Date: Sat, 12 Sep 92 12:30:36 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#077 Computer Privacy Digest Sat, 12 Sep 92 Volume 1 : Issue: 077 Today's Topics: Moderator: Dennis G. Rears Re: SSN as College ID Re: Teletrac Re: Databases & Ethics The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: "Glenn S. Tenney" Subject: Re: SSN as College ID Date: Tue, 8 Sep 92 18:43:53 PDT My son went to a local junior college last summer. Of course, they wanted his SSN for his ID#. Equally obviously we refused. They kindly assigned him a number and questioned why giving it out would bother us -- it is confidential 'you know'. They posted class lists on each classroom door and... You guessed it... These printed lists included names and SSNs! Some confidentiality!! btw. My son is 15, so I was there and able to firmly request his SSN not be used. I would think that most people would just give in. -- Glenn Tenney AA6ER voice: (415) 574-3420 fax: (415) 574-0546 tenney@netcom.com ------------------------------ Date: Tue, 8 Sep 92 18:57 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: Teletrac From: "K. Kadow" writes: > I was talking to a local police officer (chicago metro. area) and he > said that they are now endorsing Teletrac instead of the Lo-Jack > system. > > The console for the Teletrac system includes functions to > activate the automobile transmitter remotely, So how long is it going to be before such devices will be a mandatory part of each automobile sold in the US? And when can we expect laws that make it a felony to disable even your own unit? It is a law enforcement dream: if you want to know the whereabouts of anyone, you can at least keep track of his car from a convenient central location. Computers could even be used to record the movement of each automobile and save that information indefinitely. The suspect claims he went to the grocery store the evening of the 12th? Just pull up the records and see. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 john@zygot.ati.com | San Jose, CA 95150 | M o o ! ------------------------------ From: Dan Sorenson Subject: Re: Databases & Ethics Organization: Iowa State University, Ames IA Date: Sat, 12 Sep 1992 01:04:11 GMT hughes@swine.cs.uiuc.edu (Eric Hughes) writes: >I think this is a good topic for this group. I think that more money is spent >on research which may violate privacy than on reasearch for appropriate limits >to privacy. I changed the cross-posting to take out comp.databases.ingress, and added comp.society.privacy -- the extra help there should be beneficial. >I'd like to see researchers in the area of databases take the initiative in >this area. I think the problem can be divided into two questions: > 1. What are the limits of privacy? A question that has been debated in the halls of government, academia, and in local taverns around the world. I kind of like the idea of what a "reasonable" person would consider the limits, as this allows the law to reflect public sentiment as societal mores change. I don't think anybody needs to know the details of my sex life, for example, and the reasonable person would agree. However, my police record may be quite necessary information for certain things, and hence could be viewed when it is reasonable to do so. Such situations might include being hired for a particular job, or when purchasing a handgun. It is not anybody's business when I'm purchasing groceries. "Reasonable" is also flexible. The danger here is to keep government and police from doing what they see as reasonable; my long hair may justify, to them, the reasonable conclusion tha I'm some sort of societal threat and need to be kept under constant surveillance. It requires some restraint on the part of everybody. > 2. How do we make database applications that respect these limits? We don't. Simply, this is not a design problem as I see it. It is a policy problem. Any database application is just there for storing information in a manner that makes it easy to retrieve according to some criterion. One should not design the application to not store the information or to make it impossible to retrieve it, but of course some security should be built in to allow only selected groups to access the sensitive information. One method is password access, another is to make the sensitive databases readable only to a certain group, or whatever. The policy part comes in when Joe User decides to start snooping into the records of his neighbor, or gives away information that has no business being given away for a particular reason. The only way to stop this is to either keep Joe User from having access to that information, or to not store it. The former is policy-related as policy will dictate who gets access to what, and the latter should be thought of when the need the database should fill is defined. There's no need for my bank account database to hold my college grades, so naturally it wasn't included in the specs. In any event, the only input I'll get on this is to give the management-types a rough estimate of how much longer the project will take if I implement various security schemes, how risky it is to hold that information, and also to ask how and why that information needs to be retrieved. This gives me some freedom in the design stage, but all in all it's never going to be my decision. ------------------------------ End of Computer Privacy Digest V1 #077 ******************************