Date: Thu, 01 Apr 93 17:07:11 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#030
Computer Privacy Digest Thu, 01 Apr 93 Volume 2 : Issue: 030
Today's Topics: Moderator: Dennis G. Rears
Akron BBS Sting Update 3
Re: Virginia voters & Social Security Numbers
Re: Virginia voters & Social Security Numbers
Re: law on ss.no (Privicy Act)
Re: law on ss.no (Privicy Act)
Medical SmartCard Privacy Risks
Information privacy and applying for an apartment
Email Privacy
Research on interactive publishing systems
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: 27 Mar 93 11:41:54 EST
From: David Lehrer <71756.2116@compuserve.com>
Subject: Akron BBS Sting Update 3
"Munroe Falls carryout"
The following is an editorial published in the Akron Beacon Journal
on Wednesday, March 24, 1993. This editorial is copyrighted by the
Akron Beacon Journal, and commercial use or resale of this article
is forbidden. Permission to post this editorial in its entirety
has been generously granted by Mr. David B. Cooper, Associate
Editor.
Background:
The 9-month long Mark Lehrer/Akron Anomaly BBS felony trial
situation terminated on March 8, 1993.
Topic: Published articles about the Akron Anomaly BBS 'sting'
directed by Munroe Falls, Ohio police chief Steve Stahl on June 18,
1992. All published articles concerning this 'sting' and
associated battles will be distributed immediately upon permission
being granted by the author(s).
Responses are encouraged!
From the Beacon: "We welcome your letters and the chance to publish
as many as possible."
"We ask that letters be original, concise and legible and bear
the writer's full signature, address and daytime phone number."
"All letters are subject to editing. We withhold names only for
good reason. The same conditions apply to letters sent by fax."
"Please address your letters to Voice of the People, Akron
Beacon Journal, P.O. Box 640, Akron, Ohio 44309-0640."
"If you want to send your letter by fax, use our fax number:
(216) 996-3520."
David Lehrer
*******************
07084027
MUNROE FALLS CARRYOUT
Akron Beacon Journal (AK) - WEDNESDAY March 24, 1993
Edition: 1 STAR Section: EDITORIAL Page: A14
Word Count: 313
MEMO:
Editorial / Our Opinion
TEXT:
The Fourth Amendment to the Constitution was written to safeguard
ordinary citizens against unreasonable search and seizure.
Recently, however, law-enforcement officials have taken to
seizing possessions of convicted and suspected criminals,
particularly drug dealers.
In the case of 23-year-old Munroe Falls resident Mark
Lehrer, police confiscated a sophisticated, $3,000 computer
setup, programs and disks on the suspicion that he might be
letting kids look at dirty pictures. That charge was never proved.
In fact, it appears that police received only one or two
complaints about his computer bulletin board, none from area
parents. Lehrer contends a clerical error put the pornography
into files accessible to all the bulletin board's users, not just
adults. Police enlisted a 15-year-old, falsified his identity
for a membership and then helped the teen call up a possibly
offending program.
But, when the Summit County grand jury refused to indict the
University of Akron computer whiz on the original charges, Munroe
Falls police filed other charges based on the possibility
that some of the programs in Lehrer's private collection
contained pictures of minors.
Lehrer did plead guilty to a misdemeanor charge of 'attempted
possession of criminal tools' -- his computer -- based on those
subsequent charges.
No one downplays the seriousness of crime in our society,
whether it's in the suburbs or inner cities. None argue that
children should be able to view pornography.
But in the absence of compelling evidence that Lehrer was
trying to peddle child porn to kids, either at the outset of
this case nine months ago or now, it could appear that the police
acted hastily in confiscating the computer. Such actions invite
questions as to whether the police were protecting against a child
pornographer or using the intimidating powers of the police and
judicial system to help themselves to a nice hunk of expensive
machinery. dl
DESCRIPTORS: MUNROE FALLS; MARK LEHRER; POLICE; BIOGRAPHY; CHILD
PORNOGRAPHY; EVIDENCE; OBSCENITY
------------------------------
From: sean@cobra.dra.com
Subject: Re: Virginia voters & Social Security Numbers
Date: 29 Mar 93 18:54:40 CST
Organization: Data Research Associates, Inc.
In article <comp-privacy2.29.1@pica.army.mil>, Jeremy Epstein <epstein@trwacs.fp.trw.com> writes:
> It is not believed that the ruling will affect other state agencies
> (such as motor vehicles) which require SSNs, because those are not
> considered public records.
In most states, motor vehicle records are considered public records. I
believe there are only two states (as of 1989?) that don't have any "public"
access to motor vehicle records, and maybe a half-dozen that have only
limited access (i.e. you need to be a big insurance company, or a "licensed
investigator"). In states with Freedom of Information Acts every record
except those listed as exceptions in the act (usually a short list of less
than a dozen items) are considered public records.
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Domain: sean@sdg.dra.com, Voice: (Work) +1 314-432-1100
------------------------------
From: Larry Hunter <hunter@work.nlm.nih.gov>
Subject: Re: Virginia voters & Social Security Numbers
Reply-To: Hunter@nlm.nih.gov
Organization: National Library of Medicine
Date: 30 Mar 93 10:51:51
Jeremy Epstein nicely summarized the victory of privacy interests in
preventing the State of Virginia from requiring SSNs to register to
vote. Although he mentions the ACLU, who were not involved in the
case, he neglects to mention CPSR, who filed an important Amicus brief
in the case. Public Citizen, as noted, also provided legal
assistance. Here is the CPSR press release describing the case,
including a pointer to an ftp/gopher/wais site containing the text of
the opinion.
PRESS RELEASE
March 26, 1993
"FEDERAL APPEALS COURT UPHOLDS PRIVACY:
USE OF SOCIAL SECURITY NUMBER LIMITED
- - - -
CPSR Expresses Support for Decision"
A federal court of appeals has ruled that Virginia's divulgence of the
Social Security numbers of registered voters violates the Constitution. The
Court said that Virginia's registration scheme places an "intolerable
burden" on the right to vote.
The result comes nearly two years after Marc Greidinger, a resident of
Falmouth, Virginia, first tried to register to vote. Mr. Greidinger said
that he found it nearly impossible to obtain a driver's license, open
accounts with local utilities or even rent a video without encountering
demands for his Social Security number.
Mr. Greidinger told the New York Times this week that when the State of
Virginia refused to register him as a voter unless he provided his Social
Security number he decided to take action. He brought suit against the
state, and argued that Virginia should stop publishing the Social Security
numbers of voters.
This week a federal appeals court in Richmond, Virginia ruled that the
state's practice constituted "a profound invasion of privacy" and emphasized
the "egregiousness of the harm" that could result from dissemination of an
individual's SSN.
Computer Professionals for Social Responsibility (CPSR), a national
membership organization of professionals in the computing field, joined with
Mr. Greidinger in the effort to change the Virginia system. CPSR, which
had testified before the U.S. Congress and the state legislature in Virginia
about growing problems with the misuse of the SSN, provided both technical
and legal support to Mr. Greidinger. CPSR also worked with Paul Wolfson of
the Public Citizen Litigation Group, who argued the case for Mr. Greidinger.
In an amicus brief filed with the court, CPSR noted the long-standing
interest of the computing profession in the design of safe information
systems and the particular concerns about the misuse of the SSN. The CPSR
brief traced the history of the SSN provisions in the 1974 Privacy Act. The
brief also described how the widespread use of SSNs had led to a
proliferation of banking and credit crime and how SSNs were used to
fraudulently obtain credit records and federal benefits.
CPSR argued that the privacy risk created by Virginia's collection and
disclosure of Social Security numbers was unnecessary and that other
procedures could address the State's concerns about records management.
This week the court of appeals ruled that the state of Virginia must
discontinue the publication of the Social Security numbers of registered
voters. The court noted that when Congress passed the Privacy Act of 1974
to restrict the use of the Social Security number, the misuse of the SSN was
"one of the most serious manifestations of privacy concerns in the Nation."
The Court then said that since 1974, concerns about SSN confidentiality have
"become significantly more compelling. For example, armed with one's SSN, an
unscrupulous individual could obtain a person's welfare benefits, or Social
Security benefits, order new checks at a new address, obtain credit cards,
or even obtain the person's paycheck."
The Court said that Virginia's voter registration scheme would "compel a
would-be voter in Virginia to consent to the possibility of a profound
invasion of privacy when exercising the fundamental right to vote."
The Court held that Virginia must either stop collecting the SSN or stop
publicly disclosing it.
Marc Rotenberg, director of the CPSR Washington office said, "We are
extremely pleased with the Court's decision. It is a remarkable case, and a
real tribute to Marc Greidinger's efforts. Still, there are many concerns
remaining about the misuse of the Social Security number. We would like to
see public and private organizations find other forms of identification for
their computing systems. As the federal court made clear, there are real
risks in the misuse of the Social Security number."
Mr. Rotenberg also said that he hoped the White House task force currently
studying plans for a national health care claims payment system would
develop an identification scheme that did not rely on the Social Security
Number. "The privacy concerns with medical records are particularly acute.
It would be a serious design error to use the SSN," said Mr. Rotenberg.
Cable News Network (CNN) will run a special segment on the Social Security
number and the significance of the Greidinger case on Sunday evening, March
28, 1993. The Court's opinion is available from the CPSR Internet Library
via Gopher/ftp/WAIS. The file name is "cpsr/ssn/greidinger_opinion.txt".
The CPSR amicus brief is available as "cpsr/ssn/greidinger_brief.txt".
CPSR is a national membership organization, based in Palo Alto, California.
CPSR conducts many activities to protect privacy and civil liberties.
Membership is open to the public and support is welcome. For more
information about CPSR, please contact, CPSR, P.O. Box 717, Palo Alto, CA
94302, call 415/322-3778 or email cpsr@csli.stanford.edu.
=========================================
--
Lawrence Hunter, PhD.
National Library of Medicine
Bldg. 38A, MS-54
Bethesda. MD 20894 USA
tel: +1 (301) 496-9300
fax: +1 (301) 496-0673
internet: hunter@nlm.nih.gov
encryption: PGP 2.1 public key via "finger hunter@work.nlm.nih.gov"
------------------------------
From: "Marc T. Kaufman" <kaufman@xenon.stanford.edu>
Subject: Re: law on ss.no (Privicy Act)
Date: 30 Mar 93 01:13:11 GMT
Organization: CS Department, Stanford University, California, USA
vdifrancis@msuvx2.memst.edu writes:
>It is illegal in the US for a government agency to require a person to
>give a ss.no. in order to get a drivers-licence, or any other
>privilege,right,or benefit. Thats the law, See 5 USC 552a, Im copying
>from public law 93-579-Dec. 31,1974. Sec.7.(a)(1) It shall be
>unlawfull for any Federal,State or local government agency to deny to
>any individual any right,benefit or privilege provided by law because
>of such individual's refusal to disclose his social security account
>number....
I don't think this is true anymore. The state of California requires SSN
for ALL drivers licences now (was Commercial licences only a couple of years
ago). I think this is a Federal requirement, so there must be something
later than 1974 on the books.
--
Marc Kaufman (kaufman@CS.Stanford.EDU)
------------------------------
From: "Marc T. Kaufman" <kaufman@xenon.stanford.edu>
Subject: Re: law on ss.no (Privicy Act)
Date: 30 Mar 93 01:13:11 GMT
Reply-To: kaufman@cs.stanford.edu
Organization: CS Department, Stanford University, California, USA
Source-Info: From (or Sender) name not authenticated.
[Moderator's Note: Source-info field is saying the author address
was not authenticated by his mail system. ._dennis ]
vdifrancis@msuvx2.memst.edu writes:
>It is illegal in the US for a government agency to require a person to
>give a ss.no. in order to get a drivers-licence, or any other
>privilege,right,or benefit. Thats the law, See 5 USC 552a, Im copying
>from public law 93-579-Dec. 31,1974. Sec.7.(a)(1) It shall be
>unlawfull for any Federal,State or local government agency to deny to
>any individual any right,benefit or privilege provided by law because
>of such individual's refusal to disclose his social security account
>number....
I don't think this is true anymore. The state of California requires SSN
for ALL drivers licences now (was Commercial licences only a couple of years
ago). I think this is a Federal requirement, so there must be something
later than 1974 on the books.
--
Marc Kaufman (kaufman@CS.Stanford.EDU)
------------------------------
From: Thomas Grant Edwards <tedwards@eng.umd.edu>
Subject: Medical SmartCard Privacy Risks
Date: 31 Mar 93 08:47:03 GMT
Organization: Project GLUE, University of Maryland, College Park
I'm curious about priacy risks due to medical "smartcards" which
are being considered for the new U.S. Health Care policy.
How will they change the medical record privacy issue? What
crytographic and other technologies can be used to safeguard
these systems?
-Thomas Edwards
------------------------------
From: Hans Lachman <lachman@netcom.com>
Subject: Information privacy and applying for an apartment
Organization: Netcom
Date: Wed, 31 Mar 1993 21:33:16 GMT
I was wondering if there is some kind of article or blurb, directed at
businesses, that explains why privacy rights are important and why the
current state of affairs must change. I read the Usenet article "What
to do when they ask for your Social Security Number" by Chris Hibbert
of CPSR. What I'd rather have is an article directed at the "they"
(the businesses and organizations that handle our private
information), something like "Why you should respect your customers'
privacy rights, and how to do that effectively and still run your
business."
My situation is that I have applied to rent an apartment at a large
complex (Village Lake Apts. in Mountain View, CA). On the application
form, I left the SSN space blank. The rental agent said that they
must have it. I asked her to find out if they can get by without it.
She made a call and said, yeah, they can. Later, the rental manager
called me and said something like the following:
Them: "We must have the SSN, that's our company policy."
Me: "OK. Is it also your company policy to not divulge personal
information to third parties?"
Them: "Yes."
Me: "Do you have that policy in writing?"
Them: "No."
Me: "OK, how about if you put your policy in writing, and I'll come
by and pick it up and give you my SSN?"
Them: "I'll get back to you."
Well, the same rental manager later got back to me, and sure enoungh,
they could not put the policy in writing and that's that. She also
would not give a reason why they would not put their own policy in
writing ("that's simply our position..."). I got into a long
discussion trying to find common ground where she could understand
that my position is reasonable, but the bottom line was that they
must stick by their policy. Anyway, I am ready to concede defeat in
this particular battle in the war against information abuse, and
I plan to go along with their terms. I figure I'd run into the
same resistance anywhere I go. But I would like to give them an
article such as the one I describe above, to accomplish two things:
1. Educate them as to what the issue is.
2. Help them understand why I've been giving them such a hard time.
If you know of such an article, please send it (or a pointer to it)
to me at "lachman@netcom.com". Thanks,
Hans Lachman
lachman@netcom.com
------------------------------
From: Christina Cole <tinacole@uxa.cso.uiuc.edu>
Subject: Email Privacy
Date: Thu, 1 Apr 1993 05:09:14 GMT
Organization: University of Illinois
I'm doing a research paper on E-mail with respect to privacy. So far the
info that I have found has been about people that have lost their jobs
after protesting that their privacy rights were violated when they
discovered that their private email messages had been intercepted by
their supervisors. (I know that was a serious run-on sentence) I need
more info on these kinds of cases, precautions to take to avoid email
hackers, and what to do in case the sitiuation occurs. Please help.
------------------------------
Date: Thu, 1 Apr 1993 08:09:35 -0800
From: gg15hzav@sbusol.rz.uni-sb.de
Subject: Research on interactive publishing systems
Research on interactive publishing systems
==========================================
I am a student at the University of the Saarland in Germany and I am
looking for contact to reasearchers who work this subject. I need the
information form my final thesis in information science.
I am especially interested in:
- different ways and a classification of interactions between an
information system and a user (both "traditional" information systems (e.g.
internet services) and new publishing systems) -> user modelling
- concepts for the technical realization of interactive newspapers and
tv systems
- the impact of interactive communication on the individual user and on
the entire society (e.g. knowledge gap)
- commercial aspects of this new kind of publishing
If you could help me or know someone who is working in this area send
a personal mail to my adress.
Thanks in advance
Achim Voermanek
------------------------------
End of Computer Privacy Digest V2 #030
******************************