Date: Mon, 17 Jul 95 08:47:42 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#004 Computer Privacy Digest Mon, 17 Jul 95 Volume 7 : Issue: 004 Today's Topics: Moderator: Leonard P. Levine Re: Exon Coats Amendment Social Security Number Abuse by Employer Microsoft and Privacy Internet China-Style Privacy on Real Highways Re: Legal Bytes 3.01 NCSA's Third Intl Conference on Information Warfare Announcing the CPSR Newsletter [long] Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: rmaher@unlinfo.unl.edu (Rob Maher) Date: 12 Jul 1995 13:45:44 GMT Subject: Re: Exon Coats Amendment Organization: University of Nebraska--Lincoln Michael Chastain (49erfan@nmia.com) wrote: P.S. Maybe we could just get rid of Nebraska entirely. ;) Your smiley and wink are understood, but let there be no misunderstanding that the actions of Senator Exon (who will not run for re-election next year, BTW) are causing great consternation on the part of many people in this state. Pete Domenici of New Mexico voted FOR the bill, too, so there is enough blame to go around, my friend. In my contacts with Senator Exon's aides it is clear that they view the CDA as simply extending the existing rules regarding telephone civility and "crank calls" to the larger realm of electronic communication. The alarming definitional, constitutional, and enforcement flaws are dismissed as unimportant "since we already have the language in the existing Communications Act of 1929, and we are merely extending it to the internet." I wish I had a bucket of cold water to throw on them. -- Dr. Rob Maher Univ. of Nebraska-Lincoln Voice: +1 402 472 2081 209N WSEC 0511 Electrical Engineering Fax: +1 402 472 4732 Lincoln NE 68588-0511 rmaher@unl.edu http://www.engr.unl.edu/ee/ ------------------------------ From: mccurley@cs.sandia.gov (Kevin S. McCurley) Date: 12 Jul 1995 18:11:58 -0600 Subject: Social Security Number Abuse by Employer Organization: Sandia National Laboratories, Albuquerque, NM Can anyone supply me with information about how major corporations treat the social security number of their employees? My employer DOES NOT treat the SSN as private information, and has adopted policies that require me to divulge it to all sorts of people that are not contracturally bound to protect it's privacy. I realize that there are many avenues for people to get ahold of my number, but must I feel that there is no reason whatsoever for my employer to be the most obvious offender, particularly when I have an employee ID number. In order to change this policy, I can think of only three things: 1. the Social Security Administration recommends that individuals protect their numbers. 2. my employer is a government contractor, so may be bound to follow government guidelines (but they are NOT bound by the privacy act). 3. if other major corporations are adopting policies that treat the number as private, then I can use this as evidence. Can anyone provide me with ammunition? -- Kevin McCurley Sandia National Laboratories [moderator: There is a regular posting of a FAQ on SocSocNo shown here, it can be copied from our archive. See instructions below. ------------------------------ From: "Prof. L. P. Levine" Date: 14 Jul 1995 08:30:31 -0500 (CDT) Subject: Microsoft and Privacy Organization: University of Wisconsin-Milwaukee Date: 13 Jul 1995 11:35:43 -0700 From: CWHITCOM@bentley.edu Subject: Telecom Post #8 Taken from Telecom Post, Free Speech Media, LLC July 11, 1995 Number 8 Compiled, written, and edited by Coralee Whitcomb Please direct comments and inquiries to cwhitcom@bentley.edu [this is one item of that report that deals with privacy. moderator] MICROSOFT AND WINDOWS '95 The National Consumers League reports on some very scary facts regarding Windows '95. The Microsoft Network will be bundled with the operating system. When a new owner boots up they will be invited to register on the network. If they don't, they will be faced with the same invitation every time they boot up - it cannot be dismantled. While the MSN icon will continue to appear on the desktop regardless of whether it is active, icons from other providers will be buried four layers down forcing you to search for your provider of choice. A "registration mole" is built in that can inventory your hard drive of all its .exe files and keep Microsoft updated along with your registration info as to what you use on your system. ------------------------------ From: "Prof. L. P. Levine" Date: 14 Jul 1995 09:46:49 -0500 (CDT) Subject: Internet China-Style Organization: University of Wisconsin-Milwaukee Taken from CPSR-GLOBAL Digest 196 From: marsha-w@uiuc.edu (Marsha Woodbury) Date: 12 Jul 1995 10:07:09 -0600 Subject: (@) INTERNET CHINA-STYLE From: Al Whaley Subject: Edupage 7/11/95 (fwd) INTERNET CHINA-STYLE: NO SEX, POLITICS OR TALK The CEO of the Hong Kong-based China Internet Corporation (CIC), a subsidiary of the official Chinese news agency Xinhua, says: "Everybody knows the Internet has a lot of information. For now, most of it is not really related to business. It is cultural and academic discussion groups, pornography and politics. By eliminating these things not related to business we make better use of resources at lower cost." (Financial Times 7/10/95 p.9) Only business. Damn, wish I'd thought of that. ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 14 Jul 95 12:32:04 EDT Subject: Privacy on Real Highways Taken from the United Press Intl news wire via CompuServe's Executive News Service: UPn 95.07.13 18:07 Future highways may raise privacy issue COLUMBUS, Ohio, July 13 (UPI) -- Computer-based highway control systems of the future will be able to identify and track individual cars across the nation but such systems raise thorny privacy issues, an Ohio State University professor said Thursday. Proponents of the Intelligent Transportation System now under federal development say it will improve traffic safety, reduce congestion and save energy. But OSU Law Professor Sheldon W. Halpern says current federal law is ill-equipped to deal with the privacy issues raised by the new technology. Key points from the article: o Satellites + on-board computers would communicate constantly. o Give drivers warning of traffic conditions, send emergency signals. o Automatic charges for tolls. o Provide emergency intervention if accident imminent. o Privacy issues: Halpern concerned about "collection and storage of information about drivers -- specifically the possibility of the collection and storage of information for use by the government or by private businesses to build individual profiles." o One solution is to ensure that no individual data are collected and stored by the system at all: "We won't have to worry about the dissemination of information about drivers if we don't collect and store the information in the first place," said Halpern. M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA) ------------------------------ From: wrf@ecse.rpi.edu (Wm. Randolph U Franklin) Date: 15 Jul 1995 00:22:37 GMT Subject: Re: Legal Bytes 3.01 Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA "Prof. L. P. Levine" writes: This type of interaction before the sale makes the transaction appear far less one-sided. While take-it-or-leave-it terms might still be criticized as "adhesion contracts," the unique give-and- take that's possible on-line removes much of the inequitable sting that "surprise" shrink-wrap license terms leave on many observers. This must be a new use for the term "give-and-take", which I had thought meant a negotiation between two sides, both willing to compromise. In these online things, my impression was that a computer was checking for the appropriate answers, and not letting you on otherwise. A parking lot could do the same by putting a sign outside saying, "Do not take a ticket and enter this lot unless you agree not to sue us even for gross negligence". What's the difference, except that the parking lot can't get away with it? The more serious point is that these contracts can be really one-sided. For example, the Britannica online encyclopedia contract says that I'm responsible for all use of my password, w/o even any allowance for use after a reported theft. As a practical matter, it seems unlikely that North Carolina officials would try to prosecute the State of Texas, for example, if Texas set up a Web site to advertise its lottery that of course could be accessed from North Carolina. What about the San Francisco X-rated-BB owners who were convicted in Mississippi, and are now in jail? The prosecutor deliberately went looking for a hostile jurisdiction and then accessed the BB from there. -- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 14 Jul 95 10:22:57 EDT Subject: NCSA's Third Intl Conference on Information Warfare Colleagues: Up-to-date information about the IW3 conference is now available from an automated response system on the new NCSA server. For a complete program by e-mail, send a message to infowar@ncsa.com The mailbot disregards subject line and text content. Best wishes, M.E.Kabay,Ph.D. / Dir. Education, Natl Computer Security Assn (Carlisle, PA) ------------------------------ From: marsha-w@uiuc.edu (Marsha Woodbury) Date: 12 Jul 1995 21:00:49 -0700 Subject: Announcing the CPSR Newsletter [long] Announcing the Latest Edition of the CPSR Newsletter, devoted to Freedom of Information. To learn more about joining CPSR or obtaining this issue, email to cpsr@cpsr.org or check the Web, at http://www.cpsr.org/dox/home.html ****Computers, Government, and Access to Electronic Records**** Guest Editor: Marsha Woodbury, Director at Large, CPSR Excerpts from the introduction: The articles in this issue should update your knowledge of what freedom of information laws are, how these laws treat electronic records, and what we, as computer professionals and concerned citizens, should know about our responsibilities for creating, maintaining, and using databases. Our purpose herein is to discuss how computers and digitized records will change your access to government data. In order to focus on the topic, I left the issues of copyright, maintaining the integrity and authenticity of records, and protecting personal privacy for future editors to cover. One piece of advice: always try to obtain information without resort to the law. Once you make a formal request, the government officials can find many reasons for not filling it, and you may wait for years. You can catch more bytes with honey than with vinegar, as it were. Freedom of Information... Freedom of information, or "the right to know," is an emotional issue. The concept's undergirding philosophy recognizes that the public, as "the people" with a common interest in the common good, has "the right to know." In contrast, a totalitarian government doesn't even go through the motions of openness. Those who believe in the right to know hold that an informed public is a safeguard against governmental abuse of power; yet, no matter how open a government aspires to be, it can hardly avoid reining in access to and release of information, in order to govern. .... The articles should broaden our knowledge of what has been happening to federal, state, and local FOIAs as records are increasingly stored in electronic form. The first article, by the Reporters Committee for Freedom of the Press, defines many of the issues and offers guidance about how to prepare a FOIA request. Next, David Morrisey, a professor in Colorado, writes about the lack of government preparation for electronic access. In the subsequent article, Eileen Gannon describes how the Environmental Working Group acquires and translates data in order to provide information to the public. Archivists have many legitimate concerns about how the government stores its records electronically. The Society of American Archivists has written a position statement on archival issues to guide your planning. This statement is followed by the concerns of James Love, who fills us in on public and private networks in regard to the status of public records and open meetings under FOIA. David Sobel has contributed an update on the CPSR and EPIC lawsuits, some of which concern FOIA issues. Joel Campbell gives some tips for starting a state freedom of information organi-zation. Dave Gowen relates his own experience in acquiring electronic data. Finally, we include a list of listservs, Gopher, web, and FTP resources for further information. I hope this newsletter will do three things: 1. Help you to obtain and use information stored in digital form, whether browsing it online, doing research, or monitoring the government. 2. Make us all more aware of the pitfalls and plusses of digital record-keeping, and how we can use our expertise to help others. 3. Lend support to the journalists, archivists, and activists who are working hard to insure our right to know. People who save a tree or historic building enjoy more publicityQtheir acts are visual and dramatic. A person who stops a mass "delete" or puts up government web pages earns little public acclaim. This newletter gives them the attention they deserve. References Scalia, Antonin. "The Freedom of Information Act Has No Clothes." Regulation 6(2) 1982: 14-19. ****************** Table of Contents Access to Electronic Records 3 Will Washington Share Its Electronic Bounty? 5 Solving Environmental Problems with Information Technology 9 Archival Issues Raised by Information Stored in Electronic Form 11 Public and Private Networks, and the Status of Public Records, Open Meetings, and FOIA 13 CPSR and EPIC FOIA Cases: Current Status 14 FOI and First Admendment-related Resources on the Internet 16 Six Tips for Starting a State Freedom of Information Organization 19 CPSR Executive Director Search 20 Confidentiality and Availability of Public Information 21 Chapter Updates 22 The CPSR newsletter is sent free to members and is available for $5 an issue by U.S. mail for non-members -- please send your postal address. Marsha Woodbury, Ph.D. Associate Director of Education, Sloan Center for Asynchronous Learning Environments (SCALE) University of Illinois, Urbana-Champaign marsha-w@uiuc.edu Director at Large, CPSR http://w3.scale.uiuc.edu/marsha/ ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #004 ****************************** .