Date: Mon, 27 Apr 92 17:12:12 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#001 Computer Privacy Digest Mon, 27 Apr 92 Volume 1 : Issue: 001 Today's Topics: Moderator: Dennis G. Rears 1st issue of the digest Re: For savings we can count on our finers CPSR Sues NIST for DSS Info Federal law and SSNs Should political speech be censored online? More on US West and CallerID in Colorado Report on Privacy & US West's "Community Link" Gateway All the Myriad Ways... Re: Cordless phones The Computer Privacy Digest is a a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Mon, 27 Apr 92 17:00:57 EDT From: Computer Privacy List Moderator Subject: 1st issue of the digest This is the first issue of the Computer Privacy Digest (CPD). I just want to mention a couple of things to both the old readers of the Telecom Privacy Digest and to new readers. The Computer Privacy Digest (CPD) evolved from the telecom-priv list which no longer exists. Some of the items in this digest started in the Telecom Privacy digest. The digest was also known as telecom-priv. The CPD is distributed as a digest to an email list (comp-privacy). It is distributed to the USENET newsgroup, comp.society.privacy as individual news items. I anticipate a large number of users will want off the mailing list due to the availablity of the forum on USENET. It might take me a few days to catch up. I will ACK all requests. I initially plan (depending upon volume) to publish a digest per day. Dennis -------------------------------------------------------------------------- Dennis G. Rears MILNET: drears@pica.army.mil UUCP: ...!uunet!cor5.pica.army.mil!drears INTERNET: drears@pilot.njin.net USPS: Box 210, Wharton, NJ 07885 Phone(home): 201.927.8757 Phone(work): 201.724.2683/(DSN) 880.2683 ----------------------------------------------------------------------------- ------------------------------ Date: Thu, 23 Apr 92 07:01:53 EDT From: Dave Niebuhr Subject: Re: For savings we can count on our finers In Volume 4 : Issue 043 sorensen@spl.ecse.rpi.edu (Jeffrey Sorensen) writes: [Moderator's Note: This thread originated in the original telecom-priv forum. ] >New York state's legislature is currently debating a proposal that would >require Medicaid recipients to carry a photo ID and to be fingerprinted. While >I think the proposal has a number of risks, for example amputees could >experience _another_ cutback... > >Seriously, this week's _Legislative Gazette_ (Apr 6 '92) amusingly demonstrates >the risks of leaving politics to the politicians. Here are some of the >insights: > ... text deleted ... > >So there you have it, a system that will catch somewhere between 11% and 0.8% >of the total fraud for the bargain price of $2 million a year plus the setup >fee. Shouldn't we have a better estimate if we are going to measure the >benefits of the system? > Typical of the idiotic New York Legislature. No brains at all. >Further, I wonder how much saving can be attributed to the effectiveness of the >system and how much is due to the perceived effectiveness of the system. There >is this "scarecrow" effect that may not last in the long run. Perhaps some >people will find work arounds. Perhaps New York should install a fake >fingerprinting system with fake computers and fake databases at a lower cost >and still get the same savings. Plus none of the civil liberties risks... Currently, there is a non-driver ID that is obtained at the Department of Motor Vehicle Offices. Getting one of these or a driver's liscense is a pure hassle and if the Legislature goes through with this. Guess where they'll probably have this done? If anyone thinks Congress is screwed up, I'll trade legislatures with them anytime at all. Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ From: David Sobel Date: Wed, 22 Apr 1992 18:48:35 EDT Subject: CPSR Sues NIST for DSS Info >From Remote CPSR Sues NIST for DSS Info Computer Professionals for Social Responsibility (CPSR) filed suit today against the National Institute of Standards and Technology (NIST) and the Department of Commerce, seeking disclosure of "all documentation and research materials that NIST used and/or developed to evaluate technology in choosing a digital signature standard." The Freedom of Information Act case was filed in the U.S. District Court for the District of Columbia. NIST published a notice announcing its proposed DSS last August and solicited public comments on the proposal. CPSR asked the agency to release the requested information to facilitate a more informed public discussion of the standard. The National Security Agency has since acknowledged that it played a leading role in the development of the proposed DSS. NIST has refused to release the requested records on the grounds that disclosure would interfere with the agency decision- making process and reveal proprietary information contained in pending patent applications. David Sobel Legal Counsel CPSR Washington Office ------------------------------ From: "John M. Joy" Subject: Federal law and SSNs Date: Thu, 23 Apr 1992 17:49:21 -0400 Would anyone happen to have the section of U.S. Federal law handy (presumably some part of PPRA) which requires institutions normally using an individual's Social Security account number as identifier to use a GenSym identifier instead, on the request of the individual? I had to go through roughly a half-day's worth of hassle to become one of the handful of personnel at this institution of forty-odd-thousand to have an ID number that's NOT my SSN, and even now, several months later, have work-study students and sundry other peons telling me that my ID number is "temporary" and not wanting to provide me services. JMJ ------------------------------ From: "Glenn S. Tenney" Subject: Should political speech be censored online? Date: Fri, 24 Apr 92 06:59:17 GMT Before this newsgroup was formed I posted a few items to the moderator of the mailing list. These postings announced my online candidacy to the U.S. Congress *and* raised the issues in my platform that we need more access to information, more and better uses of technology, etc. The moderator refused to allow these postings to be delivered to the mailing list claiming that since he works for/at the Arm the Hatch Act precluded him from campaigning. After checking with the Office of Special Counsel (who is in charge of administering the Hatch Act for the Federal Government) the staff assured me that there would be no violation of the Hatch Act, yet the moderator still refused to allow my postings to go out. In the moderator's announcement of this newsgroup he says: " This newsgroup is to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. This newsgroup will be gatewayed to an internet mailing list. I welcome any and all submissions that deal with the effect of technology on privacy." When should a moderator censor postings to this newsgroup? Should the moderator even BE a Federal employee if there is possibility of restrictions on article submissions imposed by the government (or his superiors)? Isn't this medium of a moderated newsgroup/mailing-list more analogous to the moderator being a letter carrier? etc. etc. What do you think? Glenn Tenney Democratic Candidate, U.S. Congress 12th Congressional District tenney@netcom.com (415) 574-2931 And, yes, this posting was paid for by the Glenn Tenney For Congress Campaign Committee just like any other commercially accessible Unix system -- at the time when it was entered into the network. [Moderator's Note: I was the moderator of telecom-privacy. A couple of points: His submission was an announcement and a copy of his platform. To me there was little difference between his submission and advertising which is generally prohibited from the net. If a third party would have sent me something along the lines of "There is a candidate running on privacy issues and he believes in this and that" I probably would have publish it just like if a third party likes to reccommend something in misc.consumers. Dennis ] ------------------------------ Date: Thu, 23 Apr 92 19:38:56 -0700 From: Peter Marshall Subject: More on US West and CallerID in Colorado The 4/14 issue of COMMUNICATIONS DAILY noted that "Colo. PUC last week approved one-year trial Caller ID tariff for US West. But RHC didn't like conditions and said it would withdraw tariff for all...(CLASS)[services], move that PUC then challenged." According to the telecom trade journal, the PUC required free, default, per-line blocking for nonpub and unlisted users, with others able to choose a form of blocking for a 6-month period. The article cites a Colorado Commissioner's statement that US West had provided no proof that services wouldn't be profitable without line blocking. The company, however, withdrew the entire set of services, including Call Trace; and the PUC disputed US West's application to withdraw the tariff, asking for a legal opinion. Another Commissioner termed US West's actions "deeply upsetting," amnd the PUC indicated it would also have to take a "new look" at the RHC's rates, because of linkage between introduction of CLASS services and development of Signaling System 7. ------------------------------ Date: Thu, 23 Apr 92 19:16:36 -0700 From: Peter Marshall Subject: Report on Privacy & US West's "Community Link" Gateway On 4/17/92, the Minnesota PUC issued a "Notice Soliciting Comments on Report of the Advisory Panel on Privacy Issues Related to Community Link Videotex Gateway Service." According to the PUC's Notice, they had granted CLM Associates authority to provide videotex gateway service in Minn. on 12/4/92, in an Order that had aslo invited parties filing comments to participate in an Advisory Panel "to examine privacy issues raised by the Community Link service offering." The PUC had also asked the Dept. of Public Service to chair this panel and report back to the PUC. On 4/6/92, the panel submitted a report to the PUC, who put the report out for comment on 4/17/92. Initial comments are due by 6/1/92, with reply comments due one month later. The DPS coordinator for the panel informed the PUC that while the panel was in process, CLM Assocs. had written to a number of ISPs, or Information Service Providers, "advising them of issues before the panel." Written comments were received from five of these ISPs. Examples follow: On "Community Link User Mailing Lists and ISPs' Use of Information Obtained Directly from the End User": "follow generally accepted business practices now used in...Minnesota regarding mailing lists and end user information." On "Consumer Notification of Online Privacy Standards": "ISP's using Community Link will have differing policies regarding reuse of consumer provided information." On "Mailing Lists of Community Link Customers": "If there is a regulation concerning checkoffs for receiving direct mail then it should be a negative checkoff." On "information I obtain from customers": "The questions you raise are aleady being addressed in Federal regulations.... some 60,000 pulic computer systems..., including at least 500 in Minnesota,...have for the past 10 years been routinely offering these same servicves over the public voice telephone network...." On "the privacy notification": "the best place for it is in the printed materials.... Placing it on the on line screens causes teh customer a lot of extra expense...." On "User Mailing Lists": "Community Link and...all serious public videotex services...would suffer if US West were not allowed to share the names of Community Link users with Community Link ISPs.... a 'negative checkoff procedure'...should be offered." On "ISPs' Use of Information Obtained Directly from the End User": it was our understanding that individual ISPs and the Service Bureaus that hosted ISP services could collect the names and addresses of users..., but not share the names and addresses with any other entity...without the express permission of the individual users.... However, there is no denying that this constrains the development of privately-owned public videotex information services; it is important to remember...that any any extra barriers...have the effect of locking out independent ISPs...and leaving the field open to the larger...companies(Prodigy, CompuServ, etc.)." On "Consumer Notification of Online Privacy Standards": "the Commjnity Link Guide should carry printed information stating that...users' names and addresses will be passed on to third parties unless an individual user specifically requests otherwise...." On "how...users will be identified to Service Providers": "so long as usage and cost are not mandatory, there is not much of a protection issue.... Requiring permission creates a signficant hurdle...at the start of the sales process. This will severely retard the development of information services." On "use of information by SPs": "The ISP(or direct marketer)has reasonably free use of the information unless requested by teh customer." On the other hand, comments by the Minn. Dept. of Admin. differed from those of the IPs, wich included Minitel Services Co. and GPT Videotex, a GE of England affiliate. E.g., this state agency asked "If a compnay wants to increase teh value of its lists why doesn't it offer folks who appear on those lists some financial advantage to do the positive check off?" The agency also stated "Clearly, the information gathered from the use of these services should be restricted," and that "A privacy notice buried in a user's guide may not be effective communication." Community Link now operates in Minn. and Nebr. and is scheduled for Seattle in late-92 or early 93. CLM, or Community Link Minitel, is a joint venture of US West and Minitel. Material from the Advisory Panel report will be forthcoming. Peter Marshall -- ------------------------------ Path: watyew!rmgreen From: rmgreen@watyew.uwaterloo.ca (Ronald M. Green) Subject: All the Myriad Ways... Date: Sat, 25 Apr 1992 01:00:34 GMT Hello! Well, where to start? As a Canadian who has long been enamoured of surveillance and information technology - the result, I suspect, of a fascination with the field of the private investigator (and my place in it) - I think that the only regret I have about this group is that is didn't exist even earlier. A late start, but what the hey... I'll leap back in after I see what major threads people want to develop, but a few obvious suggestions (touched on in the "Keywords" line) include: Scanners (radio monitors for "private" (laugh) frequencies) Phone Phreaking (by-passing of telephone protocols and fees) Micro-Mikes (the world of bugging and tapping) Net-Watching (tracking folks through their Net activities) Of course, there is much more to the field, but like I said, I'll let other folks develop the initial threads. I think I'm going to enjoy this...and now, if you'll excuse me, I think I'm going to indulge in some recreational scanning for a while... Be seeing you! - Ronald M. Green - ------------------------------ From: Craig "Powderkeg" DeForest Subject: Re: Cordless phones Date: 27 Apr 92 03:08:35 GMT Followups-To: comp.society.privacy >In article mla@pilot.njin.net (Marc L. Appelbaum) writes: >>I've been reading all these msgs about cellular phone calls. I just >>don't see why anyone would want to monitor cellular phone calls. Yes, > [stuff about tabloids & privacy] But it's none of your business! Damn it! Those photons are hitting *me*! They're *MINE*. I'll do whatever the hell I want with *my* photons, regardless of the law. I firmly believe in privacy -- I won't go looking into people's houses, or tapping their phones, or whatever. But, if you want privacy, you *don't* shout so that everyone within ten miles can hear it. If you want privacy, you don't broadcast your conversation. If people don't want me to hear their conversation, they ought not to be shooting photons at me! followups elsewhere; this ain't folklore anymore. -- Craig DeForest: zowie@banneker.stanford.edu *or* craig@reed.bitnet ---------------------------------------------------------------------------- "So, if you guys make a living looking at the SUN, why do you spend so much time at the SYNCHROTRON, working UNDERGROUND at NIGHT?" ------------------------------ End of Computer Privacy Digest V1 #001 ******************************