Date: Thu, 01 Apr 93 17:07:11 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#030 Computer Privacy Digest Thu, 01 Apr 93 Volume 2 : Issue: 030 Today's Topics: Moderator: Dennis G. Rears Akron BBS Sting Update 3 Re: Virginia voters & Social Security Numbers Re: Virginia voters & Social Security Numbers Re: law on ss.no (Privicy Act) Re: law on ss.no (Privicy Act) Medical SmartCard Privacy Risks Information privacy and applying for an apartment Email Privacy Research on interactive publishing systems The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: 27 Mar 93 11:41:54 EST From: David Lehrer <71756.2116@compuserve.com> Subject: Akron BBS Sting Update 3 "Munroe Falls carryout" The following is an editorial published in the Akron Beacon Journal on Wednesday, March 24, 1993. This editorial is copyrighted by the Akron Beacon Journal, and commercial use or resale of this article is forbidden. Permission to post this editorial in its entirety has been generously granted by Mr. David B. Cooper, Associate Editor. Background: The 9-month long Mark Lehrer/Akron Anomaly BBS felony trial situation terminated on March 8, 1993. Topic: Published articles about the Akron Anomaly BBS 'sting' directed by Munroe Falls, Ohio police chief Steve Stahl on June 18, 1992. All published articles concerning this 'sting' and associated battles will be distributed immediately upon permission being granted by the author(s). Responses are encouraged! From the Beacon: "We welcome your letters and the chance to publish as many as possible." "We ask that letters be original, concise and legible and bear the writer's full signature, address and daytime phone number." "All letters are subject to editing. We withhold names only for good reason. The same conditions apply to letters sent by fax." "Please address your letters to Voice of the People, Akron Beacon Journal, P.O. Box 640, Akron, Ohio 44309-0640." "If you want to send your letter by fax, use our fax number: (216) 996-3520." David Lehrer ******************* 07084027 MUNROE FALLS CARRYOUT Akron Beacon Journal (AK) - WEDNESDAY March 24, 1993 Edition: 1 STAR Section: EDITORIAL Page: A14 Word Count: 313 MEMO: Editorial / Our Opinion TEXT: The Fourth Amendment to the Constitution was written to safeguard ordinary citizens against unreasonable search and seizure. Recently, however, law-enforcement officials have taken to seizing possessions of convicted and suspected criminals, particularly drug dealers. In the case of 23-year-old Munroe Falls resident Mark Lehrer, police confiscated a sophisticated, $3,000 computer setup, programs and disks on the suspicion that he might be letting kids look at dirty pictures. That charge was never proved. In fact, it appears that police received only one or two complaints about his computer bulletin board, none from area parents. Lehrer contends a clerical error put the pornography into files accessible to all the bulletin board's users, not just adults. Police enlisted a 15-year-old, falsified his identity for a membership and then helped the teen call up a possibly offending program. But, when the Summit County grand jury refused to indict the University of Akron computer whiz on the original charges, Munroe Falls police filed other charges based on the possibility that some of the programs in Lehrer's private collection contained pictures of minors. Lehrer did plead guilty to a misdemeanor charge of 'attempted possession of criminal tools' -- his computer -- based on those subsequent charges. No one downplays the seriousness of crime in our society, whether it's in the suburbs or inner cities. None argue that children should be able to view pornography. But in the absence of compelling evidence that Lehrer was trying to peddle child porn to kids, either at the outset of this case nine months ago or now, it could appear that the police acted hastily in confiscating the computer. Such actions invite questions as to whether the police were protecting against a child pornographer or using the intimidating powers of the police and judicial system to help themselves to a nice hunk of expensive machinery. dl DESCRIPTORS: MUNROE FALLS; MARK LEHRER; POLICE; BIOGRAPHY; CHILD PORNOGRAPHY; EVIDENCE; OBSCENITY ------------------------------ From: sean@cobra.dra.com Subject: Re: Virginia voters & Social Security Numbers Date: 29 Mar 93 18:54:40 CST Organization: Data Research Associates, Inc. In article , Jeremy Epstein writes: > It is not believed that the ruling will affect other state agencies > (such as motor vehicles) which require SSNs, because those are not > considered public records. In most states, motor vehicle records are considered public records. I believe there are only two states (as of 1989?) that don't have any "public" access to motor vehicle records, and maybe a half-dozen that have only limited access (i.e. you need to be a big insurance company, or a "licensed investigator"). In states with Freedom of Information Acts every record except those listed as exceptions in the act (usually a short list of less than a dozen items) are considered public records. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Domain: sean@sdg.dra.com, Voice: (Work) +1 314-432-1100 ------------------------------ From: Larry Hunter Subject: Re: Virginia voters & Social Security Numbers Reply-To: Hunter@nlm.nih.gov Organization: National Library of Medicine Date: 30 Mar 93 10:51:51 Jeremy Epstein nicely summarized the victory of privacy interests in preventing the State of Virginia from requiring SSNs to register to vote. Although he mentions the ACLU, who were not involved in the case, he neglects to mention CPSR, who filed an important Amicus brief in the case. Public Citizen, as noted, also provided legal assistance. Here is the CPSR press release describing the case, including a pointer to an ftp/gopher/wais site containing the text of the opinion. PRESS RELEASE March 26, 1993 "FEDERAL APPEALS COURT UPHOLDS PRIVACY: USE OF SOCIAL SECURITY NUMBER LIMITED - - - - CPSR Expresses Support for Decision" A federal court of appeals has ruled that Virginia's divulgence of the Social Security numbers of registered voters violates the Constitution. The Court said that Virginia's registration scheme places an "intolerable burden" on the right to vote. The result comes nearly two years after Marc Greidinger, a resident of Falmouth, Virginia, first tried to register to vote. Mr. Greidinger said that he found it nearly impossible to obtain a driver's license, open accounts with local utilities or even rent a video without encountering demands for his Social Security number. Mr. Greidinger told the New York Times this week that when the State of Virginia refused to register him as a voter unless he provided his Social Security number he decided to take action. He brought suit against the state, and argued that Virginia should stop publishing the Social Security numbers of voters. This week a federal appeals court in Richmond, Virginia ruled that the state's practice constituted "a profound invasion of privacy" and emphasized the "egregiousness of the harm" that could result from dissemination of an individual's SSN. Computer Professionals for Social Responsibility (CPSR), a national membership organization of professionals in the computing field, joined with Mr. Greidinger in the effort to change the Virginia system. CPSR, which had testified before the U.S. Congress and the state legislature in Virginia about growing problems with the misuse of the SSN, provided both technical and legal support to Mr. Greidinger. CPSR also worked with Paul Wolfson of the Public Citizen Litigation Group, who argued the case for Mr. Greidinger. In an amicus brief filed with the court, CPSR noted the long-standing interest of the computing profession in the design of safe information systems and the particular concerns about the misuse of the SSN. The CPSR brief traced the history of the SSN provisions in the 1974 Privacy Act. The brief also described how the widespread use of SSNs had led to a proliferation of banking and credit crime and how SSNs were used to fraudulently obtain credit records and federal benefits. CPSR argued that the privacy risk created by Virginia's collection and disclosure of Social Security numbers was unnecessary and that other procedures could address the State's concerns about records management. This week the court of appeals ruled that the state of Virginia must discontinue the publication of the Social Security numbers of registered voters. The court noted that when Congress passed the Privacy Act of 1974 to restrict the use of the Social Security number, the misuse of the SSN was "one of the most serious manifestations of privacy concerns in the Nation." The Court then said that since 1974, concerns about SSN confidentiality have "become significantly more compelling. For example, armed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits, or Social Security benefits, order new checks at a new address, obtain credit cards, or even obtain the person's paycheck." The Court said that Virginia's voter registration scheme would "compel a would-be voter in Virginia to consent to the possibility of a profound invasion of privacy when exercising the fundamental right to vote." The Court held that Virginia must either stop collecting the SSN or stop publicly disclosing it. Marc Rotenberg, director of the CPSR Washington office said, "We are extremely pleased with the Court's decision. It is a remarkable case, and a real tribute to Marc Greidinger's efforts. Still, there are many concerns remaining about the misuse of the Social Security number. We would like to see public and private organizations find other forms of identification for their computing systems. As the federal court made clear, there are real risks in the misuse of the Social Security number." Mr. Rotenberg also said that he hoped the White House task force currently studying plans for a national health care claims payment system would develop an identification scheme that did not rely on the Social Security Number. "The privacy concerns with medical records are particularly acute. It would be a serious design error to use the SSN," said Mr. Rotenberg. Cable News Network (CNN) will run a special segment on the Social Security number and the significance of the Greidinger case on Sunday evening, March 28, 1993. The Court's opinion is available from the CPSR Internet Library via Gopher/ftp/WAIS. The file name is "cpsr/ssn/greidinger_opinion.txt". The CPSR amicus brief is available as "cpsr/ssn/greidinger_brief.txt". CPSR is a national membership organization, based in Palo Alto, California. CPSR conducts many activities to protect privacy and civil liberties. Membership is open to the public and support is welcome. For more information about CPSR, please contact, CPSR, P.O. Box 717, Palo Alto, CA 94302, call 415/322-3778 or email cpsr@csli.stanford.edu. ========================================= -- Lawrence Hunter, PhD. National Library of Medicine Bldg. 38A, MS-54 Bethesda. MD 20894 USA tel: +1 (301) 496-9300 fax: +1 (301) 496-0673 internet: hunter@nlm.nih.gov encryption: PGP 2.1 public key via "finger hunter@work.nlm.nih.gov" ------------------------------ From: "Marc T. Kaufman" Subject: Re: law on ss.no (Privicy Act) Date: 30 Mar 93 01:13:11 GMT Organization: CS Department, Stanford University, California, USA vdifrancis@msuvx2.memst.edu writes: >It is illegal in the US for a government agency to require a person to >give a ss.no. in order to get a drivers-licence, or any other >privilege,right,or benefit. Thats the law, See 5 USC 552a, Im copying >from public law 93-579-Dec. 31,1974. Sec.7.(a)(1) It shall be >unlawfull for any Federal,State or local government agency to deny to >any individual any right,benefit or privilege provided by law because >of such individual's refusal to disclose his social security account >number.... I don't think this is true anymore. The state of California requires SSN for ALL drivers licences now (was Commercial licences only a couple of years ago). I think this is a Federal requirement, so there must be something later than 1974 on the books. -- Marc Kaufman (kaufman@CS.Stanford.EDU) ------------------------------ From: "Marc T. Kaufman" Subject: Re: law on ss.no (Privicy Act) Date: 30 Mar 93 01:13:11 GMT Reply-To: kaufman@cs.stanford.edu Organization: CS Department, Stanford University, California, USA Source-Info: From (or Sender) name not authenticated. [Moderator's Note: Source-info field is saying the author address was not authenticated by his mail system. ._dennis ] vdifrancis@msuvx2.memst.edu writes: >It is illegal in the US for a government agency to require a person to >give a ss.no. in order to get a drivers-licence, or any other >privilege,right,or benefit. Thats the law, See 5 USC 552a, Im copying >from public law 93-579-Dec. 31,1974. Sec.7.(a)(1) It shall be >unlawfull for any Federal,State or local government agency to deny to >any individual any right,benefit or privilege provided by law because >of such individual's refusal to disclose his social security account >number.... I don't think this is true anymore. The state of California requires SSN for ALL drivers licences now (was Commercial licences only a couple of years ago). I think this is a Federal requirement, so there must be something later than 1974 on the books. -- Marc Kaufman (kaufman@CS.Stanford.EDU) ------------------------------ From: Thomas Grant Edwards Subject: Medical SmartCard Privacy Risks Date: 31 Mar 93 08:47:03 GMT Organization: Project GLUE, University of Maryland, College Park I'm curious about priacy risks due to medical "smartcards" which are being considered for the new U.S. Health Care policy. How will they change the medical record privacy issue? What crytographic and other technologies can be used to safeguard these systems? -Thomas Edwards ------------------------------ From: Hans Lachman Subject: Information privacy and applying for an apartment Organization: Netcom Date: Wed, 31 Mar 1993 21:33:16 GMT I was wondering if there is some kind of article or blurb, directed at businesses, that explains why privacy rights are important and why the current state of affairs must change. I read the Usenet article "What to do when they ask for your Social Security Number" by Chris Hibbert of CPSR. What I'd rather have is an article directed at the "they" (the businesses and organizations that handle our private information), something like "Why you should respect your customers' privacy rights, and how to do that effectively and still run your business." My situation is that I have applied to rent an apartment at a large complex (Village Lake Apts. in Mountain View, CA). On the application form, I left the SSN space blank. The rental agent said that they must have it. I asked her to find out if they can get by without it. She made a call and said, yeah, they can. Later, the rental manager called me and said something like the following: Them: "We must have the SSN, that's our company policy." Me: "OK. Is it also your company policy to not divulge personal information to third parties?" Them: "Yes." Me: "Do you have that policy in writing?" Them: "No." Me: "OK, how about if you put your policy in writing, and I'll come by and pick it up and give you my SSN?" Them: "I'll get back to you." Well, the same rental manager later got back to me, and sure enoungh, they could not put the policy in writing and that's that. She also would not give a reason why they would not put their own policy in writing ("that's simply our position..."). I got into a long discussion trying to find common ground where she could understand that my position is reasonable, but the bottom line was that they must stick by their policy. Anyway, I am ready to concede defeat in this particular battle in the war against information abuse, and I plan to go along with their terms. I figure I'd run into the same resistance anywhere I go. But I would like to give them an article such as the one I describe above, to accomplish two things: 1. Educate them as to what the issue is. 2. Help them understand why I've been giving them such a hard time. If you know of such an article, please send it (or a pointer to it) to me at "lachman@netcom.com". Thanks, Hans Lachman lachman@netcom.com ------------------------------ From: Christina Cole Subject: Email Privacy Date: Thu, 1 Apr 1993 05:09:14 GMT Organization: University of Illinois I'm doing a research paper on E-mail with respect to privacy. So far the info that I have found has been about people that have lost their jobs after protesting that their privacy rights were violated when they discovered that their private email messages had been intercepted by their supervisors. (I know that was a serious run-on sentence) I need more info on these kinds of cases, precautions to take to avoid email hackers, and what to do in case the sitiuation occurs. Please help. ------------------------------ Date: Thu, 1 Apr 1993 08:09:35 -0800 From: gg15hzav@sbusol.rz.uni-sb.de Subject: Research on interactive publishing systems Research on interactive publishing systems ========================================== I am a student at the University of the Saarland in Germany and I am looking for contact to reasearchers who work this subject. I need the information form my final thesis in information science. I am especially interested in: - different ways and a classification of interactions between an information system and a user (both "traditional" information systems (e.g. internet services) and new publishing systems) -> user modelling - concepts for the technical realization of interactive newspapers and tv systems - the impact of interactive communication on the individual user and on the entire society (e.g. knowledge gap) - commercial aspects of this new kind of publishing If you could help me or know someone who is working in this area send a personal mail to my adress. Thanks in advance Achim Voermanek ------------------------------ End of Computer Privacy Digest V2 #030 ******************************