Date: Fri, 11 Mar 94 15:02:09 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#041 Computer Privacy Digest Fri, 11 Mar 94 Volume 4 : Issue: 041 Today's Topics: Moderator: Leonard P. Levine Akron Beacon Journal wants your opinion of Clipper International Employee Privacy Rights Tanya Harding's Privacy Re: Privacy and Sexual Crimes Re: PGP Ideas CHIPS... CHIPS... CHIPS... CHIPS... CHIPS... The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: gfe@vritra.cb.att.com (Gary Ellison) Date: 10 Mar 1994 17:19:03 GMT Subject: Akron Beacon Journal wants your opinion of Clipper Organization: AT&T Bell Laboratories The Saturday, March 5, 1995 Akron Beacon Journal asks the question: "Should phones and computers be equipped with chips that translate transmissions for law enforcement agencies?" There is a small blurb about Clipper followed by: "What's your opinion about installing the Clipper Chip? Should law enforcement officers be given access to computer and phone Transmission?" Send your letter to: Voice of the People Akron Beacon Journal P.O. Box 640 Akron, Ohio 44309-0640 They ask that you sign (digital won't do :) your letter and add your address and daytime phone number. They primise not to publish addresses or phone numbers. ------------------------------ From: lpincus@wppost.depaul.edu Date: 9 Mar 1994 15:00:32 -0600 Subject: International Employee Privacy Rights Message for all-of-elsa: I am an assistant professor of legal studies at DePaul's Business School and am conducting research in the area of international employee privacy rights. I am looking for information on employee privacy rights in the following countries (incl. drug and other testing, information transfers, surveillance/monitoring, etc., and personal information): Figi, New Zealand, Australia, Thailand, Nepal and India. If you have information, please email info or references to lpincus@wppost.depaul.edu. In addition, I will be travelling to these countries in Summer, 1994, and would appreciate any contacts in the area who may be involved in human resources (+ any other info). Thanks. ------------------------------ From: "Prof. L. P. Levine" Date: 10 Mar 1994 19:22:16 -0600 (CST) Subject: Tanya Harding's Privacy Organization: University of Wisconsin-Milwaukee I have been given a cut from several electronic boards that are used by journalists in their electronic interaction. What follows is my edited compendium of what appeared in these boards. It gives a look at the varying ethics of members of the working press as they puzzle their way through these issues. The material dealt with is the opening (and the possible reading) of Tonya Harding's email account at the winter Olympics. Her userid and password were read from a tag she wore around her neck and her birthdate, very insecure data. This particular case is is no longer news, but we can expect the same type of issues to come up again. What are the issues journalists should consider before accessing an account to which they may quite easily obtain access information? Journalists find that they have to walk a fine line between privacy and the public's right to know how society really functions. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of Computer Privacy Digest and Professor of Computer Science | comp.society.privacy. University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu ---------------------------------+----------------------------------------- ---------- Cut (and edited) from Several Journalism Boards --------- The Dallas Morning News reported recently that Michelle Kaufman of the Free Press, Ann Killion of the San Jose Mercury News and Jere Longman of The New York Times read Harding's e-mail access code off of her credentials shown in an enlarged shot on television. The Olympic system's default structure assigns the user's birthdate as the user's password until he or she changes it; apparently Harding never did. So the reporters had her account name and password. They say that at 2 a.m. they logged in to her account, saw that there were 68 messages, and logged out. They said they were simply trying to see if their efforts had worked. Friday, after The News' story was picked up by KRT and distributed worldwide, other reporters 'fessed up to having cracked Harding's e- mail. Among them was columnist Dave Barry, who expressed outrage that anyone would be offended by what the reporters did. Another reporter told The News that the breach was innocent in that it was analogous to a reporter's looking on a source's desk and ``reading a letter upside down.'' The reporter's committee responsible for credentials in Lillehammer plans to take no action; the Free Press and the Mercury News backed their reporters; the Times would make no comment. According to the first report, reading a letter placed openly on a source's desk is not the same as figuratively waiting until the source has gone home, rummaging around for a key, and breaking into the file cabinet to read the letter. Some reporters have said that what the journalists did was both unethical and illegal (under both US and local laws). It is not equivalent to reading a letter upside down on somebody's desk; it is equivalent to opening somebody's front door and going through their filecabinet. A spokesman for the U.S. Olympic Committee said that the USOC was satisfied that the reporters were not trying to read Harding's mail. He said he saw no need for the USOC to take any action. ``I think it's an issue in terms of ethics that belongs in the court of journalism itself,'' he said. ``We have no cause based on published rules to take some action, and I will not have my organization drawn into the same controversy during the last three days of the Olympics when we're not involved. I think this is an issue that's best left to those who manage or report the news.'' Dave Barry's editor at The Miami Herald's Tropic magazine, essentially reiterated Barry's dismissal of reaction to the snooping: ``It seems like anything you or I would do the same. It's like if someone told you that if you turn your TV to channel 59 there's some weird movie where they're beheading chickens and other weird ceremonies. Just to see if it's true you'd probably turn to channel 59. It's just like if you see someone's mail upside down on their desk or you see mail sticking out of their mailbox. You might read it to see what it is. It depends on what you do with it.'' The executive editor of the Detroit Free Press wrote: ``Obviously, it's something we don't approve of. It's against our policy, and [the reporter who did this] regrets it. It shouldn't have been done. But in my opinion, our reporter is a fine reporter with great integrity. She realizes she made a mistake. We're reviewing it and will be apologizing to Tonya.'' Another journalist wrote: ``I find this story most disgusting. I'd probably fire a journalist, working for my organisation, who thinks that this peeping into someones privacy is well done behaviour.'' The journalist continued by comparing this behavior to that of a reporter who opens someone's mailbox, steams open the letters, reads them and puts them back. Saying that the person didn't have a lock on the box is no defense to that kind of privacy invasion. I agree with Alex that this is the kind of behavior 21st century journalists should be combatting rather than promulgating. Computers have raised a number of legitimate privacy concerns in the general public. If we fail to act responsibly, we may well find the door to electronic information slammed in our face (not to mention the loss to our collective credibility). We need to come out and publicly condemn these actions as plainly unethical. A journalim professor wondered if this was the type of ethics "tenured professors" teach in j-schools. The answer, he stated, is, of course, no. But does it matter when top role models in the profession care so little about ethics themselves? He stated that to be fair to Dave Barry, singling him out like this is a little misleading, because it gives the impression that he was a ringleader. All he did was tell a reporter that he, like several dozen other journalists, tried the access codes. I'm not sure I'd use the word "conspiracy"; Barry says it was just a lot of people giving in to temptation. While that hardly justifies the Olympic journalists' behavior, I do agree with Barry that it's probably unfair to single out the three reporters who happened to get caught -- or Barry or anyone else, for that matter -- for special abuse. The original poster wrote: My whole purpose in writing the original note (which was very strongly worded, and which I stand behind completely) was not to hold up the Times, Free Press and Mercury News reporters to special ridicule. It was to state categorically that journalists shouldn't have any special dispensation to rummage around in electronic mailboxes. That's a very sensitive and important issue that we must address soon, and I just hope the larger issue doesn't get lost in a rush to stigmatize individual journalists because they happen to be good enough to become famous. Another reporter wrote: In my case, I wasn't following any of this until the weekend, but it came after reading a commentary in the March issue of BYTE by Victor J. Cosentino, a lawyer in Washington, D.C., who wrote that once online, some people totally disregard legally and socially acceptable behavior. It is all very easy, he continued, for _anyone_ in cyberspace to think that they are simply communicating with the monitor in front of them and not with the whole world. Access someone else's computer? Who will know? Send out a flame? After all, the box can't punch the sender in the nose. As journalists we have a tremendous opportunity to help guide the use of these new information technologies, even if we trip over a few electronic potholes. It's a high wire, this balancing act between the public's right to know and their desire for privacy. ---------- End of cut from Journalism Boards -------------------- ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of Computer Privacy Digest and Professor of Computer Science | comp.society.privacy. University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu ---------------------------------+----------------------------------------- ------------------------------ From: swayne@draper.com (A. Steven Wayne) Date: 11 Mar 1994 19:43:14 GMT Subject: Re: Privacy and Sexual Crimes Organization: The Charles Stark Draper Laboratory, Inc. In article , mea@intgp1.att.com (Mark Anderson) wrote: swayne@draper.com (A. Steven Wayne) writes: Chuck Weckesser <71233.677@CompuServe.COM> wrote: Should Rapist's And Pedophiles Be Forced To Register With The Authorities Every Time They Move Away? There are two issues here: the rights of the individual (who I assume to have been previously convicted) and the security of society. [A. Steven Wayne chooses the security of society] Your proposal scares me a little bit, not because you mention it here in this mailing list, because I think your attitude towards these types of crimes reflects the norm of society. It's now becoming acceptable to sacrifice any kind of privacy or liberty if it prevents just one child from being molested or one woman from being raped. The nightly TV tabloid^H^H^H^H^H^H^Hnews seems to create enough hysteria about this crime that if a proposal to place electronic monitoring devices on these people for the rest of their lives, there wouldn't be much objection. For people convicted of these crimes, databases already exist that allow interested parties access. If you, as a concerned neighbor, investigated every new neighbor coming into the neighborhood, you could find out convicted rapists and molesters using the laws already on the books. Having these people report to the authorities after they've served their debt to society can have dangerous side effects. Personally, I'd also want to know about the murderers, home burglars, and drug dealers moving into my neighborhood. But consider it as if the punishment for the sexual crime were life on parole, as opposed to life in incarceration. Instead of regularly reporting to a parole officer, the person only had to register with certain other authorities. Is this exceptionally harsh when viewed this way? -- swayne@draper.com ------------------------------ From: michael@stb.info.com (Michael Gersten) Date: 10 Mar 94 10:46 PST Subject: Re: PGP Ideas Replying to someone: To use PGP on my Macintosh, for instance, I would have to launch my text editor, open and compose a new document, save it, launch MacPGP, encrypt and save the document (deleting the original), upload the encrypted message (deleting the message on my computer), open PINE (or whatever mailreader that I would use), send the message, and delete the original on my host computer. Nine steps for a simple message encrypted in a bulletproof fashion. Recieving and decrypting a message is similarly complicated. It's times like this that I really like NeXTStep. All I'd have to do to encrypt with PGP would be to select the text that I want, and hit a menu item or command key. Automatically run the encrypter, and replace the selected text with the encryption. Voilla! One step. This has been a blatant plug for NeXTStep :-) -- Michael Gersten michael@stb.info.com NeXT Registered Developer (NeRD) # 3860 -- Hire me! (Ready _NOW_) ------------------------------ From: sutter@verisoft.com (Paul Sutter) Date: 10 Mar 1994 11:26:55 +1700 Subject: CHIPS... Whose privacy are you concerned about? Yours, or the cat's? Is the chip the privacy issue? Or is it the name/number information in the database? How easy is it to give false info for the database (Mickey Mouse, 213-555-1212)? Could it be made useful without compromising who you are (John Doe, 800-xxx-xxxx)? Yes, it may be expensive to maintain an 800 number just so that you can be anonymously notified of a lost cat,.... but... I'm just trying to determine what the real issue is here. Paul Sutter Verisoft ------------------------------ From: sbernard@tardis-b4.ethz.ch (Steve Bernard) Date: 11 Mar 1994 19:19:02 GMT Subject: CHIPS... Organization: Swiss Federal Institute of Technology (ETHZ) Lile Elam (lile@netcom.com) wrote: [...] : Well, I said I didn't want a chip in this cat and that it was a violation of privacy. [...] I was really upset about this. My housemate asked me why and I said, "It's too close. Don't forget that we are animals too! Uh, I'm not sure I follow you on this. Has there been any other precedent where treatment of animals has propogated to humans? I'm pretty sure we're not putting people to sleep yet because they don't have a home. What about getting spayed and neutered? This is a good thing with animals yet I don't think we need worry about that happening to us. Below is the brocure contents about the C.H.I.P. program. How do you feel about it? To me it sounds like a really good idea. I know people who have lost valuable pets and perhaps something like this would have helped. Sure, maybe "Socks" has lost a little privacy, but after the claws and the gonads... The same just isn't true with humans. If you lose a child it's a major event. The police, media, etc are invloved. It's pretty hard to imagine how this little chip would be of benefit. Anyone not wanting it could just remove it -- obviously not a good method for permanently marking criminals and the like. Many of them already have a more permanent form of ID in their scars and tattoos. (ever see America's Most Wanted?) Sorry, but I do think you're overreacting. Enjoy your cat! Steve Bernard ------------------------------ From: lile@netcom.com (Lile Elam) Date: 11 Mar 1994 00:01:09 GMT Subject: CHIPS... Organization: NETCOM On-line Communication Services (408 241-9760 guest) What is a identity? If a person doesn't have a identity, do they have any rights? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile@netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------ From: seth@wucs1.wustl.edu (Seth Golub) Date: 10 Mar 1994 17:53:03 GMT Subject: CHIPS... Organization: Washington University, St. Louis MO Lile Elam wrote: The microchip contains a unique I.D. number which can be activated by a special hand-held scanning device (much like bar codes in grocery stores). In the future, if your animal becomes lost and is brought to the shelter or a local participating veterinary hospital, his/her unique I.D. number will be read by the scanner. I wonder how close they have to be to scan. With a long range scanner they could locate a missing animal that had not been brought to a shelter--or track a person who they believe is with the animal. I guess the FBI won't need me to have a cellular phone after all. -- Seth Golub | "One should never underestimate the influence of seth@cs.wustl.edu | 'breakfastlessness' on the workings of a great | political mind." - D. Sim ------------------------------ From: "Prof. L. P. Levine" Date: 11 Mar 1994 11:22:39 -0600 (CST) Subject: CHIPS... Organization: University of Wisconsin-Milwaukee lile@netcom.com (Lile Elam) posted: So, I went to the front desk and spoke with the Animal Coordinator/Advisor. Everything was going great and they were impressed that my dad's a veterinarian. Said it sounded like we could provide Hawk with a wonderful home. Then the woman said, "All we have to do is implant a microchip in the animal and you'll be set". Well, I turned pale and said, "What's this chip and why is it needed?" I was told that it was used to identify the animal in case it became lost. A identifaction number is stored on this microchip and can be used to find the pet's owner and home. Well, I said I didn't want a chip in this cat and that it was a violation of privacy. I am not sure whose privacy is being invaded here. If you feel that the cat needs this privacy then you have gone too far in my judgement. I suspect that the cat will not be concerned about this chip, either physically or mentally. If you feel that _you_ should not be forced to wear such a chip I will support you completey. Some years ago, in order to protect my privacy, I registered my phone under the name "Mehitabel DeCatte" (pronounced "Mehitabel the cat"). Having such a "nom de phone" was legal and was cheaper than having an unlisted number. Our cat, Mehitabel, did live at our residence with us, and did not mind the junk phone calls as much as we did. Any call for Mehitabel, or for Miss DeCatte I knew was not for me and would generally answer that she was outside climbing a tree or was asleep under the sofa. She never complained. I am sure that had such a chip been available at the time she would have been more pleased with it than she was with the collar we made her wear with appropriate identification on it. There are limits to our need for privacy. I feel that Lile Elam's posting had gone beyond those limits. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ End of Computer Privacy Digest V4 #041 ****************************** .