <lars@aronsson.se>
Subject: Re: CPSR-GLOBAL digest 928
Steven Clift wrote on DO-WIRE (?), quoted on CPSR-GLOBAL:
> Today I was attempting to access an e-mail list archive for the
> OldNorseNet <http://www.hum.gu.se/arkiv/> and ran into this:
>
> Our discussion lists archive
>
> 1998-10-24.
> Due to a new swedish law (harmonizing to the EU directives)
> we are no longer allowed to publish archives of our
> discussion lists. This will be a severe obstacle for the
> democracy and the free debate.
This statement is obviously the result of the webmaster's (or list
administrator's) own interpretation. There is a new law in Sweden,
and it is much debated, but I have not heard any news of any verdict
or even an interpretation from the responsible Swedish governmental
agency in the direction described above.
On the referenced URL, there is also a logotype of a political
campaign against this new Swedish law ("R=F1r inte mitt Internet", Don't
touch my Internet). This campaign is launched by Bitos
(http://www.bitos.org/), a Swedish non-profit organization for issues
concerning Internet content providers. The campaign is also applauded
by the Electronic Frontier Sweden (http://www.efs.se/), an independent
branch of the EFF, where much of the current debate is taking place.
The way "legal harmonization" works in the European Union (EU), is
that the European Commission (EC) writes up a "directive" that each
member country has to implement in its national legislation. This new
Swedish law is intended to implement a EC directive on privacy. The
idea seems to be that companies should not be allowed to store and
sell your address, and other data pertaining to you, without your
consent. This sounds fine in principle, but the rest is a matter of
interpretation. For example, the language of the Swedish law does not
make any difference between "companies" storing personal data about
individuals and individuals storing data about other individuals, or
even individuals storing information about the government.
If I happen to mention that the name of the Swedish prime minister is
Goran Persson and the fact that he is rather FAT, then this is
personal information, which I hereby store in my computer and even
export to countries outside the EU, thus making me a criminal, as I do
not have his consent. I think you see the problem.
In order to avoid stupid questions, or at least postpone them, the
Swedish Database Inspection Agency (http://www.din.se/), which has to
supervise the implementation of the new law, has declared that systems
already in use before the enactment of the new law (ten days ago),
will be allowed to continue for a transitional period of three years.
This of course is not very reassuring for the average Internet user.
And nobody seems to know what will happen after these three years.
Surely, life goes on as normal in Sweden. The referenced URL is one
of very few examples where people actually cared to abide by this new
law. Members of the Swedish parliament, from all political parties,
are currently busy writing bills to withdraw the new law, even though
they voted in favor of it, not too long ago.
I hereby give my consent to store and export the personal data below.
Lars Aronsson.
--
Aronsson Datateknik tel +46-70-7891609
Teknikringen 1e tel +46-13-211720 lars@aronsson.se
583 30 Link=F1ping, Sweden fax +46-13-211820 www.aronsson.se
---- End of Forwarded Message
Klaus E. Rieckhoff, Ph.D.,LlD.(h.c.), Professor Emeritus,
Department of Physics, Simon Fraser University
------------------------------
Date: Tue, 27 Oct 1998 16:32:59 -0500
From: antunes@xeno.gsfc.nasa.gov (Sandy Antunes)
Subject: NW Frequent Flyer Miles are publically accessible-- and usable
Flyers beware-- I've run into a severe privacy/security hole in
Northwest's frequently flyer program, "WorldPerks"-- one that NW is
not interested in changing.
The short summary is, it seems anyone who knows your phone number can
use your Northwest "WorldPerks" frequent flier miles to get an
E-ticket issued in their name with your miles (or can simply find out
your mileage balance). This is intentional, by design.
I found this out when my mother was able to upgrade a "gift" ticket I
gave her to First Class-- using my miles-- without my authorization.
It turns out that it doesn't even have to be a relative or someone you
got a ticket for-- just someone who knows your phone number.
The record of this transaction (a receipt) is provided as the only notification
of the transactions. Tickets issued can be for travel as soon as 4 days in
the future (at which point the receipt is FedExed or faxed) or over 14 days
in the future (receipt is just sent postal mail). In my case, 3 weeks
passed between the ticket request and arrival of a receipt.
The privacy concerns are this:
- anyone can get your frequent flyer mileage balance knowing only your
phone number,
- anyone can deplete your mileage balance with malicious intent, knowing
only your phone number, and
- the only sign that a ticket was issued is a receipt mailed by post,
so people with open mailboxes, people changing addresses, people
on vacation, bosses with secretaries, and people with housemates
are easy prey to having their miles stolen without knowing.
Unlike credit card fraud, NW does not consider banked miles as currency,
and it is the account holder's responsibility to find and file fraud
charges against the ticketholder. 1st line managers have the option of
waiving the $35 'rebank' fee if you wish to cancel such a ticket, if
the flight has not already occurred.
The most likely safeguard-- that only the person who ownes the frequent
flyer account can request a ticket be issued-- is not something NW will
consider. Quothe Jay (with permission), "The system is a great system,
and it works, and we don't have problems with it. You're taking a
situation that happened to you, and trying to completely blame it on
Northwest, and I don't appreciate it."
So, your account information is available to anyone who has access to
a phone book (a privacy concern), the actual balance can be tampered
with by same (an authorization risk), and catching such deeds is the
responsibility of the account holder (verification after the fact).
"Some People Just Know How to Fly", indeed.
Sandy Antunes
antunes@xeno.gsfc.nasa.gov
------------------------------
Date: 9 Nov 1998 15:52:00 +0300
From: "Jaakkola Joel" <joel.jaakkola@lm.vn.fi>
Subject: Crypto policy in Finland
The Ministry of Transport and Communications of Finland gave today an
international press release which may be of interest to you. It outlines the
national cryptography policy in Finland. As you have an extensive mailing
list of experts in this field, you might want to consider to share this
information with them. I would be grateful if you did. For further
information, please do not hesitate to contact me.
Sincerely,
Joel Jaakkola
legal adviser
Ministry of Transport and Communications, Finland
t. +358 9 1609151
f. +358 9 1602588
e. joel.jaakkola@lm.vn.fi
****
9.11.1998
Finland Announces a National Cryptography Policy
The Ministry of Transport and Communications of Finland published the
national cryptography policy in English on the Internet. The policy was
agreed by the Finnish Government on October 7th, 1998.
The Government was unanimous that nationally there should be no restrictions
on the use of strong encryption for confidentiality purposes. There should
be no mandatory key recovery systems either, at least not provided for by
law. Businesses and private persons should be encouraged to use voluntary
key management systems. However, they are not obliged to do so by law and
there will be no special privileges or rights offered by public authorities
for that purpose.
With regard to exports and export restrictions, Finland observes those
arrangements to which it is internationally committed. However, with regard
to reform of control lists and procedures Finland's aims are to examine the
restrictions on cryptographic products so that control lists correspond to
technical development, and to ensure that the necessary restrictions will
not unreasonably impede normal foreign trade of industry and businesses.
The complete policy can be found on the website
http://www.vn.fi/lm/telecom.htm. The policy guidelines and the accompanying
memorandum were prepared by the Ministry of Transport and Communications in
close consultation with other ministries and law enforcement authorities.
The ministry has also noted the remarks made by the industry.
Furthermore, a proposal for a new law on privacy in the telecommunications
sector is being studied by the Finnish Parliament. The law, which is to
enter into force in the coming months, would provide everyone for the right
to use any technical means available to ensure the confidentiality of his or
her telecommunications messages.
------------------------------
Date: Mon, 23 Nov 1998 08:05:06 -0500 (EST)
From: C Matthew Curtin <cmcurtin@interhack.net>
Subject: Public utilities' use of social security numbers
My story is not new. But it is annoying. Perhaps it's annoying
because it is so routine.
Establishing service with a public utility can be quite the hassle if
you are the sort who wisely prefers not to divulge your social
security number (SSN). For the most part, I've been able to work
around this "requirement" by simply refusing steadfastly.
When I attempted to establish new electrical service via telephone
with American Electric Power in central Ohio, I was asked for my SSN.
I declined to give it, and then was told that there's no reason to
worry. I was told that SSNs are used only to do credit checks, and
aren't stored in the computer. I was told that there isn't a way
around this, except that if I prefer to give my SSN by letter or in
person, I may do so. But the SSN is a requirement.
(It's noteworthy that laws regarding what may and may not be done with
SSNs apply only to government entities. AEP, though a public utility,
is a private entity. See the SSN FAQ for details.)
I asked to speak to a supervisor person. I told the supervisor person
that I wanted to establish new service, and that I absolutely refuse
to divulge my SSN. (What am I going to do? Run up a month's bill and
skip the country?) She suggested that I could make a deposit, which
is what they require of those with bad credit, and after the service
has been established a while (12 months), my deposit will be returned.
This seems reasonable to me, and I did this when first establishing
telephone service with Ameritech.
However, the deposit cannot be added to my first month's payment, as
was done with my first Ameritech phone bill. I needed to actually go
in person, and they told me to bring my driver's license. (Hmm.)
When I did, I sat in there, answering the questions to establish the
service, check in hand. I watched the clerk's fingers, and when I saw
her typing the SSN (until recently, it wasn't possible to get a
driver's license without having your SSN printed on the card in Ohio),
I stopped her and told her I don't want my SSN in the computer. She
didn't give me any hassle at all, backed up, and put 9s through the
SSN field.
We were done, and in the end, I didn't even need to make my deposit.
Lessons learned:
o Bureaucrats aren't generally familiar with the less-routine rules
of the system, and will tell you there are no options when there
are none.
o Systems in which bureaucrats work are designed for the efficiency
of the organization, even if it comes at the expense of the
customer's privacy.
o People will make assurances that "everything is OK" and try to give
the customer warm fuzzies when they have absolutely no basis for
assuring safety or privacy. The "it's not even in the computer"
remark is especially disturbing. Clerks might not be able to see
it, but I do not believe any assertion that SSNs are purged from
the system. If they're interested in checking credit, they're also
interested in reporting collection problems.
o Organizations train their employees to make assumptions (like it's
OK to require SSNs, and just take it off of a license, without
asking).
I am not pleased how assertive I have to be in order to maintain any
level of privacy in dealing with these huge organizations. As we see
these utilities begin to deregulate, you might want to give
consideration to how the utilities in question have respected your
privacy when it comes to decide if you want to keep using their
service.
--
Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/
[ Since establishment of credit is not a "right," credit checks in
such situations are of course very common, and whether one likes it
or not the SSN is really the only universal identifier that can be
used to access the credit reporting databases as they exist
today. Nor is it necessarily clear (at least in the short term)
how to replace the SSN in such applications without creating
another identifier of similar scope. So it's difficult to fault
the utility for their use of SSN for their "standard" credit check
in this situation, given the state of the real world. As you
point out, however, it is very unfortunate that you needed to
effectively jump through hoops to avail yourself of the
alternative payment method that did exist. If such alternatives
are not simple and direct to use, their usefulness becomes greatly
degraded and they can have various negative consequences.
-- PRIVACY Forum Moderator ]
------------------------------
Date: Mon, 16 Nov 1998 15:47:07 -0500
From: Jessica Botta <jbotta@nmpinc.com>
Subject: ACLU Special Web Collection on 'Civic Morality'
The ACLU on Morality:
Special Web Collection On 'Public Morality' Launched
<http://www.aclu.org/morality>;
The American Civil Liberties Union this week launches a special Web site
aimed at provoking discussion over what constitutes public "morality" in
America.
The new Web collection -- which can be found at:
<http://www.aclu.org/morality>; -- includes an interactive survey, links to
special faxable letters to Congress and the ACLU's new National Freedom
Scorecard. Additional features will be added over the next several weeks.
The Web collection is an online counterpart to a year-long awareness
campaign on the same topic that has been running in The New York Times and
other publications since February. Each of the advertisements in that
campaign -- all of which are featured as part of the Web collection -- has
contained a brief message from ACLU Executive Director Ira Glasser on
topical subjects ranging from the war on drugs to religious freedom to
government intrusions in the bedroom.
"Some people may be surprised that the ACLU is talking about morality,"
Glasser said. "But we believe it is crucial to counter the voices of people
like Pat Robertson, like Jesse Helms and Pat Buchanan. They want to use
government power to tell you how to live your life.
"They've whined about the 'moral decay' of our society. They've said people
shouldn't be allowed to make their own sexual choices. They've tried to have
government force particular religious views down our childrens' throats in
public school. And they've tried repeatedly to censor books, libraries and
the Internet," Glasser added.
The ACLU campaign is designed to encourage people to think back to the moral
principles upon which our nation is founded: what used to be called 'civic
virtue' as opposed to personal virtue, which, Glasser said, is usually none
of the government's business.
"The ACLU believes that the morality of a nation is measured not by what
occurs in the privacy of our bedrooms or doctor's offices or telephone
conversations, but by how the government treats its people," Glasser said.
"Through this Web collection, we hope to offer a vision of a world where
it's safe to be different and easier to be free."
The ACLU is a nationwide, non-partisan organization dedicated to defending
and preserving the Bill of Rights for all individuals through litigation,
legislation and public education. Headquartered in New York City, the ACLU
has 53 staffed affiliates in major cities, more than 300 chapters
nationwide, and a legislative office in Washington, D.C. The bulk of its $35
million annual budget is raised by contributions from members -- 275,000
strong -- and gifts and grants from other individuals and foundations. The
ACLU does not accept government funds.
The new Web collection can be found at:
<http://www.aclu.org/morality>;
------------------------------
End of PRIVACY Forum Digest 07.19
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.