Date: Tue, 12 Sep 95 10:55:41 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#021 Computer Privacy Digest Tue, 12 Sep 95 Volume 7 : Issue: 021 Today's Topics: Moderator: Leonard P. Levine Scientology Raid Grocery Purchases and my Privacy Essay on Censorship of Pornography Re: Social Security Number Linking Re: 20/20 Security Camera Report Re: 20/20 Security Camera Report Moderated Group Posting SSN horror stories California Court Hearings Info on CPD [unchanged since 08/01/95] ---------------------------------------------------------------------- From: cpsr-global@Sunnyside.COM Date: 10 Sep 1995 03:43:51 -0700 Subject: Scientology Raid Taken from the CPSR-GLOBAL Digest 225 From: "Arjen Zonnevijlle" Date: 09 Sep 1995 19:29:53 + 2:0 Subject: xs4all news-flash - scientology raid ======== Newsgroups: dds.dds,nlnet.misc,soc.culture.netherlands Subject: xs4all news-flash - scientology raid From: felipe@xs4all.nl (Felipe Rodriquez) Date: 6 Sep 1995 18:10:45 GMT ***** XS4ALL NEWS-FLASH ***** Dear Friends, Yesterday, thuesday september 5, 1995, the scientology church raided the xs4all offices for a seizure. The permission of seizure that scientology got against xs4all was issued on a false claim, relating to a remailer that had not been active on xs4all for more than 2 months. During scientology's visit no word was said about this remailer, as it was not running at xs4all at all. The only concern seemed to be a homepage from one of our users (http://www.xs4all.nl/~fonss). This homepage contained the fishman affidavit, to which scientology claims copyright. We had no prior notice about this homepage, and never had the chance to contact the user. According to the user, fonss, scientology had not contacted him about his page. (the scientologists that where present at our offices specifically told us that they had talked to this user, and 'where at his door'.) We have explained to scientology's legal representation, and to the scientologists that where present that as a provider we do not accept responsibility for contents that our users disseminate. Users homepages are the responsibility of the users themselves, and not of the internet- provider. This fact is supported by various politicians in dutch parliament, and by several organisations whom we had previously consulted about this matter. After scientology's visit we wrote an email notice to our user, fonss, explaining him what had happened at the xs4all offices earlier that day. We also explained our visions regarding his homepage, and that we would not assume responsibility for it, as it is the users' own responsibility. We have not asked our user to remove any content from his homepage, as this is not our business. After our letter the user voluntarily removed the fishman affidavit, and now has made a hyperlink to the same document on another site on internet. After scientology's visit we noticed that a personal snailmail-letter adressed to one of our staff was missing. The sender of this letter was called by scientology about 1 hour after the visit to our offices. Ofcourse we will demand a thourough investigation into this whole case, first because of the seizure that was issued on false grounds, and then because of the personal letter that appears to have been stolen. The whole case has attracted a fair amount of media coverage. We've been handling journalists most of the day. They seem to be extremely shocked by this whole situation, and reflect that in their media-coverage. -- Felipe Rodriquez - XS4ALL Internet - finger felipe@xs4all.nl for http://xs4all.nl/~felipe/ - Frontier Village - pub pgp-key 1024/A07C02F9 Civil rights in Cyberspace: http://www.xs4all.nl/~felipe/law/index.html ------------------------------ From: actpccpek@aol.com (Actpccpek) Date: 10 Sep 1995 11:27:18 -0400 Subject: Grocery Purchases and my Privacy Organization: America Online, Inc. (1-800-827-6364) Group Members: I have a concern that not only may be of interest to this group but you may also be able to help me. I am, therefore requesting you opinions, suggestions and assistance. One of the local grocery store chains here in Indianapolis is switching from an old fashioned "check cashing" card to a new "scanned" card. They euphemistically call it their "Fresh Idea" card. Not only will this new card carry my personal information for me to write a check for my purchases, it will also link "what" I buy to "who" I am. At first, no one at the store would admit that the main purpose of the new card was to gather market research data. I think that most of them honestly believed that the new card was simply a faster way to authorize a check. They seemed genuinely surprised when they learned that the department that was in charge of the project was NOT the accounting nor billing nor finance department, but was in fact the "Market Research" department. If I expect this store to accept my personal check, then I believe that they have the right to a reasonable amount of information on me and my bank. I do NOT believe, however, that they have the right to compile data on "what" I buy. Although I don't think that the shared data capability is yet in place, it may not be too far from now that my membership in Mensa would be revoked because I buy "Professional Wrestling" magazines. Perhaps an insurance company would someday try to cancel my health insurance because of my lousy eating habits. Or perhaps someone else will be cancelled because they buy cigarettes or liquor. I discussed my concern with the store manager asking if there was a procedure in place whereby my wife and I would be able to continue to to write checks in that store without having, what we consider the small but significant issue of, our personal lives included into their database. I was surprised that, although he admitted that many such questions had been asked of him by other customers, the store did not have any answer nor procedure to assure privacy for those customers who shared my concern. Short of always paying with cash, does anyone in this group have any suggestions? Has anyone ever encountered a similar situation that was amiably resolved? Although I know that these "scanned" ID cards are now in place in store chains all across the country, are there any that compile such data on unsuspecting customers but also have procedures in place for those customers (such as myself) that prefer not to be included? -- Phil Kingery, Indianapolis, IN, USA ------------------------------ From: Roby.Gamboa@crl.com Date: 10 Sep 1995 18:27:27 GMT Subject: Essay on Censorship of Pornography Organization: CRL Dialup Internet Access I have written an essay that I feel is incomplete without feedback from individuals in a number of different groups. The essay concerns the inappropriateness of government censorship with regard to pornography and emphasizes the importance of individuals and the community in determining the 'appropriateness' of pornography in the various media. Your comments would be greatly appreciated. The essay may be viewed at http://www.crl.com/~robyg/influence.html and feedback may be sent to me at the mailto provided or at my e-mail address below. Thank you for your time. -- Roby Gamboa robyg@crl.com ------------------------------ From: gmcgath@condes.MV.COM (Gary McGath) Date: 10 Sep 1995 21:39:58 GMT Subject: Re: Social Security Number Linking Organization: Conceptual Design Maryjo Bruce wrote: I phoned the number in a customer service rep job ad in the paper to get info for a friend. The phone was answered electronically, and I was asked to enter a SSN. If you didn't you were cut off at the pass. I called back and used my own SSN. A rep came online. He began a spiel that included all sorts of personal info about me including my name, address, phono, current job, and such like, which he needed to "verify." He seemed amazed that I was upset. He said he had taken hundreds of calls that day, and nobody else cared. I asked where he got the information about me, given that I had no relationship with his firm. He hung up on me. The probability is 90+% that you were dealing with a scam. A little further along, if you'd shown yourself sucker enough to "verify" that information, you probably would have been asked for credit card information and other such useful stuff -- just to "verify," of course. When he realized it wasn't going to work, he got rid of you quick. -- Gary McGath gmcgath@condes.mv.com http://www.mv.com/users/gmcgath ------------------------------ From: Dean Ridgway Date: 10 Sep 1995 21:34:56 -0700 Subject: Re: 20/20 Security Camera Report On September 8th ABC Television on its weekly 20/20 show produced a piece describing closed circuit TV cameras that are now being installed in England for public security purposes. The piece was introduced by Hugh Downs with the question "What is more important to you, your safety or your privacy?" [...] The officer's voice states "... they are not big brother ... those cameras are there to replace the police that I haven't got. ... When crime, disorder and people's fear become so acute that they are crying out for something to be done about it then perhaps they have to give up just a little bit more of those freedoms in order to counteract it." Only one thing to say about this: "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- /\-/\ Dean Ridgway | Two roads diverged in a wood, and I- ( - - ) InterNet ridgwad@peak.org | I took the one less traveled by, =\_v_/= FidoNet 1:357/1.103 | And that has made all the difference. CIS 73225,512 | "The Road Not Taken" - Robert Frost. http://www.peak.org/~ridgwad/ PGP mail encouraged, finger for key: 28C577F3 2A5655AFD792B0FB 9BA31E6AB4683126 ------------------------------ From: "Prof. L. P. Levine" Date: 10 Sep 1995 08:34:18 -0500 (CDT) Subject: Re: 20/20 Security Camera Report Organization: University of Wisconsin-Milwaukee Robert Gellman rgellman@cais.com Privacy and Information Policy Consultant 431 Fifth Street S.E. Washington, DC 20003 202-543-7923 (phone) 202-547-8287 (fax) mailed me personally: Thanks for the report you posted on the British TV surveillance program. Just one minor error. The person you identified as Simon Dadies is actually Simon Davies. You must be right. I just looked at the tape again, and the reporter said his name but it was not written on the screen, I just misheard it. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 PGP Public Key: finger llevine@blatz.cs.uwm.edu ------------------------------ From: nns@news.hampshire.edu Date: 11 Sep 1995 16:13:47 GMT Subject: Moderated Group Posting Organization: Hampshire College, Amherst MA I received an ad for a 3 month introductory membership in a service called Privacy Guard, operated by a company called CUC International, a Delaware corporation with ossices in Stamford CT. It seemed like an interesting idea at the time, the company claims it can get credit reports, medical records, and motor vehicle records so you can determine whether there are errors in any of these. When I actually got the initial packet from the company I began to wonder. The first thing that put me off was the fine print that said my membership would be automatically renewed at the end of each term unless I notify I do not wish to renew, with no indication of how long the term is, nor any reminder of when the introductory term expires or even that I have accepted an introductory offer. This looks like a deal designed to trap me into an automatic payment. Supposedly the initial introductory offer was for three months at a cost of just $1; when I called them I was told the introductory period would be over on November 1; less than two months after actually receiving their packet. Next I looked at what was enclosed in the packet. There are forms and envelopes to request information on your Social Security status, your credit rating, your driving record, and whatever may be on file at something called the Medical Information Bureau. The Social Sceurity form seems to be a government form and has an envelope for return to a Social Security Administration Data Operations Center in Wilkes Barre PA; this looks legitimate and looks like something you ought to be able to get just by calling a number that ought to be in the phone book. The other forms ask for various information which seems appropriate for the purpose (Social Security number, drivers' license, etc.) but these forms are to be returned to the Privacy Guard address in Stamford CT. I am very suspicious of this service. Is there any safeguard that they are not going to use these requests to build up their own data base that will allow them to correlate the information from all these sources? On the form for requesting the credit information there are also check boxes for enrollment in a "Credit Alert" service which will inform you every three months of inquiries into your credit history. On another page this is worded slightly differently; it says you'll receive quarterly notification of *most* (my emphasis) inquiries made to your credit file. Am I being too paranoid about this? If the credit alert service entitles me to learn about *most* inquires into my credit record, who is allowed to make such inquiries without my being notified? I would appreciate hearing from anyone who can clarify any of this. What sounded like a useful and interesting service at first now seems like a risky thing to be involved with. -- Albert S. Woodhull, Hampshire College, Amherst, MA awoodhull@hamp.hampshire.edu woodhull@shaysnet.com 413-549-2962 ------------------------------ From: Beth Givens Date: 11 Sep 1995 18:20:48 -0700 (PDT) Subject: SSN horror stories Michael There are a couple places to go for SSN horror stories. Our second annual report has several such stories. Go into our gopher as follows: gopher to gopher.acusd.edu Then go into 'USD Campuswide Info Servies' and then go into the Privacy Rights Clearinghouse menu. Go to 'issue papers' and look for 2nd annual report. The second place is Robert Ellis Smith's "War Stories" book. He can be contacted at 'Privacy Journal,' 401-274-7861. -- Beth Givens Voice: 619-260-4160 Project Director Fax: 619-298-5681 Privacy Rights Clearinghouse Hotline (Calif. only): Center for Public Interest Law 800-773-7748 University of San Diego 619-298-3396 (elsewhere) 5998 Alcala Park e-mail: bgivens@acusd.edu San Diego, CA 92110 ------------------------------ From: Beth Givens Date: 09 Sep 1995 13:56:17 -0700 (PDT) Subject: California Court Hearings September 8, 1995 IMPORTANT NOTICE REGARDING PRIVACY OF AND ACCESS TO CALIFORNIA COURT RECORDS From: Beth Givens Privacy Rights Clearinghouse, Univ. of San Diego voice: 619-260-4160 fax: 619-298-5681 e-mail: bgivens@acusd.edu The Judicial Council of California's Subcommittee on Privacy and Access, of which I am a member, is holding two important hearings in California during September and October. These hearings allow people to express their concerns and opinions on the development of computerized court records vis-a-vis privacy and access. The hearings are open to all -- Californians as well as those from other states who wish to be heard on these issues. (Non- Californians might include representatives of privacy advocacy groups, civil libertarians, trade associations, and industry). If you are not able to attend the hearings, you may provide written testimony, as explained in the notice below. *DEADLINE is October 18th.* Why are these hearings important? And why is it important for privacy advocates to express their opinions on the issue of computerization and electronic dissemination of court records? There is little to argue about regarding the value to our democratic society of *public access* to government records. Public records provide notice to all members of society of the official actions taken by government, giving the citizens the opportunity to see what their government is doing. Public records also provide notice of the "official" status of individuals and property. In short, public records promote government accountability. But the tradition of public access to court records may need to be re-examined vis-a-vis *privacy* in this era of computerization and telecommunications networks, particularly access to computerized public records in the aggregate. A recent California appellate court decision had this to say: "There is a qualitative difference between obtaining information from a *specific* docket or on a *specified* individual, [and] from obtaining docket information on *every* person against whom criminal charges are pending in the municipal court. ... It is the *aggregate nature* of the information which makes it valuable to respondent; it is that same quality which makes its dissemination constitutionally dangerous." [emphasis added] (Westbrook v. Los Angeles Co. et al., 27 Cal. App. 4th 157 (1994)) The plaintiff, Robert Westbrook, a vendor of criminal background information doing business as Crimeline, wanted to purchase a computer tape from the LA Municipal Court System in order to process it and resell it to interested parties. Typically, purchasers of such information are commercial information brokers, private investigators and employment background check firms. The court ruled against Westbrook in the case, citing privacy considerations. In addition, the court said that Westbrook's use of the data over time could amount to the creation of virtual "rap sheets" on individuals (criminal histories), compilations which are considered confidential under California law (Penal Code 13300). Contrary to the Westbrook case, however, other courts have *not prevented* the unfettered access to and use of computerized public records in the aggregate. These hearings are important because they will shape the access to and use of electronic court records in California, and perhaps other jurisdictions who study California's court policies, for years to come. I hope you will take the time to attend one of these hearings and present your testimony, or provide written testimony. Please contact me if you want any additional background information. -- Beth Givens, Privacy Rights Clearinghouse (bgivens@acusd.edu). ********* OFFICIAL COURT ANNOUNCEMENT FOLLOWS *********** TO Court Administrators Executive Officers of the California Trial Courts Persons and Organizations Interested in Access to Court Data FROM Subcommittee on Privacy and Access of the Judicial Council Standing Advisory Committee on Court Technology Hon. Judith D. Ford, Chair DATE August 22, 1995 SUBJECT Invitation to Comment: Policies on Privacy and Access Rights In January 1995 the Judicial Council of California established a Standing Advisory Committee on Court Technology to "promote, coordinate, and facilitate acquisition and implementation of information and communication technologies useful and appropriate to the courts" (Rule of Court 1033(a)). The Court Technology Committee subsequently established a Subcommittee on Privacy and Access to draft policies that the Court Technology Committee will consider for recommendation to the Judicial Council. If approved and promulgated by the council, the policies would establish norms governing privacy rights in and access rights to data that is maintained electronically by the California courts. To assist it in its drafting effort, the Subcommittee on Privacy and Access is inviting comment on the following and any other related issues: - Given the requirements of California and federal law, how should the California courts protect privacy rights in their electronic data? - Given the requirements of California and federal law, how should the California courts assure access rights to their electronic data? - How should any new costs of providing access to electronic data be funded? - When privacy and access rights are in apparent conflict, how should the conflict be resolved? *How to comment:* Send your comments before October 18, 1995 to: Administrative Office of the Courts Attention: Victor Rowley 303 Second Street, South Tower San Francisco CA 94107-1366 Fax 415/396-9323 You are also invited to attend one of two public hearings that will be hosted by Judge Judith D. Ford, the chair of the subcommittee. On Friday, September 29, a hearing will be held in San Francisco at the Commonwealth Club at 595 Market Street from 9 a.m. until 2 p.m. On Thursday, October 19, 1995, a hearing will be held in Torrance in the City Council chambers of Torrance City Hall at 3031 Torrance Blvd. from 11:30 a.m. until 4:30 p.m. If you are interested in testifying before the subcommittee, you must request a place on the hearing agenda in advance. To request a place on the agenda, please contact Victor Rowley at the above address, or you may also reach him by telephone at 415/396-9271 or via Internet email at Victor_Rowley@aoc.jud.state.ca.us. Each speaker will be allotted ten minutes to address the subcommittee and will be placed on the agenda on a first-come, first-served basis. The last hour of the hearing will be available for the testimony of those who have not contacted Mr. Rowley prior to the meeting. Speakers who want to testify during this hour should sign up upon arrival at the meeting site and provide their comments in writing. Each speaker will be permitted ten minutes to testify. At the hearing, you must provide a written summary of your comments for the record. We encourage you to circulate this invitation to comment to others. ------------------------------ From: "Prof. L. P. Levine" Date: 11 Aug 1995 09:39:43 -0500 (CDT) Subject: Info on CPD [unchanged since 08/01/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #021 ****************************** .