Date: Tue, 12 May 92 18:00:22 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#021
Computer Privacy Digest Tue, 12 May 92 Volume 1 : Issue: 021
Today's Topics: Moderator: Dennis G. Rears
Re: "If you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: E-mail privacy should be independent of carrier.
Is Email Private--NOT!
Re: Census Bureau Database
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: 12 May 92 08:33:00 EST
From: Ken Jongsma x7702 <JONGSMA@benzie.si.com>
Subject: Re: "If you have nothing to hide..."
A poster asked what was wrong with the subject concept. I'm sure many will
respond with the typical examples of a government entity going way beyond
rational behavior based on incomplete or inaccurate information.
For a rather impressive example, although supposedly fictional, I'd recommend
the movie Absence of Malace from a few years back. The advertising tag was
something along the lines of: "Suppose everything they said about you was
accurate, but none of it was true."
Ken
jongsma@benzie.si.com
------------------------------
Date: Tue, 12 May 92 11:35:44 EDT
From: Brinton Cooper <abc@brl.mil>
Subject: Re: "IF you have nothing to hide..."
The Jester <ygoland@edison.seas.ucla.edu> asks why the rationale
"If you have nothing to hide, then you have nothing to fear" is wrong.
Here are some examples of how unregulated gathering of information on
you is wrong, immoral, unfair, counterproductive, etc:
1. Some personal information, while not illegal or
immoral is, nevertheless, embarrassing. For example:
a. Consider a single female parent, living in the
religious-right South. Consider that her child was borne out of
wedlock. Now, her child is socially a "bastard" in the community.
b. You have non-contagious cancer.
c. You are gay and live in an intolerant community.
d. You were borne to Jewish parents and live in
an intolerant community.
e. Seven years ago, in another place in your
life, you declared personal bankruptcy and started over. The law
permits you to do this. At some point, your financial sins are to be
forgiven.
f. You are HIV positive.
g. You are 45 years of age. Twenty years ago,
you served 3 years in prison for a felony. You have lived an exemplary
life since.
There may be some organizations who have some legitimate need for
isolated pieces of such information. This does not give every
interested user the right to every piece of information that exists on
every resident of the nation.
2. Some information may be wrong or wrongly used.
Police use of demographic patterns in a database to seek fugitives from
justice can result in the arrest, even killing, of innocent people.
Such errors have occurred without the indiscriminate use of automated
databases.
3. Criminals themselves can use personal information.
Articles concerning the recent arrest of Social Security employees who
sold employee records to "information brokers" suggested that drug
dealers may purchase the records of prospective customers to learn if
they are, in fact, undercover cops!
Perhaps "The Jester" has a point. Perhaps many of us have
something "to hide," and that such hiding is a legitimate restriction on
our personal information.
_Brint
------------------------------
From: Dan Sorenson <viking@iastate.edu>
Subject: Re: "IF you have nothing to hide..."
Date: Tue, 12 May 1992 18:14:50 GMT
In <comp-privacy1.19.2@pica.army.mil> ygoland@edison.seas.ucla.edu (The Jester) writes:
>One of the reasons that many people are against 'intrusive' laws is
>because they disagree with the rational "If you have nothing to
>hide, then you don't need to worry." However what I have failed to
>see is a single cogent explination of WHY the rational of "If you
>have nothing to hide, then you have nothing to fear" is a bankrupt
>one.
The statement is true; however, the worry may not be with what
we have to hide, but how much security and liberty we have released so
that others may probe for anything we may be hiding. The statement
assumes that one is guilty until proven innocent, and this goes against
the entire grain of the justice system in the USA and Britain.
<Dan Sorenson Dod #1066| ISU just takes my money, not my opinions. >
<z1dan@exnet.iastate.edu |"Compared to war, all other forms of human >
<viking@iastate.edu | endeavor shrink to insignificance." -- Patton>
------------------------------
From: Carl Ellison <cme@ellisun.sw.stratus.com>
Subject: Re: "IF you have nothing to hide..."
Date: 12 May 92 20:59:41 GMT
In article <comp-privacy1.19.2@pica.army.mil> ygoland@edison.seas.ucla.edu (The Jester) writes:
>One of the reasons that many people are against 'intrusive' laws is
>because they disagree with the rational "If you have nothing to
>hide, then you don't need to worry." However what I have failed to
>see is a single cogent explination of WHY the rational of "If you
>have nothing to hide, then you have nothing to fear" is a bankrupt
>one. Would anyone care to provide a concise explination of WHY the
>previously mentioned rational is wrong?
I have forgotten the name for this kind of fallacious argument. Thank God
my mother doesn't read USENET. She'd never forgive me. (It's related
to "when did you stop beating your wife?".)
The fact is, I *do* have something to hide. For example, I want to hide
from my mother the fact that I forgot the label for this bogus argument.
If any of you tells her, I'll be in big trouble. :-)
I might have other things to hide.
I might be having an affair with the boss's secretary.
I might be a member of the Communist Party.
I might be an ex- drug addict.
I might be a member of the Hair Club For Men.
I might dye my hair.
I might shave my legs.
I might be a TV preacher and get turned on by strippers.
None of these things is illegal. Any one of them might be embarrassing.
When I have a private conversation with someone I might want to bring up
things which are perfectly legal but which certain criminals in our society
(can you spell Joe McCarthy, boys and girls?) might use to make my life
miserable. Since the most dangerous criminals are in the government, it is
from the government that we need protection.
On the more serious side, what about the person who is HIV positive and
wants an on-line support group? The way our society was paranoid, not only
was encryption called for but also secret drops -- so that no one would
know who was talking to whom. In this case, it was most especially the
government who was the potential enemy and who had to be kept in the dark.
It was the government which made noises about setting up concentration
camps for infected people.
Meanwhile, I haven't mentioned the Nixon administration and its use of the
US intelligence community against private citizens.
----------
All this talk of the tyranny of the majority and its government reminds me
of d'Toqueville. I haven't read it since high school but I believe he
had something to offer on the subject.
------------------------------
From: Mike Johnston <shearson!jenny.dev388.LOCAL!mjohnsto@uunet.uu.net>
Subject: Re: "IF you have nothing to hide..."
Date: Tue, 12 May 1992 21:05:21 GMT
In article <comp-privacy1.19.2@pica.army.mil> ygoland@edison.seas.ucla.edu (The Jester) writes:
One of the reasons that many people are against 'intrusive' laws is
because they disagree with the rational "If you have nothing to
hide, then you don't need to worry." However what I have failed to
see is a single cogent explination of WHY the rational of "If you
have nothing to hide, then you have nothing to fear" is a bankrupt
one. Would anyone care to provide a concise explination of WHY the
previously mentioned rational is wrong? And please, though examples
are useful for illustration of a point, they do not make one.
The Jester
Mr. Jester,
If you have nothing to hide then would you object to a 'Usenet Law' that
required real and full name disclosure? Your phone number? Social
Security Number? Sexual preference?
One of the biggest reasons I object to this type of thinking is because
tends to lead in directions you hadn't initially considered. Personally
this sounds like a bit of Marxist theory that should have gone the way of
the U.S.S.R. I think you could find statements like 'If you have nothing
to hide, then you have no need to worry', throughout history but that
doesn't necessarily make them valid. The reason I say this because
they're generally attached to opressive, totalitarian regimes like
Nazi Germany or Stalinist Russia and were used to great advantage by
the KGB and Gestapo during their respective reigns. There are tens
of millions of people, I'm sure, who could argue strongly against
this reasoning were it not for the fact that they've been 'done in'
by the very same logic.
In all but the aforementioned brand of governments there is at least
a general concensus to a right of privacy which your premise attempts
to circumvent. It also assumes the goverment will do the proper thing with
information obtained. It should be clear, to all but the most jaded communist
(or those masquerading as Social Democrats), that this simply isn't the case.
Trusting the government, any government, has always been a bad idea.
I apologize for being emotional about this issue but this is a hot
spot with me. I would also suggest that this really be moved to
a more appropriate newsgroup.
MJ
--
Michael R. Johnston mjohnsto@jenny.shearson.com
Lehman Brothers (212) 464-3061
"I was a reporter, and this worried me a great deal and I could not understand
how the devil I had gotten myself into such a fix." - Hesse
------------------------------
From: Mike Rose <mrose@kali.stsci.edu>
Subject: Re: E-mail privacy should be independent of carrier.
Reply-To: mrose@stsci.edu
Date: Tue, 12 May 1992 18:29:56 GMT
On 11 May 92 01:35:10 GMT, cmcl2!panix.com!sbarber@uunet.uu.net (Steve Barber) said:
>Solution? Get a cellular phone and
>take it to work. Get one with a modem and jack into the internet via a
>public access host that ensures your privacy by contract or statute (i.e.
>the ECPA of 1986), from your own laptop. Ridiculous? Sure.
The idea of using a public access host is not ridiculous, I use one
for personal mail - but I only access it from home, no cellular phone
needed. Your scenario above presumes that you have to do all this at
work. The way I see it, if I'm doing something so private that I
choose to use a public access host, then my employer shouldn't be
paying me to do it.
--
Mike Rose, mrose@stsci.edu, 410-338-4949
------------------------------
From: "Darren E. Penner (Dokken" <dpenner@ee.ualberta.ca>
Subject: Is Email Private--NOT!
Date: Tue, 12 May 1992 19:31:24 GMT
The privacy of Email may seem sacred to most people, and I am sure that in the
future steps will be taken to insure that it is made so but at the present
moment many commercail systems do not garantee such. Mail sent to yourself
over your mainframe at work it highly suspect. Any individual with Root/God
privledges can get at your mail with enough work, even if a simple encryption
scheme is used. (It is quite easy for an individual to become someone else
on a mainframe, sure that gets logged, but logs can be altered).
Now I don't know about the laws in the United States, but it seems in Canada
this is quite an issue. All of the bulliten boards that I subscribe to have
notices stating that NO garentee of privacy is assured by marking the message
as private. This only assures the user that OTHER users can not access that
information, not the Sysop. The very fact that this notice (Seems to be
the same one used on most systems and if thier is interest I could wade through
the Newuser Bullitens again and snag one) has cropped up so often seems to
imply that we do have laws protecting ones rights, but since our current
computer systems do not garantee such they have to "Cover thier ass" with
legal mumbo-jumbo.
While on the topic I should also state that if you do subscribe to local
BBS system DO NOT EVER use a password that you may use at work or an a
pay for use system. Many of the BBS programs I have evaluated do no
encrypt your password in any way or form. As such the sysop may now have
access to your valuable accounts. Mainframe systems in general encrypt your
password but even here a word of caution must be used in selecting a password,
Don't use common words, our system administrator regularly runs a program
that guesses peoples passwords by encrypting a spell checking dictionary
and then comparing the results with the /etc/password file on Unix. Note: the
password file on UNIX is accessable to everyone, and this password checker
is also in the public domain. In this case he is using the program to protect
his users but a "Bad person" could just as easily do the same.
Just a couple of things to think about the next time you log on.....
--
------------------------------------------------------------------------------
Darren E. Penner | dpenner@ee.ualberta.ca | Opinions are my
KWM Consultants Limited (Work) | alberta!bode!dpenner | own unless stated
U of A, Edmonton, (University) | Phone No. (403)-481-8785 | otherwise.
------------------------------
From: James Davies <jrbd@craycos.com>
Subject: Re: Census Bureau Database
Date: Tue, 12 May 92 19:53:52 GMT
In article <comp-privacy1.19.1@pica.army.mil> null!eric@sparky.imd.sterling.com (Eric J. Johnson) writes:
>What got me started writing this article was a conversation I had
>a few days ago with a genealogy fan in my office. I had tacked
>up on the wall of my office one the many articles flying about
>regarding all the information available to someone with your SSN.
>He read the article and told me that he could get much more
>information through an area genealogical society, which has been
>tracing families through dial-up access to the Census Bureau's
>computer. It seems they have access to individual's personal records.
It's illegal for the Census Bureau to give out information that can be
narrowed down to individuals. However, this restriction is removed
after about 60 years -- they just released the information from the
1920 census. I think the delay is pegged to the average life expectancy
somehow. I'd believe that they have genealogical records for your
ancestors (maybe even you, if you're over 62 years old), but I refuse
to believe that they can access 1990 individual data.
I do think you have a legitimate concern about matching the Census
tract data with other databases to narrow it down...maybe it's time
to get the Census Bureau to enlarge their minimum census areas
to a few thousand people.
------------------------------
End of Computer Privacy Digest V1 #022
******************************