Date: Tue, 19 Sep 95 06:08:45 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#024 Computer Privacy Digest Tue, 19 Sep 95 Volume 7 : Issue: 024 Today's Topics: Moderator: Leonard P. Levine Re: Grocery Purchases and my Privacy Re: Grocery Purchases and my Privacy Re: Grocery Purchases and my Privacy Re: Grocery Purchases and my Privacy Re: Grocery Purchases and my Privacy Re: Grocery Purchases and my Privacy Re: 20/20 Security Camera Report Re: RSA Evaluation Software Re: Concerns about BC "PharmaNet" Computer System New Privacy Book Re: AOL and the FBI NJ Hearings about Access to Criminal Records Info on CPD [unchanged since 08/01/95] ---------------------------------------------------------------------- From: ssatchell@BIX.com (ssatchell on BIX) Date: 16 Sep 95 00:11:45 GMT Subject: Re: Grocery Purchases and my Privacy Organization: Delphi Internet Services Corporation I do NOT believe, however, that they have the right to compile data on "what" I buy. hrick@gate.net (Rick Harrison) writes: [...] Or did the information enable me to serve her better? If the grocery store that tracks your purchases later sends you coupons for items that you routinely buy, in order to encourage your continued patronage of their store as opposed to ther stores in the area, have you been harmed or helped? Tracking inventory closely is one thing. Keeping tabs on who buys what when is another. One reason I stopped using credit cards for small purchases is that I saw evidence that my card provider was using the information about where I shopped to sell my name to others in a closely targetted manner. Coupons: Raley's here has a coupon printer which does what you indicate but without the tracking and the postagel. ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 17 Sep 1995 03:42:04 GMT Subject: Re: Grocery Purchases and my Privacy Organization: The National Capital FreeNet (Andrew_Hastings@transarc.com) writes: In this week's advertising circular, Giant Eagle introduced a requirement that you present the card in order to receive discounted prices on any of the advertised specials. Without the card, you pay full price. Federal law prevents Giant Eagle from disclosing to third parties the names of the videos you rent. No law prevents Giant Eagle from disclosing information about your purchases. Save-on-foods has a similar scheme in British Columbia. A recent decision by the Federal Competition watchdog agency requires stores to make their scanner data tapes available to anyone who wants to buy them. In the past they had been proprietary information. I avoid "air miles" schemes for the same reason, and because I don't get on a plane unless someone pays me to. ------------------------------ From: bcn@world.std.com (Barry C Nelson) Date: 17 Sep 1995 22:35:28 GMT Subject: Re: Grocery Purchases and my Privacy Organization: The World Public Access UNIX, Brookline, MA Actpccpek wrote: One of the local grocery store chains here in Indianapolis is switching from an old fashioned "check cashing" card to a new "scanned" card. They euphemistically call it their "Fresh Idea" card. Not only will this new card carry my personal information for me to write a check for my purchases, it will also link "what" I buy to "who" I am. [...] that the department that was in charge of the project was NOT the accounting nor billing nor finance department, but was in fact the "Market Research" department. In the 1970s there were several technologies patented which dealt with connecting supermarket scanners with particular purchasers. One system automatically changed the television cable boxes of certain shoppers, based on the purchasing habits demonstrated via UPC scanners at the local shopping center. Given the addressability of set-top boxes, and the ubiquitous scanners, it is only a small step to where the data for a given household could be used by "market research" to target your child or other loved ones with a carefully crafted schedule of propaganda. Of course, why would they do it if there were no profit motive? By merely shopping elsewhere, or refusing to subscribe to cable, or paying cash, one can easily insulate oneself from this intrusion. Once enough people voice their concerns and vote with their feet and their money, perhaps the purveyors of such systems will rethink the social repercussions of their experiments. Nahhh. -- BCNelson (not a lawyer) ------------------------------ From: John R Levine Date: 17 Sep 1995 23:22:43 -0400 Subject: Re: Grocery Purchases and my Privacy Collecting consumer data at the checkout is hardly new. Indeed, it was the primary impetus for installing barcode scanners. Until about 20 years ago, sales and marketing info was collected in rather primitive ways, e.g. Procter and Gamble would run a coupon promotion, then wait a month or so for reports from distributors and wholesalers to see how much difference it made. Then Information Resources Inc. revolutionized the business by using barcodes. They picked a bunch of cities around the U.S. in which they approached every grocery store in town and offered to install barcode scanners for free if they could have a copy of the data collected. Then they signed up most of the people in town in a shopper's club with a card that you give the cashier to scan each time you go to the store. (Each use enters you in a sweepstakes where once a year they give away something like a car.) Participation is entirely voluntary, and IRI makes no secret of why they sign people up. This let IRI tell who was buying pretty much every grocery item sold in the area. But wait, there's more: then they made a deal with the local CATV companies so they can inject replacement commercials into individual customers' sets. This way, a vendor can run two different commercials one evening, and the next day get a report on what people who'd seen each commercial bought. I believe they made similar deals with local newspapers so they could test advertisements and coupons as well. Last I heard they were mopping up the details signing up drugstores and convenience stores. This made IRI into an instant big gorilla in the marketing data industry, muscling aside establised competitors like Nielsen of TV ratings fame. So barcode data collection is hardly new. These days every grocery chain in the world has scanners, and a lot of them are setting up their own shopper's clubs so they can collect their own data. One of our local chains has such a club where you can get a card that qualifies you for discounts, can do check approval, let you write a virtual check, act like an ATM card, can have stored value (like a gift certificate) and a zillion other marginally useful services. Personally I got a card with no services at all other than the discounts, giving them an old out of town address (where if they sent me something I would still eventually get it) and pay with my Mastercard which gives me a month's float and frequent flyer miles. I also do most of my shopping at a competing store next door with no shopper's club and generally lower prices. Hmmn. As has been noted elsewhere, this is a two-edged sword, since the data they collect does let them tailor their offerings so that they more often have what you want, as well as letting them compile a dossier on you. The discount feature is nice, too, since they've completely given up conventional coupons in favor of shoppers' club specials, so I don't have to dig up their circular and tear out the coupons any more. -- John R. Levine, Trumansburg NY Primary perpetrator of "The Internet for Dummies" and Information Superhighwayman wanna-be ------------------------------ From: david_boshears@il.us.swissbank.com (David Boshears) Date: 18 Sep 1995 18:42:33 GMT Subject: Re: Grocery Purchases and my Privacy Organization: Swiss Bank Corporation CM&T Division Rick Harrison writes [...] Or did the information enable me to serve her better? If the grocery store that tracks your purchases later sends you coupons for items that you routinely buy, in order to encourage your continued patronage of their store as opposed to ther stores in the area, have you been harmed or helped? Rick, you must be kidding! Inventory management has been done long before the advent of "customer ids." In fact, that was the whole point of bar-code readers: purchased items could be immediately deleted from stock and when they were deleted could be tracked. You *do not* need to know *who* bought something to successfully manage inventory. I despise the kind of marketing you describe. It is *too* intrusive. 'nuff said. ========================================================================= C. David Boshears | My opinions are mine, and bosh@swissbank.com | mine ALONE! Swiss Bank Corporation | *You can't have them!* ------------------------------ From: barthele@ux1.cso.uiuc.edu (barthelemy kevin) Date: 19 Sep 1995 04:26:26 GMT Subject: Re: Grocery Purchases and my Privacy Organization: University of Illinois at Urbana Ellis Weinberger (ew3@soas.ac.uk) wrote: The answer is to pay cash. Right you are, my friend...I only found out today that one of the largest (if not _the_ largest) grocery stores chains in Champaign-Urbana (Jerry's IGA) has gone for the "check cashing card" from hell...I hadn't been shopping there much lately anyway...so I won't feel terribly bad about not shopping there in the future. But I'm pissed. What I buy and when is nobody's business but mine. If going to cash for all purchases is the answer, then I'm right there. Can anyone suggest a way to short-circuit this Orwellian nightmare? ------------------------------ From: cburian@uiuc.edu (Christopher J. Burian) Date: 16 Sep 1995 22:21:40 GMT Subject: Re: 20/20 Security Camera Report Organization: University of Illinois at Urbana WELKER@a1.vsdec.nl.nuwc.navy.mil writes: It would seem to me that personal privacy interests might be protected by having a "grass roots" camera network, possibly organized by local neighborhood watch organizations. Thus the government is not in custody of the tapes, and individual volunteers can review them for [...] This is worse than police cameras because, at least ostensibly, police- operated cameras are subject to controls, under jurisdiction of the courts, etc. Spying for which police would need a warrant (eavesdropping, snooping, searching) individuals are often allowed to do without justification. Civilian-monitored cameras are a greater threat to privacy than police- monitored ones. -- ============== =========== ======================== ================================ ------------------------------ From: PRUFROK@delphi.com Date: 19 Sep 1995 03:18:10 -0400 (EDT) Subject: Re: RSA Evaluation Software In your last but one bulletin you gave details of the new rsa evaluation software package downloadable from http:/www.rsa.com or by FTP from rsa.com (pub/crypto/etc, etc. I tried both these routes but found no trace of the item in question. Could you help me identify the whereabouts of this? Thanks, Nick Butt ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 17 Sep 1995 03:36:01 GMT Subject: Re: Concerns about BC "PharmaNet" Computer System Organization: The National Capital FreeNet, Ottawa, Ontario, Canada Melvin Klassen (klassen@sol.UVic.CA) writes: In response to a newspaper editorial about the "PharmaNet" system in British Columbia, Canada, which is a computer system for cross-province tracking the distribution of prescription drugs, the following "letter to the editor" was written. It seems to allay the "security" and "privacy" issues raised in the editorial. Actually no. It also seems to confuse security/confidentiality with privacy. My most pressing concern this is name and address information, which can be retrieved by name search. I have seen nothing to assure me that a record of name and address searches(that don't proceed to a full medication history list) will be tracked. The mention of a password seems a bit deceptive, since it conveys an impression of people punching a secret code into a debit card keypad. In fact people are expected to recite it aloud to the pharmacist and anyone else within earshot. Once given to the pharmacist it will be captured by the system and allow future access util it is changed. This is one of the more obvious signs that the designers of this sytem know little about security. They seem quite stubborn about not allowing people to enter their passwords in secret. When asked about this at a public meeting they stated that they had reviewed the issue of password entry and had confirmed that giving it out loud to the pharmacist "is the best way to do it". Go figure. When my wife got a prescription recently the address that popped out was a PO box that we haven't used for 5 years, but that is small confort in the face of rumours that the BC Government plans to extract drivers names and addresses from vehicle and drivers registries, which are restricted access, and publish them in voter's lists, rather than do a voter enumeration for the election expected within a year. It won't be too long before some bright bureaucrat gets the idea of having a single name and address registry in government and using that for pharmanet. There has been some use of drivers records for property tax purposes in the past, but it has always been done after receiveing consent from home owners. This is the first I've heard of driver's records being used by another area without prior informed consent from individuals. In my original post I mentioned the proposal to use pharmanet to hand out drugs at no charge or reduced charge if they are covered by the universal pharmacare program. A news report last week mentioned that a man who received a reimbursment from the current system also found pharmacy receipts from a stranger in the same envelope, along with their name, address, and telephone number. ------------------------------ From: Robert Gellman Date: 17 Sep 1995 22:39:57 -0400 (EDT) Subject: New Privacy Book Subscribers to this digest may be interested in a new book on privacy issues. The title is "Legislating Privacy: Technology, Social Values, and Public Policy." The author is Priscilla Regan, an assistant professor of public affairs at George Mason University. This is a very readable account of how some important federal privacy statutes were passed. Regan identifies the policy, the politics, and the players. She also offers some original observations about why privacy advocates have not been successful in getting more legislation passed. I recommend the book highly. The publisher is the University of North Carolina Press. + + + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman rgellman@cais.com + + Privacy and Information Policy Consultant + + 431 Fifth Street S.E. + + Washington, DC 20003 + + 202-543-7923 (phone) 202-547-8287 (fax) + + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ From: robert.heuman@rose.com (robert heuman) Date: 18 Sep 1995 04:14:57 GMT Subject: Re: AOL and the FBI Organization: Rose Media Inc, Toronto, Ontario. Quoting RseoegAOL and the FBIite33.ping.at We have known for some time that AOL was 'cooperating' with federal agents in their investigation of child pornography, but until the massive raids and arrests commenced on Wednesday followed by AOL's admission that the 'evidence' was found in email and private chat, we did not know the extent to which AOL was abusing their subscribers in the process of cooperating. Encrypt using PGP... and make their monitoring HARDER.... If they have to decrypt every transaction using your public key your email will probably pass through without triggering anything. If EVERYONE does this they either accept it or lose ALL their business.... You do NOT need to encrypt with the receipient's public key so only one person can read it... You can encrypt with your private key so anyone with your public key can read it IF THEY WANT TO.... since it will require extra work at their end. Your choice, of course, but do NOT assume that CompuSearch or Prodigy do not also do this... -- ... Crypto for the masses is the bane of law enforcement - HURRAY! My opinions are my own! They are NOT those of my [sons, employer....] ====================================================================== R.S. (Bob) Heuman | Willowdale, Ontario, Canada ------------------------------ From: j.abolins@meydabbs.com (Sysop) Date: 17 Sep 1995 22:35:00 +0000 Subject: NJ Hearings about Access to Criminal Records Organization: Meyda BBS 609-833-8124 (Ewing, NJ USA) When I mentioned the NJ hearings about public access to NJ criminal records to John Featherman of the Privacy Newsletter, he recommended sending the info to various Usenet newsgroups, including this one. -JDA ------ On Friday, September 22nd, New Jersey State government will hold a public hearing about a proposal to broaden access to criminal records of NJ residents by selling them to the public. The hearing will be held at the NJ Department of Personnel Training Center in the Princeton Forrestal Center. The hearing starts at 10 am. Back in May 1995, NJ Attorney General Deborah Poritz announced the proposal. Under this proposal, the public could obtain criminal records of any NJ resident for $15. For $5, NJ residents could find out who has been checking their criminal records. Currently, the New Jersey Administrative Code (NJAC 13:59) limits access to criminal records to four basic categories: government agencies, employers checking potential employees' background, attorneys, and licensed private investigators. Poritz's proposal was scheduled to take effect in August after an evaluation of comments received during the 30-day public comment period that ended July 5th. After the review of the comments, the state decided to put the proposal on hold, pending the new hearings. The State government has until July 1996 to act upon the regulations and any proposed modifications. "We continue to operate under the existing regulations until new ones are proposed and adopted," said John Hagerty of the New Jersey State Police. The American Civil Liberties Union and 16 other groups have objected to the proposed public access to criminal records. They are concerned that the public could get inaccurate and incomplete information. The proposed changes would allow anybody to get criminal records information without regard to the purpose of the query or to the requester's residency. The ACLU calls the proposal "one-stop shopping." Anybody wanting to testify at the public hearing on September 22nd should call Captain Daniel Hughes at the NJ State Police West Trenton headquarters. The phone number is 609-882-2000 extension 2318. Written comments may be sent before September 22nd to Colonel Carl A. Williams, c/o State Bureau of Identification; New Jersey State Police; P.O. Box 7068; Trenton, NJ 08628-0068. Based upon the newspaper article, "State delays proposal to sell criminal records" by Ivette Mendez; The Star Ledger (Newark, NJ) Tuesday, September 12, 1995; page 49. Some of my comments: I called Capt. Hughes last Thursday and arranged to speak at the hearing. I was surprised to discover that I was only the second person to call. I hope that there will be more people testifying about the hazards of the proposed changes. Last Friday, I obtained a copy of the current NJAC 13:59. I am still seeking the text of the proposed changes so that I can prepare a fitting response. From the bits and pieces I already know of the proposal, I see a number of serious problems. The broadened access to criminal records came in the wake of objections to New Jersey's Megan's Law, a set of laws regarding public notification of the whereabout's of convicted sex offenders. The broadened access has been presented as a way that the public could check to see if their babysitters, co-workers, neighbors, etc. have a criminal record. But the information the public would get is limited and might be for the wrong person. The current regulations state that unless a fingerprint match is done, there is no guarantee that the record is that of the person being checked. If the requester was given an alias or other data that does not match the person's data, the requester could get back somebody else's criminal record or an indication of there being no criminal record for the person. Therefore, the claimed benefits of the public being able to check other people's criminal records are very limited. Also, the public would not get information about expunged offenses. The risks of the misuse of the criminal records is great. The current regulations limit the purpose of the queries to specific functions such as employment and licensing screening. The proposed changes will eliminate these limits. The risks for privacy intrusions increase greatly as neighbors check upon each other, as parents check upon their children's friends and their families, and as people dig for dirt upon their competitors. The use of these criminal records checks is almost certainly to become a part of various partisan disputes such as the abortion controversy. Already, snooping is a part of many partisan controversies; the public access to criminal records will make the snooping easier. The criminal records available to the four groups specified by the current NJAC 13:59 include information about cases pending trial. The requesters are warned that the guilt of the subject has yet to be determined. If the criminal records are so readily available to public, the information may be used for all kinds of grudges and disputes. The concept "innocent until proven guilty" will often be ignored. The current regulations prohibit the disclosure of the information to people not involved in the purpose for which the records were sought. They also require the recipients of the criminal records information to destroy the information once their purpose is accomplished. If the criminal records are open to the public, what is to prevent the broad disclosure of the information to others, say, via the Internet? And this is barely scratching the surface of the issues raised by the proposed changes. -- J.D. Abolins Meyda BBS [Ewing, NJ] 609-883-8124 WWW Page- http://pluto.njcc.com/~jda-ir/ ------------------------------ From: "Prof. L. P. Levine" Date: 11 Aug 1995 09:39:43 -0500 (CDT) Subject: Info on CPD [unchanged since 08/01/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #024 ****************************** .