Date: Sat, 03 Feb 96 10:21:11 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#012 Computer Privacy Digest Sat, 03 Feb 96 Volume 8 : Issue: 012 Today's Topics: Moderator: Leonard P. Levine Universal Tracking of Road Traffic Re: Lotus [IBM] Blinks Telecomm Bill Translation Re: Computer Policy from American Library Association The Computer Law Observer #16 Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: Phil Agre Date: 01 Feb 1996 19:25:04 -0800 (PST) Subject: Universal Tracking of Road Traffic I have here the most amazing document. It is a Request for Proposals (number 95-7, dated January 1996) from the State of California Air Resources Board (Research Division, 2020 L Street, Sacramento CA 95814) entitled "Incorporation of Radio Transponders into Vehicular On-Board Diagnostic Systems". The ARB wants someone to build transponders and receivers that allow computers to automatically poll cars to determine if their emissions systems are failing, in the process accumulating a database of the cars' locations on particular dates and times. According to the RFP, by 1996 new cars and light trucks in California are required to have onboard systems that illuminate a dashboard light if the emissions systems are malfunctioning. Since the appearance of this light does not ensure that the car's owner will get the emissions system fixed, the ARB is proposing that new cars and light trucks starting in the year 2000 (it doesn't say all of them, but it does say 1,000,000 of them) be required to include transponders that can broadcast the car's VIN number, the emissions system fault codes, the vehicle's location at the time of the query, and a status code. The receivers are supposed to be capable of automatically polling the "fleet" of cars equipped with transponders and storing in a database the following information: date and time of current and last query, VIN, status and fault codes, and "vehicle location (to the zip code level, and city)". The contractor also "shall produce a public service video documenting the system and explaining the concept and the benefits of such a transponder-assisted approach to enhancing the present I/M [Inspection and Maintenance] program." In case it's not clear, the ARB is envisioning a system under which cars sold in California will be required to incorporate a device ("no larger than a pack of cigarettes") that the state can use to track its whereabouts at all times. This plan poses a greater threat to individual privacy than automatic toll collection or any other plan currently under development for non-commercial transport informatics, so far as I know. Environmental concerns are real, and the air in Los Angeles is a crime, but plenty of means are available for alleviating air pollution without constructing the technological groundwork for an authoritarian society. -- Phil Agre ------------------------------ From: fyoung@oxford.net (F Young) Date: 02 Feb 96 12:25:04 EST Subject: Re: Lotus [IBM] Blinks WELKER@a1.VsDeC.nL.nuwc.navy.mil wrote: The hazard of which I speak is not fraud, but merely loss of data. If you are my broker and don't get my encrypted/signed buy/sell order on time because you lost my public key, or your private key, or if you later claim not to have been able to validate the transaction, there could be large amounts of money on the line. A key held in escrow by a trusted third party thwarts deniability (or requires conspiracy to compromise the system). The "low-tech" analogy would be having a document notarized or co-signed -- the notary can attest that he saw both of us sign it. If it is believed to be beneficial to have keys held in escrow for particular business transactions, the parties to the transaction(s) can, in their free wills, have the keys (or part of) held in escrow by their legal counsels or other third parties chosen by those involved in the transactions. However, if the parties decide to retain their privacy by keeping their keys secret to themselves and take the risk of suffering from the potential financial lost you mentioned, then they should have the choice to do so. ------------------------------ From: Monty Solomon Date: 02 Feb 1996 22:52:27 -0500 Subject: Telecomm Bill Translation [moderator: I have excerpted from the following all of the information the author reports on the Telecom Bill's impact on _privacy_. As some of you must be aware, the impact of the bill on freedom of speech may well be pivotal, but for our purposes here, the following excerpt is appropriate.] From: jfischer@supercollider.com (James Fischer) Date: 02 Feb 1996 16:10:13 -0500 Subject: [NetWatch]: Telecomm Bill Translation As a public service, I'd thought I translate some of this loosely into English. > SEC. 402. OBSCENE OR HARASSING USE OF TELECOMMUNICATIONS FACILITIES > UNDER THE COMMUNICATIONS ACT OF 1934. > (a) OFFENSES- Section 223 (47 U.S.C. 223) is amended-- > `(1) by striking subsection (a) and inserting in lieu thereof: > `(a) Whoever-- > `(1) in the District of Columbia or in interstate or foreign > communications-- > `(A) by means of telecommunications device knowingly-- > `(i) makes, creates, or solicits, and > `(ii) initiates the transmission of, > any comment, request, suggestion, proposal, image, or other > communication which is obscene, lewd, lascivious, filthy, > or indecent, with intent to annoy, abuse, threaten, or > harass another person; So, it seems that if I were to suggest that both the US House and Senate take this ammendment and use it to check on their prostates, this would possibly violate this section of the proposed law. [snip by moderator cpd] > `(B) makes a telephone call or utilizes a > telecommunications device, whether or not conversation or > communication ensues, without disclosing his identity and > with intent to annoy, abuse, threaten, or harass any person > at the called number or who receives the communications; So, when that bill collector from Shylock Finance calls, simply tell him that you will consider any further phone calls to be a clear indication of an intent to harrass you. Looks like this provision will do wonders for folks who are behind on their payments... > `(C) makes or causes the telephone of another repeatedly > or continuously to ring, with intent to harass any person > at the called number; or And with caller ID and/or *69, you can find out that the person ringing your phone at 9am on a Saturday morning >>IS<< the guy from Shylock Finance. [snip by moderator cpd] -- james fischer jfischer@supercollider.com ------------------------------ From: Peter Marshall Date: 02 Feb 1996 08:31:58 -0800 (PST) Subject: Re: Computer Policy from American Library Association Don't clap yet. Not only has the rotund lady apparently not yet sung on this one, but the overall show seems to have more than one tune to it. For starters, you might want to check this again. This appears to be a draft interpretation modifying current ALA policy and seems to be awaiting final adoption at an upcoming ALA meeting. Not yet a done deal. Of course, it is also the case that such ALA policies are not binding on member libs. and are therefore not "enforcable." Also of interest in context: while this proposed ALA policy is pending, here in WA State, also pending before the WLA Board is a proposed WLA policy that could open the door to so-called "fee-based" services in publicly-funded libraries; while in recent letters to Sen. Gorton and Rep. White on the "CDA" amendments to the now-passed telecom bill, WA's State Librarian and Co-Chair of a state "task force" on "public info. access policy," only sought narrowly to "protect" libraries as such from the effects of the legislation. Notably, it took a formal request under WA's public disclosure law to obtain copies of the State Librarian's letters. In similar fashion, via a proposed amendment to a "harmful to minors" measure in WA's Leg. that's awaiting its initial committee vote, the WLA's lobbyist sought again simply to exempt libraries and some other institutions. Meanwhile, another part of this state-level scenario is another pending bill that in seeking to implement the recommendations of this same State Librarian co-chaired "task force," would give the State Library some $200,000. Interestingly, the group's final report not only displeased a number of public interest advocates and activists here, but was particularly criticized for paying inadequate attention to information privacy; while to boot, virtually none of the public comment on the draft report nor even a list of those commenting, was anywhere to be seen in the report that now supposedly provides the basis for the bill to implement it. If WA State's any example (and let's hope it is not), hold the applause. Peter Marshall ------------------------------ From: Galkin@aol.com Date: 29 Jan 1996 18:01:16 -0500 Subject: The Computer Law Observer #16 WE HAVE A NEW NAME !!!!!! *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ THE COMPUTER LAW OBSERVER *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ January 29, 1996 [#16] ===================================== GENERAL INFO: The Computer Law Observer is distributed (usually) weekly for free and is prepared by William S. Galkin, Esq. The Observer is designed specifically for the non-lawyer. To subscribe, send e-mail to wgalkin@earthlink.com. All information contained in The Computer Law Observer is for the benefit of the recipients, and should not be relied on or considered as legal advice. Copyright 1996 by William S. Galkin. ===================================== ABOUT THE AUTHOR: Mr. Galkin is an attorney in private practice in Owings Mills, Maryland (which is a suburb of Baltimore). He is an adjunct professor of Computer Law at the University of Maryland School of Law and has concentrated his private practice in the Computer Law area since 1986. He represents small startup, midsized and large companies, across the U.S. and internationally, dealing with a wide range of legal issues associated with computers and technology, such as developing, marketing and protecting software, purchasing and selling complex computer systems, and launching and operating a variety of online business ventures. He also enjoys writing about computer law issues! ===> Mr. Galkin is available for consultation with individuals and companies, wherever located, and can be reached as follows: E-MAIL: wgalkin@earthlink.com/TELEPHONE: 410-356-8853/FAX: 410-356-8804/MAIL: 10451 Mill Run Circle, Suite 400, Owings Mills, Maryland 21117. Articles in The Observer are available to be published as columns in both print and electronic publications. Please contact Mr. Galkin for the terms of such usage. *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ ELECTRONIC PRIVACY RIGHTS AND POLICE POWER *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ [This is the third of a series of articles discussing privacy rights in the digital age.] It's no secret. Law enforcement agents are closely monitoring traffic on the Internet. It is also no secret that crime is proliferating on the Internet at a frightening pace. Law enforcement agents are a bit unnerved as they watch their tried and true methods of law enforcement become antiquated. However, law enforcement on the Internet is starting to come of age. Here are some recent examples: (1) The Secret Service set up a bogus bulletin board system for the purpose of attracting people who want to sell stolen cellular phone codes. Thieves often get these codes by using scanners which pick up the code-embedded signals emitted from moving cars. The result: six arrests and seizure of 20 computer systems. (2) The Justice Department ended a two-year investigation into use of America Online (AOL) for the distribution of child pornography and perpetration of other sex-crimes. The result: 125 homes were searched, computer systems seized and numerous arrests made across the country. (3) Just this month, the Secret Service noticed that Virtual Visions (http://www.vv.com/~gilmore/head/heads.html) put up a new web page which shows the heads of public figures such as Bob Dole, Boris Yeltsin and Bill Gates, slowly exploding. Virtual Visions intended this to be political satire. The result: the developer of the web page received a visit from the Secret Service. The Fourth Amendment - The objectives of law enforcement and of personal privacy are on a collision course on the Information Highway. Law enforcement personnel desire access to as much information as possible to conduct their investigations. Individuals want to restrict access to personal information. It is necessary to achieve a balance between effective law enforcement and personal privacy. How the Fourth Amendment to the U.S. Constitution is interpreted will play a crucial role in determining where this balance is reached. The 4th Amendment prohibits government agents from conducting unreasonable searches and seizures. The Supreme Court has defined a seizure of property as a "meaningful interference with an individual's possessory interest in that property." The concept of seizure of information differs dramatically from seizure of tangible property. Seizure of tangible property means that the owner has been deprived of the use and possession of the property. Whereas, when information is "seized" the owner may still have possession of the information. It is just that the information has been copied and is now also in the hands of someone else. It could be argued that under the Fourth Amendment no seizure occurs when digital information is merely copied. However, applying the analysis used to prohibit wiretapping (which has been defined as a seizure), seizure of information would also fall within the constitutional definition of seizure. In the information context, "seizure" should be interpreted as meaning being deprived of the ability to control the disclosure and dissemination of the information. This ability to control is the value of the possessory interest of information. The application of the term "search" in the digital environment is more complicated. An unlawful search requires as a prerequisite that (1) subjectively, the person in possession of the item searched had an actual expectation of privacy and (2) objectively, the person had an expectation of privacy. The subjective expectation of privacy element has been criticized, because in theory, it would be very easy for the government to eliminate any expectation of privacy by announcing that it will perform broad searches. However, in practice, the Supreme Court has focused on the objective requirement. On one end of the spectrum is data resident in a stand-alone computer. Here, there is certainly an objective expectation of privacy. On the other end of the spectrum lie the vast open areas of the Internet, such as web pages and newsgroups to which there can be no objective expectation of privacy. Accordingly, law enforcement agents are free to roam through these open areas, assemble records on who is participating in which groups, and what they are saying. For example, if the Secret Service wanted to assemble all the messages that you posted in newsgroups in the last year (the technology to perform this search available) in order to determine your political positions, this would not violate the Fourth Amendment. The middle ground is where the legal battles will be fought. This will primarily involve information that is in the possession of a third party, and is not readily accessible to the public. Under traditional constitutional analysis, where information is disclosed to a third party, the expectation of privacy is abandoned. For example, most state laws, and the federal Constitution, permit wiretapping if one party to the conversation consents. However, the scope of the abandonment will usually only apply to the amount of information needed by the recipient. For example, the telephone numbers you dial are disclosed to the phone company in order that the phone company can perform its service. Thereby, a person abandons the expectation regarding the number dialed. However, even though the content of telephone conversations is also given over to the phone company, this content is not needed for the phone company to perform its service. Therefore, the content of phone conversations retains the expectation of privacy. By analogy, this would also apply to e-mail messages maintained on a service provider's equipment. Information such as the senders' and recipients' addresses, the file sizes and times of transmissions are not private. But the content of the messages would be. In the workplace, an employer is not permitted to consent to a search of personal areas of an employee. For example, a desk draw that contains personal correspondence. By accepted convention, this is a private area. Private network directories which require a password to enter would probably also retain an expectation of privacy. However, in each case, a court will look at specific corporate policies to determine whether there is an objective expectation of privacy or whether the employee was informed that the employer may at any time without notice enter these pass-worded directories. Along these lines, since a court wants to determine the objective expectation of privacy, an agreement that an employer will not consent to a search would have no effect. What would be needed is an agreement that the employer will not access these private areas, which deprives the employer of the right to consent. When determining the objective expectation privacy, courts will have to balance the value of the particular privacy interest claimed against the level of the law enforcement interest. Only this month, America Online under subpoena turned over personal e-mail records relating to a criminal investigation where the murderer allegedly met the victim in an AOL chat room. AOL has been criticized for not challenging the subpoena. AOL's position is that if it receives a search warrant, it will comply. This case highlights the valid competing interests of both law enforcement and personal privacy. -- END -- ------------------------------ From: "Prof. L. P. Levine" Date: 30 Jan 1996 18:45:30 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #012 ****************************** .