Date: Sun, 07 Aug 94 09:06:13 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#019 Computer Privacy Digest Sun, 07 Aug 94 Volume 5 : Issue: 019 Today's Topics: Moderator: Leonard P. Levine Privacy Research Program - Read This Privacy Research Program - Help NEEDED --------------------------------------------------------------------- Housekeeping information is located at the end of this Digest. ---------------------------------------------------------------------- From: "Prof. L. P. Levine" Date: 07 Aug 1994 08:51:51 -0500 (CDT) Subject: Privacy Research Program - Read This Organization: University of Wisconsin-Milwaukee The following posting is a survey that is part of a research project apparently from a university faculty member doing privacy research. His name is Prof. Urs E. Gattiker, Centre for Technology Studies, Faculty of Mgmt, The Univ. of Lethbridge, Lethbridge, AB T1K 3M4, CANADA. He asks for volunteers to respond to several very good questions about our feelings/judgements concerning privacy. He presents some good cases and asks about what you would do. He also codes the form for some reason. He also will get your email address if you respond. His cases are very good. I will feel free to present these in the next few months for discussion on this forum, but one at a time; each is worthy of it own space. Answer the form if you will; I intend to. I suggest you read it in any event. There will be questions on the final exam based on this material :-). ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ From: GATTIKER@CETUS.MNGT.ULETH.CA Date: 29 Apr 1992 11:33:35 -0700 Subject: Privacy Research Program - Help NEEDED Aug 6, 1994 ------------------- PRIV2VER.DOS follows -------------------- DEAR COLLEAGUE/FRIEND BELOW IS A SURVEY WHICH I INTEND TO SEND OUT SOON, ONCE AGAIN USING ELECTRONIC MEANS SUCH AS BBS AND NEWSLETTERS. IF YOU SAW ONE FROM ME IN THE SPRING, PLEASE BEAR WITH ME BECAUSE THIS ONE IN FRONT OF YOU IS BASED UPON THE EVALUATION OF THE RESULTS WE RECEIVED FROM THE FIRST ONE. THANKS FOR ALL YOUR HELP THE FIRST TIME! AT THIS STAGE I WOULD APPRECIATE IT IF YOU COULD CAREFULLY READ THIS AND TRY TO FILL IT OUT..... MOST IMPORTANT, TELL ME WHAT AND HOW I COULD IMPROVE THINGS.....BY WRITING COMMENTS THROUGHOUT THE SURVEY. Why did I ask you for help, I trust your know how, honesty and sense....THANKS...HERE IT COMES...... ********************************** NOTE: PLEASE DO NOT REPLY TO THIS LIST IF YOU HAVE QUESTION/COMMENTS ABOUT THE INFORMATION PROVIDED! Send inquiries to the e-mail address listed further below. < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Electronic distribution of this posting is greatly encouraged, preserving its original version, including the header and this notice. < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > We apologise for any cross-postings. Here follows the message: Subject: The Privacy Project Dear Colleague/Participant: The following survey is part of a project I am conducting on privacy issues and technology. I appreciate the help of every computer user who reads this message, taking a few minutes to answer and return the survey via e-mail and/or "snail mail." All reponses will remain striclty confidential Thanks for SHARING YOUR KNOWLEDGE AND EXPERTISE with us! Prof. Urs E. Gattiker, Centre for Technology Studies, Faculty of Mgmt, The Univ. of Lethbridge, Lethbridge, AB T1K 3M4, CANADA; Tel: (403) 320-6966 (home office, every morning, Mountain- Standard-Time) If your online editor ___wraps the lines around___ or if it will not fill in blanks without moving copy around, please download to your wordprocessor (takes 1 Min.). Before uploading the survey in ASCII text format, please make sure that the file is in 10 Pitch Courier. You can also ask for another copy from the address above ----------------------------------------------------------------- Please return this completed survey to Urs E. Gattiker by: August 10, 94 #SU1CcDigestsMLusaNAF_____ (for computer use only) THE PRIVACY PROJECT The following are general questions which ask about your computer and communcation experience. Answer on the basis of your personal profile. THERE ARE NOT CORRECT OR INCORRECT ANSWERS. Please circle or mark one code # (e.g., _1_ or "1" or ~1~ or XX1XX) or enter an absolute value (e.g., # of years) for each question. 1. Are you familar with Calling Number ID (i.e. a caller's phone # is revealed to the party you call if s/he has the equipment/services needed to do this)? No..... Yes..... 2. What is your experience with Calling Number ID? not offered by my phone company.....0 my phone service is such that my number is always revealed to the party I call and I never use per-call blocking.....1 I use per call blocking if I wish.....2 I have per-line blocking (= my number is never revealed).....3 3. What type of electronic mail account service do you have: none/no e-mail account.....0 not-for profit (e.g., university, freenet), if yes, # ____ years or-profit vendor (Well, Genie, EUnet, etc.), if yes, #____years 4. Have you ever received advertising information through your e-mail? No.....0 Yes.....1 ----------------------------------------------------------------- When answering the next three situations, please try to think about how you would react, feel, and behave if this happened to you. SITUATION 1: Calling Number Identification (CNID) A month ago your friend placed a fast food order. Thanks to Caller ID, Mamamia Pizza was able to call back 10 minutes later to confirm the order and street address just as a precaution against possible pranksters. This week your friend received a phone call from Carleone's Delight (another pizza chain) informing him/her about their special for new customers. After some prodding, your friend was told that Carleone's had purchased the number from a Telemarketing company (which in turn purchased the information courtesy of Mamamia's data-base), including information about her/his habit of ordering in pizza about 3-4 times a month. Your friend always uses per-call blocking, i.e. his/her number is blocked by dialing *67 before calling any retailer, but he/she must have forgotten when calling Mamamia last time.... Today, "Uncle Charlie" called with their special..., again thanks to Mamamia's data-base.... 6a. What do you think about this situation (if phone # is being revealed to a retailer, latter will very likely sell it to a Telemarketing firm)? Very wrong.....2 A little wrong.....1 Perfectly okay.....0 6b. Is anyone hurt by what Mamamia's Pizza did? No.....0 Yes....1 How_______________________________ 6c. Imagine that you actually experienced such a situation, whereby suddenly a retailer calls you based on purchased data- base information (e.g., phone number and shopping habits) from a telemarketing firm. Would you feel bothered.....0 not care.....1 think this is good.....2 6d. Imagine that you are Carleone's employee calling a prospective client with this purchased data-base information (e.g., phone # & shopping habits) from a telemarketing firm. Would you feel bothered.....0 not care.....1 think this is good.....2 6e. Should Mamamia's Pizza be stopped? No.....0 Yes....1 6f. Should Mamamia's Pizza be punished? No.....0 Yes....1 Suppose you learn about two different countries. In country A, firms which sell their customer data (e.g., credit information, shopping & spending habits) are quite common. In country B, consent to the use of personal information must be manifest, free, enlightened and given for specific purposes by the client to the firm, while this consent is valid only for the length of time necessary to achieve the purposes for which it was requested (e.g., your newspaper has to ask before selling/or giving away your address as part of its subscriber list each time it intends to do so). 6g. Which one of these customs [if either] is bad or wrong? Both customs are wrong.....3 Country A's custom is wrong.....2 Country B's custom is wrong.....1 Neither one, both customs are okay.....0 ----------------------------------------------------------------- SITUATION 2: Electronic Advertising Your friend pays a fixed U.S.$20.00 fee for Internet access regardless of use. As an avid food lover he/she is also on the Foodnetter list (listowner is located at University X). Logging on the system today reveals that two commercial messages are in the "in-box"; every time s/he reads such a message 50 cents is credited to the account. If s/he prompts Yes before logging out, the unread advertising messages get automatically deleted. The first advertising message is from Carleone's CEO addressed to "Dear Fellow Foodnetter..." informing him/her about the special for Foodnetters. Your friend then inquires to the sender about how one got his/her e-mail address. Answer: CEO is a fellow Foodnetter. Since your friend's e-mail number was not concealed on the list, it was obtained with a simple command with many others on the list. 7a. What do you think about this situation (using one's not concealed e-mail number from a listserver on the Internet for an advertising campaign)? Very wrong.....2 A little wrong.....1 Perfectly okay.....0 7b. Is anyone hurt by what Carleone's Delight did? No.....0 Yes....1 How_______________________________ 7c. Imagine that you actually experienced such a situation, whereby suddenly a retailer sends you advertising electronically based on your "not concealed" e-mail number obtained from a listserver on the Internet. Would you feel bothered.....0 not care.....1 think this is good.....2 7d. Imagine that you are Carleone's employee sending an individual advertising based on the person's "not concealed" e- mail number obtained from a listserver on the Internet. Would you feel bothered.....0 not care.....1 think this is good.....2 7e. Should Carleone's Delight be stopped? No.....0 Yes....1 7f. Should Carleone's Delight be punished? No.....0 Yes....1 Suppose you learn about two different countries. In country A, people and firms using membership lists from dicussion lists and listservers for commercial purposes, such as advertising, are quite common. In country B, consent to the use of personal information (including one's not concealed e-mail number on a discussion list or listserver) must be manifest, free, enlightened and given for specific purposes by the individual to the firm or other user, while this consent is valid only for the length of time necessary to achieve the purposes for which it was requested (i.e. Carleone's CEO would have had to ask you if he/she could use your e-mail address before doing so). 7g. Which one of these customs [if either] is bad or wrong? Both customs are wrong.....3 Country A's custom is wrong.....2 Country B's custom is wrong.....1 Neither one, both customs are okay.....0 ----------------------------------------------------------------- SITUATION 3: Clipper Encryption Technology PREAMBLE: The U.S. has developed a key escrow encryption system (Clipper) used to encrypt voice and data transmissions (e.g., computer & telephone). If this technology becomes mandated and therefore installed in equipment/software, the "keys" will be held by two federal government agencies in the U.S. [Dept. of Treasury and The National Institute of Standards and Technology (NIST)]. If a law enforcement agency can produce the COURT WARRANT, the two "keys" will be released, thus decryption of voice messages and data sent can be accomplished. Your friend in San Francisco communicates with people in Hamburg, Sydney and Cape Town on a regular basis by either sending them messages or dialing into their computer directly. Since the U.S. allows encryption only if one uses Clipper technology, your friend's computer buddies abroad have agreed to use this technology. Your friend finds out that: (1) having received COURT AUTHORIZATION, U.S. police have requested from the phone company real-time access to transactional information, i.e. obtaining "call setup information" whereto your friend is calling abroad; (2) Stating national security reasons (i.e. find out what foreigners are up to), the U.S. police agency obtained a COURT WARRANT, permitting it to receive the "keys" to decrypt data sent/received by your friend from/to Hamburg, Cape Town and Sydney. Your friend knows from an agency official that this "snooping" information was used to build a data-base about these individuals for "security reasons." Your friend's computer buddies have complained to their country's respective Federal Commissioner for Data Protection and/or Privacy, claiming that the U.S. agency is collecting information unfairly outside U.S. borders where its court order may not apply. Hence, foreign nationals' privacy is violated. Moreover, since your San Francisco friend has not been charged with any illegal activity by a California State nor a Federal Court, his/her foreign buddies are complaining that the wiretapping may even violate privacy under U.S. laws. 8a. What do you think about this situation (U.S. police agency wiretapping U.S. communication from/to abroad and building a data-base with information about foreign recipients/senders)? Very wrong.....2 A little wrong.....1 Perfectly okay.....0 8b. Is anyone hurt by what U.S. police agency did? No.....0 Yes....1 How_______________________________ 8c. Imagine that you actually experienced such a situation whereby your friend located abroad finds out that your computer data transfers with him/her have been snooped into by a U.S. police agency tapping into his/her computer with the help of the Clipper technology. Would you feel bothered.....0 not care.....1 think this is good.....2 8d. Imagine that you are an employee of the U.S. police agency and it is your job to wiretap communication between a U.S. citizen and foreign nationals in Hamburg, Cape Town or Sydney. feel bothered.....0 not care.....1 think this is good.....2 8e. Should the U.S. police agency be stopped? No.....0 Yes....1 8f. Should the U.S. police agency be punished? No.....0 Yes....1 Suppose you learn about two different countries. In country A, wiretaping information coming/going abroad and building data- bases on foreign nationals is quite common. In country B, wiretapping of information coming/going abroad and building a data-base on foreign nationals requires a court order from a local judge AND the country abroad. WITHOUT THE LATTER WARRANT, the Federal Commissioner for Data Protection and/or Privacy must be informed and will automatically intervene on the foreign national's behalf to protect his/her rights for privacy. 8g. Which one of these customs [if either] is bad or wrong? Both customs are wrong.....3 Country A's custom is wrong.....2 Country B's custom is wrong.....1 Neither one, both customs are okay.....0 ----------------------------------------------------------------- The questions below again ask you to state your opinions and beliefs about computer-related issues. Please remember, there are no right or wrong answers. 1.... strongly disagree 2.... disagree 3.... disagree somewhat 4.... undecided 5.... agree somewhat 6.... agree 7.... strongly agree [Please circle or put a CAPITAL X directly on the line under your response or an X over the number chosen] 9. While using computer data-bases by the government to maintain central records on the health, employment and income/tax records is appropriate, exchange/matching of such information between government data-bases is dangerous to individual privacy 1 2 3 4 5 6 7 10. I believe that wiretapping my electronic mail or data communication with a court order is appropriate 1 2 3 4 5 6 7 11. I feel that to protect my rights, after wiretapping has been concluded, I must be provided with a written statement by the judge, issuing the court order for wiretapping my electronic mail or data communications, explaining/providing reasons for doing so going beyond a simple statement, such as "for national security reasons" 1 2 3 4 5 6 7 12. Even if my e-mail number on a listserver is not concealed, I consider it private between me and the listowner; therefore I consider it an invasion of my privacy if somebody calls e- mail addresses out of mailing lists to do other mailings such as advertising 1 2 3 4 5 6 7 13. I believe that it is an invasion of my privacy if a retailer enters my phone number/e-mail address and other personal data into a data-base including my age, gender, employer, profession and income 1 2 3 4 5 6 7 14. I feel that it is an invasion of my privacy if a retailer sells my phone or e-mail number/address to a tele/computer- marketing firm without my written consent 1 2 3 4 5 6 7 ----------------------------------------------------------------- BACKGROUND [Please circle or mark one code # (e.g., _1_ or "1" or ~1~ or XXX1XXX) or enter an absolute value (e.g., # of years) or else type your answer in CAPITAL LETTERS for each question]. 15. Are you working? not currently employed.....0 part-time.....1 full-time.....2 16. What is your current occupation? __________________(please specify) 17. Are you male.....1 female.....0 18. How many years did you attend school (e.g., community college/vocational diploma = 12-14 years, undergraduate university degree = 16 years)? #______ of years 19. In which country do you currently reside? Name of Country:__________ # of years:___ 20. In which country have you spent most of your life? Name of Country:__________ # of years:___ 21. What is the present community size you live in? # of ________people in thousands (0 if less than 1000) 22, What is the size of the community you were raised in? # of __________people in thousands (0 if less than 1000) 23. Do you currently live in an apartment/flat? No____0 Yes____1 24. How did you receive this survey? e-mail from Gattiker.....0 e-mail from a friend/colleague.....1 listserver/electronic discussion list, please specify: .....2 electronic journal/newsletter, specify: .....3 other, please specify: .....4 IF YOU WISH TO RECEIVE A SUMMARY OF THE RESULTS, PLEASE mark here ___ with an X and provide your address to Urs E. Gattiker. THANK YOU FOR PROVIDING US WITH YOUR HELP, INSIGHTS, AND EXPERTISE SO FREELY AND GENEROUSLY! Priv2ver. ------------------------------ The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". People with gopher capability can access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Archives are also held at ftp.pica.army.mil [129.139.160.133]. End of Computer Privacy Digest V5 #019 ****************************** .