Date: Thu, 14 May 92 16:46:14 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#026
Computer Privacy Digest Thu, 14 May 92 Volume 1 : Issue: 026
Today's Topics: Moderator: Dennis G. Rears
Re: SSN's from AT&T
Re: If you have nothing to hide
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
Re: "IF you have nothing to hide..."
"IF you have nothing to hide..."
Re: Privacy and Law and Order (Long)
Re: What's to hide?
people and privacy
Re: "IF you have nothing to hide..."
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Wed, 13 May 1992 20:52:12 -0400 (EDT)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Re: SSN's from AT&T
In Computer Privacy Digest V1 #025 hibbert@xanadu.com (Chris Hibbert)
writes:
>In article <comp-privacy1.17.2@pica.army.mil> Dave Niebuhr writes:
>>When AT&T does this, do they include the privacy statement detailing why
>>the SSN is required and to whom they will divulge that number and any
>>data associated with it?
>
>Only government agencies are required to include a privacy statement.
>This may not be to your liking, but it's not useful to ask whether
>commercial organizations include one. (The question as to whether
>AT&T should be considered an arm of the government can be kept
>separate. In any case, no court will rule that they are bound by
>rules that apply only to the government.)
>
>>My employer specifically states that, when logging into a computer system,
>>no personal identification whatsoever is to be used as a method of access
>>any system. This includes employee id number.
>>
>>Dave Niebuhr
>
>Doesn't an account ID constitute personal identification? What's the
>point of your statement? (It doesn't mean that all accounts should
>appear anonymous to the outside world, does it?
>
>Chris
Yes it does constitute personal identification if, and only if, the user
id can be traced to a person via name alone. The point I was getting at
and maybe didn't make it clear was to prevent the users from initially
setting a password to something readily identifiable. They are free
to change the password at any time without our knowledge and probably
sometimes to our/their regret.
The one problem that does crop up and I'm just as guilty as almost
anybody else who uses e-mail is that I have a personal info file
that can be used to trace directly to me and this is tacked onto each
message I send.
That got somewhat off the topic; to get back to SSNs, I looked at
a CPR/First Aid/BLS signup course sponsored by the local YMCA and
on line one was a space for the Social Security Number. What the
hell do they want that for? I can't see any good reason at all.
The only thing I can think of is the BLS (Basic Life Support) certification
which is given by the state. Guess I'll call them tomorrow and find out.
I think that if enough questions are asked about what SSNs are used for and
why, maybe some places will begin to understand that they don't need them
(probably wishful thinking on my part).
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
Date: Wed, 13 May 1992 21:22:39 -0400 (EDT)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Re: If you have nothing to hide
Why do I dislike the statement "If you have nothing to hide ...?"
Very simple; if I choose not to let someone know something about me when
asked, I don't have to tell them.
What is it with some people that they get upset when I choose not to
give them the information that they want when asked. A common one
is "How much did you pay for that car, house, etc.?" I realize that that
statement is simplistic but they have no earthly reason to know.
By putting the question in the terms mentioned in the beginning, the
asker is putting the askee on the defensive and makes them feel like
it is an intrusion into their personal lives. What difference one way
or another is it any of the asker's business.
Maybe I choose to keep some information about myself private. Why not?
That's my right as a citizen of the United States and I'm sure it's true
in many other countries as well. Witness the waves of terror conducted
by the secret police of many countries both past and present. Those six
words can strike fear into almost any individual when asked by a person
in a position of authority.
Let's face it, the public is coming more and more to see just how much
intrusion there is into their lives especially if they deal with computers,
databases, etc. I feel that they want to just set back and say Whoa! Is
that really necessary?
If I want to have an unlisted number, that's my privilege so long as the
telco allows me to have one. If I have one, I'm making it just that
harder (although probably not hard enough) for someone to look up my
address and pester me vis the mail or telephone. If I call my local
Radio Shack and they ask for the phone number, why should I give
it to them? For their mailing list?
O.K. I'll give them that. But why should I get into an argument with
the manager just because I refuse. I've run into their sales people who
have almost given me the "third degree" when I refuse.
There are other places that are just as annoying and even though I
don't want to give them whatever they ask for, why should I be told,
even though through implication, "If you have nothing to hide ..."
------------------------------
From: petersow@saifr00.cfsat.honeywell.com (Wayne Peterson)
Subject: Re: "IF you have nothing to hide..."
Organization: Honeywell Air Transport Systems Division
References: <comp-privacy1.19.2@pica.army.mil>
Date: Wed, 13 May 92 23:15:47 GMT
3 reasons for privacy.
If I knew who killed JFK, I wouldnt want the FBI to know where I
lived.
If I were abducted by aliens, I wouldnt want the FBI to know where
I was (nor aliens for that matter).
If Pat Robinson became president, I wouldnt want the government
to know my religious believes.
With thought I am sure I could come up with a couple more reasons,
without covering up criminal intent.
------------------------------
From: "Jay A. Wood" <jwood@andromeda.rutgers.edu>
Subject: Re: "IF you have nothing to hide..."
Date: 14 May 92 00:39:51 GMT
ygoland@edison.seas.ucla.edu (The Jester) writes:
>One of the reasons that many people are against 'intrusive' laws is
>because they disagree with the rational "If you have nothing to
>hide, then you don't need to worry." However what I have failed to
>see is a single cogent explination of WHY the rational of "If you
>have nothing to hide, then you have nothing to fear" is a bankrupt
>one. Would anyone care to provide a concise explination of WHY the
>previously mentioned rational is wrong? And please, though examples
>are useful for illustration of a point, they do not make one.
> The Jester
The most cogent explanation I can think of is that, while you may have
nothing to hide *NOW*, there is no telling who or what will be making
the rules in the future, and things that are now OK may become illegal
(think of, say, owning property in a country that becomes socialist).
If the gov't (or anyone else with power) has the data, bad things could
happen...
------------------------------
From: The Jester <ygoland@edison.seas.ucla.edu>
Subject: Re: "IF you have nothing to hide..."
Date: 14 May 92 07:57:56 GMT
There have been several posts regarding my quest for a definitive
statement regarding WHY the concept of "if you have nothing to hide
then you have nothing to fear" is wrong. However these posts have
consistently ignored the point I ended my post with, that examples
do NOT make a point, they only illustrate one. The responses seen so
far have been examples and lots of them, some good, some not, but
examples none the less. So far no one has been able to write a
concise explination of WHY they feel that this idea is wrong. We are
all in agreement that the statement IS wrong. Why is everyone
(myself included) having so much trouble comming up with a short,
direct, statement of why?
The Jester
--
"Only the blind see in color."
"Any union based upon pigment is foolish ignorance designed to
give power to those few who enjoy power's taste above the common
welfare."
------------------------------
From: David Karr <karr@cs.cornell.edu>
Subject: Re: "IF you have nothing to hide..."
Date: 14 May 92 16:28:24 GMT
In article <comp-privacy1.19.2@pica.army.mil> ygoland@edison.seas.ucla.edu (The Jester) writes:
>Would anyone care to provide a concise explination of WHY the
>previously mentioned rational is wrong?
Because everyone has something to hide from someone. Even you. (Or do you
claim there is NOTHING you ever do that you would be ashamed for me to have
a videotape of?)
>And please, though examples
>are useful for illustration of a point, they do not make one.
And, pray tell, why not? Suppose I tell you that it's a bad idea to shove
paper clips into live electrical outlets with your bare fingers. Suppose
you don't believe me. Suppose I then suggest you try it and see, and you
do, and you get a shock. Now the shock would just be an example illustrating
my point, not exactly a mathematical argument, yet I think it would make the
point pretty well, don't you?
-- David Karr
------------------------------
Date: Thu, 14 May 92 13:55:57 CDT
From: "Len E. Elam" <lelam%kuwait@sun.com>
Subject: "IF you have nothing to hide..."
ygoland@edison.seas.ucla.edu (The Jester) in Volume 1, Issue 019,
Message 2 of 7 writes:
One of the reasons that many people are against 'intrusive' laws
is because they disagree with the rational "If you have nothing
to hide, then you don't need to worry." However what I have
failed to see is a single cogent explination of WHY the rational
of "If you have nothing to hide, then you have nothing to fear"
is a bankrupt one. Would anyone care to provide a concise
explination of WHY the previously mentioned rational is wrong?
And please, though examples are useful for illustration of a
point, they do not make one.
In <comp-privacy1.20.8@pica.army.mil>, lupine!mellon@uunet.uu.net (Ted
Lemon) writes
Privacy is a good way to protect yourself from the tyranny of
the majority if you are in the minority.
For example, gay couples in states where homosexuality is
against the law must use their right to privacy to protect
themselves - if the police could legally tap their phone to find
out when they were planning on having a romantic evening, then
they would have probable cause to step in and make an arrest.
Religion is another good reason for one to protect one's
privacy. There are countless communities in the U.S. where,
regardless of actual constitutional law, the fact that you are a
Jew or an atheist (or, heaven forfend, a Pagan), can wind up
costing you your ability to function in the community, and
sometimes your job or even your life.
Privacy *is* important. While it's impossible to prevent Joe
Random Loser from listening in on your cellular phone
conversations, establishing the legal precedent that such
listening is an illegal invasion of privacy means that if the
information obtained in that way is openly used against you, you
have grounds for both a lawsuit and for the dismissal of any
charges that may be made against you. If there is no such
precedent, then there are no grounds for either a civil suit or
the dismissal of any resulting charges. Laws don't always have
to be generally enforceable to be useful.
IMHO, this sums it up fairly well.
--
------------------------------
From: Emmett <icsu8249@cs.montana.edu>
Subject: Re: Privacy and Law and Order (Long)
Date: 14 May 92 03:29:14 GMT
In article <comp-privacy1.18.3@pica.army.mil> John Higdon <john@zygot.ati.com> writes:
>> From: Conrad Kimball <cek@sdc.boeing.com> writes:
>
>> If I was given the option of selecting my line's default to be either
>> blocked or unblocked, with a '*' code to temporarily reverse the
>> default, I'd be a happy camper.
>
>Is this what it would take to satisfy you on the whole matter of CNID?
>This comes under the heading of "feature implementation" and is so
>trivial as be not worth mentioning, yet is would be, for you, the
>salvation of CNID. Incredible.
>
Key words there are 'for you'. As for the 'feature implementation'
argument, when is the last time you tried to get something changed
after you accepted delivery? It's always made sense to me to get it
right the first time. The fact that there is a controversy over
this issue at all should show you that not everyone believes it
would be offered as a feature.
[ Argument that privacy shouldn't be given up now that we have it, deleted ]
>And that, dear sir, is exactly why you and millions like yourself can
>get credit cards, debit cards, instant store accounts, bank lines of
>credit, property sale closures in days instead of months, and all of
>the financial conveniences that are taken for granted these days. Do
>you think that all of these companies and financial institutions would
>just hand you the money if they knew nothing about you? In Smalltown,
Do you think I would get letters about 'Terrific new products we're
just absolutely positve you'll love hearing about, even when we send
you yet another copy of this letter with a TENTH variant of your name
on it.' if they new nothing about me??
>after you had lived there for about ten years, Mr. Smith might just
>open a store account for you with a small limit. After another ten of
>showing a good payment history (as observed and recorded by Mr. Smith)
>you might get your limit raised. Of course all of this credit is only
>good at one place: Mr. Smith's.
>
>Today, your credit is portable and easily obtained at new locations.
>How did YOU think that it was possible to walk into a store for the
>first time in your life and open an account? Magic?
>
>> Must we tolerate (nay, even aid and abet!) repeats of the shoddy history
>> of credit bureaus such as TRW, in which the worst problem is not so much
>> that they have a lot of data (which some would argue is a problem in
>> itself), but rather that so much of the data they have is incorrect,
>> and use of which can seriously damage people.
>
>Then it should be corrected. I have done this myself; it is not hard.
>Without this extensive database, we would be forced back into a
>cash and carry society. While some may approve of that, there are many
>more who would not.
>
Your argument is that you and others who share your opinion feel you
would be inconvenienced if you were forced into a situation not of
your choosing or of your liking. Guess what my argument is.
>> Some people have raised concerns
>> about lifestyle data being fed to insurance companies, which being *very*
>> highly motivated to reduce risk, raise rates or refuse coverage in
>> situations that do not in fact warrant it. And, when they raise your
>> rates or refuse you coverage, how are you to know the basis for their
>> unjust decision?
>
>Try asking. Someone, somewhere started the "truism" that "they" are
>unreachable, untouchable, and have unlimited power. I have received
>such things as notices of cancellation and simply called the company to
>get an explanation. In some cases, after discussing the matter, the
>cancellation was rescinded. I am surprised that you give people so little
>credit for being able to pick up a phone or write letters of inquiry.
Why is this my responsibility?? These people are paid quite handsomely
for providing information that is presumed accurate by their customers.
Extending your line of reasoning leads to the argument that if I choose
to eat food that has been shipped to a grocery store in a truck, then I'm
responsible for doing maintainance work on the truck.
>Of course, failing to mention those avenues of redress gives more
>weight to your argument. And speaking of weight:
>
>> - The greenhouse effect.
>
>> - Smoking.
>
>> - Logging
>
>What do these things have to do with privacy? Is the implication that
>the consequences are on a par with these things? Is this the only way you
>can make your argument seem non-trivial? The most serious privacy
>violations that could occur in modern society will not kill, mame, or
>even cause much more than a minor annoyance or inconvenience. We are
>not talking disasterous global climate changes here. We are not talking
>500,000 deaths a year. We are not even talking about endangered
>species.
>
No, we're talking about minor annoyances and inconveniences. Frankly,
given a choice I'd just as soon avoid them. Besides, it's at least
as important to me as the issue of death from smoking (I don't smoke)
and will impact me personally a lot more than spotted owls (I doubt
I'll encounter a significant number of spotted owls in my liftime,
but I'm pretty sure I haven't seen the last of the annoyances and
inconveniances. Besides [ my turn to be dramatic ], falling two
feet is pretty minor by itself, but if they happen to be the last
two feet of a hundred foot drop, the results are noticable.
[ Bluster about things I consider irrelevant deleted ]
>
>There is someone who asserted in print that we are all going
>to get cancer because of electrical transmission lines. I would guess
>that you must be in favor of shutting down our electrical grid until
>someone proves him wrong. Never mind that it would disrupt our whole
>way of life, destroy the economy, and literally make it impossible for
>people to live in our cities. But we cannot take any chances now, can
>we?
>
Until you hit the bit about shutting down the cities, you weren't doing
too badly there. Shut 'em down says I. :-)
>So it is with privacy. A few very noisy people are running around
>announcing the death of all we hold near and dear because some nasty
>people can find out our little secrets. Shall we return to green visors
>and ledger paper until the theorists can come to a conclusion one way
>or another? Does it really matter?
>
For someone who was just complaining about making sweeping statements
just for effect, don't you think this is a bit much??
Personally I see it as a bandage. I'd rather do away with the nasty
people that can 'find out our little secrets'. As far as I'm concerned
it does matter.
If it were an ideal world, I can't think of anything I've personally done
in the privacy of my own home that I would really care one way or another
if the world knew about (a few things that might disturb my mother, but
such is life). Unfortunately, there are a lot of people in the world (and
even in Montana) who possess value systems that I choose not to subscribe
to. Some of them have the clout to be more than minor annoyances.
You used the metaphor of Smalltown, USA. In Smalltown, there was only
one Mrs. Grundy, if you include Tinytown and Diminuitive-ville to the
list we're talking about at least three Mrs. Grundys. How many do you
suppose live in the New York or LA areas alone? Can you really blame
me for not wanting to be forced to deal with them??
>
>--
> John Higdon | P. O. Box 7648 | +1 408 723 1395
> john@zygot.ati.com | San Jose, CA 95150 | M o o !
--
Larry Emmett v 'Computers are a lot like the God of the
Internet:icsu8249@cs.montana.edu /o\ Old Testament. A whole lot of rules
Bitnet: icsu8249@MtsUnix1.bitnet --- and no mercy.' -- Joseph Campbell
------------------------------
From: The Jester <ygoland@edison.seas.ucla.edu>
Subject: Re: What's to hide?
Date: 14 May 92 08:14:05 GMT
>The Jester writes:
> However what I have failed to see is a single cogent explanation of
> WHY the rationale of "If you have nothing to hide, then you have
> nothing to fear" is a bankrupt one.
>
>Let me try, without using examples: the definition of what it is that you
>have to "hide" rests with the government, not you. If the legal system
>creates bankrupt laws that make your private life punishable, then you end
>up hiding and fearing for simply living your life and pursuing your own
>happiness.
This is, without a doubt, the most concise statement (and summary)
of the views so far expressed on the topic of "If you have nothing
to hide then you have nothing to fear". The unform attitude seems to
be "The government is evil and we must protect ourselves from it." I
will not delve into the question of the 'evil' of government as it
has already been pointed out that this thread may not belong in this
group. Instead I will try to shorten the reasoning even more and ask
for comment:
The reason the statement "If you have nothing to hide then
you have nothing to fear" is false is because the government
is out to get you.
I'm sure there will be some argument on the addition of a modifying
adjective such as 'usualy', 'sometimes', 'on occasion', or what have
you. But I find that a triffling matter.
The Jester
ps. On the subject of the appropriatness of this thread, I would
remind the readers of this group that when the question of privacy
comes up there is one single device, more than all the phone taps
and all the listening devices put together, that destroys and
protects our privacy:The Computer. Big Brother and Libertarians both
have PC's.
--
"Only the blind see in color."
"Any union based upon pigment is foolish ignorance designed to
give power to those few who enjoy power's taste above the common
welfare."
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Subject: people and privacy
Date: Thu, 14 May 92 11:01:57 CDT
michael.scott.baldwin@att.com writes:
>
>Every library I know of keeps track of who checks out books. Your problem
>here is that the data is more easily accessible now? Hm, I suspect that
>it's not hard for the administration to get to that data for *any* library.
>
Not quite. Every librarian that I know about, and I know quite a few,
when faced with the problem of who checks out what, especially with
library automation in view, has demanded that the system installed
keep only records about books out of the library and has insisted that
no memory of a checkout is maintained after the book is returned. I
know of librarians who have refused automated systems that did not
maintain this feature. I recommend that you call your local city or
University librarian and check this out.
I am further aware of librarians who have refused to help the FBI when
requests have been submitted about who checked out what. This was
done in spite of personal danger-to-job threats. Librarians know all
about privacy and have been very protective in general over the years.
As am aside, I have just received a newsletter from my state
representative Barbara Ulichny, 4th district, Wisconsin. In it, among
other things, she reports the result of a user survey asking if you
object to the state distributing your name and address out of the
drivers' licence database. 83% said yes. Even the man in the street,
at least those in their cars :-), understand the meaning of privacy
when it is offered to them.
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine e-mail levine@cs.uwm.edu |
| Professor, Computer Science Office (414) 229-5170 |
| University of Wisconsin-Milwaukee Home (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A. FAX (414) 229-6958 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
------------------------------
From: Carl Ellison <cme@ellisun.sw.stratus.com>
Subject: Re: "IF you have nothing to hide..."
Date: 14 May 92 20:18:56 GMT
The proposition behind the trick question is that the government has the
right to spy on us without being equally open and transparent to all
citizens in return.
The flaw is that this proposes a two-class system with the people in the
second-class role. That is reversed from the basis of this country.
Knowledge is power and in our democracy, the power lies in the people not
in the government. It is therefore vital that the government have a
minimum of knowledge about the citizens and that the citizens have a
maximum of knowledge about the government.
Result: prohibit encryption technology in the hands of the government; give
it to the individual citizens only.
After all: aren't we happy that Ollie North's criminal activities were
available for public examination?
------------------------------
End of Computer Privacy Digest V1 #026
******************************