Date: Wed, 27 Oct 93 11:40:10 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#062 Computer Privacy Digest Wed, 27 Oct 93 Volume 3 : Issue: 062 Today's Topics: Moderator: Dennis G. Rears Re: Clinton Health Care Plan Re: Clinton Health Care Plan Re: Finding someone Re: isn't one's diary considered "private" ?? Re: isn't one's diary considered "private" ?? CPSR Crypto Resolution The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Subject: Re: Clinton Health Care Plan From: seank@nermal.santarosa.edu (Sean Kirkpatrick) Date: 17 Oct 93 10:33:00 PDT Organization: Santa Rosa Junior College, Santa Rosa, CA Jerry Whelan (guru@camelot.bradley.edu) wrote: : In article , : Dennis D. Steinauer wrote: : -} BTW -- The "Card" isn't likely to be a smartcard, massive memory card, or : -} other such thing -- at least not for a long time. Indeed, it probably won't : -} even be the SAME card in all ares. The president's plan, in line with the : -} approach of encouraging technical innovation, initially calls for a minimal : -} machine readability capability (read "mag strip"). : This is unfortunate from a privacy standpoint. I would prefer : that all my medical/personal information be stored solely in : something under my control. I realize that there would still be : potential privacy concerns when the card is used (after all, what : good is the data if it isn't used by the medical providers). But : keeping the data only on the card goes a long way towards controlling : the distribution of data about me without my consent. I am currently working on a contract for Sonoma County Department of Social Services. They are attempting to streamline and make more efficient their delivery of social services to those who need them. One of the technology based solutions that we are investigating is the use of smart cards/laser storage cards which will be recorded upon with informatin about the clients case. The theory goes that if the client has the card in their posession, then any compromise of the data on that card will be as a result of *their* failure to protect the data, and not the authorities. This theory doesn't wash with me, however. Consider a homeless or mentall ill person who doesn't have the capability or judgement to protect the card from loss. In many of the smart/laser card solutions we have seen so far, the expense of buying a reader is well within reach of the average joe computer user, and I feel that it is an unacceptable risk to have sensitive data on a card if it can be easily read by anybody with the appropriate hardware. We are considering the use of encryption to encapsulate various classes of sensitive information, much in the way that the DoD model of Top Secret information is compartmentalized. Thus, a card could be used to store this information, and accessed only upon the presentation of the appropriate key. Medical information would require one key, financial another, and so on. In this way, only those county employees who actually needed to know this information would be able to access it, and it would remain protected even in the event of loss or theft. I am interested in the details of the Clinton health plan, particularly how they intend to protect this sensitive information. If, in fact, the initial card is limited in capabilities (mag stripe vs smart card or laser card), then there might not be such a problem as is being discussed. Is there a place on the net where I can get a copy of the complete proposal? Cheers! Sean ------------------------------ Subject: Re: Clinton Health Care Plan From: seank@nermal.santarosa.edu (Sean Kirkpatrick) Date: 17 Oct 93 10:45:17 PDT Organization: Santa Rosa Junior College, Santa Rosa, CA Mike Brokowski (brokowski@nwu.edi) wrote: : >As with other aspects of the current : >healthcare system, the worst thing we could do is nothing. : Not true. It isn't hard at all to imagine alterations to the : current system which make it worse than the present one. And, : since privacy concerns are not the only area where nothing more : than lip service has been given to implementation details, I : don't imagine that privacy is the only aspect of the system : which stands at risk from the changes. "Change" isn't always : good, and government mandated change is neither the only kind : of change nor the most desirable. We are always changing : *something*, whether or not the change is worthwhile is a : separate question. Hmmmm, well...in my case, as it is with hundreds of thousands, if not millions of others in this country, it would be MUCH worse if we didn't do anything. I'm about to loose my health insurance because of a combination of cheap employers (MD's, actually, who don't want to even CONTRIBUTE toward their employees medical insurance), and a naturally occurring degenerative spinal condition called Cervical Spondylosis. One wrong move, a quick twist of the neck, a *minor* fender bender, and I could well be paralyzed. I cannot wait for something to be done, I cannot accept that doing nothing is good. 2/3 of the children of this country, don't have access to regular health care, and something MUST be done. I'm not too very thrilled about some of the ramifications of the plan (privacy, etc.), but I'm not in a position to be too critical of it. I'd be happy with a federal law that says, "You can't deny insurance to anyone, you can't cancel anyone, and you can't deny a legitimate claim". Cheers! Sean ------------------------------ From: Dark Newsgroups: alt.privacy,comp.society.privacy,misc.legal Subject: Re: Finding someone Date: 26 Oct 1993 16:49:17 -0400 Organization: Express Access Online Communications, Greenbelt, MD USA In article , Bob Sherman wrote: > >This is easier said than done. Yes, the SSA will do as you described, but >the key here is your "last known address". In reality, The average person >never contacts the SSA from the time they first get the card, until it is >time to collect some sort of benifit. That can be anywhere from 45-63 >years. A last known address that is 40 years or more old does not really >offer much help.. > >There are much faster, and easier ways to locate a person with the >information you have at hand.. These being...? Let's assume I'd like to contact a delinquant dad and let him know that I (Son) will waive all he owes. How might one go about finding dear ole dad if he doesn't want to be found? Whatever the hypo, what's the solution to the non-compliant/willing search (aside from expensive detectives et al.) >-- > bsherman@mthvax.cs.miami.edu | | MCI MAIL:BSHERMAN > an764@cleveland.freenet.edu | | > -uni- (Dark) -- Heute ist Mirroccoli Tag - Find me Sick, Dark and Twisted, and I'm happy. 073BB885A786F666 6E6D4506F6EDBC17 - One if by land, two if by sea. ------------------------------ From: Bernie Cosell Subject: Re: isn't one's diary considered "private" ?? Organization: Fantasy Farm Fibers Date: Wed, 27 Oct 1993 02:06:17 GMT In article , David Jones writes: } In the (US) news recently are two cases involving personal diary } entries being used (or subpoenaed) as evidence. } } I am surprised that this evidence is admissible, or at least that } no one has even tried to argue that it should be private. You have to make clear on what basis such an item *should* be kept private. } (1) Some Senator accused of some sort of sexual harrassment has had } his personal diary subpoenaed. Why is he not protected by } the right not to give self-incriminating testimony? No. This is clearly a misunderstanding of the law on your part. The fifth amendment only protects *testimony* not presenting *evidence*. The SC has [quite rightly, I'd say] interpreted that to mean _only_ that you are allowed to refuse to make *verbal* statements. In essence, it says that for anything that is locked in your brain, you have the right to *keep* it so locked. On the other hand, *everything* else about you _is_ subject to subpeona and introduction as evidence. Letters, financial records, diaries, *anything* [reread the fourth: it specifically says that our "papers and effects" *ARE* subject to search and seizure under appropriate circumstances.". so there's just *no* case for not complying with such a subpoena. The moral is simple: if you want to keep it private, keep it inside your skull. } (2) Some girl (a minor I think) apparently wrote in her diary that } she regrets killing her younger sister. I think her mother } found the diary and went to the police. Again, isn't a diary } to be considered private? Again, *NO*. It is this kind of casual, and mostly mistaken, misuse of the term 'privacy' that makes dealing with the whole privacy mess so difficult and makes it so hard to focus on the _real_ privacy invasions. In this case, the 4th only applies to the *gov't* doi ng the searches and seizures, and so "her mother" wouldn't be affected in any event. /Bernie\ -- Bernie Cosell cosell@world.std.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 ------------------------------ Date: Wed, 27 Oct 1993 10:23:35 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Re: isn't one's diary considered "private" ?? Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- David Jones , writes: > In the (US) news recently are two cases involving personal diary > entries being used (or subpoenaed) as evidence. > > I am surprised that this evidence is admissible, or at least that > no one has even tried to argue that it should be private. > > (1) Some Senator accused of some sort of sexual harrassment has had > his personal diary subpoenaed. Why is he not protected by > the right not to give self-incriminating testimony? Apparently it has been pointed out to me that the 5th Amendment protection against self-incrimination does not apply to written records, the idea supposedly being that you have the option not to write things down. How this squares with the requirement of the Gestapo^H^H^H^H^H^H^H^H^H Internal Revenue Service that one is required to file a return, yet the information on that return can and will be used as evidence in criminal proceedings against the person who is compelled to file and give the evidence against them, is unclear to me. What it apparently means is that if you have written records, you can be required to present them; you are under no requirement to explain what they mean. So the answer is to encrypt them and give those who want them the printed listing of the encrypted file and stand on one's 5th Amendment right not to give out the key. This is what the file looks like on the computer; this is a verbatim printout of the file, which is garbage. Many Government Agencies claim that records on computer are not written records (and thus they don't have to produce them for FOIA requests); if so, then records on a computer would not be required to be presented. I doubt that this stance will stand up to judicial scrutiny in light of the Presidential E-Mail cases. --- Note: All mail is read/responded every day. If a message is sent to this account, and you expect a reply, if one is not received within 24 hours, resend your message; some systems do not send mail to MCI Mail correctly. Paul Robinson - TDARCOS@MCIMAIL.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ----- The following Automatic Fortune Cookie was selected only for this message: Captain Penny's Law: You can fool all of the people some of the time, and some of the people all of the time, but you Can't Fool Mom. ------------------------------ Organization: CPSR Washington Office From: Dave Banisar Date: Tue, 26 Oct 1993 21:40:51 EST Subject: CPSR Crypto Resolution CPSR Crypto Resolution CPSR Cryptography Resolution Adopted by the CPSR Board of Directors, San Francisco, CA October 18, 1993 WHEREAS, Digital communications technology is becoming an increasingly significant component of our lives, affecting our educational, financial, political and social interaction; and The National Information Infrastructure requires high assurances of privacy to be useful; and Encryption technology provides the most effective technical means of ensuring the privacy and security of digital communications; and Restrictions on cryptography are likely to impose significant costs on scientific freedom, government accountability, and economic development; and The right of individuals to freely use encryption technology is consistent with the principles embodied in the Constitution of the United States; and The privacy and security of digital communications is essential to the preservation of a democratic society in our information age; and CPSR has played a leading role in many efforts to promote privacy protection for new communications technologies: BE IT RESOLVED THAT Computer Professionals for Social Responsibility supports the right of all individuals to design, distribute, obtain and use encryption technology and opposes any government attempt to interfere with the exercise of that right; and CPSR opposes the development of classified technical standards for the National Information Infrastructure. ------------------------------ End of Computer Privacy Digest V3 #062 ******************************