Date: Wed, 29 Mar 95 14:45:49 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#031 Computer Privacy Digest Wed, 29 Mar 95 Volume 6 : Issue: 031 Today's Topics: Moderator: Leonard P. Levine Re: Proving your Citizenship Re: Proving your Citizenship EPIC Statement on Communications Decency Act Commerce Dept. to Recommend Relaxing Crypto Export Control Maryland Debates Online Privacy Re: Can My Neighbor Peruse my Medical Records? Re: Can My Neighbor Peruse My Medical Records? Press Release by Wisconsin Privacy Ombudsman Re: Fair Information Practices Copyright vs Freedom on the GII Nationwide Electronic Open Meeting - Call for Public Access Sites Intelligent Transport Systems Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: dale@winternet.com (Dale Borgeson) Date: 28 Mar 1995 00:28:34 GMT Subject: Re: Proving your Citizenship Organization: StarNet Communications, Inc Mara Smith (msmithn@129.174.1.13) wrote: enough to prove my citizenship at a SSN office. So I handed over my military I.D. card--I was active duty at the time. THAT wasn't good enough--the SSN office employee did not know you had to be a citizen to serve in our military and I had no luck trying to convince her. She Unless the laws have changed since I was in the Navy in the late 60's you don't need to be a US citizen to serve in the US military or be subject to the draft (when there was one). You do (did, at least) have to be a US citizen to get certain levels of security clearance. There were two non-citizens in my boot camp company: One was Danish and the other Philipino. There were thousands Philipino's in the Navy and all were non-citizens when they enlisted. Many became citizens later if their duties allowed them to meet the requirements. -- Dale Borgeson Minneapolis, MN U.S.A. dale@winternet.com ------------------------------ From: tron!ops1.bwi.wec.com!cas@uunet.uu.net (Bob Casanova) Date: 28 Mar 1995 18:21:18 GMT Subject: Re: Proving your Citizenship Organization: Westinghouse John Stanley wrote: There are millions of Americans who cannot prove US citizenship. They were born in Canada, Mexico, Chile, Brazil ... In fact, any {North|South} American country that wasn't the USA. msmithn@129.174.1.13 (Mara Smith) writes: It doesn't even take being born in a foreign country; all it takes is a little ignorance. I was born in Puerto Rico, a U.S. commonwealth whose citizens are U.S citizens, to U.S. citizen parents who were in the U.S. military assigned at a U.S. military base in Puerto Rico. That wasn't good enough to prove my citizenship at a SSN office. So I handed over my military I.D. card--I was active duty at the time. THAT wasn't good enough--the SSN office employee did not know you had to be a citizen to serve in our military Unless this has changed since the early 60's, this is incorrect. There were two Canadians in my platoon at Parris Island in late 1963. -- Bob C. <<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>> <<< Good, fast, cheap! (Pick 2) >>> <<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>> What the net needs is a good bus arbiter ------------------------------ From: Monty Solomon Date: 27 Mar 1995 22:15:03 -0500 Subject: EPIC Statement on Communications Decency Act Taken from EPIC Alert Volume 2.05 March 26, 1995 by the Electronic Privacy Information Center (EPIC) Washington, DC info@epic.org EPIC STATEMENT ON COMMUNICATIONS DECENCY ACT March 24, 1995 The Electronic Privacy Information Center opposes the Communications Decency Act as adopted by the Senate Commerce Committee on March 24, 1995. We believe that the bill is an unconstitutional restriction on free expression, personal privacy, and intellectual freedom. EPIC has urged Senator Exon and his staff to explore all non-legislative solutions before further action on this bill. Comprehensive hearings are still necessary. We recognize that there is a genuine concern about the type of materials that are available to children via the Internet. EPIC also believes that a thoughtful, long-term solution to this problem will require the participation of parents and schools, and the development of good technical and educational measures. We do not believe that the contents of private communication or the expression of public opinion should be regulated by the government The National Center for Missing and Exploited Children has produced a fine publication for parents and others who are concerned about these issues. This brochure, "Child Safety on the Information Highway," was written by Lawrence J. Magid, a syndicated columnist for the Los Angeles Times. Mr. Magid encourages parents to take an active interest in the on-line activities of their children, and opposes passage of the Communications Decency Act. For a copy of the brochure, contact The National Center for Missing & Exploited Children 2101 Wilson Blvd, Suite 550, Arlington, VA 22201-3052 or call 1-800-The-LOST (1-800-843-5678). EPIC will continue to oppose the Communications Decency Act. We urge others to do the same. ------------------------------ From: Monty Solomon Date: 27 Mar 1995 22:15:03 -0500 Subject: Commerce Dept. to Recommend Relaxing Crypto Export Control Taken from EPIC Alert Volume 2.05 March 26, 1995 by the Electronic Privacy Information Center (EPIC) Washington, DC info@epic.org The Bureau of National Affairs reports that the Department of Commerce will recommend that the United States relax export controls on cryptography. The recommendations will be presented to the President in early July. The National Security Agency is expected to release a report on the availability of foreign encryption software which will be presented to the President at the same time. The Commerce Department has also filed a request with the Office of Management and Budget to collect information on the damage to US businesses resulting from current export controls. The Software Publishers Association, in a December survey of encryption software currently available, identified 407 foreign encryption products, 120 of which used the Data Encryption Standard (DES). The SPA found 480 domestic encryption products. ------------------------------ From: Monty Solomon Date: 27 Mar 1995 22:15:03 -0500 Subject: Maryland Debates Online Privacy Taken from EPIC Alert Volume 2.05 March 26, 1995 by the Electronic Privacy Information Center (EPIC) Washington, DC info@epic.org On March 11, the Maryland House of Delegates held landmark hearings on online privacy. The hearing marked the first time that a state legislature had taken up the issue of privacy on the NII. The bill, SB 524, was prompted by revelations last year that America Online and other service providers were selling information about their customers to direct marketers. In the case of AOL, the users were not informed until after newspapers reported that advertisements for AOL member profiles appeared in a direct marketing magazine. The legislation requires that an "online computer service may not disclose personal information concerning a subscriber to any other person unless the subscriber ...has received notice ... and consented to the disclosure." The consent can be in electronic or written form. Online providers are also required to tell customers up front what information is being collected, how it is being used, and how customers can access their records. Dave Banisar from EPIC testified on behalf of the bill. He argued that the bill was a modest attempt to protect individual privacy. He noted that the provisions of the act were already incorporated in the 1980 OECD guidelines on privacy which was endorsed by many US companies in the early 1980's and the Code of Fair Information Practices, first developed in 1973. Opposing the bill were representatives from AOL, AT&T, Sprint, MCI and the Direct Marketing Association. The online providers argued that legislation should be placed on hold until national legislation is enacted, which is highly unlikely this term in Congress. The DMA strongly opposed the bill. Bell Atlantic, said that they may support the bill if it were revised to require an opt out. The sponsors of the bill indicated that they were agreeable to the change. The bill was sent to a committee for review over the summer break. It is expected to be reintroduced again next session. ------------------------------ From: robert.heuman@rose.com (robert heuman) Date: 28 Mar 95 12:06 EST Subject: Re: Can My Neighbor Peruse my Medical Records? Organization: Rose Media Inc, Toronto, Ontario. From: Maryjo Bruce There is an article - "Is your health history anyone's business" in McCalls magazine. David Linowes, who chaired the U.S. Pravacy Protection Commission under presidents Ford and Carter and wrote PRIVACY IN AMERICA; IS YOUR PRIVATE LIFE IN THE PUBLIC EYE? "conducted a survey of Fortune 500 companies and found that half of them had used medical records to make hiring decisions, often without informing the potential employee." Reason: cost of health care. "Linowes expects that a follow up survey this year will reveal that even more companies now engage in the practice." Move to Canada, where no one has to worry about company medical plans... so this type of action is NOT required. -- RoseReader 2.52 P001886 Entered at [ROSE] RoseMail 2.60 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285 ------------------------------ From: cm5585@scitsc.wlv.ac.uk (J.Tench) Date: 29 Mar 1995 17:00:01 +0100 Subject: Re: Can My Neighbor Peruse My Medical Records? Organization: University of Wolverhampton, U.K. This bring to mind a television program sometime ago over here, where they hired several private detective agencies to obtain private information on certain individuals, including financial and medical histories. The PI's were surprisingly effective in obtaining very accurate personal information. Including a celebrity who had had her daughter treated privately and under a different name, they were able to identify where the daughter had been treated and what she was treated for. It is surprisingly easy to get all kinds of private information on individuals, quite scary really and I don't suppose it's much different over the pond. -- ~)~. ~)~ _ _ |_ || || ||\ || || || \\ // (_/ / /') / (' / ) (_ | ) || || ||\\|| || || )X( Wolverhampton Polyversity ||__| || || \|| \\_// // \\ E_MAIL cm5585@scitsc.wlv.ac.uk UNIX++ ------------------------------ From: "Prof. L. P. Levine" Date: 28 Mar 1995 13:19:51 -0600 (CST) Subject: Press Release by Wisconsin Privacy Ombudsman Organization: University of Wisconsin-Milwaukee FOR IMMEDIATE RELEASE March 1995 Contact: Carole Doeppers Office of the Privacy Advocate 148 East Wilson St., Suite 102 Madison, WI 53702-0001 (608) 261-6261 The state Privacy Advocate, whose job is threatened by the governor's proposed budget, Monday called for the development of a State Information Policy. The Office of the Privacy Advocate, which officially opened just 11 months ago, was created in response to concerns raised by rapidly emerging electronic and telecommunications technologies. The Privacy Advocate functions under the direction of the Wisconsin Privacy Council, one of the handful of agencies that would be eliminated under the governor's proposed biennial budget. According to Carole Doeppers, the nation's first Privacy Advocate, the impact of technology on personal and data privacy needs to be considered by both government and private businesses that use public information. "If technology is to be utilized to improve efficiency, streamline record-keeping, track benefit recipients, cut costs and root out fraud, then standards of fair information practices must be developed and followed," she said. With the impending termination of her office at hand, the Privacy Advocate is approaching her mission with an intensified sense of immediacy. "I have much to say and not a lot of time to say it," Carole Doeppers said. Doeppers believes that new concerns about data protection and information privacy result from the ease and speed with which disparate bits of personal information can be merged, mixed, manipulated and linked to other information systems. She cited the more than 1,000 databases containing personal descriptors that are maintained by state agencies as one area of concern for citizens. "While the databases of the state government are not secret," Doeppers said, "I am certain that the average citizen is unaware of the vast amounts of personal information in state and local government records that are being stored and shared." The Registry of Records Series, published by the state Records and Forms Board, identifies and describes records maintained by state agencies that contain personal information. A quick glimpse at the Registry reveals that records include: demographic data, legal documents, employee grievances cases, performance standards and letters of recommendation. "There are public records identifying absentee voters, hunters, pesticide users, and disabled license plate holders to name but a few," said Doeppers. "The information contained in these public records must be released upon request even if the data is reused for private commercial gain." She also expressed concern for the privacy of medical information. Although Wisconsin has strong confidentiality protections for medical records, "there seem to be gaps in the legal protection," Doeppers said, "especially when medical information is re-released or transmitted outside the state." She referred to the Principles For Fair Information Practices which were approved by the Privacy Council last November. The standards range from allowing individuals to access and correct their own personal information to requiring disclosure when personal information collected for one reason is then used for some secondary purpose. Doeppers said that the standards should encourage state and local agencies to formulate and enforce policies that preserve the integrity and privacy of identifiable personal information about private citizens. "Hopefully the Principles For Fair Information Practices will help to guide the development of a State Information Policy that balances the Wisconsin tradition of openness and accountability with reasonable expectations of personal and information privacy, " said Doeppers. ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 29 Mar 1995 05:35:47 GMT Subject: Re: Fair Information Practices Organization: The National Capital FreeNet A Code of Fair Information Practices Prepared by Robert Gellman, Washington, D.C. --------------------------------------------------------- snip This formulation of a code of fair information practices is derived from several sources, including codes developed by the Department of Health, Education, and Welfare (1975); Organization for Economic Cooperation and Development (1981); and Council of Europe (1981). A reference to any code of fair information practices is always useful, particularly because there are so many people who think that privacy of databanks only became an issue yesterday, or that it involves computers in some essential way. I'm interested in your reference to a 1975 DHEW code. Can you post the name of the dcocument and it's DHEW publication number? I first read the term "Code of Fair Information Practices" in the "President's Letter" section of the April 1995 issue of "Communications of the ACM". The next month's issue published a statement that the ACM Council had endorsed an affirmation of support for the Code of Fair Information Practices. That particular Code seems to be the one first mentioned in "Records Computers and the rights of citizens" Report of the Secretary's Advisory Committee on Automated Personal Data Systems, U. S. Department of Health, Education and Welfare, July 1973, DHEW Publication No. (OS) 73-97. I believe that the report was reprinted the following year by MIT Press. The committee was chaired by ACM member Willis Ware. Privacy Journal has described this report as a seminal document which formed the basis for the US Federal Privacy Act and much state privacy law in the US. The section in the report about the history of the U.S. Census should serve as a good antidote to anyone who thinks that privacy is an issue that only emerged recently. It contains a quote from the 1850 Census marshall about privacy violations involving 1840 census data and of the opposition from citizens to the expanded questioning related to economic data in the 1840 Census. ------------------------------ From: mkj@world.std.com (Mahatma Kane-Jeeves) Date: 29 Mar 1995 12:47:39 GMT Subject: Copyright vs Freedom on the GII Organization: The World Public Access UNIX, Brookline, MA -----BEGIN PGP SIGNED MESSAGE----- In the coming age of the Global Information Infrastructure (GII), the interests of major intellectual property holders appear to be in direct conflict with the interests of the average individual. I see major threats to intellectual freedom and civil liberties arising from the world's copyright-based information industries. It is fundamental to the nature of informational networking to eliminate informational scarcity within its scope. This is one of the most predictable effects which a network is bound to have in any informational "ecology". It is also the chief benefit; if you frustrate this effect, there's usually not much point left in having a network at all. Copyright, on the other hand, may be described as a strategy of deliberate economic scarcity. The practicality of copyright has depended largely on a presumption that copying and distribution are in themselves valuable services, likely to take the form of identifiable ventures for profit. Today, with the advent of various technologies which facilitate cheap and easy copying and distribution of information, copyright is becoming an increasingly artificial and difficult strategy. The U.S. Copyright Act itself recognizes the impracticality of protecting intangibles; songs and stories passed by word of mouth were never intended to qualify for protection, and with the advent of the Internet and other precursors of the GII, the notion of "word of mouth" is taking on a vastly expanded meaning. It seems to me that copyright and networking are in opposition at their very roots, and I fear that ill-conceived efforts to reconcile copyright with the GII will undermine our most important freedoms. Let's bear in mind that neither copyright nor informational networking are ends in themselves. The value of each of these strategies resides primarily in the contribution it makes to the quantity and quality of information available throughout a society. Which strategy makes a more valuable contribution? Is our society better served by copyright, which encourages the creation of valuable informational products? Or by public and private libraries, sales of used materials, sharing among friends, casual xeroxing of articles for distribution or personal archives, and the freedom to read newspapers aloud around the water cooler? If we have to choose just one of these information strategies for the future, which one should we preserve? Up to now, we've enjoyed the luxury of having it both ways: An adequate informal separation between casual use and commercially significant piracy has been maintained by the physical difficulties which still exist in copying and distributing large quantities of verbatim information (although this informal separation does not always conform to the letter of the law). But the separation is rapidly breaking down, and in the world of the GII, it is unlikely that this traditional de-facto compromise will work. The U.S. has already taken a strong position that copyright must be defended on the GII -- a position so strong in fact that, even if we wanted to, we as a nation couldn't back down now; we've pressured too many other nations into line! But how, in practical terms, can copyright be enforced on the GII? That is a scary question. Every Cypherpunk knows that if privacy and free speech are protected, copyright will soon be deader than Elvis! Copyright-based businesses are fighting for their lives. Their survival now depends on the willingness and ability of governments to exert enormous control over civilian communications. And with such huge financial interests at stake, individual rights are likely to take a beating. (This process, by the way, is already well underway in the U.S. The recent recommendations of the President's Information Infrastructure Task Force's Intellectual Property Working Group have created controversy and concern in the academic community; Wayne State University Law Professor Jessica Litman, for instance, has characterized the report as a threat to a citizen's "right to read"! See documents available at iitf.doc.gov for more information.) Then comes the really scary part. As society moves more and more of its informational activities onto the GII, the lines which now separate copyrightable properties from everyday "general knowledge" and "word of mouth" will begin to blur. (This process, too, is already underway; it has even been seriously suggested in U.S. government policy hearings that the National Information Infrastructure should be re-named "The Intellectual Properties Network", in order to better reflect its "true" nature and purpose as some in Washington see it.) Before long, large areas of speech and knowledge will be subsumed within the arena of private property, and freedoms of thought and self-education will decline. The GII is the technological leap which makes such new property rights possible; in fact, it may make them inevitable, since the vast economic expansions which such new rights would represent may be a temptation too enormous for any nation to resist. Moreover, the GII creates for the first time a practical power to enforce such rights, by providing an opportunity for cheap automated surveillance of most public informational activities. (Listing some of the other powers which such an instrumentality would create for governments is left as an exercise for the reader.) Within a generation or two, the notion of intellectual freedom -- defined as the freedom to learn and know and teach important things, and to use that knowledge, without having to pay anyone for a legal right to do so -- may seem as archaic to the average person as the freedom to live nomadically off the land (a seemingly inalienable God-given right from the dawn of time through the early 20th century A.D.) seems to most of us today. --- mkj March 27, 1995 (THE AUTHOR OF THIS ARTICLE HEREBY GRANTS PERMISSION for anyone to copy and redistribute the article without restriction, provided only that the article and its original PGP signature are kept intact, whole and unmodified.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBL3iRjF11Wd4tm8clAQGoUAP+MMYnLhc6etgq0MdTLaV3i0BruU2RyIKh I+vb4PA8/3E1ysoamDNhtTyzrOa1f2QKtB0HC6JAGwAotI994fJodJ5E8rlUZOJZ TpBJU2cF8gttVADe3Tfc0pKi3k6NkXQY7vMRnW5/cL2BOsEYn7EzEV7Sb3jn0/vO bIH4ibCmV/o= =fXBC -----END PGP SIGNATURE----- ------------------------------ From: "Lewis W. Olenick" Date: 29 Mar 1995 13:19:32 -0500 (EST) Subject: Nationwide Electronic Open Meeting - Call for Public Access Sites >From the EXECUTIVE OFFICE OF THE PRESIDENT, OFFICE OF MANAGEMENT AND BUDGET Please repost as appropriate. PEOPLE AND THEIR GOVERNMENTS IN THE INFORMATION AGE NATIONAL ELECTRONIC OPEN MEETING May 1-14, 1995 CALL FOR PUBLIC ACCESS SITES BACKGROUND: In recognition of the growing importance of information technology as a means for communication and participation in democratic government, the Office of Management and Budget (OMB), the National Telecommunications and Information Administration (NTIA), the National Technical Information Service's (NTIS) FedWorld, and the National Performance Review (NPR) will be sponsoring an electronic open meeting entitled "People and Their Governments in the Information Age," from Monday, May 1 to Sunday, May 14, 1995. The US Government Printing Office (GPO) will assist by providing telephone registration for Public Access Sites and preconference information. The meeting will seek to garner public opinion on the use of information technology by Federal, State, Tribal and local governments. The electronic open meeting will encourage public discussion about the respective roles of the Federal government, State, Tribal, and local governments, industry, the public interest and library communities, academia, and the general citizenry in creating an electronic government. One of the fundamental tenets of the Clinton Administration is that government information is a public asset and valuable national resource. This open meeting is an extension of earlier efforts, such as the Government Information Locator Service (GILS) initiative, to establish a framework for governments' roles and activities in the information age. In early April, OMB will publish a "Notice of Inquiry" in the Federal Register setting forth the five topics mentioned below, referencing key reports and other documents, and seeking comment. Along with the traditional method of mailing in responses to a "Notice of Inquiry," the open meeting will be conducted through our nation's electronic networks including: the World Wide Web, newsgroups, e-mail listservs (mailing lists), commercial on-line providers, Public Access Sites, and dial-up bulletin board connections. HOW THE CONFERENCE WILL BE CONDUCTED: FedWorld will create five e-mail discussion groups. The five discussion groups will also be accessible through five corresponding Internet newsgroups, the World Wide Web, and dial-up bulletin board connection. Each discussion group will be devoted to a specific topic relating to "People and their Governments in the Information Age." Each topic will be hosted by one or more experts, who will provide an introductory statement to initiate the discussion and who will also take part in the discussion. Attendees will participate in the conference by replying to the hosts' introductory statements, posting statements or comments, and by replying to the statements and comments of other attendees. We are seeking the broadest possible level of participation emphasizing input from a wide spectrum of Americans. The open meeting will focus on five topics: Services -- from emergency help and health care to business licenses. Benefits -- from social security and food stamps to small business grants. Information -- from declassified secrets and travel aids to satellite weather maps. Participatory Democracy -- ensuring everyone's chance to be heard in a democracy. Technology -- how the technical portion of electronic government will work. NEED FOR PUBLIC ACCESS SITES: A primary goal of the meeting is to enable as many Americans as possible to participate in the dialogue. This includes people who do not have a computer with a modem, or access to the Internet. In order to ensure participation by the "unconnected," public and private organizations are needed to volunteer as "Public Access Sites." The following criteria will apply to institutions interested in serving as a Public Access Site: * Willingness and ability to make computer facilities available, free-of-charge, to the general public on a full- or part-time basis throughout the two-week meeting, and to provide logistical and technical support to the public. * Ability to access Internet e-mail, newsgroups, or the World Wide Web. Public Access Sites should not use Telnet to access the FedWorld bulletin board. Because the number of access ports at FedWorld is finite, FedWorld prefers to reserve dial-in and Telnet capacity for individuals who seek to use the FedWorld BBS as their primary means of participating. * Willingness and ability to publicize your institution's participation as a Public Access Site to the local media and community, and answer local public and press questions about participation. * Willingness to be listed in a national directory of Public Access Sites that will be made available to the public and press, before and during the meeting. If your institution would like to serve as a Public Access Site, please do one of the following: Point your World Wide Web browser to: http://meeting.fedworld.gov Or, send a blank e-mail message to: pas-info@meeting.fedworld.gov In response to your e-mail, you will receive an automated response detailing how to register as a Public Access Site. If you do not presently have e-mail, newsgroup, or World Wide Web capability but plan on having such capability by the time of the meeting, you may register as a Public Access Site or receive general end user information by calling the GPO Access User Support Team at (202) 512-1530. If you would like more information about the content and format of the meeting, please send a blank e-mail message to info@meeting.fedworld.gov. You will receive an automated response providing additional detail for the electronic open meeting. Thank you for your interest in making this meeting more accessible to the public! ------------------------------ From: "Prof. L. P. Levine" Date: 28 Mar 1995 14:02:58 -0600 (CST) Subject: Intelligent Transport Systems Organization: University of Wisconsin-Milwaukee Privacy Issues in Intelligent Transportation Systems [Taken from http://weber.ucsd.edu/~pagre/its-issues.html by L. P. Levine, CPD moderator] Intelligent Transportation Systems (ITS) is a very large program organized by industry and government to apply computer and communications technologies to transportation. If ITS lives up to its proponents' hopes then it will eventually affect virtually everybody. Particular ITS systems are already implemented in many American states and other countries, including numerous systems for automatic toll-collection. Architectures, standards, and regulatory frameworks for US national ITS systems are being formulated through a long, complex private-public partnership process that is already well under way. Although ITS promises to bring many benefits, if implemented incorrectly it can also pose a grave threat to personal privacy by making extensive information on individuals' travels available to governments, marketing organizations, and others. The industry group ITS America recently issued a "draft final" version of the " Intelligent Transportation Systems Fair Information and Privacy Principles". This draft is open for public comment right now, and I encourage you to read it and submit comments on it to ITS America's general counsel: D. Craig Roberts ITS America 400 Virginia Avenue SW, Suite 800 Washington DC 20024-2730 ITS America works very closely with the United States Department of Transportation (DOT). DOT recently completed a set of public hearings on the DOT/ITS America national architecture plan. I highly recommend that you read a report on this plan, issued in November 1994, that can be obtained from: Mr. George Beronio Federal Highway Administration HTV-10 Room 3400 US Department of Transportation 400 7th St SW Washington DC 20590 For Jerry Werner's helpful ITS Online, click here. For a directory of other Web resources on transportation issues, click here. The remainder of this page includes some issues to think about in reading the ITS America draft privacy principles. For a broader account of the issues, you can click here for my comments on the subject for the CFP'95 conference. I am circulating the draft ITS privacy principles on my own initiative and not as a representative of ITS America or any other organization. The comments that follow reflect my own views. Here are some issues to consider: What will prevent states from giving local police broad powers to use ITS information for law enforcement purposes? Do the democratic processes in state legislatures provide enough protection, or should the architecture for ITS systems resist abuse through anonymity and other measures? What does "ambushed" mean, and what if anything does "reasonable expectation" mean in practice? Is an opt-out system sufficient to prevent abuse of ITS information by marketers? Do opt-out systems work well enough in other areas, such as secondary uses of personal mailing addresses and associated demographic information? What specific guidelines might be required to ensure that the opt-out is "user friendly" enough? Would an opt-in system be preferable? Such a system would set the default differently, so that your personal ITS information would not be available to marketing organizations without your express consent. Should ITS systems collect individually identifiable information at all? That is, should the architecture be designed so that databases end up containing personal travel information that is indexed in some form that can be merged with personal information from other sources? Or should the system be entirely anonymous? To what lengths should ITS implementers be required to go in order to provide drivers with the option of using ITS anonymously? How easy should it be to pay with cash -- or with digital cash? Should ITS privacy guidelines have the force of law? Which ones? What would these laws be like, what level of government would be responsible for them, and how would they be enforced? If the guidelines do not have the force of law, what guarantee is there that ITS implementers will follow them in a substantive way? Who should be liable when ITS information is employed to violate an individual's privacy? ITS developers? States? Both? What statutory framework is required to ensure that violated individuals can pursue and receive adequate legal remedies? How is the adequacy of ITS privacy safeguards to be determined? Who will make this determination? Will there be an ongoing evaluation? By whom? Is it practical to specify privacy guidelines without detailed reference to the ITS system architecture? How could the guidelines specify relevant aspects of the architecture more precisely without sacrificing adaptability to a wide range of settings? Are restrictions on the architecture required to ensure privacy, or does it suffice to formulate guidelines like these independently of the development of the architecture? Should ITS development be permitted to proceed before privacy requirements are adequately defined, widely discussed, and broadly approved? Have these requirements been adequately articulated thus far in the process? Are the guidelines clear enough? Are any passages vague or ambiguous? Does the Freedom of Information Act really require a balance between privacy and right to know? Or does privacy take priority? Does the requirement for "visibility" (also known as "transparency") need to be defined more precisely? What guidelines might be needed to ensure that information about ITS data flows are available to the general public in a useful form? Is it alright to permit non-ITS organizations to make unlimited use of ITS information that does not identify individuals? Can we envision any types of non-individualized information whose use the public has an interest in regulating? In the paragraph on secondary uses, is the expression "information absent personal identifiers" restrictive enough? What about information without personal identifiers but with identifiers for particular automobiles? What about information with identifiers for particular "smart cards" or bank account numbers? Might there be other types of information that permit individual identities to be readily reconstructed through merger with other sources? The word "appropriate" appears four times. Does this notion need to be spelled out more specifically? Can this be done without introducing excessive inflexibility? How? Who should have an opportunity to comment on these guidelines? Should the comments be publicly available? How? Is it reasonable that these guidelines are being developed by a private organization rather than by the government? What initiatives, if any, should the government be taking to ensure privacy protection in this area? You are obviously free to draw your own conclusions about these matters and others I might not have mentioned. In any event, once again, I encourage you to communicate your views and to help make the issues known to the broad public that they affect. Phil Agre pagre@ucsd.edu http://communication.ucsd.edu/pagre/agre.html The ITS America Fifth Annual Meeting and Exposition will be held in Washington on 15-17 March 1995 at the Sheraton-Washington Hotel. ITS America technical committees will be meeting at this conference, and these meetings will be open to all conference attendees. These committees are important because, once technical standards are set, it will be difficult if not impossible to change ITS in any fundamental way because actual systems will begin proliferating that depend on the standards, thereby creating a large and well-organized interest group. The address for conference registration is: Registrar, ITS America, (same street address as above), phone (202) 484-4847 fax (202) 484-3483. Phil Agre ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #031 ****************************** .