Date: Wed, 27 Oct 93 11:40:10 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#062
Computer Privacy Digest Wed, 27 Oct 93 Volume 3 : Issue: 062
Today's Topics: Moderator: Dennis G. Rears
Re: Clinton Health Care Plan
Re: Clinton Health Care Plan
Re: Finding someone
Re: isn't one's diary considered "private" ??
Re: isn't one's diary considered "private" ??
CPSR Crypto Resolution
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Subject: Re: Clinton Health Care Plan
From: seank@nermal.santarosa.edu (Sean Kirkpatrick)
Date: 17 Oct 93 10:33:00 PDT
Organization: Santa Rosa Junior College, Santa Rosa, CA
Jerry Whelan (guru@camelot.bradley.edu) wrote:
: In article <comp-privacy3.53.1@pica.army.mil>,
: Dennis D. Steinauer <dds@csmes.ncsl.nist.gov> wrote:
: -} BTW -- The "Card" isn't likely to be a smartcard, massive memory card, or
: -} other such thing -- at least not for a long time. Indeed, it probably
won't
: -} even be the SAME card in all ares. The president's plan, in line with the
: -} approach of encouraging technical innovation, initially calls for a minimal
: -} machine readability capability (read "mag strip").
: This is unfortunate from a privacy standpoint. I would prefer
: that all my medical/personal information be stored solely in
: something under my control. I realize that there would still be
: potential privacy concerns when the card is used (after all, what
: good is the data if it isn't used by the medical providers). But
: keeping the data only on the card goes a long way towards controlling
: the distribution of data about me without my consent.
I am currently working on a contract for Sonoma County Department of Social
Services. They are attempting to streamline and make more efficient their
delivery of social services to those who need them. One of the technology
based solutions that we are investigating is the use of smart cards/laser
storage cards which will be recorded upon with informatin about the clients
case. The theory goes that if the client has the card in their posession, then
any compromise of the data on that card will be as a result of *their*
failure to protect the data, and not the authorities.
This theory doesn't wash with me, however. Consider a homeless or mentall ill
person who doesn't have the capability or judgement to protect the card from
loss. In many of the smart/laser card solutions we have seen so far, the
expense of buying a reader is well within reach of the average joe computer
user, and I feel that it is an unacceptable risk to have sensitive data on
a card if it can be easily read by anybody with the appropriate hardware.
We are considering the use of encryption to encapsulate various classes of
sensitive information, much in the way that the DoD model of Top Secret
information is compartmentalized. Thus, a card could be used to store
this information, and accessed only upon the presentation of the appropriate
key. Medical information would require one key, financial another, and so
on. In this way, only those county employees who actually needed to know this
information would be able to access it, and it would remain protected even
in the event of loss or theft.
I am interested in the details of the Clinton health plan, particularly how
they intend to protect this sensitive information. If, in fact, the initial
card is limited in capabilities (mag stripe vs smart card or laser card),
then there might not be such a problem as is being discussed.
Is there a place on the net where I can get a copy of the complete proposal?
Cheers!
Sean
------------------------------
Subject: Re: Clinton Health Care Plan
From: seank@nermal.santarosa.edu (Sean Kirkpatrick)
Date: 17 Oct 93 10:45:17 PDT
Organization: Santa Rosa Junior College, Santa Rosa, CA
Mike Brokowski (brokowski@nwu.edi) wrote:
: >As with other aspects of the current
: >healthcare system, the worst thing we could do is nothing.
: Not true. It isn't hard at all to imagine alterations to the
: current system which make it worse than the present one. And,
: since privacy concerns are not the only area where nothing more
: than lip service has been given to implementation details, I
: don't imagine that privacy is the only aspect of the system
: which stands at risk from the changes. "Change" isn't always
: good, and government mandated change is neither the only kind
: of change nor the most desirable. We are always changing
: *something*, whether or not the change is worthwhile is a
: separate question.
Hmmmm, well...in my case, as it is with hundreds of thousands, if not millions
of others in this country, it would be MUCH worse if we didn't do anything.
I'm about to loose my health insurance because of a combination of cheap
employers (MD's, actually, who don't want to even CONTRIBUTE toward their
employees medical insurance), and a naturally occurring degenerative spinal
condition called Cervical Spondylosis. One wrong move, a quick twist of the
neck, a *minor* fender bender, and I could well be paralyzed. I cannot wait
for something to be done, I cannot accept that doing nothing is good. 2/3
of the children of this country, don't have access to regular health care,
and something MUST be done.
I'm not too very thrilled about some of the ramifications of the plan (privacy,
etc.), but I'm not in a position to be too critical of it. I'd be happy with
a federal law that says, "You can't deny insurance to anyone, you can't
cancel anyone, and you can't deny a legitimate claim".
Cheers!
Sean
------------------------------
From: Dark <unicorn@access.digex.net>
Newsgroups: alt.privacy,comp.society.privacy,misc.legal
Subject: Re: Finding someone
Date: 26 Oct 1993 16:49:17 -0400
Organization: Express Access Online Communications, Greenbelt, MD USA
In article <comp-privacy3.61.4@pica.army.mil>,
Bob Sherman <bsherman@mthvax.cs.miami.edu> wrote:
>
>This is easier said than done. Yes, the SSA will do as you described, but
>the key here is your "last known address". In reality, The average person
>never contacts the SSA from the time they first get the card, until it is
>time to collect some sort of benifit. That can be anywhere from 45-63
>years. A last known address that is 40 years or more old does not really
>offer much help..
>
>There are much faster, and easier ways to locate a person with the
>information you have at hand..
These being...?
Let's assume I'd like to contact a delinquant dad and let him know that
I (Son) will waive all he owes. How might one go about finding dear ole
dad if he doesn't want to be found?
Whatever the hypo, what's the solution to the non-compliant/willing
search (aside from expensive detectives et al.)
>--
> bsherman@mthvax.cs.miami.edu | | MCI MAIL:BSHERMAN
> an764@cleveland.freenet.edu | |
>
-uni- (Dark)
--
Heute ist Mirroccoli Tag - Find me Sick, Dark and Twisted, and I'm happy.
073BB885A786F666 6E6D4506F6EDBC17 - One if by land, two if by sea.
------------------------------
From: Bernie Cosell <cosell@world.std.com>
Subject: Re: isn't one's diary considered "private" ??
Organization: Fantasy Farm Fibers
Date: Wed, 27 Oct 1993 02:06:17 GMT
In article <comp-privacy3.61.7@pica.army.mil>, David Jones writes:
} In the (US) news recently are two cases involving personal diary
} entries being used (or subpoenaed) as evidence.
}
} I am surprised that this evidence is admissible, or at least that
} no one has even tried to argue that it should be private.
You have to make clear on what basis such an item *should* be kept
private.
} (1) Some Senator accused of some sort of sexual harrassment has had
} his personal diary subpoenaed. Why is he not protected by
} the right not to give self-incriminating testimony?
No. This is clearly a misunderstanding of the law on your part. The
fifth amendment only protects *testimony* not presenting *evidence*.
The SC has [quite rightly, I'd say] interpreted that to mean _only_
that you are allowed to refuse to make *verbal* statements. In essence,
it says that for anything that is locked in your brain, you have the
right to *keep* it so locked.
On the other hand, *everything* else about you _is_ subject to subpeona
and introduction as evidence. Letters, financial records, diaries,
*anything* [reread the fourth: it specifically says that our "papers and
effects" *ARE* subject to search and seizure under appropriate
circumstances.". so there's just *no* case for not complying with
such a subpoena.
The moral is simple: if you want to keep it private, keep it inside
your skull.
} (2) Some girl (a minor I think) apparently wrote in her diary that
} she regrets killing her younger sister. I think her mother
} found the diary and went to the police. Again, isn't a diary
} to be considered private?
Again, *NO*. It is this kind of casual, and mostly mistaken,
misuse of the term 'privacy' that makes dealing with the whole
privacy mess so difficult and makes it so hard to focus on the
_real_ privacy invasions. In this case, the 4th only applies to
the *gov't* doi ng the searches and seizures, and so "her mother"
wouldn't be affected in any event.
/Bernie\
--
Bernie Cosell cosell@world.std.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
------------------------------
Date: Wed, 27 Oct 1993 10:23:35 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Re: isn't one's diary considered "private" ??
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
David Jones <djones@cim.mcgill.ca>, writes:
> In the (US) news recently are two cases involving personal diary
> entries being used (or subpoenaed) as evidence.
>
> I am surprised that this evidence is admissible, or at least that
> no one has even tried to argue that it should be private.
>
> (1) Some Senator accused of some sort of sexual harrassment has had
> his personal diary subpoenaed. Why is he not protected by
> the right not to give self-incriminating testimony?
Apparently it has been pointed out to me that the 5th Amendment protection
against self-incrimination does not apply to written records, the idea
supposedly being that you have the option not to write things down.
How this squares with the requirement of the Gestapo^H^H^H^H^H^H^H^H^H
Internal Revenue Service that one is required to file a return, yet the
information on that return can and will be used as evidence in criminal
proceedings against the person who is compelled to file and give the
evidence against them, is unclear to me.
What it apparently means is that if you have written records, you can be
required to present them; you are under no requirement to explain what
they mean. So the answer is to encrypt them and give those who want them
the printed listing of the encrypted file and stand on one's 5th Amendment
right not to give out the key. This is what the file looks like on the
computer; this is a verbatim printout of the file, which is garbage.
Many Government Agencies claim that records on computer are not written
records (and thus they don't have to produce them for FOIA requests); if
so, then records on a computer would not be required to be presented. I
doubt that this stance will stand up to judicial scrutiny in light of the
Presidential E-Mail cases.
---
Note: All mail is read/responded every day. If a message is sent to this
account, and you expect a reply, if one is not received within 24 hours,
resend your message; some systems do not send mail to MCI Mail correctly.
Paul Robinson - TDARCOS@MCIMAIL.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
-----
The following Automatic Fortune Cookie was selected only for this message:
Captain Penny's Law:
You can fool all of the people some of the time, and some of
the people all of the time, but you Can't Fool Mom.
------------------------------
Organization: CPSR Washington Office
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Tue, 26 Oct 1993 21:40:51 EST
Subject: CPSR Crypto Resolution
CPSR Crypto Resolution
CPSR Cryptography Resolution
Adopted by the CPSR Board of Directors, San Francisco, CA October 18,
1993
WHEREAS,
Digital communications technology is becoming an increasingly
significant component of our lives, affecting our educational,
financial, political and social interaction; and
The National Information Infrastructure requires high assurances of
privacy to be useful; and
Encryption technology provides the most effective technical means of
ensuring the privacy and security of digital communications; and
Restrictions on cryptography are likely to impose significant costs on
scientific freedom, government accountability, and economic
development; and
The right of individuals to freely use encryption technology is
consistent with the principles embodied in the Constitution of the
United States; and
The privacy and security of digital communications is essential to the
preservation of a democratic society in our information age; and
CPSR has played a leading role in many efforts to promote privacy
protection for new communications technologies:
BE IT RESOLVED THAT
Computer Professionals for Social Responsibility supports the right of
all individuals to design, distribute, obtain and use encryption
technology and opposes any government attempt to interfere with the
exercise of that right; and
CPSR opposes the development of classified technical standards for the
National Information Infrastructure.
------------------------------
End of Computer Privacy Digest V3 #062
******************************