Date: Wed, 01 Nov 95 20:42:08 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#037 Computer Privacy Digest Wed, 01 Nov 95 Volume 7 : Issue: 037 Today's Topics: Moderator: Leonard P. Levine Listen to Full Disclosure Live on the WEB USA Today Rejects CKE, Endo Re: Copyright Notice Re: Call Blocking Re: Call Blocking Re: Author Profiles at Deja News Re: Author Profiles at Deja News Re: Author Profiles at Deja News Re: Author Profiles at Deja News Re: Author Profiles at Deja News Re: Author Profiles at Deja News [let's end this] Re: Copying Driver's Licenses Controversy Over Medical Records Legislation Re: Can you Sue if Credit is Denied for Lack of SSN? Balancing Voters' Privacy and Access Rights Info on CPD [unchanged since 08/18/95] ---------------------------------------------------------------------- From: glr@ripco.com (Glen L. Roberts) Date: 31 Oct 1995 16:40:16 GMT Subject: Listen to Full Disclosure Live on the WEB Organization: Full Disclosure Full Disclosure Live, broadcast live worldwide for 2-1/2 years covering privacy, surveillance, technology and government can now be heard on the net. It's encoded with Real Audio. It's at: http://pages.ripco.com:8080/~glr/fdl1.html (real audio software for ibm or mac can be downloaded from that page as well). It works quite well at 14.4! Check it out! -- Glen L. Roberts, Host Full Disclosure Live Tech Talk Network: Telstar 302, Ch 21, 5.80 Audio WWCR Shortwave: 5,065 khz. 8pm est / Sundays. Articles, Catalog, Downloadable Programs, AUDIO, Links & More: http://pages.ripco.com:8080/~glr/glr.html ------------------------------ From: Dave Rasmussen Date: 31 Oct 1995 10:53:12 -0600 (CST) Subject: USA Today Rejects CKE, Endo Forwarded message: From: "Marc Rotenberg" Subject: USA Today Rejects CKE, Endo Citizens of cyberspace should be pleased by the editorial page of today's USA Today (10/24/95). In the top editorial, USA Today discusses the need for strong security on the net, and then proceeds to trash the Commercial Key Escrow plan ("Clipper II"), noting that "the convenience of the FBI would override the convenience of the public" and that the system is vulnerable to abuse. The CKE editorial concludes, "The best way to promote American business and to protect American's privacy is to allow the best encryption programs to be available. It is the responsibility of government to enforce the laws, not the public's to make it easy at the cost of its privacy." In editorial number two, USA Today calls for the adoption of the "opt-in" approach to protect consumer privacy on the Internet. As USA Today says, "opt-in does not trample on anyone's rights. Consumers can still get their catalogs and other direct-mail pitches by checking a box or clicking a mouse. Companies can still get data for marketing by asking for it. It would cause some inconvenience for businesses, which face increased costs to persuade customers to give up their privacy. But who should bear the burden: the businesses that glean the profit or the consumers whose information is sold?" The editorial also faults the voluntary approach recommended by the Department of Commerce on Monday, saying that "while voluntary compliance might be preferable in an ideal world, it's not likely to work in the real world." "The reality is that the absence of government prodding has resulted in too many companies doing too little to protect consumers' privacy rights." USA Today concludes "If a business wants the privilege of marketing your most private matters, it should be willing to spend the time it takes to convince you that you'll benefit." More information about both CKE and consumer privacy rights is available at the EPIC web site. ====================================================================== Marc Rotenberg (Rotenberg@epic.org) * +1 202 544 9240 (tel) Electronic Privacy Information Center * +1 202 547 5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org/ Washington, DC 20003 * info@epic.org ====================================================================== end of forwarded message -- Dave Rasmussen - Information & Media Technologies (ex-CSD) Client Services Internet: dave@csd.uwm.edu Phone: 414-229-5133 2m HAM Radio: N9REJ USmail: Box 413 Bol213, Milwaukee, WI 53201 ------------------------------ From: Daniel Veditz Date: 31 Oct 1995 11:50:39 -0800 Subject: Re: Copyright Notice Organization: Borland Intl Les Earnest wrote: My understanding of the copyright law is different -- that the copyright belongs to the person who first puts "copyrightable" material in a permanent form, such as a paper copy or a magnetic recording. Simply posting an article on Usenet does not meet this standard. Usenet by its very nature archives each posting on thousands of machines, if only for a few days. I am quite sure that the courts will hold that this is "tangible" enough for copyright even without considering various permanent or long-term archives that exist. In this way Usenet is like a newspaper: printed anew each day, read by thousands, and then thrown out. I hope that the Congress and courts will address this issue and clarify our rights and obligations some time soon. As things stand, I believe, the status of copyright in electronic media is rather ambiguous. Amen. -- Dan Veditz ------------------------------ From: "Dennis G. Rears" Date: 31 Oct 95 18:02:19 EST Subject: Re: Call Blocking Robert Bulmash writes: So long a the telcos charge folks to get their number unlisted, we do not know if the person wants the number listed or not. But we do know that having an unlisted number is an economic issue. Very true. To The Phone Company (TPC) it is entirely an economic issue. Most people are unaware of how regulated phone service is billed. What follows is a simplified way of how it is done. Go to the TELECOM digest for more details. TPC is guaranteed a percentage profit on their regulated service. They take their yearly expected costs multiply by the percentage profit they are allowed and get the total amount billed. From there they calculate rates for phone service, touch tone, etc. These rates often have NOTHING to do with costs. Most areas still charge for touch tone even though it costs nothing to provide it. If they got rid of touch tone charges something else goes up to make for the revenue shortfall. If they got rid of charging for unlisted numbers the revenue must come from somewhere. When a new service becomes available, customers generally pay the actual cost plus a small profit for the service. After all the costs have been paid the charge will remain. I would gather if there was no charge for an unlisted number an overwhelming majority of people would choose not have their number listed which would cause phone books probably not to be printed which would result in further loss of revenue. Furthermore, in some areas of the nation more folks are unlisted, than listed. So in those areas (Las Vegas - Fort Lee, NJ - etc.) the default is unlisted. No. The default is still listed. The default is whatever is programmed into their computers and their filings with the PUC. Under Amertiech in the Chicago area, it costs $12.50 to change your listed number to unlisted. If there `was' anything `special' to do (other than a single key- stroke), the $12.50 paid for it. What then is the addittional $1.45 per month `unlisted' charge for? The charges are historical, if they were to remove them the rates would go up for other services. Granny would then see her POTS rates go up. PUC wants to keeps POTS rates as low as possible. It's like the touch tone charge. I pay 99 cents a line for touch tone. It costs TPC nothing. Now, with charges for calls to directory service in place, their is no reasonable basis to charge consumers for an unlisted number... unless it is reasonable that the telcos be allowed to use vaporous rationals to soak the public an any fashion conceivable. See the discussion above. Better than an unlisted number, list your number in the directory under your first and maiden, or first and middle name, and ASK YOUR TELCO TO REMOVE YOUR ADDRESS FROM THE BOOK.. I have one of my numbers (my main one) under my dog's name. ------------------------------ From: sharborth@hai-net.com Date: 31 Oct 95 23:28:07 EST Subject: Re: Call Blocking Regarding the article on Telephone Odds and Ends, having a private line with a ficticious name that is not used for "ordering" things WILL NOT result in "dwindling" telemarketing calls. Having a unlisted, unpublished number has not lessened the number of calls I have received from telemarketers. The fact of the matter is, automated calling systems are on the rise and many telemarketers that still use real people just give them blocks of numbers to call. [moderator: I have two phone lines into my home with numbers about 1000 apart (999-3000 and 999-4000 for example). One of these numbers is published nowhere and is used only to call a University computer. We never answer it when it rings. On a regular basis that phone will ring, and then within an hour or so we will get a sales call on our other, published, line. In every such case, when I answer the phone on the first ring, there is a fairly long pause before the caller comes on, a clear marker of the "war dialer" where sequential calls are made in anticipation of a worker becoming available soon. Since I am a cheerful fellow, I usually discuss war dialers with the person who calls, ask where s/he got my name, discuss how they know about our financial records, ask for the supervisor and spend a quarter hour of non profit time with them. I am polite and point out to the clerk that s/he is being impeded in his/her work by the practices of the boss. A good time is had by all.] ------------------------------ From: Dean Ridgway Date: 31 Oct 1995 12:42:29 -0800 Subject: Re: Author Profiles at Deja News As a final note, they ignored my request for what their position was on moderated newsgroups where the moderator claims a compilation copyright that either directly or indirectly (through the comp. (c)) prevented the archiving of that newsgroup. I haven't read everything about the "new" copyright laws, but it seems to me that you could get a lawyer to serve them with papers saying they are violating your copyright and to cease immediately. I notice in your message that they are ignoring the copyright issue for compilation copyrights so maybe they are worried about this. Standard "not a lawyer" disclaimers apply. /\-/\ Dean Ridgway | Two roads diverged in a wood, and I- ( - - ) InterNet ridgwad@peak.org | I took the one less traveled by, =\_v_/= FidoNet 1:357/1.103 | And that has made all the difference. CIS 73225,512 | "The Road Not Taken" - Robert Frost. http://www.peak.org/~ridgwad/ PGP mail encouraged, finger for key: 28C577F3 2A5655AFD792B0FB 9BA31E6AB4683126 ------------------------------ From: converse@cs.uchicago.edu (timoshenko) Date: 31 Oct 1995 21:13:37 GMT Subject: Re: Author Profiles at Deja News Organization: Univ. of Chicago Computer Science Dept. I received a response from George Demosthenes Nickas, Customer Liaison (demos@dejanews.com) that basically said "OK, we'll remove you, but didn't you realize that by posting to UseNet you opened yourself up to something just like this. We have no sympathy." George Demosthenes Nickas writes: Untrue and misquoted. There is a difference between not having sympathy for someone and not believing in the logic or validity of their arguments. Our position is certainly the latter, but that doesn't mean we don't care about your argument specifically, or privacy/anonymity arguments in general. We *do* care (which is why, as a courtesy, we removed the text of your posts), we just don't agree. ^^^^^^^^^^^^^^^^ Please note what George is saying here. I also wrote to Deja News asking to have my profile removed, and got a reply from George saying that while it was "too painful and expensive" to remove the profile itself, Deja News would be happy to remove the text of the articles that I had posted. This does not address my concern, however. My concern is, in fact, about the profile of groups posted to, rather than the content of the text I have posted. I agree in part with Deja News that postings are public, and therefore it is odd to have an expectation of privacy about their individual content. It is the personal profile that is currently available only through this service, and this is exactly what Deja News is refusing to remove, regardless of their level of "sympathy" or concern for privacy/anonymity arguments. -- ------------------------------------------------------------------------------- Tim Converse U. of Chicago CS Dept. converse@cs.uchicago.edu (312) 702-8584 ------------------------------ From: chip@unicom.com (Chip Rosenthal) Date: 01 Nov 1995 07:48:04 GMT Subject: Re: Author Profiles at Deja News Organization: Unicom Systems Development, Austin, TX Alan Miller wrote: consider supporting a field in the article header such as "X-NoArchive: " They do. It's spelled "Path:". I'd urge the DejaNews people to publicize their news hostname, so that people may opt out of selected archiving if they wish. I feel that would be the responsible thing to do. This ties back to my CLID analogy -- to quell the privacy woes there, the company offered the initiator a way to opt out of Caller*ID (the *67 code here in SWB land.). -- Chip Rosenthal I won't represent the US in the Summer Olympics. Unicom Systems Development - http://www.unicom.com/john-hiatt/ PGP key: http://www.unicom.com/personal/chip.html ------------------------------ From: Fred Baube Date: 01 Nov 1995 13:15:29 +0200 (EET) Subject: Re: Author Profiles at Deja News pshriner@csn.org (Peter Shriner) writes: Of course they aren't doing it now ;-), but consider what governments, law enforcement agencies, corporate security depts., human resources depts., etc. might do with their own version of dejanews. In "The Puzzle Palace", Bamford suggests that as a rule of thumb, assume that the NSA is technologic- ally five to ten years ahead of us mere mortals. I have little doubt that somewhere in the NSA, or elsewhere in the US gov't, there's a quiet little office with a nice big budget, unobtrusively vacuuming up email and news postings and applying AI-based analysis to it. All for national security, dont'cha know. Yours paranoiacally, -- F.Baube(tm) * How is Hallowe'en like Christmas ? G'town U MSFS '88 * Because 31 (Oct) == 25 (Dec) fred.baube@utu.fi * [ from Dr Dobb's ] Information Junkie * ------------------------------ From: rj.mills@pti-us.com (Dick Mills) Date: 01 Nov 1995 16:45:34 -0500 Subject: Re: Author Profiles at Deja News In CPD 7:36, Prof. L. P. Levine wrote: Thus, if I post something with the caviat "not for commercial use" or some such logo, I have the right to restrict those who wish to use my material for gain. In the case of Deja News they clearly intend to do this for profit and wish to use my postings as the source of that profit. In a court of law in a dispute over copyright fair use I would be hard pressed to explain the legal distinction between: 1) A news feed (more or less real time rebroadcaster), and who runs the service for profit. 2) A news archive which rebroadcasts on demand at a later date, and who runs the service for profit. 3) A news client program which reorganizes articles into threads-by-topic, and who licenses the program for profit. 4) The Deja news service which archives and reorganizes articles into threads-by-author, and who runs the service for profit. 5) An improved news client program which allows me to make cross-newsgroup-threads-by-author without use of Deja News, and who licenses the program for profit. It seems that either all of these or none of these fall under the fair use doctrine. Are there lawyers out there who can cite case law specifically regarding Usenet articles and copyrights? More important than legalities is practicality. http, ftp and gopher servers can all make a case for copyright protection but the nature of Usenet news is different. To maintain copy rights it would require every country in the world, plus vessels at sea, to have compatible views about copyright law and fair use. All it takes is one node anywhere in the world to render home country copy rights meaningless. I think the reality is that it is very foolish to post material on Usenet and still expect to exercise any meaningful control over its future use. -- Dick Mills +1(518)395-5154 http://www.albany.net/~dmills ------------------------------ From: "Prof. L. P. Levine" Date: 01 Nov 1995 16:02:38 -0500 Subject: Re: Author Profiles at Deja News [let's end this] Organization: University of Wisconsin-Milwaukee This has been a good discussion and we will come back to it when more is learned but let's end it for now. I will accept one more round of discussion on this for now. -- moderator cpd ------------------------------ From: douga@gate.net (Doug Andersen) Date: 01 Nov 1995 03:02:38 -0500 Subject: Re: Copying Driver's Licenses Organization: CyberGate, Inc. Florida Maryjo Bruce wrote: I withdrew money from my savings account (over 10K) yesterday, and the bank copied my driver's license before they would let me have the money. Do they have the right to do that? Who can copy it? Who cannot? Whom can I call to find out....accurately? What are they going to do with the copy? They will probably do at least two things. First, they want your DL so they can protect themselves if you come back at some point and claim that they gave your money to someone else. Second, if you withdraw cash (and perhaps even if you didn't) they may be required to file a report with various government agencies that look for large cash withdrawals/deposits as a sign of possible drug business. -- Doug Andersen douga@gate.net Home Page: http://www.gate.net/~douga ------------------------------ From: Monty Solomon Date: 01 Nov 1995 13:46:33 -0500 Subject: Controversy Over Medical Records Legislation Begin forwarded message: Date: 01 Nov 1995 10:41:37 -0500 From: James Love Subject: Controversy Over Medical Records Legislation ----------------------------------------------------------------- TAP-INFO - An Internet newsletter available from listproc@tap.org ----------------------------------------------------------------- TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE November 1, 1995 - Senator Robert Bennett and several cosponsors introduce legislation on medical records privacy. S. 1360 would allow millions of law enforcement officials, social workers, graduate students and other health care researchers, government fraud investigators and probably congressional staff to obtain access to computer databases with the medical records for most Americans who pay for care under health insurance programs. The Center for Patient Rights, the Massachusetts ACLU, EPIC, and the Consumer Project on Technology (CPT) have expressed opposition to the bill, as have several privacy experts. However, the legislation is enthusiastically endorsed by the Center for Democracy and Technology (CDT), which was involved in the drafting of the bill, and some other groups have apparently endorsed the legislation. The Consumer Project on Technology is working on a statement about the legislation. Here is the statement about the legislation released yesterday by the Massachusetts ACLU. jamie ---------------------------- Subject: Privacy Rights Alert From: American Civil Liberties Union of Massachusetts jwrclum@aol.com Re: Privacy Rights Alert Date: October 31, 1995 c 1995 ACLUMA We at the American Civil Liberties Union of Massachusetts want to alert you to the fact that the right to medical privacy of all Americans is imperiled by a bill just introduced in the U.S. Congress. This bill, which is claimed to be a "Medical Records Confidentiality Act," in reality may turn out to be profoundly destructive of your right to privacy. Although Part I does contain certain aspects which could help privacy, Part II undercuts the very fabric of patient-doctor confidentiality. First, it preempts many state law and common law protections which currently exist. Second, it pushes the further computerization of medical records, and will bring about the creation of "Health Information Services" --- corporate entities which would receive, process, and serve as libraries for actual on-line medical records forwarded from hospitals, clinics, and individual doctors. It appears that this will take place without any requirement for individual patients' authorization or consent. As we all know, computerized data bases are not immune from being accessed by both unauthorized "outsiders" and unauthorized "insiders." Centralization of data storage, especially in electronic form, simplifies its being accessed. But aside from that, the bill would actually authorize access to the medical records in these data bases by a host of government and non-government entities. Each of our medical records would thus become part of a computerized "lending library" --- an internet of medical records. For example, the bill would permit release of your medical records from "Health Information Services" (the on-line data base holders) and "Health Information 'Trustees'" (providers, hospitals, health plans, employers, insurers, and health oversight agencies) to the following (among others): - Release to researchers (along with your medical history, it is possible that identifying information including your name, address, and phone number would be sent). - Nearly-automatic release, to the opposing party in a lawsuit, of your entire medical history, if your health, physical or mental, has been raised by you as an issue in that lawsuit. - Release to law-enforcement authorities under certain circumstances. - Release to Public Health Agencies under certain circumstances. - Release based on Judicial Warrant --- you would be notified by mail within 30 days after execution of the warrant (90 days or more with the government's ex parte option). - Release based on Judicial Subpoena, Grand Jury Subpoena, or Administrative Agency (e.g. Social Security) Subpoena --- you would be notified on or before the date of its execution (or within 90 days thereafter [or longer] with the government's ex parte option). - A special variant of this, where the identity of the patient is "unknown," would allow the search of records (plural) in order to identify the person being sought. [In essence, this would allow "fishing" expeditions, using a computerized net, into the private lives of Americans.] In some of these situations, you, the patient, will only be informed after the records have been released. You may, in some circumstances, have the legal right to "attempt to quash" the subpoena (etc.) by seeking a court's intervention. However, the standard by which the court is to reach a decision on this will be mandated by this bill to be a consideration of whether the government's interest in obtaining the information outweighs the privacy interest of the individual. We would encourage you to pull up a copy of the actual bill and view it yourself. This can be done through the Library of Congress internet site at http:\\thomas.loc.gov (104th Congress, Senate bill number S 1360 ). Alternatively, a hard copy by mail can be requested from the U.S. Senate Documents Room, by faxing to 202-228-2815 a note containing the bill number and your mailing address. All our voices need to be heard in order to help make certain that this bill is not passed by Congress. Possible actions include: (1) Letters to your Senators and congresspersons, and to the House and Senate leadership. (2) Letters to local newspapers and other media. (3) Forwarding the contents of this message to places where you feel it will be of interest and have impact. This document may be re-distributed freely, provided it remains in its entirety. If you value your right to privacy, the time to act is now.... -- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. Subscription requests to tap-info to listproc@tap.org with the message: subscribe tap-info your name ------------------------------ From: wicklund@Intellistor.COM (Tom Wicklund) Date: 01 Nov 1995 17:21:28 -0700 Subject: Re: Can you Sue if Credit is Denied for Lack of SSN? Organization: Fujitsu Computer Products of America, Longmont straurig@mailgw.sanders.lockheed.com says... A few people misunderstood the question. They thought the bank was paying *me* interest, and needed my SSN for tax reporting purposes, as opposed to a credit account where I pay the *bank* interest. At any rate, the general consensus was, no, I could not sue for this reason, as companies can do business with whomever they like, aside from such issues as race, religion, etc. For loan interest which is tax deductible (mortgage, home equity loan) the bank is required to report to the IRS and required to have your SSN. For other loan interest, they may still report it since it used to be deductible and the IRS probably monitors the amount of interest paid on credit for Congress. ------------------------------ From: jeffs@ncgate.newcollege.edu (Jeff Sonstein) Date: 01 Nov 1995 12:00:32 -0800 Subject: Balancing Voters' Privacy and Access Rights This issue of GovAccess exclusively concerns access to information that is absolutely crucial to grassroots political empowerment -- and appropriate limits on such access. My 8 Jul issue, "GovAccess.159: Freedom's Anvil - Preface: Power to the People," detailed why public access to voter registration information -- that all professional political campaigns already access and use -- is essential for effective *grassroots* action, and how it can be used for that purpose. This issue of GovAccess outlines how access desires of citizen activists can be reasonably balanced with personal privacy desires of voters -- those who seek to impose their will upon their (our!) entire community, city, state and nation. The following is my monthly column [final draft] for the October issue of GOVERNMENT TECHNOLOGY, [govtech.net] which has a monthly controlled circulation to about 60,000 state and local officials -- elected, appointed, administrative and staff. -- jim &&&&&&&&&&&&&&&&&&&& Balancing Voters' Privacy and Access Rights by Jim Warren Small wonder that citizens feel powerless and voters don't bother to vote. Effective political action appears limited only to wealthy politicians and well-funded campaign professionals. Grassroots activism seems to be functionally useless - demolished by incumbents' choke-holds on access to the body politic. Last month's column proposed using the public computer networks to partly redress this outrageous access inequity, between big-bucks professionals and under-funded grassroots activists. The most crucial component of effective political advocacy is access to completely current voters' information. Thus, we urged that such information be made most-easily available to all advocates, by placing copies on the computer nets without charge - possible at very little cost to Registrars, except for those that are profiting from peddling voter data to those the well-funded. Recognizing that online access to voter data has serious privacy issues, we offered polite platitudes and vague suggestions for balancing privacy rights with the need of the body politic to communicate with itself. This column addresses the privacy principles, and offers practical protection mechanisms. The Information Privacy Principle Privacy advocates espouse this policy: "Personal information collected for one purpose shall not be used for another purpose without the prior permission of the person whom it concerns" - especially applicable when personal information is collected by government force, or as prerequisite to receiving full benefits of citizenship - notably including the right to vote. Ignoring the fact that law enforcement, process servers, welfare workers and perhaps others are authorized to use voter registration files to check on citizens - who certainly did not register for that purpose - the question remains: Does disclosing voter information to political advocates violate this privacy principle? Why People Register Most simplistic, citizens "register to vote" just so they can visit a polling place on election day and punch holes or fiddle with levers. More accurately, folks register hoping to impose their will on their fellow citizens and community - local, state or national. Most accurately: People register to vote in order to be empowered participants in the process of community governance - and an absolutely crucial component of that process is that those who may be effected by such governance have fair opportunity for discourse and advocacy with those community decision-makers, the voters. Thus, voter files should be open to political advocates - as they are open to all professional politicians who can afford the costs of obtaining copies. True, this means that those who wish to impose their will on others will suffer from unwanted junk-mail, intruding precinct walkers and irritating campaign callers. And those who wish to remain hidden - for their convenience or safety, e.g. battered spouses or child-support scofflaws - will have to forego the franchise or risk disclosure. Implementing Equal Access To implement the least-costly, most-useful equal access to voter data, any time, from any place, make it available without charge via the public computer networks. Do without charge to Registrars by using cooperating public-sector and private-sector public file-servers - those willing to offer local dial-up modem access for the Registrar to use, who will implement appropriate access restraints (below). Script the Registrar's computer to automatically call each cooperating public file-server; log in with the password provided to the Registrar by the file-server's owner; update the file-server's copies of voter files; then logout, disconnect and dial-in to the next cooperating server. Each file-server is responsible for protecting the uploaded copies from modification by anyone except the Registrar, just as such file-servers already do with tens of thousands of public files. Deterring Improper Use Currently, voter files are often exploited for prohibited personal and business uses, and online public access will provide tempting targets for abuse. However, online access can facilitate mechanisms for deterring abuse - probably much more effective ones than those that Registrars currently use, since these empower voters to aid in their own protection: Each file-server must implement an automated question-and-answer process that must be completed prior to granting access to voter files. It should request complete identifying and contact information about the requester; automatically verify that information to the extent practical (e.g., via requester's voter registration, online phone directories, Unix "finger" queries, etc.), and record all details in a protected public archive open to public review - allowing potent self-policing by voters. I.e., just as voters must not remain hidden, so also must those who request voter information be disclosed! Details of requests for batches of voter information based on selection criteria - e.g., all Democrats registered in the last six months in a specified ZIP-code range - would be included with the requester's id data. The independent, cooperating file-servers might also automatically "seed" each such request with inconsequential name and address variations, unique to the request, that allow cooperating recipients to identify the origin of mailing pieces and phone calls originating from that list - a standard process used by commercial list-purveyors to identify and prosecute prohibited use. When data about individual voters is requested - e.g., suspicious citizens independently checking allegations about "graveyard," out-of-district or otherwise-unqualified registrants - the requester data should include the names of each voter requested, AND complete details of the request should be automatically emailed by the file-server to each named voter or their designee, for voters who provide such email addresses. There should be prominent notice to requesters that list-seeding and voter notification may be used. Democracy and freedom required that all of those who seek political power - both advocates and voters - must remain identifiable to those whom their decisions will impact. &&&&&&&&&&&&&&&&&&&& "Wherever the Net arises, there arises also a rebel to resist human control ... A network nurtures small failures in order that large failures don't happen as often. It is ... fertile ground for learning, adaptation, and evolution ... The only organization capable of unprejudiced growth, or unguided learning, is a network. All other topologies limit what can happen." -- Kevin Kelly, _Out_of_Control_ Mo' as it Is. --jim Jim Warren, GovAccess list-owner/editor (jwarren@well.com) Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc. 345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request> To add or drop GovAccess, email to Majordomo@well.com ('Subject' ignored) with message: [un]subscribe GovAccess YourEmailAddress (insert your eaddr) For brief description of GovAccess, send the message: info GovAccess Past postings are at ftp.cpsr.org: /cpsr/states/california/govaccess and by WWW at http://www.cpsr.org/cpsr/states/california/govaccess . Also forwarded to USENET's comp.org.cpsr.talk by CPSR's Al Whaley. May be copied & reposted except for any items that explicitly prohibit it. Jeff Sonstein, Networks Administrator New College of California 50 Fell Street San Francisco CA 94102 [415] 241-1302 ext. 490 ------------------------------ From: "Prof. L. P. Levine" Date: 18 Oct 1995 13:55:25 -0500 (CDT) Subject: Info on CPD [unchanged since 08/18/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. [new: Ordinary copyrighted material should not be submitted. If a] [copyright owner wishes to make material available for electronic] [distribution then a message such as "Copyright 1988 John Doe.] [Permission to distribute free electronic copies is hereby granted but] [printed copy or copy distributed for financial gain is forbidden" would] [be appropriate.] Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #037 ****************************** .