PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest      Sunday, 20 December 1998      Volume 07 : Issue 21

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         http://www.vortex.com 
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
                  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
        Privacy Discussions Classified as a "Criminal Skill"
           (Lauren Weinstein; PRIVACY Forum Moderator)
        New Proposed Bank Account Monitoring Regulations
           (Lauren Weinstein; PRIVACY Forum Moderator)
        A Dangerous New Problem with Supermarket Banking
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Arrest puts jury-selection form on trial
           (Bill Fason)
        High Court Strikes Down Iowa's Traffic Stop-and-Search Law
           (Monty Solomon)
        Call for Proposals - CFP 99 (David Banisar)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 07, ISSUE 21

     Quote for the day:
         
        "I never joke about my work, 007!"

           -- 'Q' (Desmond Llewelyn)
              "Goldfinger" (United Artists; 1964)

----------------------------------------------------------------------

Date:    Wed, 16 Dec 98 12:25 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Privacy Discussions Classified as a "Criminal Skill"

Greetings.  Is discussing privacy in the PRIVACY Forum a criminal skill?
According to one widely used commercial web filtering tool, the answer was
yes!  The controversy over software to block access to particular sites,
based on perceived content, has been continuing to rage.  Attempts to
mandate the use of such software in environments such as libraries and
schools have raised a variety of serious concerns.  In addition to fairly
straightforward freedom of speech issues, another factor revolves around
how accurate (or inaccurate) these filtering systems really are.  

I've now seen firsthand that errors by a filtering system can indeed be quite
serious, an event that seems to certainly validate some of these concerns.
But there is something of a silver lining to the story, as we'll see later.

I recently was contacted by someone at a large corporation, who was trying
to reach the PRIVACY Forum web site, which is constantly being referenced by
individuals and commercial, educational, government, and other sites around
the world.  This person was upset since whenever they attempted to reach
the http://www.vortex.com site and domain that hosts the PRIVACY Forum,
their web software blocked them, informing them that the block was in place
due to the site being categorized as containing "criminal skills."  

As the webmaster for the vortex.com domain, this certainly came as news to
me.  The message they received didn't give additional information--they
didn't even know exactly where it came from.  It was apparent though, that
the entire organization was probably blocked from reaching the PRIVACY
Forum, since the filtering software in question was affecting a main
firewall system.

After a number of phone calls and discussions with the system administrator
for that organization, the details began to emerge.  The company was running
a filtering software package from Secure Computing Corporation of San Jose,
California.  This package received weekly updates of blocked sites in a wide
variety of categories, one of which was "criminal skills."  

The administrator had no idea what rationale was used for these decisions,
they just pulled in the list each week and applied it.  He immediately placed
vortex.com on a local exception list so that it would no longer be blocked to
their users.

I then turned my attention to Secure Computing.  After a number of calls, I
found myself speaking with Ken Montgomery, director of corporate
communications for that firm.  He confirmed the information I had already
received.  The filtering product in question ("SmartFilter") was apparently
not being marketed to individuals, rather, it was sold to institutions,
corporations, etc. to enforce filtering policies across entire entities.
The product covers a wide range of information categories that users of the
software can choose to block.  He said that the majority of blocked sites
were in categories involving pornography, where there was (in his opinion)
no question of their not belonging there.  

The "criminal skills" category reportedly was broadly defined to cover
information that might be "of use" to criminals (e.g. how to build bombs).
He had no explanation as to why my domain had been placed in that list,
since by no stretch could any materials that are or have ever been
there fall into such a categorization.  He did discover that the
classification of my domain had occurred over a year ago (meaning
other sites could have been receiving similar blocking messages for
that period of time when trying to access the PRIVACY Forum) and
that the parties who had made the original classification were no longer
with their firm--so there was no way to ask them for their rationale.
(All of their classifications are apparently made by people, not
by an automated system.)

However, it seems likely that the mere mentioning of encryption may have
been enough to trigger the classification.  The administrator at the
organization that had originally contacted me about the blocked access, told
me that the main reason they included the "criminal skills" category in
their site blocking list was to try prevent their users from downloading
"unapproved" encryption software.  This was a type of information that he
believed to be included under the Secure Computing "criminal skills"
category (the "logic" being, obviously, that since criminals can use
encryption to further their efforts, encryption is a criminal skill).  He
also admitted that he knew that their users could still easily obtain
whatever encryption software they wanted anyway, but he had to enforce the
company policy to include that category in their blocking list.

As PRIVACY Forum readers may know, no encryption software is or ever has
been distributed from here.  The topic of encryption issues does certainly
come up from time to time, as would be expected.  For the mere mention of
encryption in a discussion forum to trigger such a negative categorization
would seem to suggest the fallacy of blindly trusting such classification
efforts.

Mr. Montgomery of Secure Computing initially suggested that it was up to
their customers to decide which categories they wanted to use in their own
blocking lists--he also stated that as a company they were opposed to
mandatory filtering regulations.  I suggested that such determinations by
their customers were meaningless if the quality of the entries in those
categories could not be trusted and if errors of this severity could so
easily be made.  I felt that this was particularly true of a category with
an obviously derogatory nature such as "criminal skills"--the ramifications
of being incorrectly placed into such a category, and then to not even
know about it for an extended period of time, could be extreme and very
serious.

To their credit, my argument apparently triggered a serious discussion
within Secure Computing about these issues.  I had numerous subsequent
e-mail and some additional phone contacts with Mr. Montgomery and others
in their firm concerning these matters.  First off, they apologized
for the miscategorization of vortex.com, and removed it from the
"criminal skills" category (it was apparently never listed in any
other of their categories).  

Secondly, they have agreed with my concerns about the dangers of such
miscategorizations occurring without any mechanism being present for sites
to learn of such problems or having a way to deal with them.  So, they will
shortly be announcing a web-based method for sites to interrogate the Secure
Computing database to determine which categories (if any) they've been
listed under, and will provide a means for sites to complain if they feel
that they have been misclassified.  They've also suggested that their hope
is to provide a rapid turnaround on consideration of such complaints.

While by no means perfect, this is a step forward.  I would prefer a more
active notification system, where sites would be notified directly when
categorizations are made.  This would avoid their having to 
check to see whether or not they've been listed, and needing to keep
checking back to watch for any changes or new categorizations.  If more
filtering software companies adopt the Secure Computing approach, there
would be a lot of checking for sites to do if they wanted to stay on
top of these matters.  Secure Computing feels that such notifications are
not practical at this time.  However, their move to provide some
accountability to their filtering classifications is certainly preferable to
the filtering systems which continue to provide no such facilities and
operate in a completely closed environment.

So, we make a little progress.  The PRIVACY Forum and vortex.com are no
longer miscategorized and have been removed from all Secure Computing block
lists.  Secure Computing was polite and responsive in their
communications with me, and will establish the system discussed above in
reaction to my concerns.  Web filtering of course remains a highly
controversial topic with many serious negative aspects, but we see that when
it comes to dealing with the complex issues involved, it would be a mistake
to assume that all such filters all created equal.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Wed, 16 Dec 98 12:19 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: New Proposed Bank Account Monitoring Regulations

Greetings.  The FDIC (Federal Deposit Insurance Corporation) has 
opened a comment period for newly proposed rules concerning
collection of information regarding banking customers and monitoring
of their account activities.  Called "Know Your Customer," the program
would require financial institutions to gather data on customer
sources of income, and monitor accounts for suspicious activities
which would be reported to the appropriate authorities.

The FDIC says that there is a two-fold reason for this program.  First, to
protect financial institutions from frauds or other activities which could
put them at financial risk, and secondly, to detect criminal activity.

Rather than establish a detailed set of rules concerning exactly what
information is to be collected, how account monitoring would be carried out,
or what sorts of activities would be reported, the FDIC has rather proposed
an initial set of general guidelines.  Under this plan, financial
institutions themselves would make the detailed determinations regarding
information collection, account monitoring, and reporting.  The proposal
also mentions that there are privacy issues involved with these functions,
but does not propose any specific privacy guidelines or standards.

Parties interested in reading the full text of the proposal, whose
comment period runs through March 8, 1999, can see it at the 
FDIC website, via:

   http://www.fdic.gov/lawsregs/fedr/98knocus.txt

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Fri, 18 Dec 98 11:19 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: A Dangerous New Problem with Supermarket Banking

Greetings.  In my report "Privacy Goes Bananas at Wells Fargo Bank" 
(PRIVACY Forum Digest V06 #7; http://www.vortex.com/privacy/priv.06.07),
I reported on my concerns over privacy problems at supermarket bank 
branches, which are rapidly replacing conventional bank branches in 
many areas.

It has now become apparent that there is a new problem developing with such
branches--they're becoming the favored target of bank robbers.  Here in 
Los Angeles, as traditional bank branches have become vastly fewer in 
number and more greatly fortified to protect bank employees (via bulletproof 
shields and other security measures), bank robberies at those branches have 
declined greatly, after years of growth. 

However, at the same time, what authorities now term "shop 'n' rob" attacks
are becoming increasingly common at supermarket branches, which by their
very nature usually have minimal security.  The risk to shoppers (who
often of course include parents accompanied by children) from this new style
of armed robbery may potentially be very great.

So it appears that as a consequence of the moves by the financial industry
to convert banking into a phase of food shopping, customers might
sometimes end up losing a lot more than their privacy.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Mon, 23 Nov 1998 10:38:08 -0600
From:    Bill Fason <syr@netropolis.net>
Subject: Arrest puts jury-selection form on trial

On November 10, 1998, a potential juror in a capital murder case in was
held in contempt, jailed for 30 days, and fined $500.00 for refusing to
answer a jury questionnaire.  When Harold Crouch was summoned to jury
duty, he did not realize that he would be required to fill out a
statewide-standard juror questionnaire used in capital murder cases. 
(Houston Chronicle, November 22, 1998, p. 6C)

The form asked, no, demanded his full name, aliases, social security
number, driver license number, name of employer, supervisor's name, names
of children, current schools/current employers of children, and other
questions.  

Question 28 inquired whether the potential juror was honorably discharged
from the military.  Questions 32 and 25 requested criminal histories of
relatives and acquaintances, including whether they have even been
arrested or even <italic>accused of a crime. Question 40 asked
for the titles of magazines the subject subscribes to or buys off the
rack. Question 42 asked for the name of the last movie seen.  In
questions 53 and 57, the potential juror was required to detail all
consultations by him or any relatives with any psychiatrists or
psychologists and list all medications now prescribed.  In question 64,
the potential juror was to describe how he knows anyone who has even been
incarcerated.  

Supposedly all answers are to be kept in strictest confidence of the
court, and that only the judge, lawyers, court reporters, and clerks will
have access to them.  One observer asked, "What's the court reporter
doing in the loop if the information is not going into the record?")  Of
course, the lawyers can share the information with their paralegals,
investigators, and jury consultants, who are pledged to keep it
confidential as they analyze the jury pool.

There is no assurance that a potential juror's answers won't come up when
the lawyers question the jury pool in open court.  One can easily imagine
a lawyer asking, "Potential juror number 23, you stated that you are
taking thorazine and were hospitalized five years ago.  Please
elaborate."  Everyone in the courtroom would turn to hear the story,
including the two bike messengers who are filing documents with the clerk
in unrelated cases and the spectators who are just watching until their
case is called across the hall.

Other questions probe the potential juror's attitude towards the death
penalty.  Not only does the State of Texas embrace the death penalty, it
wishes to screen out jurors who oppose it.  

As the fully informed jury movement picks up steam, I am willing to bet
that in the coming years we will see more and more jury questionnaires
designed to help prosecutors ferret out citizens who understand the true
power of juries to judge both the facts and the law.

Bill Fason
Fason and Associates 
Investigations & Judgment Enforcement               
1436 W. Gray #272                       
Houston Texas  77019-4946               
vox 713.524.4767        fax 713.942.8165        
GMT -5                  ICQ 22595834
PGP public key available at www.netropolis.net/syr/

------------------------------

Date:    Wed, 16 Dec 1998 02:29:26 -0500
From:    Monty Solomon <monty@roscom.COM>
Subject: High Court Strikes Down Iowa's Traffic Stop-and-Search Law

Excerpt from ACLU News 12-12-98

     High Court Strikes Down Iowa's
     Traffic Stop-and-Search Law

FOR IMMEDIATE RELEASE
Tuesday, December 8, 1998

DES MOINES -- In a solid victory for the freedom and privacy of all
Iowans, the United States Supreme Court today put an end to the police
practice of arbitrarily searching people stopped for minor traffic
violations. 

The Iowa Civil Liberties Union, one of several groups that filed a
"friend-of-the-court" brief in the case, hailed the unanimous ruling in
Knowles v. Iowa authored by Chief Justice Rehnquist. 

"Iowa's brief experiment with a police state is now, thankfully, over,"
said Ben Stone, Executive Director of the Iowa Civil Liberties Union, a
vocal foe of the tactic. "Iowans can once again enjoy the freedom of
knowing they can drive down the street and not fear being searched by a
police officer if they make an illegal turn or forget to use their turn
signal." 

Today's decision overturns a 5-4 ruling by the Iowa Supreme Court in
1997, upholding the police practice known as "search incident to
citation." Normally, police must either physically arrest someone or
have "probable cause" before they can conduct a search. 

The Iowa court in the Knowles case had said the code of Iowa authorized
police to search people cited with for traffic violations even if they
were not taken into custody, and that such searches were not in
violation of the Fourth Amendment to the United States Constitution. 

The State of Iowa had argued that concerns for officer safety and the
preservation of evidence justified the search tactic. The Court found
both rationales lacking. "Even without the search authority Iowa urges,
officers have other, independent bases to search for weapons and protect
themselves from danger," wrote Chief Justice William Rehnquist. "Nor has
Iowa shown . . . the need to discover and preserve evidence. Once
Knowles was stopped for speeding and issued a citation, all the evidence
necessary to prosecute that offense had been obtained." 

Stone noted that the Court could have waited until June to rule on the
case, but instead issued its decision less than five weeks after oral
arguments. "The Justices' extremely swift reversal reveals both how easy
it was for the Court to find this outrageous affront to liberty
unconstitutional, and how important it was to protect Iowans from any
further violations of their privacy by the police," he said. 

The ICLU, along with the American Civil Liberties Union and the National
Association of Criminal Defense Lawyers vigorously opposed the police
practice in a friend-of-the-court brief authored by Professor Jim
Tomkovicz of the University of Iowa Law School. 

Attorneys Paul Rosenberg and Maria Ruhtenberg of Des Moines argued the
case on behalf of Patrick Knowles, a Newton man stopped for speeding in
1996 and subsequently searched simply because he was receiving a traffic
ticket. He was arrested and sentenced to 90 days in jail after police
found marijuana under his seat. 

------------------------------

Date:    Tue, 15 Dec 1998 15:11:19 -0500
From:    David Banisar <banisar@epic.org>
Subject: Call for Proposals - CFP 99

                Computers, Freedom + Privacy 1999
                    THE GLOBAL INTERNET

                     Omni Shoreham Hotel
                        Washington, DC
                       April 6-8, 1999

CALL FOR PROPOSALS

The Program Committee of the conference on Computers, Freedom, and
Privacy (CFP99) is seeking proposals for the ninth annual CFP,
which will be held in Washington DC between April 6th and April 8th
1999 at the Omni Sheraton Hotel.

CFP is the leading Internet policy conference. For almost a decade,
CFP has shaped the public debate on the future of privacy and
freedom in the online world. The CFP audience is diverse with
representatives from government, business, education, non-profits
and the media. The themes are broad and forward-looking. CFP
explores what will be, not what has been. It is the place where the
future is mapped.

The theme of the 1999 CFP conference is "The Global Internet."
Proposals are welcomed on all aspects of privacy and freedom. The
1999 Program Committee is particularly interested in receiving
proposals that deal with:

        ACCESS TO THE INTERNET, particularly those relating to
        globalization and governance. Of particular interest are
        issues of privacy, censorship, free speech and access.

        INTERNATIONAL ISSUES, especially the emerging issues of global
        privacy protection, encryption policy, international
        principles of human rights, regulation, legislation, and
        copyright.

        ELECTRONIC COMMERCE, including the impact of payment systems,
        regulations, and technical standards on personal freedom and
        privacy.

        CULTURE AND LANGUAGE ON THE INTERNET, such as the significance
        of diversity, multilingualism, and cultural representation

We strongly encourage proposals that involve leading experts,
innovators, policymakers, and thinkers.

The CFP99 Program Committee will finalize the selection of
proposals by February 1, 1999, and all proposals must be received
by January 15, 1999 Please follow the submission guidelines below.


CFP99 PROPOSAL SUBMISSION GUIDELINES

Proposals should be sent by email to proposals@cfp99.org before
January 15, 1999.

Proposals should include the following information:

        1. Presentation Title

        2. Presentation Type (Panel discussion, Luncheon meeting,
        Tutorial, "BOF" Session)

        3. Proposed Length of Presentation (typical CFP sessions are 1
        hour)

        4. Name(s) of Speaker(s), plus brief background description
        for each speaker.

        5. A one to two paragraph description of the Topic and Format,
        suitable for conference brochure and press release.

        6. Complete contact information (email, phone, and mailing
        address). For presentations with more than one speaker, please
        provide contact information for all of the proposed speakers.

For more information on the Computers, Freedom, and Privacy
Conferences, please visit the conference Web page
http://www.cfp99.org. If your have further questions about CFP,
please feel free to contact a member of the Program Committee.


PROGRAM COMMITTEE

Marc Rotenberg, EPIC and ACM, Washington, DC, CFP99 Chair; Carlos
Afonso, Alliance for Progressive Computing, Rio de Janeiro, BRAZIL;
Phil Agre, University of California, San Diego, California; Yaman
Akdeniz, Centre for Criminal Justice Studies, Leeds University,
London, UNITED KINGDOM; Roger Clarke, Australian National
University, Canberra, AUSTRALIA; Tracey Cohen, Centre For Applied
Legal Studies, SOUTH AFRICA; Lorrie Faith Cranor, AT&T
Labs-Research, Florham Park, New Jersey; Simon Davies, London
School of Economics, London, UNITED KINGDOM; David Flaherty, Office
of the Privacy and Information Commissioner, British Columbia,
CANADA; Oscar Gandy, Annenburg School of Communication,
Philadelphia, Pennsylvania; Deborah Hurley, Harvard Information
Infrastructure Project, Kennedy School of Government, Cambridge,
Massachusetts; Joichi Ito, Digital Garage, Tokyo, JAPAN; Stephen
Lau, Privacy Commission, HONG KONG; Paul McMasters, Freedom Forum,
Rosslyn, Virginia; Peter Neumann, SRI, Menlo Park. California; Eli
Noam, Columbia University, New York, New York; Jonathan Peizer,
Open Society Institute, New York, New York; Bruce Schneier,
Counterpane Systems, Minneapolis, Minnesota; Keith Sears, Creative
Artists, Los Angeles, California; Barbara Simon, ACM, Palo Alto,
California; Ross Stapleton-Gray, Electronic Embassy Program,
Arlington, Virginia; Barry Steinhardt, American Civil Liberties
Union, New York; Nadine Strossen, American Civil Liberties Union,
New York, New York; Frank Tuerkheimer, University of Wisconsin,
Madison, Wisconsin


FUNDRAISING COMMITTEE

Rob Kushen, Open Society Institute, New York, New York


PREVIOUS CFP CHAIRS

Jim Warren, Woodside, California (CFP91); Lance Hoffman, George
Washington University, Washington, DC (CFP92); Bruce Koball,
Berkeley, California (CFP93); George Trubow, John Marshall School
of Law, Chicago, Illinois (CFP94); Carey Heckman, Stanford Law
School, Stanford, California (CFP95); Hal Abelson, MIT, Cambridge,
Massachusetts (CFP96); Kent Walker, Netscape Communication,
Mountain View, California (CFP97); Mark Lemley, University of Texas
School of Law, Austin, Texas (CFP98)

MORE INFORMATION

      proposals@cfp99.org
      info@cfp99.org

      http://www.cfp99.org/

------------------------------

End of PRIVACY Forum Digest 07.21
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.