Date: Thu, 08 Sep 94 21:10:43 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#032 Computer Privacy Digest Thu, 08 Sep 94 Volume 5 : Issue: 032 Today's Topics: Moderator: Leonard P. Levine Access Surveillance Teaching Privacy at the University NETCOM/FBI Spying - Business as Usual Some Privacy Notes Database Marketing Anti-Clipper T-shirts Re: Ethicomp95 2nd Call Re: West Publishing - Permanent Injunction Regarding Legal Text Re: Internet White Pages Re: DSS, Now Official --------------------------------------------------------------------- Housekeeping information is located at the end of this Digest. ---------------------------------------------------------------------- From: Date: 06 Sep 1994 07:27:58 -0400 Subject: Access Surveillance Organization: Faculty of Information Studies I hope some members of the list will be able to give us assistance on this question. We would like to find examples of institutional policies relating to privacy/confidentiality issues with respect to electronic (transaction) records created by the use of building access cards which contain personal ID on their magnetic strip. This seems to be a topic which has not received much attention in the literature. We are also interested in examples of institutional policies dealing with privacy issues related to other aspects of electronic surveillance especially dealing with transaction records. If your institution has such policies, we would appreciate receiving a copy or information on how we could get a copy. PLEASE REPLY TO ME NOT THE LIST (I am not a current subscriber). Thanks, Diane Henderson Diane Henderson Faculty of Information Studies University of Toronto 140 St. George St. Toronto, Ont. Canada M5S lAl Phone (416) 978-7071 Fax (416) 978-5762 hender@fis.utoronto.ca ------------------------------ From: KAY A SCHAFER Date: 06 Sep 94 20:01:13 EDT Subject: Teaching Privacy at the University This digest has convinced me that it is very important for citizens of all nations to become more informed on privacy issues. As a college instructor I am interested in introducing a new course with a title such as "Information Gathering and Privacy in the Computer Age". Do any of the readers of this Digest know of a college which currently has such a course? In what field of study is it taught? If you are a college professor and/or specialize in the privacy area do you have ideas of possible texts for such a course? I am teaching at a university in the United States in the political science and legal studies areas. I would like to discuss specific areas of privacy rights (credit records, medical records, government documents, etc.) as well as looking at privacy as a value competing with other values in our society. I would also like to discuss how computerization makes collection of greater quantities of information, sharing of information with other agencies and remote access to information without permission (or knowledge) possible. (Like any tool, computers can be put to good, bad or neutral uses, and how we classify a particular instance of information gathering depends on the circumstances.) ------------------------------ From: glr@ripco.com (Glen Roberts) Date: 07 Sep 1994 02:52:46 GMT Subject: NETCOM/FBI Spying - Business as Usual Organization: Ripco Internet BBS, Chicago (312) 665-0065 Sneak preview from Full Disclosure #32: Some of you may be aware of the FBI subpeona for email transactions of lewiz@netcom.com. I called Netcom Communications to ask them about it. They had me talk to Kathy Thompson with a PR firm representing Netcom Communications. She wouldn't discuss the particulars of lewiz@netcom.com, and said they were "not open to talking about it." However, in general she said that it was "business as usual," and that they have an ongoing program to "track and pursue any people breaking the law using internet." The implication was this was an ongoing program between netcom and the FBI. Additionally, she indicated that it was very "common place" and likened it to monitoring telephone networks for illegal activity (court ordered wiretaps are of course extremely rare). She took back an offer for the President of Netcom to appear on Full Disclosure Live. I have no reason to believe that lewiz@netcom.com is, or has violated any laws. I believe that the FBI has a pie-in-the-sky idea that by reading his email they can track down Kevin Mitnick. (My conclusion from his postings on the net). -- Glen L. Roberts, Editor, Full Disclosure Magazine Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central) email glr@rci.ripco.com for information on The Best of Full Disclosure, four volumes to blow your mind. Voice/Fax on demand: (708) 356-9646 email for uuencoded .TIF of T-Shirt Honoring the FBI ------------------------------ From: "Prof. L. P. Levine" Date: 07 Sep 1994 14:18:59 -0500 (CDT) Subject: Some Privacy Notes Organization: University of Wisconsin-Milwaukee from RISKS-LIST: RISKS-FORUM Digest Tuesday 6 September 1994 Volume 16 : Issue 39 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Date: 05 Sep 1994 18:37:31 -0700 From: Phil Agre Subject: Some privacy notes The September issue of *Smithsonian* magazine includes a long article on "ubiquitous computing" research at Xerox, with some attention to the moral issues relating to tracking and monitoring. The 5 Sep 1994 issue of *Business Week* has a cover story on database marketing. Like most *Business Week* cover stories it's a superficial rehash of items you might have seen elsewhere. But it might be useful as a summary. Finally, here is a wonderful quotation from a much longer article by Edwin McDowell, ``The scrambling is on for off-season tourism'' (*The New York Times*, 5 Sep 1994, business section, pp. 17-18) on off-season tourism marketing: "Another reason for the growing success of off-season strategies is that "states have become a lot more sophisticated with their data bases", said James V. Cammisa Jr., a travel industry consultant in Miami. "They know where the peaks and valleys in their tourism operations are, and they know how to market the off-season effectively. "Kentucky's data base showed that only 350,000 of the 2.5 million Canadians who drove through the state last year stayed overnight. "Our research showed that 83 percent of them come from January to June, headed for Florida, South Carolina and the beaches of Alabama and Mississippi", said Robert Stewart, the Commissioner of Travel Development for Kentucky. To entice more of them, Kentucky officials will soon hold a press conference in Toronto and Canadians will be offered a card giving them discounts at hotels, restaurants and attractions along three of Kentucky's interstate highways. "Also for the first time, Kentucky is using direct mail to bolster anemic winter occupancy rates in its 15 resort parks that offer overnight accommodations year-round." (page 18) This kind of database marketing is worth thinking about in the context of rapidly advancing proposals for thoroughgoing instrumentation of cars and roads under the rubric of "intelligent vehicle-highway systems", particularly given that most of the marketing organizations mentioned in the article are in fact government agencies using commercial methods for the benefit of private businesses. Phil Agre, UCSD ------------------------------ From: "Prof. L. P. Levine" Date: 07 Sep 1994 14:20:34 -0500 (CDT) Subject: Database Marketing Organization: University of Wisconsin-Milwaukee from RISKS-LIST: RISKS-FORUM Digest Tuesday 6 September 1994 Volume 16 : Issue 39 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Date: 06 Sep 1994 13:44:22 +0800 From: stalzer@macaw.hrl.hac.com Subject: Database Marketing The cover story of the current issue of Business Week (5 Sep 1994), a conservative business magazine (sorry, Phil), is on Database Marketing. The goal of Database Marketing is to build detailed customer profiles so that a company can target advertisements to specific customers for products and services. This approach is highly successful: response rates are double digit as opposed to 2%--3% for junk mail. The data collection process starts with a customer's past purchases. Other sources include surveys, rebate requests, and warranty cards. American Express scans a customer's individual transactions to find patterns and to suggest local places that take the card. Many hospitals sell the names and addresses of families with newborns. The data is then combined with public records, such as drivers' licenses, auto registrations, and property tax rolls. Ohio sold its drivers' license and car registration lists for $375,000 to TRW. What results is a detailed profile of each customer. The computing technology used to mine a database for prospects includes parallel processing and neural networks. Neural nets are trained to look for people likely to buy a product or service given the parameters in the database, e.g., what combination of income level, investment activity, and credit-card spending is most likely to be seen among people who are in the market for mortgages? The net is applied against each profile in a process called "drilling down." This is a compute intensive operation and companies are starting to resort to parallel processing or workstation clusters. Indeed, it's estimated that a large portion of the projected growth in commercial parallel processing, from $400M today to $5B in 98, will be for database marketing applications. When asked about the privacy issues, one marketer responded that the loss of privacy is offset by the convenience to the customer of highly selective advertising. I'll forgo the commentary and simply refer the interested reader to the original source for more details and anecdotes. Mark Stalzer, mas@acm.org ------------------------------ From: normh@crl.com (Norman J Harman) Date: 08 Sep 1994 10:56:40 -0700 Subject: Anti-Clipper T-shirts Organization: CRL Dialup Internet Access (415) 705-6060 [login: guest] Information and opposition to the Clipper proposal is strong on the Internet. But it is far too unknown to the 'outside' community. Everyone concerned by this issue should inform all the people they know of its implications. One way to increase awareness and show your opinion is to wear it:). I would like to offer an anti Clipper/Skipjack T-shirt. They would be white with black printing and cost approximately $5.00 plus $2.90 shipping to US locations. That is the cost to produce one shirt. I am trying to spread awareness not make money. I need to know if people are interested in this idea and what should the shirts say? Two quick ideas are: "Skip Skipjack" or "Just Say No to Clipper" Please send comments, suggestions, and questions to normh@crl.com. If more than a few people are interested I will go ahead and have the shirts made and post how to get one. A worthy cause is better if it benefits another good cause so the shirts will be silk-screened by Zerolith, part of a non-profit organization that employs, shelters, and assists homeless youth. If you would like to talk with Zerolith or donate money directly here is how to contact them. Zerolith 3075 21st Street San Francisco, CA 94110-2626 415.641.1014 voice 415.641.1474 fax -- Norman J. Harman Jr. o o Smiley Systems normh@crl.com \__/ San Francisco, CA ------------------------------ From: Simon Rogerson Date: 08 Sep 1994 15:12:39 +0100 (BST) Subject: Re: Ethicomp95 2nd Call ---------- ETHICOMP95 ---------- An international conference on the ethical issues of using Information Technology Organised by De Montfort University, UK and Southern Connecticut State University, USA To be held at De Montfort University, Leicester, UK - 28-30 March 1995 Co-directors Simon Rogerson, Department of Information Systems, De Montfort University Terrell Ward Bynum, Director Research Center on Computing and Society, Southern Connecticut State University SECOND CALL FOR PAPERS CONFERENCE THEME ---------------- The programme of events for ETHICOMP95 provides an excellent forum for stimulating debate on fundamental issues relating to the development and use of Information Technology and Information Systems. There will be an opportunity to consider approaches based on the different cultures / countries of both conference presenters and conference delegates. The three-day conference consists of three parallel themes. Each theme will comprise a series of papers and workshops. There will be three broad themes within the conference programme ETHICAL DEVELOPMENT This is concerned with the use of development methodologies and the consideration of ethical dilemmas, user education and professionalism. ETHICAL TECHNOLOGY This is concerned with the advances in technologies and the likely ethical issues they raise as they are applied to business and societal problems. ETHICAL APPLICATION This is concerned with developing ethical strategies which allow technology to be exploited in an ethically acceptable way. SUBMISSIONS ----------- INTENTION TO SUBMIT There are two types of submissions invited; PAPERS and WORKSHOP ITEMS. An indication of an intention to submit is invited in advance of the submissions. This should provide a very brief description (for example, the working title) of the submission, which theme and whether it is a Paper or Workshop Item together with name, contact address, telephone, fax and email. PAPERS Papers should be original and not submitted to, or accepted by, any other conference or journal. Papers should be a maximum of 5000 words. Three copies should be sent in camera-ready form. WORKSHOP ITEMS These can be either a review of state of the art or position papers on current research or other activity. These submissions should be a maximum of 2000 words. Workshop items will form the basis for exchange of ideas in a participative environment. Three copies should be submitted in camera-ready form. REVIEW PROCESS AND PUBLICATION OF PRESENTED SUBMISSIONS All submissions will be blind reviewed by a referee committee. Submissions accepted for conference presentation will be published in the Conference Proceedings and provided to attending conference delegates. IMPORTANT DATES Notification of intention to submit 30 SEPTEMBER 1994 Deadline for PAPER submissions 15 NOVEMBER 1994 Notification of PAPER acceptance 15 JANUARY 1995 Deadline for WORKSHOP ITEM submissions 1 DECEMBER 1994 Notification of WORKSHOP ITEM acceptance 20 JANUARY 1995 ALL SUBMISSIONS SHOULD BE DIRECTED TO: Simon Rogerson Co-Director ETHICOMP95 Department of Information Systems De Montfort University The Gateway Leicester LE1 9BH UK Tel: +44 533 577475 Fax: +44 533 541891 Email: srog@dmu.ac.uk PLEASE SHARE THIS CALL FOR PAPERS WITH OTHER COLLEAGUES AND RELATED NETWORKS. FURTHER INFORMATION regarding registration procedures and costs will be available shortly. To receive this information please email Simon Rogerson requesting to be put on the mailing list. ------------------------------ From: rfrank@kaiwan.com (Wandervogel) Date: 06 Sep 1994 21:39:20 -0700 Subject: Re: West Publishing - Permanent Injunction Regarding Legal Text Organization: The Mushroom Factory "Prof. L. P. Levine" wrote: From: Gregory Miller JD Friday morning, Minnesota Public Radio reported that West Publishing Co. of Eagan, Minn. has obtained a permanent injunction against On Point Solutions, Inc., a CD-ROM producer. According to the sound bite by a West attorney, OPS had produced CD-ROM's from what West claimed were copyrighted materials. If the news report is accurate, those of you attempting to sway Atty Genl Reno and others in this battle over who owns public domain material (Yes, I wrote that as I intended :-) have another point to raise. I assume that everyone's familiar with *West vs. Mead* (US 1986) (pagination copyrightable). About a year ago, I heard that West was claiming copyright for those reporters for which they've been designated as the official reporter, and that the government would have to buy them back if it wanted to change providers. I vaguely recall that a federal reporter or database was in issue. I've been out of the business for several years (I just ordered West's new computer law casebook in the hope of catching up), but I'd be interested in a summary of what's happening, if anyone would care to post or mail one. Ron. ------------------------------ From: parris@sbt.tec.sc.us Date: 07 Sep 1994 15:44:20 +0000 (GMT) Subject: Re: Internet White Pages Organization: SC Board for Tech $ Comp Ed hedlund@teleport.com (M. Hedlund) Regarding getting into or out of the Internet White Pages, how (without risking including myself) might I discover whether or not I am already listed? Would a message to "delete" produce a reply telling me I was not there? ------------------------------ From: bentley@access3.digex.net (Mark Bentley) Date: 08 Sep 1994 12:55:42 GMT Subject: Re: DSS, Now Official Organization: Express Access Online Communications, Greenbelt, MD USA Shawn Leard (71370.2551@compuserve.com) wrote: DSS Dangers - Via NIST announcement as of 20 May 1994 the DSS has become official. - All federal agencies will now have to use DSS or receive a wavier. - At this point there is no "off the self" software any federal agency can purchase that uses the DSS. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I don't think this is correct. AT&T sells an el-gamal based DSS package called "Secret Agent." It's been around for some time (they bought the rights from a small Chicago-based company last year). Regards, Mark ------------------------------ The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". People with gopher capability can access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Archives are also held at ftp.pica.army.mil [129.139.160.133]. End of Computer Privacy Digest V5 #032 ****************************** .