Date: Mon, 27 Apr 92 17:12:12 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#001
Computer Privacy Digest Mon, 27 Apr 92 Volume 1 : Issue: 001
Today's Topics: Moderator: Dennis G. Rears
1st issue of the digest
Re: For savings we can count on our finers
CPSR Sues NIST for DSS Info
Federal law and SSNs
Should political speech be censored online?
More on US West and CallerID in Colorado
Report on Privacy & US West's "Community Link" Gateway
All the Myriad Ways...
Re: Cordless phones
The Computer Privacy Digest is a a forum for discussion on the effect of
technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@pica.army.mil and administrative
requests to comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Mon, 27 Apr 92 17:00:57 EDT
From: Computer Privacy List Moderator <comp-privacy@pica.army.mil>
Subject: 1st issue of the digest
This is the first issue of the Computer Privacy Digest (CPD). I just want
to mention a couple of things to both the old readers of the Telecom
Privacy Digest and to new readers.
The Computer Privacy Digest (CPD) evolved from the telecom-priv list
which no longer exists. Some of the items in this digest started in
the Telecom Privacy digest. The digest was also known as telecom-priv.
The CPD is distributed as a digest to an email list (comp-privacy). It
is distributed to the USENET newsgroup, comp.society.privacy as
individual news items.
I anticipate a large number of users will want off the mailing list
due to the availablity of the forum on USENET. It might take me a few
days to catch up. I will ACK all requests.
I initially plan (depending upon volume) to publish a digest per day.
Dennis
--------------------------------------------------------------------------
Dennis G. Rears
MILNET: drears@pica.army.mil UUCP: ...!uunet!cor5.pica.army.mil!drears
INTERNET: drears@pilot.njin.net USPS: Box 210, Wharton, NJ 07885
Phone(home): 201.927.8757 Phone(work): 201.724.2683/(DSN) 880.2683
-----------------------------------------------------------------------------
------------------------------
Date: Thu, 23 Apr 92 07:01:53 EDT
From: Dave Niebuhr <dwn@dwn.ccd.bnl.gov>
Subject: Re: For savings we can count on our finers
In Volume 4 : Issue 043 sorensen@spl.ecse.rpi.edu (Jeffrey Sorensen)
writes:
[Moderator's Note: This thread originated in the original telecom-priv
forum. ]
>New York state's legislature is currently debating a proposal that would
>require Medicaid recipients to carry a photo ID and to be fingerprinted. While
>I think the proposal has a number of risks, for example amputees could
>experience _another_ cutback...
>
>Seriously, this week's _Legislative Gazette_ (Apr 6 '92) amusingly demonstrates
>the risks of leaving politics to the politicians. Here are some of the
>insights:
>
... text deleted ...
>
>So there you have it, a system that will catch somewhere between 11% and 0.8%
>of the total fraud for the bargain price of $2 million a year plus the setup
>fee. Shouldn't we have a better estimate if we are going to measure the
>benefits of the system?
>
Typical of the idiotic New York Legislature. No brains at all.
>Further, I wonder how much saving can be attributed to the effectiveness of the
>system and how much is due to the perceived effectiveness of the system. There
>is this "scarecrow" effect that may not last in the long run. Perhaps some
>people will find work arounds. Perhaps New York should install a fake
>fingerprinting system with fake computers and fake databases at a lower cost
>and still get the same savings. Plus none of the civil liberties risks...
Currently, there is a non-driver ID that is obtained at the Department of
Motor Vehicle Offices. Getting one of these or a driver's liscense is a
pure hassle and if the Legislature goes through with this. Guess where they'll
probably have this done?
If anyone thinks Congress is screwed up, I'll trade legislatures with them
anytime at all.
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: David Sobel <dsobel@washofc.cpsr.org>
Date: Wed, 22 Apr 1992 18:48:35 EDT
Subject: CPSR Sues NIST for DSS Info
>From Remote CPSR Sues NIST for DSS Info
Computer Professionals for Social Responsibility (CPSR) filed suit
today against the National Institute of Standards and Technology (NIST) and
the Department of Commerce, seeking disclosure of "all documentation and
research materials that NIST used and/or developed to evaluate technology in
choosing a digital signature standard." The Freedom of Information Act case
was filed in the U.S. District Court for the District of Columbia.
NIST published a notice announcing its proposed DSS last August and
solicited public comments on the proposal. CPSR asked the agency to release
the requested information to facilitate a more informed public discussion of
the standard. The National Security Agency has since acknowledged that it
played a leading role in the development of the proposed DSS. NIST has
refused to release the requested records on the grounds that disclosure
would interfere with the agency decision- making process and reveal proprietary
information contained in pending patent applications.
David Sobel Legal Counsel CPSR Washington Office
------------------------------
From: "John M. Joy" <jmjoy@eiffel.cs.psu.edu>
Subject: Federal law and SSNs
Date: Thu, 23 Apr 1992 17:49:21 -0400
Would anyone happen to have the section of U.S. Federal law handy (presumably
some part of PPRA) which requires institutions normally using an individual's
Social Security account number as identifier to use a GenSym identifier
instead, on the request of the individual? I had to go through roughly
a half-day's worth of hassle to become one of the handful of personnel
at this institution of forty-odd-thousand to have an ID number that's
NOT my SSN, and even now, several months later, have work-study students
and sundry other peons telling me that my ID number is "temporary" and
not wanting to provide me services.
JMJ
------------------------------
From: "Glenn S. Tenney" <tenney@netcom.com>
Subject: Should political speech be censored online?
Date: Fri, 24 Apr 92 06:59:17 GMT
Before this newsgroup was formed I posted a few items to the
moderator of the mailing list. These postings announced my
online candidacy to the U.S. Congress *and* raised the issues
in my platform that we need more access to information, more
and better uses of technology, etc.
The moderator refused to allow these postings to be
delivered to the mailing list claiming that since
he works for/at the Arm the Hatch Act precluded him
from campaigning. After checking with the Office of
Special Counsel (who is in charge of administering the
Hatch Act for the Federal Government) the staff assured me
that there would be no violation of the Hatch Act,
yet the moderator still refused to allow my postings to go
out.
In the moderator's announcement of this newsgroup he says:
" This newsgroup is to provide a forum for discussion on the effect of
technology on privacy. All too often technology is way ahead of the
law and society as it presents us with new devices and
applications. Technology can enhance and detract from privacy.
This newsgroup will be gatewayed to an internet mailing list.
I welcome any and all submissions that deal with the effect of
technology on privacy."
When should a moderator censor postings to this newsgroup?
Should the moderator even BE a Federal employee if there
is possibility of restrictions on article submissions
imposed by the government (or his superiors)? Isn't this
medium of a moderated newsgroup/mailing-list more analogous
to the moderator being a letter carrier? etc. etc.
What do you think?
Glenn Tenney
Democratic Candidate, U.S. Congress
12th Congressional District
tenney@netcom.com
(415) 574-2931
And, yes, this posting was paid for by the Glenn Tenney
For Congress Campaign Committee just like any other commercially
accessible Unix system -- at the time when it was entered into
the network.
[Moderator's Note: I was the moderator of telecom-privacy. A couple of
points: His submission was an announcement and a copy of his platform.
To me there was little difference between his submission and advertising
which is generally prohibited from the net. If a third party would have
sent me something along the lines of "There is a candidate running on
privacy issues and he believes in this and that" I probably would have
publish it just like if a third party likes to reccommend something in
misc.consumers. Dennis ]
------------------------------
Date: Thu, 23 Apr 92 19:38:56 -0700
From: Peter Marshall <ole!rwing!peterm@uunet.uu.net>
Subject: More on US West and CallerID in Colorado
The 4/14 issue of COMMUNICATIONS DAILY noted that "Colo. PUC last week
approved one-year trial Caller ID tariff for US West. But RHC didn't
like conditions and said it would withdraw tariff for
all...(CLASS)[services], move that PUC then challenged."
According to the telecom trade journal, the PUC required free,
default, per-line blocking for nonpub and unlisted users, with others
able to choose a form of blocking for a 6-month period.
The article cites a Colorado Commissioner's statement that US West had
provided no proof that services wouldn't be profitable without line
blocking. The company, however, withdrew the entire set of services,
including Call Trace; and the PUC disputed US West's application to
withdraw the tariff, asking for a legal opinion.
Another Commissioner termed US West's actions "deeply upsetting," amnd
the PUC indicated it would also have to take a "new look" at the RHC's
rates, because of linkage between introduction of CLASS services and
development of Signaling System 7.
------------------------------
Date: Thu, 23 Apr 92 19:16:36 -0700
From: Peter Marshall <ole!rwing!peterm@uunet.uu.net>
Subject: Report on Privacy & US West's "Community Link" Gateway
On 4/17/92, the Minnesota PUC issued a "Notice Soliciting Comments on
Report of the Advisory Panel on Privacy Issues Related to Community
Link Videotex Gateway Service."
According to the PUC's Notice, they had granted CLM Associates
authority to provide videotex gateway service in Minn. on 12/4/92, in
an Order that had aslo invited parties filing comments to participate
in an Advisory Panel "to examine privacy issues raised by the
Community Link service offering." The PUC had also asked the Dept. of
Public Service to chair this panel and report back to the PUC. On
4/6/92, the panel submitted a report to the PUC, who put the report
out for comment on 4/17/92. Initial comments are due by 6/1/92, with
reply comments due one month later.
The DPS coordinator for the panel informed the PUC that while the
panel was in process, CLM Assocs. had written to a number of ISPs, or
Information Service Providers, "advising them of issues before the
panel." Written comments were received from five of these ISPs.
Examples follow:
On "Community Link User Mailing Lists and ISPs' Use of Information
Obtained Directly from the End User": "follow generally accepted
business practices now used in...Minnesota regarding mailing lists and
end user information."
On "Consumer Notification of Online Privacy Standards": "ISP's using
Community Link will have differing policies regarding reuse of
consumer provided information."
On "Mailing Lists of Community Link Customers": "If there is a
regulation concerning checkoffs for receiving direct mail then it
should be a negative checkoff."
On "information I obtain from customers": "The questions you raise are
aleady being addressed in Federal regulations.... some 60,000 pulic
computer systems..., including at least 500 in Minnesota,...have for
the past 10 years been routinely offering these same servicves over
the public voice telephone network...."
On "the privacy notification": "the best place for it is in the
printed materials.... Placing it on the on line screens causes teh
customer a lot of extra expense...."
On "User Mailing Lists": "Community Link and...all serious public
videotex services...would suffer if US West were not allowed to share
the names of Community Link users with Community Link ISPs.... a
'negative checkoff procedure'...should be offered."
On "ISPs' Use of Information Obtained Directly from the End User": it
was our understanding that individual ISPs and the Service Bureaus
that hosted ISP services could collect the names and addresses of
users..., but not share the names and addresses with any other
entity...without the express permission of the individual users....
However, there is no denying that this constrains the development of
privately-owned public videotex information services; it is important
to remember...that any any extra barriers...have the effect of locking
out independent ISPs...and leaving the field open to the
larger...companies(Prodigy, CompuServ, etc.)."
On "Consumer Notification of Online Privacy Standards": "the Commjnity
Link Guide should carry printed information stating that...users'
names and addresses will be passed on to third parties unless an
individual user specifically requests otherwise...."
On "how...users will be identified to Service Providers": "so long as
usage and cost are not mandatory, there is not much of a protection
issue.... Requiring permission creates a signficant hurdle...at the
start of the sales process. This will severely retard the development
of information services."
On "use of information by SPs": "The ISP(or direct marketer)has
reasonably free use of the information unless requested by teh
customer."
On the other hand, comments by the Minn. Dept. of Admin. differed from
those of the IPs, wich included Minitel Services Co. and GPT Videotex,
a GE of England affiliate.
E.g., this state agency asked "If a compnay wants to increase teh
value of its lists why doesn't it offer folks who appear on those
lists some financial advantage to do the positive check off?" The
agency also stated "Clearly, the information gathered from the use of
these services should be restricted," and that "A privacy notice
buried in a user's guide may not be effective communication."
Community Link now operates in Minn. and Nebr. and is scheduled for
Seattle in late-92 or early 93. CLM, or Community Link Minitel, is a
joint venture of US West and Minitel.
Material from the Advisory Panel report will be forthcoming.
Peter Marshall
--
------------------------------
Path: watyew!rmgreen
From: rmgreen@watyew.uwaterloo.ca (Ronald M. Green)
Subject: All the Myriad Ways...
Date: Sat, 25 Apr 1992 01:00:34 GMT
Hello! Well, where to start?
As a Canadian who has long been enamoured of surveillance and information
technology - the result, I suspect, of a fascination with the field of the
private investigator (and my place in it) - I think that the only regret I
have about this group is that is didn't exist even earlier. A late start, but
what the hey...
I'll leap back in after I see what major threads people want to develop,
but a few obvious suggestions (touched on in the "Keywords" line) include:
Scanners (radio monitors for "private" (laugh) frequencies)
Phone Phreaking (by-passing of telephone protocols and fees)
Micro-Mikes (the world of bugging and tapping)
Net-Watching (tracking folks through their Net activities)
Of course, there is much more to the field, but like I said, I'll let
other folks develop the initial threads.
I think I'm going to enjoy this...and now, if you'll excuse me, I think
I'm going to indulge in some recreational scanning for a while...
Be seeing you!
- Ronald M. Green -
------------------------------
From: Craig "Powderkeg" DeForest <zowie@daedalus.stanford.edu>
Subject: Re: Cordless phones
Date: 27 Apr 92 03:08:35 GMT
Followups-To: comp.society.privacy
>In article <Apr.23.16.38.01.1992.22195@pilot.njin.net> mla@pilot.njin.net (Marc L. Appelbaum) writes:
>>I've been reading all these msgs about cellular phone calls. I just
>>don't see why anyone would want to monitor cellular phone calls. Yes,
> [stuff about tabloids & privacy]
But it's none of your business!
Damn it! Those photons are hitting *me*! They're *MINE*. I'll do whatever
the hell I want with *my* photons, regardless of the law.
I firmly believe in privacy -- I won't go looking into people's houses, or
tapping their phones, or whatever.
But, if you want privacy, you *don't* shout so that everyone within ten
miles can hear it. If you want privacy, you don't broadcast your conversation.
If people don't want me to hear their conversation, they ought not to
be shooting photons at me!
followups elsewhere; this ain't folklore anymore.
--
Craig DeForest: zowie@banneker.stanford.edu *or* craig@reed.bitnet
----------------------------------------------------------------------------
"So, if you guys make a living looking at the SUN, why do you spend so much
time at the SYNCHROTRON, working UNDERGROUND at NIGHT?"
------------------------------
End of Computer Privacy Digest V1 #001
******************************