Date: Thu, 18 Nov 93 16:09:34 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#078
Computer Privacy Digest Thu, 18 Nov 93 Volume 3 : Issue: 078
Today's Topics: Moderator: Dennis G. Rears
GAO report Communications Privacy
Re: Computer Bulletin Boards should NOT be censored.
Re: Computer Bulletin Boards should NOT be censored.
Re: Is there an effective way to stop junk phone calls?
Re: California Driver License and SSN
Re: Ownership and Privacy
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
cc: comp-privacy@PICA.ARMY.MIL
From: KH3@cu.nih.gov
Date: Wed, 10 Nov 1993 18:26:57 EST
Subject: GAO report Communications Privacy
GAO recently issued a report "Communications Privacy:
Federal Policy and Actions", GAO/OSI-94-2, dated
November 4, 1993, that may be of interest to members
of your group. The report focused on the following issues:
--The need for information privacy in computer and
communications systems--through such means as
encryption, or conversion of clear text to an
unreadable form--to mitigate the threat of economic
espionage to U.S. industry;
--federal agency authority to develop cryptographic
standards for the protection of sensitive,
unclassified information and the actions and policies
of the National Security Agency (NSA), Department of
Defense, and of the National Institute of Standards
and Technology (NI ST), Department of Commerce,
regarding the selection of federal cryptographic
standards;
--roles, actions, and policies of NSA and the
Department of State related to export controls for
products with encryption capabilities and industry
rationale for requesting liberalization of such
controls; and
--the Federal Bureau of Investigation's (FBI)
legislative proposal regarding telephone systems that
use digital communications technology.
I have placed an electronic version of the report named
OSI-94-2.TXT in the GAO-REPORTS anonymous FTP directory at
NIH (cu.nih.gov) or (ftp.cu.nih.gov).
Joe Sokalski, GAO--Los Angeles
kh3@cu.nih.gov
------------------------------
From: Donald Burr <picard@coyote.rain.org>
Subject: Re: Computer Bulletin Boards should NOT be censored.
Date: 17 Nov 1993 13:11:48 -0800
Organization: Regional Access Information Network
Hmm, this looks like something interesting to start a discussion on.
Following are MY viewpoints on the issue -- feel free to keep the ball
rolling.
Lyle Lexier <lexier@sfu.ca> writes:
>Computer Bulletin Boards should not be censored. People should have freedom
>of speech in saying or writing what they want to say, even if the material has
>to do with sexual or racial matters.
>Do you agree with this statement? I will keep your names confidential, but
>I will poll X - yes, and Y - no and the reason why YES or NO was chosen.
>send your responses to lexier@sfu.ca
Though I am a strong proponent of freedom of speech (for example, I strongly
disagree with censoring of USENET, i.e. the alt.sex.* type postings, nudity
and sex gifs, etc.) however, BBS's are another matter. I do not believe
that external authorities (i.e. the FBI, FCC, etc.) should censor BBS's,
because this would be in violation of freedom of speech. HOWEVER, I do
believe that the individual SYSOPS of each BBS should decide which is
appropriate and which is not.
I live in Santa Barbara, CA, a town with a pretty active BBS scene. Sadly,
many of the real good BBS's have gone to hell in a handbasket because they have
just gone out of control -- the sysops became lax in their "no profanity"
laws, users start getting cocky and post more obscene material, and the
signal to noise ratio of the BBS drops tremendously (i.e. there is now more
"noise" [profanity, etc.] than there is "signal" [i.e. worthwhile messages])
There are some BBS's where profanity, etc. is inappropriate -- for example,
in the nationwide nets such as FidoNet, which are accessed mainly by "family-
oriented" systems. You don't want your kids to be exposed to that profane
kind of stuff. also many adults find it distasteful or profane, and we
should not condemn them becaus of the way they were raised (traditional family
values, etc.) nor should we force them to be exposed to this kind of stuff.
(I also include materials such as sexually explicit pictures, GIFs, stories,
etc. in my definition of "profane.")
I believe there is a "right" way to handle this. Most states define a
"adult" as an individual being over 21. California is one of these, I
believe. Many of the local BBS's have "adult-only" areas, where you are
required to send in some sort of proof of age (driver's license, perhaps)
in order to gain access to them. This is a good thing, IMHO, because
the information ITSELF is not censored -- it is just not made available to
people of an inappropriate age. (just like you aren't allowed to buy liquor
until you're 18, or go to R-rated movies until you're of age.)
--
Donald Burr (aka Captain Picard, Picard, Picards, and SuperTribble)
EMAIL: picard@rain.org; AMERICA ONLINE: CapnPicard
A Trekker, and DAMN proud of it! -+- Want FREE Unix for 386/486? EMAIL ME!!
"We're just two lost souls / Swimming in a fish bowl" -- Pink Floyd
------------------------------
From: Bernie Cosell <cosell@world.std.com>
Subject: Re: Computer Bulletin Boards should NOT be censored.
Organization: Fantasy Farm Fibers
Date: Thu, 18 Nov 1993 02:14:20 GMT
In article <comp-privacy3.75.6@pica.army.mil>, Lyle Lexier writes:
} Computer Bulletin Boards should not be censored. People should have freedom
} of speech in saying or writing what they want to say, even if the material has
} to do with sexual or racial matters.
}
} Do you agree with this statement? I will keep your names confidential, but
} I will poll X - yes, and Y - no and the reason why YES or NO was chosen.
I don't mean to be negative, but I think these sorts of surveys/polls
are massive wastes of time and effort. Not only is the audience almost
certainly skewed [we're hardly a crosssection of the US] the sampling
is totally uncontrolled, making the "results" little more than random
noise. [or, perhaps, a foregone conclusion if you're careful about
where you post your request].
In terms of this forum, I think the only reasonable purpose for
such a question is to *discuss* it, not to *vote* on it. And
reasoned discourse certainly serves the topic better than just a
collection of un-argued, un-examined "sound Bytes" [the reasons
why]. [I assume that for the "reason why" you're not expecting two
or three megabytes per 'voter' of reasoned discourse on the pros
and cons of the matter, no?]
As such, I'll just respond...
Repeating your thesis:
} Computer Bulletin Boards should not be censored. People should have freedom
} of speech in saying or writing what they want to say, even if the material has
} to do with sexual or racial matters.
I disagree. I think that the folks that own and operate bulletin boards
ought to be free to run them *precisely* as they please, just so long
as they make the ground rules clear up front. As long as you're using
someone *else's* equipment, I think it is A-OK that they insist that
you play by their rules, but that once you agree on the rules they
should only be changeable by mutual consent [that is, treat such
as matters of contract law].
If you don't like their rules, as long as you're free to go to some
other forum or start your own, I claim you've gotten all that
you're entitled to in terms of "freedom of speech".
Now, this is not to make light of the legal situation in the US:
there are a lot of complicated legal matters having to do with
"limited public forums", when liability attaches to a sysop [for
things like libel or distribution of pornographic materials],
wiretap laws, etc. But if you're just asking a *moral* question:
as a matter of principle I'm very much in the "freedom of the
press is for those who own them" camp.
/Bernie\
--
Bernie Cosell cosell@world.std.com
Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358
------------------------------
From: laine@ctp.bilkent.edu.tr
Subject: Re: Is there an effective way to stop junk phone calls?
Date: Wed, 17 Nov 1993 20:58:35
Organization: Youngstown State/Youngstown Free-Net
>In article <comp-privacy3.75.4@pica.army.mil>
>pete ritter <cpritter@netcom.com> writes:
>
>>At long last, federal law now requires telemarketers to remove from their
>>call lists, anyone who requests it. The law also requires them to give
>>the name of the telemarketing firm, its address and telephone number if
>>you request it.
>>
>
In article <comp-privacy3.76.6@pica.army.mil> Tom Evert <O1EVERT@vm1.cc.uakron.edu> writes:
>Good advise! This law is called the Telephone Consumer Protection Act
>of 1991. Interesting reading - especially the part under "Findings"!
>
But still nobody has told us poor illiterates where to find a copy of this
law. Anyone?
------------------------------
From: Nevin Liber <nevin@cs.arizona.edu>
Subject: Re: California Driver License and SSN
Date: 18 Nov 1993 02:28:06 -0700
Organization: University of Arizona CS Department, Tucson AZ
In article <comp-privacy3.74.6@pica.army.mil>,
Bob Sherman <bsherman@mthvax.cs.miami.edu> wrote:
>Errrr, excuse me, but there are many ways for you to use the roads your
>taxes pay for without needing a drivers license. You can for example ride
>a bike, use public transportation, take a taxi, ride as a passenger in
>a car while someone else does the driving, run, jog, walk etc.. All of the
>above are better done on a paved roadway than through the woods..
Plus there are many ways that we all indirectly use roads. Do you buy
food at a supermarket that is trucked in? If someone breaks into your
house, wouldn't it be nice if the police drive over to save you or your
belongings? Etc., etc.
--
Nevin ":-)" Liber nevin@cs.arizona.edu (602) 293-2799
------------------------------
From: Rob Kling <kling@ics.uci.edu>
Subject: Re: Ownership and Privacy
Newsgroups: comp.society.privacy
Date: 18 Nov 93 16:30:18 GMT
Hi ... you might find parts of this paper helpful for your paper. /Rob Kling
===========================
Fair Information Practices with Computer Supported Cooperative Work
Rob Kling
Department of Information & Computer Science
and
Center for Research on Information Technology and Organizations
University of California at Irvine,
Irvine, CA 92717, USA
kling@ics.uci.edu
May 12, 1993 (v. 3.2)
Based on a paper which appears in SIGOIS Bulletin, July 1993
---------------------
The term "CSCW" was publicly launched in the early 1980s. Like other
important computing terms, such as artificial intelligence, it was coined
as a galvanizing catch-phrase, and given substance through a lively stream
of research. Interest quickly formed around the research programs, and
conferences identified with the term advanced prototype systems, studies of
their use, key theories, and debates about them. CSCW offers special
excitement: new concepts and possibilities in computer support for work.
CSCW refers to both special products (groupware), and to a social movement
by computer scientists who want to provide better computer support for
people, primarily professionals, to enhance the ease of collaborating.
Researchers disagree about the definition of CSCW, but the current
definitions focus on technology. I see CSCW as a conjunction of certain
kinds of technologies, certain kinds of users (usually small self-directed
professional teams), and a worldview which emphasizes convivial work
relations. These three elements, taken together, differentiate CSCW from
other related forms of computerization, such as information systems and
office automation which differ as much in their typical users and the
worldview describing the role of technology in work, as on the technology
itself (Kling, 1991). CSCW is the product of a particular computer-based
social movement rather than simply a family of technologies (Kling and
Iacono, 1990).
The common technologies that are central to CSCW often record fine grained
aspects of people activities in workplaces, such as typed messages, notes,
personal calendar entries, and videotapes of personal activity. Electronic
mail is the most popular of the CSCW technologies (Bullen and Bennett,
1991) and is a useful vehicle for examining some of the privacy issues in
CSCW. Many electronic mail messages contain personal communications which
include opinions and information which many senders would prefer not to be
public information. However, most electronic mail system users I have
spoken to are ignorant of the conditions under which their transmissions
will be maintained as private communications by their own organizations.
(They often assume that their electronic communications will be treated as
private by their organizations. Others are extremely sensitive to the
possible lack of privacy/security of email transmissions.)
Discussions of computerization and privacy are highly developed with
respect to personal record systems which contain information about banking,
credit, health, police, schooling, employment, insurance, etc. (Kling and
Dunlop, 1991:Section V). Definitions of personal privacy have been examined
in extensive literature about personal privacy and record-keeping systems.
Analysts have been careful to distinguish security issues (e.g., lock and
keys for authorized access) from privacy issues -- those which involve
people's control over personal information. There has also been significant
discussion of the interplay between privacy and other competing social
values. The privacy issues in CSCW both have important similarities and
differences when compared with the issues of personal record systems. We
can gain helpful insights by building on this body of sustain thinking
about privacy and record systems to advance our understanding of privacy
issues in CSCW.
Another related and helpful set of inquiries examines the surveillance of
workers in measuring activities related to quality of service and
individual productivity (Attewell, 1991; Kling and Dunlop, 1993). Some of
the most intensive fine grained electronic monitoring involves listening to
the phone calls of service workers such as reservationists, and
fine-grained productivity counts, such as the number of transactions that a
worker completes in a small time period. While all managers have ways of
assessing their subordinates' performance, clerks are most subject to these
fine grained forms of electronic surveillance. The CSCW community has
focussed on professionals as the key groups to use groupware and meeting
support systems. Consequently, electronic monitoring has seemed to be
implausible.
The computing community is beginning to be collectively aware of the
possible privacy issues in CSCW applications. Professionals who use CSCW
can lose privacy under quite different conditions than clerks who have
little control over the use of electronic performance monitoring systems.
And personal communications, like electronic mail or systems like gIBIS
which supports debates, record personally sensitive information under very
different conditions than do information systems for regulatory control
such as systems of motor vehicle, health and tax records.
The use of email raises interesting privacy issues. In the case of email,
privacy issues arise when people lose control over the dissemination of
their mail messages. When should managers be allowed to read the email of
their subordinates? One can readily conjure instances where managers would
seek access to email files. These can range from curiosity (such as when a
manager wonders about subordinates' gossip, and requests messages which
include his name in the message body), through situations in which a legal
agency subpoenas mail files as part of a formal investigation. A
different, but related set of issues can occur when a manager seeks mail
profiles: lists of people who send more than N messages a day, lists of
people who read a specific bulletin board or the membership of a specific
mailing list.
CSCW systems differ in many ways that pertain to informational control. For
example, systems such as email and conferencing systems retain electronic
information which can be reused indefinitely with little control by the
people who were writing with the system. One can imagine cases in which
managers may wish to review transcripts of key meetings held by computer
conferencing to learn the bases of specific decisions, who took various
positions on controversial issues, or to gain insight into their
subordinate's interactional styles. Other systems, such as voice and video
links, are often designed not to store information. But they can raise
questions about who is tuning in, and the extent to which participants are
aware that their communication systems is "on." In the literature about
computerization and privacy, similar questions have been closely examined
-- regulating the duration of records storage, the conditions under which
people should be informed that a third party is seeking their records, and
conditions under which individuals may have administrative or legal
standing in blocking access to their records (See Dunlop and Kling, 1991,
Section V).
One of the peculiarities of CSCW in contrast with traditional record
keeping systems is the nature of the social settings in which systems are
being developed and explored. Most personal record systems are developed in
relatively traditional control-oriented organizations. In contrast, most
CSCW applications have been developed in academic and industrial research
labs. These settings are protective of freedom of speech and thought and
less authoritarian than many organizations which ultimately use CSCW
applications. In fact, relatively few CSCW applications, other than email
and Lotus Notes, are used by the thousands of people in traditional
organizations (Bullen and Bennett, 1991). Further, CSCW systems are
primarily designed to be used by professionals rather than technicians and
clerks. Professionals generally have more autonomy than clerks, who are
most subject to computerized monitoring (Attewell, 1991). As a consequence,
many CSCW developers don't face problems of personal privacy that may be
more commonplace when prototype systems are commercialized and widely used.
These contrasts between R&D with CSCW and the likely contexts of
application should not impede us from working hard to understand the
privacy issues of these new technologies. CSCW applications are able to
record more fine grained information about peoples' thoughts, feelings, and
social relationships than traditional record keeping systems. They can be
relatively unobtrusive. The subject may be unaware of any scrutiny. In R&D
labs, we often have norms of reciprocity in social behavior: monitoring can
be reciprocal. However, in certain organizations, monitoring may follow a
formal hierarchy of social relations. For example, supervisors can monitor
the phone conversations of travel reservationists and telephone operators,
but the operators cannot monitor their supervisors. The primary
(publicized) appropriations of "private email" have been in military
organizations, NASA, and commercial firms like Epson, rather than in
university and industrial laboratories.
CSCW creates a new electronic frontier in which people's rights and
obligations about access and control over personally sensitive information
have not been systematically articulated. I believe that we need to better
understand the nature of information practices with regard to different
CSCW applications that balance fairness to individuals and to their
organizations.
It is remarkable how vague the information practices regulating the use of
the few commonplace CSCW applications are. Yet we are designing and
building the information infrastructures for recording significant amounts
of information about people thoughts and feelings which are essentially
private and not for arbitrary circulation, without the guidelines to
safeguard them. People who use computer and telecommunications applications
need to have a basic understanding about which information is being
recorded, how long it is retained (even if they "delete" information from
their local files, who can access information about them, and when they can
have some control over restricting access to their information.
In the late 1970s the U.S. Privacy Protection Study Commission developed a
set of recommendations for Fair Information Practices pertinent to personal
record keeping systems (PPSC, 1977:17-19). A concern of Commission members
was to maximize the extent to which record systems would be managed so that
people would not be unfairly affected by decisions which relied upon
records which were inaccurate, incomplete, irrelevant or not timely.
Commission members believed that record keeping systems in different
institutional settings should be regulated by different laws. For example,
people should have more control over the disclosure of their current
financial records than over the disclosure of their current police records.
On the other hand, the Commission proposed that each institutional arena
should be governed with an explicit set of Fair Information Practices. In a
similar way, different families of CSCW applications or different
institutional settings may be most appropriately organized with different
Fair Information Practices. In the case of CSCW applications, fairness may
have different meanings than in the case of decisions based upon personal
records systems.
We need fearless and vigorous exploratory research to shed clear light on
these issues. This rather modest position contrasts strongly with that
taken by Andy Hopper of Olivetti, one of the panelists at this plenary
session on CSCW'92. He was enthusiastic about the use of "active badges"
(Want, Hopper, Falcao, and Gibbons, 1992) and insisted on discussing only
their virtues. He argued that one can imagine many scenarios in which
people are harmed by some uses of a particular technology, but that
discussing such scenarios is usually pointless. Hopper's 1992 co-authored
article about active badges examines some of the privacy threats their use
can foster. But on the plenary panel he was critical of people who asked
serious questions about the risks, as well as the benefits of new CSCW
technologies. In this way, he took a position similar to that taken by
spokespeople of many industries, including such as automobiles, who have
delayed serious inquiries and regulatory protections for environmental and
safety risks by insisting on unambiguous evidence of harm before
investigating plausible problems.
The active badge systems which Hopper described seem to be regulated by
Fair Information Practices in his own research laboratory (e.g., no long
term storage of data about people's locations, reciprocity of use,
discretion in use). These sorts of Fair Information Practices may be
required to help insure that active badges are a convenient technology
which do not degrade people's working lives. Other kinds of information
practices, such as those in which location monitoring is non-reciprocal,
and non-discretionary may help transform some workplaces into electronic
cages. Hopper and his colleagues briefly mention such possibilities in
their 1992 ACM TOIS article about active badges. And their article deserves
some applause for at least identifying some of the pertinent privacy
problems which active badges facilitate. However they are very careful to
characterize fine grained aspects of the technological architecture of
active badges, while they are far from being comparably careful in
identifying the workplace information practices which can make active
badges either primarily a convenience or primarily invasive. I believe that
CSCW researchers should be paying careful attention to social practices as
well as to technologies. Richard Harper's (1992) ethnographic study of the
use of active badges in two research labs illustrates the kind of nuanced
analyses which we need, although Harper also glosses the particular
information practices which accompanied the use of active badges in the two
labs.
Unfortunately, delays in understanding some risks of emerging technologies
have led the public to underestimate the initial magnitude of problems, and
to make collective choices which proved difficult alter. Our design of
metropolitan areas making individually operated cars a virtual necessity is
an example. In the early stages of use, the risks of a new family of
technologies are often hard to discern (See Dunlop and Kling, 1991, Part
VI). When major problems develop to the point that they are undeniable,
amelioration may also be difficult.
I characterized CSCW, in part, as a social movement (Kling and Iacono,
1990). Most of us who study, develop, or write about CSCW enthusiastically,
(and sometimes evangelistically) encourage the widespread use of these new
technologies. However, as responsible computer scientists, we should temper
our enthusiasms with appropriate professional responsibility. CSCW
applications open important organizational opportunities, but also opens
privacy issues which we don't understand very well.
The new ACM Ethical Code (ACM, 1993) also has several provisions which bear
on privacy issues in CSCW. These include provisions which require ACM
members to respect the privacy of others (Section 1.7), to improve public
understanding of computing and its consequences (Section 2.7), and to
design and build information systems which enhance the quality of working
life (Section 3.2). The ACM's code is rather general and does not give much
specific guidance to practitioners. The CSCW research community is well
positioned to conduct the kinds of research into the social practices for
using these technologies which could shape meaningful professional
guidelines for their use in diverse organizations. Will we take a
leadership role in helping to keep CSCW safe for users and their
organizations?
=================================
Note: I appreciate discussions with Jonathan Allen, Paul Forester, Beki
Grinter, and Jonathan Grudin which helped clarify some of my key points.
REFERENCES
1. Association of Computing Machinery. 1993. "ACM Code of Ethics and
Professional Conduct." Communications of the ACM. 36(2)(Feb.):99-103.
2. Attewell, Paul. "Big Brother and the Sweatshop: Computer
Surveillance in the Automated Office" in Dunlop and Kling 1991.
3. Bullen, Christine and John Bennett. 1991. Groupware in Practice: An
Interpretation of Work Experience" in Dunlop and Kling 1991.
4. Dunlop, Charles and Rob Kling (Ed). 1991. Computerization and
Controversy: Value Conflicts and Social Choices. Boston: Academic
Press.
5. Harper, Richard H.R. "Looking at Ourselves: An Examination of the
Social Organization of Two Research Laboratories" Proc. CSCW '92:
330-337.
6. Kling, Rob. 1991. "Cooperation, Coordination and Control in
Computer-Supported Work." Communications of the ACM
34(12)(December):83-88.
7. Kling, Rob and Charles Dunlop. 1993. "Controversies About
Computerization and the Character of White Collar Worklife." The
Information Society. 9(1) (Jan-Feb:1-29.
8. Kling, Rob and Suzanne Iacono. 1990. "Computerization Movements"
Chapter 19, pp 213-236 Computers, Ethics and Society, David Ermann,
Mary Williams & Claudio Guitierrez (ed.) New York, Oxford University
Press.
9. Privacy Protection Study Commission. 1977. Personal Privacy in an
Information Society, U.S. Government Printing Office, Washington D.C.
(briefly excerpted in Dunlop and Kling, 1991.)
10.Want, Roy, Andy Hopper, Veronica Falcao and Jonathan Gibbons. 1992.
"The Active Badge Location System" ACM Transactions on Information
Systems. 10(1)(January): 91-102.
------------------------------
End of Computer Privacy Digest V3 #078
******************************