Date: Thu, 13 May 93 16:58:34 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#041
Computer Privacy Digest Thu, 13 May 93 Volume 2 : Issue: 041
Today's Topics: Moderator: Dennis G. Rears
Redistribution of E-Mail attained via research Right or Wrong?
Re: Redistribution of E-Mail attained via research Right or Wrong?
Re: Redistribution of E-Mail attained via research Right or Wrong?
Re: Redistribution of E-Mail attained via research Right or Wrong?
Re: Redistribution of E-Mail attained via research Right or Wrong?
[Newsbytes Editorial] Caller Line ID
Re: privacy vs banks (was: Re: I won one!)
Re: Virginia Voters and SSNs
SSAN use
Re: driver's license for jurors (was: Re: SSN)
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Michael Hauben <hauben@cs.columbia.edu>
Subject: Redistribution of E-Mail attained via research Right or Wrong?
Date: 4 May 93 18:35:20 GMT
Organization: Columbia University Department of Computer Science
In conducting research on the Net, I have often gotten requests
from people who would like me to forward to them the private
e-mail responses I have gotten via e-mail. What do people think
about this? I usually have waited until I have finished the paper
I was conducting the research for and then I send that paper to
these people. Do people think sending e-mail received from others
to anyone else without their prior permission would be considered
a breach of privacy? Or is it a sharing of information?
And also I might be interested in doing summaries of the
information / answers I received via e-mail. Is there any proper
Nettiquette towards producing summaries?
Please respond publically so others can see what comes up.
Thanks,
-Michael Hauben
--
-----------------------------------------------------------------------
| Michael Hauben CC '95 | E-mail me for sample copies of |
| hauben@cs.columbia.edu | The Amateur Computerist Newsletter |
| hauben@columbia.edu | & read the alt.amateur-comp newsgroup |
------------------------------
From: Ed Moore <edmoore@vcd.hp.com>
Subject: Re: Redistribution of E-Mail attained via research Right or Wrong?
Date: 4 May 93 20:11:03 GMT
Organization: Hewlett-Packard VCD
Michael Hauben (hauben@cs.columbia.edu) wrote:
>In conducting research on the Net, I have often gotten requests from
>people who would like me to forward to them the private e-mail responses
>I have gotten via e-mail. What do people think about this?
<opinion mode on>
Electronic flow of information shouldn't radically alter the ethics of
handling that information. It is, of course, much easier to copy and
send an e-mail than a paper mail, so the question arises more often.
Would you copy information from paper mail and send it to another? It
depends on the information. If someone sends you a letter stating that a
Whizzy hard disk works in a SloMo PC if DIP switch #4 is off, I see no
ethical problem with sharing that info with others. If the letter says,
"I think Bill Gates is <insert favorite derogatory comment>," then
sending that on is simply gossiping.
There are several reasons why one may get information by e-mail that the
sender would not have posted in a public newsgroup.
1) To save bandwidth. Not an inhibitor of sending the info to another.
2) To avoid unsolicited responses. If Jane Smith at MegaComp provides
free support to an individual by e-mail, she may not want that fact
known to every MegaComp customer who would also like to get some free
support. I have occasionally stripped off the name, address and
company of the sender and forwarded it to another. If someone wants
to do this with my "free support" e-mail, that's fine with me.
3) Personal privacy. Most of us will divulge facts (about self or
others) and express opinions *in private* that we would not divulge
or express in a public forum. The recipient has no right to forward
such information to another.
My opinions, not HP's.
Ed Moore
Hewlett-Packard
Vancouver, WA
edmoore@vcd.hp.com
------------------------------
From: Brian Leibowitz <bml@netcom.com>
Subject: Re: Redistribution of E-Mail attained via research Right or Wrong?
Date: 4 May 93 20:51:02 GMT
Organization: Netcom Online Communications Services (408-241-9760 login: guest)
In article <C6IMAw.5M8@cs.columbia.edu> hauben@cs.columbia.edu (Michael Hauben) writes:
>In conducting research on the Net, I have often gotten requests
>from people who would like me to forward to them the private
>e-mail responses I have gotten via e-mail. What do people think
>about this? I usually have waited until I have finished the paper
<...>
>
>And also I might be interested in doing summaries of the
>information / answers I received via e-mail. Is there any proper
>Nettiquette towards producing summaries?
I have seen many request for information that state that they will
post a summary or make the information available. This seems like
the best method. Otherwise, it is best not to distribute anything
without permision (I'm not comenting on the legality or distributing
corespondence-I'm not sure of the legal situation. I just feel this
is good manners.)
BML
------------------------------
From: "Michael G. Reed" <mreed@crocus.cit.cornell.edu>
Subject: Re: Redistribution of E-Mail attained via research Right or Wrong?
Date: 4 May 93 21:40:51 GMT
Reply-To: reed@sunlab.cit.cornell.edu
Organization: Cornell University
In article <C6IMAw.5M8@cs.columbia.edu>, hauben@cs.columbia.edu (Michael Hauben) writes:
|> these people. Do people think sending e-mail received from others
|> to anyone else without their prior permission would be considered
|> a breach of privacy? Or is it a sharing of information?
Personally, I don't like the idea. I have heard at least one administrator
here at Cornell say that one should not send anything in email (or post) that
one wouldn't be embarrased to see on the front pages of the New York Times.
Personally, I dislike this attitude, but the reality of the situation exists.
(Then again, that same administrator had no problem sending email out of a
student's account that wasn't authorized by the student - but hey, he OWNS
the machines, so he can do ANYTHING he wants - at least that is his opinion.)
Then again, I suppose these are also the people who wouldn't have a problem
reading someone elses private email without invitation.
My 2 cents, definitely not Cornells.
-Michael
-----------------------------------------------------------------------------
Michael G. Reed (mreed@Sunlab.CIT.Cornell.EDU)
-----------------------------------------------------------------------------
When the going get's tough, the tough get going.
------------------------------
From: "Cynthia K. Wunsch" <thalena@merlin.etsu.edu>
Subject: Re: Redistribution of E-Mail attained via research Right or Wrong?
Date: 5 May 93 17:47:51 GMT
Followup-To: news.misc,alt.amateur-comp,comp.privacy
Organization: East Texas State University, Commerce, Texas
Regarding posting summaries:
I read the net and try to emulate the ones that seem to have the
best format and style.
Regarding forwarding email:
I ask permission first, strip off all identifying information if
requested, and delete any personal remarks. If the sender requests,
I forward a copy of the edited message. Things like forwarded
FAQs and other impersonal documents I forward after stripping off
headers.
--
Cynthia K. Wunsch Internet address: thalena@merlin.etsu.edu
------------------------------
From: Carl M Kadie <kadie@cs.uiuc.edu>
Subject: [Newsbytes Editorial] Caller Line ID
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
Date: Fri, 7 May 1993 19:26:26 GMT
Copyright 1992 by Newsbytes. Reposted with permission from the
ClariNet Electronic Newspaper newsgroup clari.nb.telecom. For more
info on ClariNet, write to info@clarinet.com or phone 1-800-USE-NETS.
SAN FRANCISCO, CALIFORNIA, U.S.A., 1993 APR 30 (NB) -- By Robert
Jacobson. It may be too late to resuscitate the corpse, but
the chorus of mourners crying crocodile tears for Caller ID has
recently risen in volume. Are the telephone companies at it
again?
Probably not. But it's remarkable nonetheless how many supposedly
well-informed commentators are still repeating the nonsense that
characterized the campaign for Caller ID, ignorant still of the
many reasons why the service doomed itself. Caller ID was the
modern technological tragedy.
Recently, Newsbytes ran an editorial lamenting the many
regulations and restrictions imposed on Caller ID by state authorities
which, taken together, nailed the coffin on the beast. The author,
recited the arguments once more vocally advanced by the telephone
companies -- arguments such as Caller ID would in some way protect
the personal privacy of telephone customers.
I don't agree. For more than three years, as a senior policy
analyst with the California Legislature, I studied Caller ID and its
implications for personal privacy. My conclusion: Caller ID would not
protect personal privacy. Far from it -- the service was designed as
a tool for direct marketers and its implementation, had it succeeded,
would have seriously eroded personal privacy for every telephone
customer.
There's nothing mysterious about these conclusions. From its
inception, Caller ID was heralded by the telephone companies as a
marketer's dream, the ideal way to collect information about customers
and others who might call businesses equipped with the appropriate
technology. Every time a limitation was imposed on Caller ID, making
it possible (for example) for customers to suppress the automatic
transfer of their identifying data, the telcos protested that this
would destroy the "value" of the service. By value they meant the
desirability of the service for the purpose of collecting personal
information.
Why would the telephone companies take this line? I asked this
question of many telephone executives; few could provide a persuasive
rationale for privacy protection. On the contrary, the intention of
the telephone companies, quite baldly stated on several occasions, was
to move the telephone industry into the center of commerce. The
personal telephone number, possibly the single most important artifact
of information possessed by most Americans, is the closest thing we
have to a national identity code (next to the Social Security number,
whose use is increasingly limited as an identifier and certainly
prohibited to commercial application).
If Caller ID, whose value depends on the use of telephone numbers
as identifiers, was a success, the telephone companies would become
the nexus of commercial transactions. Their own vast collections of
data regarding customer calling patterns would additionally become
more valuable. In all, telephone companies would become the
transactors of more personal information than any other entities.
What a boon not only for the telco revenues but also for their power
within the economy.
The personal privacy angle came into being after the telcos
realized that not everyone was sympathetic to this strategy. So a
bogeyman was invented: the harrassing or crank caller, who "invaded"
the sanctity of the home via the telephone. Caller ID would prevent
this invidious individual from getting "in." Far from it: with Caller
ID, the easy passage of personal information including telephone calls
would _increase_ the number of _telemarketing_ calls the individual
would receive, a far more troubling activity if the complaints our
office got from telephone customers was any indication. And there
were plenty of other ways to track down and punish harrassing callers,
like Call Trace, which didn't require the surrender of one's
telephone number. But the phone companies resisted these
available, less onerous measures.
In fact, Caller ID can be easily circumvented by simply using an
unsuspecting friend's phone or a public phone to execute the
communication. When the unknown number shows up on the Caller ID
screen, how is the recipient to know it's the person who has been
bothering them for so long? Call Trace is a better technology for
this purpose.
Police forces in California were not favorably disposed toward
Caller ID, either. They worried that angry telephone customers who
had received a noisome phone call would track down whomever's
telephone number showed up on the device and blow that person away,
whether or not the individual was culpable of the crime. The
telephone company might even be held liable for culpability, something
few telephone executives -- cozied by years of living under protective
anti-liability tariffs -- might have given more thought.
Finally, had the telco execs (who do not take advice kindly)
thought about it, making every phone call a potential giving away of
one's most personal information, via the telephone number, would have
the effect of suppressing use of the telephone, just when the
industry was pushing the phone as the most essential device for
partaking of the Information Age. Talk about cutting off your nose to
spite your face!
What killed Caller ID, ultimately, wasn't the restrictions imposed
by state regulators but business's lack of interest. Caller ID relied
upon a high "take" by telemarketers, direct marketers, and other
commercial institutions who wanted access to telephone numbers. They
already get enough information from 800 and 900 numbers, since those
calls are self-screened by customers who want to conduct some sort of
business transaction. Caller ID promised a deluge of information that
only the very biggest organizations could sift through and employ.
And the bad press surrounding Caller ID discouraged those institutions
from getting in too deep.
A great sigh of relief has been breathed by abuse shelters, police
organizations, health providers, and others whose employees and
clients might be put at direct risk through the disclosure of the
telephonic identities (and via these identities, addresses and daily
routines). But the demise of Caller ID has a larger, ironic outcome:
the telephone companies are unencumbered by this loser of a service as
they begin to offer new types of information services, for which
enthusiastic public use will be a business requirement.
So don't cry for the telephone companies. They're better off for
having faced principled criticism that contained the damage Caller ID
might have done. The lobbyists and executives who ingenuously fought
for the service, so far as I know, are all doing well and have
received promotions to make mischief somewhere else. A fairly
dangerous confrontation, between technology and privacy, has been
averted. If anything is to be lamented, it's all the time and energy
that went into a foolish enterprise, an endeavor without a future
whose inspiration was right out of Orwell's 1984, presented with an
undeservedly friendly face. We know now to be more aware of
technologists bearing gifts.
Editor's Note: Robert Jacobson, Ph.D., is former principal
consultant/staff director of the Assembly Utilities and
Commerce Committee, California Legislature, 1982-1989.
(Robert Jacobson/19930430)
--
Carl Kadie -- I do not represent any organization; this is just me.
= kadie@cs.uiuc.edu =
------------------------------
Date: Fri, 7 May 93 23:38:56 GMT
From: Bear Giles <bear@eagle.fsl.noaa.gov>
Subject: Re: privacy vs banks (was: Re: I won one!)
Organization: Forecast Systems Labs, NOAA, Boulder, CO USA
In article <comp-privacy2.40.4@pica.army.mil> Jonathan Thornburg writes:
>In article <comp-privacy2.39.7@pica.army.mil> Bear Giles <bear@eagle.fsl.noaa.gov> writes:
>>2. I asked about this and she said the bank _requires_ SSNs for any
>> account. If I went in with $1000 in cash and tried to open a
>> savings account, agreeing that 33% of all interest will be paid
>> to the IRS (and 5% to Colorado) to cover any possible income tax,
>> _they would refuse my business_.
>
>Indeed, they're required by law to get an SSN any time they pay interest.
>This is so they can report the interest to the IRS, who can in turn
>cross-match this with your tax return to make sure you report that
>interest as income.
If I agree to pay the maximum marginal tax rate, the IRS should be satisfied
that _at least_ the proper amount of tax is being paid, without requiring
my SSN. I know my previous bank had indicated that I did _not_ have to
provide a SSN for my (existing) interest-bearing checking account, but if
I declined they would withhold taxes on my interest.
Besides, this argument is completely irrelevant for accounts which don't
earn any interest.
Requiring a SSN on all accounts, despite the customer offering to pay
excess taxes in order to gain privacy, only makes sense if someone is
trying to track all _assets_, not just taxes due.
>I don't believe there's any law against
>your obtaining cheques printed with your account number and the name
>"Bill Clinton". Whether or not your financial institution will honor
>them, of course, is up to them...
Since I want checks the bank will honor, getting the first batch with a
different name through them to establish precedence makes sense.
>>4. When I handed over my standard "a condition of me doing business with
>> you is _no_ _mailing_ _lists_" letter she said that the Bank did not
>> release the names of its customers [ ... ]
>
>And you *believed* her?
Why not? I made it very clear that this was a condition of me doing
business with them. Any business which misrepresents itself to attract
new accounts tends to find itself in deep trouble.
Of course, the fact I haven't had problems with my car loan or Best Buys
credit card issued through them tends to indicate she's telling the truth.
>>I had also been told (when investigating banks) that I would be asked for
>>a 4-digit identifying number -- they don't use readily available information
>>like SSNs for checkcodes. I wasn't asked today, but this may be because
>>this rep had recently started.
>
>I think you're thinking of a PIN for an ATM card. You only specify
>this if/when you apply for such a card.
No, I'm thinking of a passcode for the account. The ATM cards currently
available are assigned PIN numbers by the bank, although effective later
this month they'll be issuing new ATM cards and these cards will use
PIN numbers specified by the customer.
I actually received an ATM card with an expiration date of 6/93.
--
Bear Giles
bear@fsl.noaa.gov
-<My views rarely reflect those of my employer or the Federal government>-
------------------------------
From: vincent katherine m <vincekm9@wfu.edu>
Subject: Re: Virginia Voters and SSNs
Date: 9 May 1993 03:39:31 GMT
Organization: Wake Forest University
Craig Wagner (Craig.Wagner@p2.f120.n109.z1.fidonet.org) wrote:
: A while back, some interest was shown in a court ruling against the
: Commonwealth of Virginia's combined constitutional (if I recall
: correctly) requirement of the use of a SSN to register to vote and
: legislated policy of making such lists, along with the SSN, available
: to the general public.
Good grief ... No money to pay the programmers NOT to include the
SSN on the public report? 8-( Should be a simple procedure to cut
field on the posted list.
: A week or two ago, while voting in a special election in Arlington,
: Virginia, I noticed a list of voters, with their SSNs, posted on a wall
: in the polling place. I wrote to the Board of Voter Registration the
: next day to express my concern.
I can't even get my company and their travel service, American Express,
not to put my SSN on copies of trip itineraries. About the same
time I was trying to change that (a fruitless effort), I learned
that our Corporate Legal people didn't consider SSNs private information!
My corporate American Express account number is more confidential
than my SSN ... Different bottom lines ...
Kathy
=======================================================
K. M. Vincent
vincekm9@ac.wfunet.wfu.edu Wake Forest University
unix@wrddo.att.com AT&T
------------------------------
From: thomas ciccateri <tciccate@carina.unm.edu>
Subject: SSAN use
Date: Sun, 9 May 93 3:42:41 MDT
This month faculty of the College of Education were notified by
their administration that they could no longer post students' final
grades in the hallways since public exposure of students' ID numbers
(SSANs) would be a violation of the Buckley Act. Other departments
on campus have yet to pay any attention to either the letter or the
spirit of the law.
Tom Ciccateri
University of New Mexico
Training and Learning Technologies Div.
------------------------------
From: Mike Brokowski <brokow@casbah.acns.nwu.edu>
Subject: Re: driver's license for jurors (was: Re: SSN)
Organization: Northwestern University, Evanston IL
Date: Mon, 10 May 1993 23:59:50 GMT
In article <comp-privacy2.40.3@pica.army.mil>
Jonathan Thornburg <jonathan@hermes.chpc.utexas.edu> writes:
>In article <comp-privacy2.39.6@pica.army.mil>
>| Charles Mattair <mattair@synercom.hounix.org> writes:
>| Texas has just started using DLs instead of voter registration rolls (there
>| was a perception many people were not registering to avoid jury duty :-( ).
>|
>| The result has been, shall we say, a very mixed success. On the positive
>| side, the pool of potential jurors is definitely up. Other positives
>| include - actually, the courts and the DA say that's it. Negatives are:
>| much higher rate of no-shows; lower average level of educational attainment;
>| lower socio-economic status (that is, much higher percentage of un/under
>| employeed); much higher percentage of undocumented workers and non-English
>| speakers; jurors who serve but really don't participate in the process; in
>| general, a lower quality juror pool.
>
>I was under the impression that few of these "negatives" were
>constitutional grounds for disqualifying prospective jurors. Let's
>see... perhaps we should only allow prison inmates to serve as jurors,
>since that way we could really cut the rate of no-shows? Other than
>not being a US citizen, it seems to me that *none* of the other
>"negatives" you mention are relevant -- not being poor, not being less
>educated, not not speaking English, and not being unenthusiastic.
I don't see where anyone claims that these are "constitutional
grounds for disqualifying prospective jurors." CM only judges
them to be "negatives", which is not unreasonable, even if you
disagree. Frankly, *I* would probably rather have juries that
were educated (admittedly a bias) and who could understand the
testimony presented without a substantial language barrier. A
person's economic status probably doesn't have much to do with
how well that person can interpret the relevant facts and laws
involved in a legal proceeding, however.
My question is whether the lists of those who qualify to serve
or have served are publically available? Another poster notes
that certain states have made drivers' license information un-
available as public records, and voter information seems to be
widely available. Where does jury information stand? A quick
summary of known information on this would be nice.
Mike Brokowski
brokowski@nwu.edu
>Indeed, in order for a jury system to be in any sense fair, it *must*
>include a representative fraction of people who *are* poor, less
>educated, don't speak English, etc.
>
>It must also include a representative fraction of people who don't have
>driver's licenses, but the Texas "motor votor" law merely *adds* the
>driver's license list to the other existing lists they already use, so
>that's not a problem.
>
>
>- Jonathan Thornburg (temporarily living in Texas, but not an USA citizen)
> <jonathan@einstein.ph.utexas.edu> or <jonathan@hermes.chpc.utexas.edu>
> [until 31/Aug/93] U of Texas at Austin / Physics Dept / Center for Relativity
> [thereafter] U of British Columbia / {Astronomy,Physics}
> "One million Americans have two homes; four million Americans have no homes."
>
------------------------------
End of Computer Privacy Digest V2 #041
******************************