Date: Mon, 29 Apr 96 15:52:49 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#035 Computer Privacy Digest Mon, 29 Apr 96 Volume 8 : Issue: 035 Today's Topics: Moderator: Leonard P. Levine Privay and Security on the Internet Re: Alternatives to SSN Re: Still more on middle C [end of thread] Individuals Being Screened whowhere.com Stealing Addresses? Medical Privacy on Nightline Security and E-Commerce Info. Needed Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: martina@unibw-hamburg.de (Martina Schollmeyer) Date: 25 Apr 1996 06:29:07 GMT Subject: Privay and Security on the Internet Organization: University of Hamburg -- Germany The world wide web survey: Data Privacy and Security on the Internet, sponsored by the University of Lethbridge, Canada, Texas A&M University-Corpus Christi, USA, and the University of the German Federal Armed Forces at Hamburg, Germany, is entering its final three weeks. We would like to close up shop after May 15, 1996, to start the data analysis. So far we have received about 300 filled out surveys, and we would like to hear more opinions about the privacy issues that are discussed in the survey. If you are interested, the survey will take about 20-30 minutes to complete, and there are two URLs to access the survey: in North America: http://www.sci.tamucc.edu/~martinas/Survey/intro.html in Europe: http://www.unibw-hamburg.de/WWEB/bwl/urs/intro.html The survey is completely anonymous, and the filled out survey cannot be traced back to a specific sender. This is to ensure absolute confidentiality. Please take the time to fill out the survey. We want to know your opinions. Sincerely, Martina Schollmeyer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Martina Schollmeyer, Ph.D. University of the German Federal Armed e-mail: martina@unibw-hamburg.de Forces at Hamburg phone: (+49)(40) 6541-2889 FB WOW fax: (+49)(40) 6541-2780 Holstenhofweg 85 http://www.sci.tamucc.edu/~martinas 22039 Hamburg/Germany +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------------------------------ From: rutgera@ut1.mey.nl (Rutger Alsbach) Date: 25 Apr 1996 15:28:42 +0200 Subject: Re: Alternatives to SSN Robert Ellis Smith <0005101719@mcimail.com> wrote: Does anyone have ideas and suggestions for alternatives to using Social Security numbers to manage large personal data bases - methods like Alpha Search and Soundex? Are there other ways to manage a huge data base and make matches and retrieve files without using SSNs or even numerical identifiers? A complete study of ideas and suggestions is the joint report of the Dutch Data Protection Authority (Registratiekamer) and the Information an Privacy Commissioner for the Province of Ontario, Canada (IPC) of August 1995, called "Privacy-enhanicing Technologies: The Path To Anonymity" (Vols. I en II, ISBN 90 346 32 024). This report is part of the series "Achtergrondstudies en Verkenningen", nrs 5A and 5B. Volume I contains theoretical background info and the results of a survey that was conducted in The Netherlands and Canada. Volume II (written by the Registratiekamer and the TNO Physics and Electronics Laboratory (TNO-FEL) elaborates on the technological concepts and possibilities for engineering "privacy enhanced" information systems. I heard the Report is available on the Net, but I wouldn't know where to find it. By the way, in April 1996 a new provision in the Dutch Privacy Act came into force that forbids ANY use of the SoFi- (Dutch equivalent of SSN) and similar id-numbers provided by the government, EXCEPT when this is permitted / prescribed by law or when this is requisite for carrying out legal obligations. Before April, the Privacy Act was not very clear on this point, although a restricted use of the SoFi- and similar numbers could already be assumed to follow from the general rules of the Act. Given all the discussions on the use of SSN's this may sound somewhat utopian to you... Enforcement, I expect, will not be too easy however. -- Rutger Alsbach ------------------------------ From: "James Brady" Date: 25 Apr 1996 14:14:26 -0400 Subject: Re: Still more on middle C [end of thread] G. Branden Robinson responded to my note as follows: Whoops. I'm sure radio astronomers would be shocked to hear that the phenomena they have spent their careers studying are not natural. The technological means argument may hold, but that one doesn't. Actually, I didn't say RF isn't a natural phenomenon. I simply noted = AUDIO frequencies are a naturally occuring phenomenon in human speech and = other things. RF for _communications_ is NOT a natural phenomenon = outside of the visible light portion of the spectrum. Obviously, there = _are_ natural RF sources. What I was really getting at is that they are completely different = phenomenon and the rules for one do not necessarily apply to the other. Scott Wyant wrote: Am I the only one who still listens to Neil Young's "Cinnamon Girl?" The one with the hilariously cool guitar break that consists of the same note played about 40 times? Can't say I recall the song. Perhaps that betrays my age, or my taste in = music, or my lack of paying attention to song titles, or the fact that I = hear the "Barney" song a lot more than any other single song these = days.... I'd have to hear it to tell, but I suspect the "about 40" repetitions of = the same note are punctuated by rests of varying duration that may make = the song fail the 8-bar test. -- Jim Brady [moderator: This gets pretty far from privacy, so let's close the thread here.] ------------------------------ From: jrakoff462@aol.com (JRakoff462) Date: 27 Apr 1996 11:52:56 -0400 Subject: Individuals Being Screened Organization: America Online, Inc. (1-800-827-6364) I've read a little (too little) about systems companies use to screen individuals (relational data-bases, data havens, electronic profiling). I also have been informed ofthe NCIC (national Computer Index of Crime) and the BCI (Bureau of Criminal Information) which are apparently for use by law enforcement officials, and CDB Infotech, for licensed private investigators. I wonder what the legal protections are for individuals and if they are at all effective. An example: I knew a man who submitted the license plate of his ex-wife's new boyfriend to an investigation company in order check the other man's police record (he'd spent time in prison). This information was used at a custody trial. Also, I imagine pretty detailed credit histories are easily available. Any info would be greatly appreciated. -- Robert Anasi ------------------------------ From: rich@c2.org (Rich Graves) Date: 27 Apr 1996 19:54:22 -0700 Subject: whowhere.com Stealing Addresses? Organization: Uncensored Internet, http://www.c2.org/uncensored/ In addition to by-now-routine snarfs of Usenet and such, the database behind www.whowhere.com includes 27,128 names and email addresses taken rather recently from a large shadow password file at a certain major US university a few miles from whowhere.com's "headquarters." It is patently obvious that this is what they did, because there are misspellings and daemon IDs in their database that can only be traced to said shadow password file. They are not available via finger or in any directory. I urge you to investigate whether the password file at your site has also been obtained by whowhere.com, and to act accordingly. Also, the InterNIC contact addresses for whowhere.com bounce. That's all I can say for now. - -rich http://www.c2.org/~rich/ ------------------------------ From: "Prof. L. P. Levine" Date: 28 Apr 1996 08:22:37 -0500 (CDT) Subject: Medical Privacy on Nightline Organization: University of Wisconsin-Milwaukee Last night on Nightline (Friday April 26) Ted Koppel discussed the problems inherent with people with genetic defects. He discussed two cases, one with a problem called Fragile X Syndrome (in which a woman has a 50% chance that each child she bears is mentally defective) and one with a genetic defect in a family where many of the women in the family have died before the age of 45 from complications due to breast and ovarian cancer. Not only is this a medical problem, it is also a serious privacy problem. Who has the right to know about the defects that all of us carry in our genes? Dr. Francis Collins, a Physician Geneticist was on the show speaking as an expert. He defended the research on the grounds that a physician has the moral duty to alleviate suffering. He pointed out that the information gained can be used for good or evil and that we must be sure that we maximize the benefits while minimizing the risks. He discussed the problems linked with abortion of defective fetuses, and asked where the boundary line falls between aborting a fetus that has a fatal defect and aborting a fetus because it is the wrong sex. He correctly indicated that when a person has a test performed, he or she can use use the information gained to allow for effective preventive medicine targeting on the particular health aspects which are at risk. Collins used as an example the case of a person who knows of an at-risk condition due to colon cancer. As a positive result he now can get ready to do annual colonoscopies so as to find the polyps when they are small and easily treated. On the down side, he now may well get a letter from his insurance company telling him that they just heard about this too and that his insurance has been canceled. Collins made the point that testing must be voluntary, we have to give a great deal of attention to informed consent. He spoke of being gratified with the moves currently in Congress with respect to genetic testing and is looking forward to something positive becoming law. He sees bills moving forward that would forbid insurance companies denying coverage in health insurance based on information gained from such tests. He pointed out that no law had yet passed both houses and been signed by the President however. They got to the meat of the privacy issue when Koppel pointed out that once the doctor, the patient and his or her family knows about a genetic problem, how do we keep future employers, the military and insurance companies from knowing and using this information. Collins pointed out that legislation is moving forward on this issue also, but has yet to see law passed and signed that would properly control this issue. He called for the people to talk to their legislators about this to get the point across. His final remark was "...we all have glitches in our DNA... probably 4 or 5 genes that are pretty fouled up, and we are going to have the opportunity to find that out pretty soon. If that is going to be used against us, who will be left insurable, whose privacy is going to be safe. We have to act now." I must ask if someone in this group has information as to the status of legislation on medical privacy issues. Perhaps people who work in the insurance industry have some comments here. ------------------------------ From: DCQ006@ps.uib.es () Date: 29 Apr 1996 08:37:42 GMT Subject: Security and E-Commerce Info. Needed Organization: Universitat de les Illes Balears Hi, I'm doing a project on Security and E-Commerce, and I would appreciate any informations on two subjects: * Graphics and statistics about the growth of the e-commerce in the last years, and also on the comercial cracks and hackers' activity on this period * Future tendencies, projects... on e-commerce, and how security is going to affect the future on the commercial sites. When I say 'any informations' I'm talking about URL's (of course) Thanks a lot, and please forgive my bad use of English! Joan Andreu (Universitat de les Illes Balears) dcq006@ps.uib.es aiq005@teix.uib.es ------------------------------ From: "Prof. L. P. Levine" Date: 17 Mar 1996 09:14:50 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #035 ****************************** .