Date: Sat, 04 Dec 93 09:14:35 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#003
Computer Privacy Digest Sat, 04 Dec 93 Volume 4 : Issue: 003
Today's Topics: Moderator: Leonard P. Levine
Re: Right To Search Floppy Disks?
Re: Right To Search Floppy Disks?
Re: Right To Search Floppy Disks?
Re: California DVM's SSN requirements
Re: Guns Control/Registration/Confiscation
Re: Privacy of cellular phones
The Club
CallerID Approved in Wisconsin
New GAO report on Communications Privacy
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: ranck@joesbar.cc.vt.edu (Wm. L. Ranck)
Subject: Re: Right To Search Floppy Disks?
Date: 2 Dec 1993 16:19:55 GMT
Organization: Virginia Tech, Blacksburg, Virginia
Brinton Cooper (abc@arl.army.mil) wrote:
: This seems comparable to searching lockers. In at least some cases, the
: rights of school authorities to search student lockers looking for
: "drugs" or "stolen property" has been upheld; and these administrators
: aren't even police! They have also exercised their right to require
: students to empty the contents of their pockets for the principal;
: again, no police are involved. So-called suspension hearings in Harford
Actually I think folks seem to have a basic misconception here. It is
precisely *because* they are not the police that they can do locker searches,
etc. The police are held to a higher standard for probable cause to search.
A school administrator might be able to do a search that would be illegal
for the police.
As far as the floppy disks that the original poster asked about, who knows.
Do they belong to the school (as lockers do) or did the person own them?
Depending on the situation a lawyer might be worth talking to.
--
* Bill Ranck (703) 231-9503 Bill.Ranck@vt.edu *
* Computing Center, Virginia Polytechnic Inst. & State Univ., Blacksburg, Va. *
------------------------------
From: "Dick Murtagh (8-465-4916)" <dickm@vnet.ibm.com>
Subject: Re: Right To Search Floppy Disks?
Date: Fri, 3 Dec 93 14:21:40 PST
> Justin Fidler <jfidler@cap.gwu.edu> writes :
>
> Does anyone know of the legal issues involved when a public high school
> searches the floppy disks of a student? I have witnessed an incident
> where a school administration has gone to the effort of undeleting files
> and then using the information found in these undeleted files against a
> student. It seems to me this would be comparable to the police searching
> through a person's garbage. Any ideas?
Disclaimer: I am not a lawyer. Do not take this as legal advice :
It's a matter of who owns the disks. Are they borrowed from the school
or were they purchased by the student ? If they belong to the school,
then the school can search them at any time (like the lockers). If they
belong to the student, then the search is an invasion of privacy and the
student can sue for damages.
Dick Murtagh
------------------------------
From: craffert@nostril.lehman.com (Colin Owen Rafferty)
Subject: Re: Right To Search Floppy Disks?
Organization: Lehman Brothers Inc.
Date: Fri, 3 Dec 1993 22:28:51 GMT
In article <comp-privacy3.84.6@pica.army.mil> jfidler@cap.gwu.edu (Justin Fidler) writes:
> Does anyone know of the legal issues involved when a public high school
> searches the floppy disks of a student? I have witnessed an incident
> where a school administration has gone to the effort of undeleting files
> and then using the information found in these undeleted files against a
> student. It seems to me this would be comparable to the police searching
> through a person's garbage. Any ideas?
It seems to me more closely comparable to looking in a student's
locker, or through his/her book bag.
In recent history (last fifteen years or so), it has become very
accepted that going through students' lockers is perfectly acceptable.
Schools will perform open lockers for cause, for random checks, and
will even spot check entire schools.
Now I don't think that students should be afforded any fewer rights
than adults, but that is what is happening. A floppy disk is just
another kind of school locker.
This is why everything personal that you have should be encrypted.
Everything.
If you only encrypt some things, then they are hiding something. If
you have everything encrypted (including the file holding the mapping
of random file names to useful file names), then you are simply being
cautious about losing your disk.
Then, when the principal asks for you to decode your files, you can
weigh the punishment between disobeying and whatever you are actually
trying to hide.
--
Colin Rafferty, Lehman Brothers <craffert@lehman.com>
pgp print = 91FED077 BD5588B6 30B372D2 F9172162
Don't know what pgp is? Ask me!
------------------------------
From: "Willis H. Ware" <willis@jake.rand.org>
Subject: Re: California DVM's SSN requirements
Date: Fri, 03 Dec 93 15:30:32 PST
bruces@sco.com (Bruce Steinberg) writes at length about the situation
in California which compels use of the SSN for DMV purposes. The
response from his Senator Mello was marvelously non-responsive, and it
amounted to a brush-off bread-and-butter letter. That's the
politician's way of telling you that the matter is not high on his
priority list and will not be until some legislator gets caught or is
threatened by the system; e.g., Judge Bork and video rental records.
As a passing comment, I'm told that Calif State Senator Lockyer was
the person who made sure that the DMV did not put the SSN on the face
or the mag stripe of the driver license. You might try your views
on him.
The California DMV tried to be responsive to the privacy points as
manifested in the federal Privacy Act of 1974. There is a brochure in
DMV offices that explains the SSN thing and advises why it is
collected. Unfortunately the usage is given in terms of enforcement
of several laws which are quoted by legislative code identifiers, but
never named and never described. It was a nice try but the brochure
falls far short of being really informative about the rationale behind
the procedure. Did the DMV just goof it? Did the DMV not appreciate
what a privacy act notice is intended to convey? Or did the DMV in
effect stonewall the issue and honor the letter, not the spirit, of
such notices?
And this discussion leads to a collateral concern. The present status
of the SSN's being a de facto personal identifier is a result of a
sequence of decisions over 55 years, none of them seen as "a big thing"
at the time but in fact, seen as rational and proper. The country has
before it the question of what enumeration system should be used for
patient ID in the healthcare reform movement. The obvious tendency
will be "go for the SSN" for a whole variety of reasons; e.g., the
government issues and maintains the system for us, we're used to it,
making changes will be prohibitively costly, what's wrong with it
anyway, too much software is built around the 9 [or 10] character
SSN or Medicare number.
It would be distressful for the country to adopt the SSN as the
patient ID for such reasons. I would argue that an acceptable patient
ID from the privacy point of view must be limited in use to only
health care information. The most compelling argument against the SSN
is that it cannot possibly be given legal protection at this juncture.
The horse is long gone.
A counter argument might be that we can legislate control of the
databases in which health data reside; but if the SSN is in the
record, sooner or later there will be a reason that somebody will sell
as compelling and in the interests of society. In fact, the mere
presence of the SSN will encourage people to think of new uses,
because the file linkage will be so easy.
The barrier will break and health data will leak and migrate to all
sorts of other databases which contain personal information and the
SSN. More to the point, if the SSN is used as the patient ID,
unauthorized leakage of health data to other databases will occur
anyway. Given the dossier-quality records already available in
electronic form on at least half the people in the country, it's
shuddering to contemplate that health data might be added to them.
And all because the country failed to bite the bullet and make a
change that is needed; we do it now or we never do it. We act to
assure confidentiality and privacy, or we implcitily agree to live with
collateral [to healthcare delivery] uses of health information.
Willis H. Ware
Santa Monica, CA
------------------------------
From: "Willis H. Ware" <willis@jake.rand.org>
Subject: Re: Guns Control/Registration/Confiscation
Date: Fri, 03 Dec 93 15:30:32 PST
David Horvath <dhorvath@sas.upenn.edu> writes:
>>> ................... A simple NCIC check would show if you were a
>>>convicted felon and the addition of a 'mental stability' flag to the
>>>database would be a simple matter.
You have made a grievous mistake. Why do you think that the NCIC
records are correct, complete, and accurate? Generally speaking,
criminal history records are notorious for being full of errors, and
often the indictment side is in the record without the result of the
judicial closure. The record hence is one-sided. For something as
important as gun control, we better not lean on a weak and bending, if
not ancient, database whose integrity has never been established.
And given that, would you be happy to have yourself in such a database
with a mental stability flag? Would you be happy to have such an entry
available to ALL law enforcement agencies in the country -- federal,
local, state -- for none of whom is there accountability ? There is
no Privacy Act considerations in re NCIC; how would you cause an error
to be corrected, even if you were able to discover that an error even
existed?
Please -- when you think using databases for all manner of societal
safeguards, controls, and services, think about the fact that such
systems typically have poor security, are commonly implemented on older
equipment, usually have no oversight mechanism that enforces
accountability to the citizenry; AND most importantly, think about
the fact that systems usually do not work the way some legislature
believes it will as a consequence of some law. Systems will always
have anomalies and often unforeseen effects. Think about the privacy
and societal consequences before the fact, not lament them after the
fact.
------------------------------
From: tim@umcc.umcc.umich.edu (Tim Tyler)
Subject: Re: Privacy of cellular phones
Date: 4 Dec 1993 00:29:49 -0500
In article <comp-privacy3.83.2@pica.army.mil>,
Percival Wendel Wippenheimer <wef4m@galen.med.virginia.edu> wrote:
>The answer to this is simple: Do not use Cellular Phones until
>proper scrambling becomes widespread.
That's not very practical. Just don't say anything sensitive in a
manner which would be understandable by any unauthorized parties listening
in.
>Furthermore, any ham radio operator who knows even a
>little bit >can modify a cellular phone so that monitoring can take place.
>
Most of the modifications are software-based, although some involve
shorting out two particular pins on the programming port.
I really doubt any ham operator is going to instantly have the
knowledge of modifying the CMT to receive/scan all the channels.
>PWW
--
Tim Tyler Internet: tim@ais.org MCI Mail: 442-5735 GEnie: T.Tyler5
P.O. Box 443 C$erve: 72571,1005 DDN: Tyler@Dockmaster.ncsc.mil
Ypsilanti MI AOL: Hooligan Packet Radio: KA8VIR @WB8ZPN.#SEMI.MI.USA.NA
48197 "Celebrate diversity -- get intolerant about something!"
------------------------------
From: walls@oms24.cfsat.honeywell.com (Gerald Walls)
Subject: The Club
Date: Thu, 2 Dec 93 07:35:02 MST
Maybe I'm just being irrational but I heard an ad on the radio this
morning that really bugs me.
The makers of The Club have a set up a number (800) 633-CLUB that you
are supposed to call to report the license plate number of a car
registered in your state that has The Club in it. This enters you
into a drawing where they will award 50 $100 prizes. You can only
enter once.
This to me seems like a violation of privacy. If I buy The Club and
don't send in the registration form maybe I don't care for them to
know I bought it. Maybe I didn't want to get a bunch of crappy junk
mail. Now they're going to pay my neighbor to turn me in.
I called the number to complain but it was an automated touch-tone
response line and I didn't hang on to see if there was a drop-to-
operator if you didn't have touch-tone.
Maybe everyone with an idle computer and a modem should call the
number over and over and run up their 800 charges. Nah. That
wouldn't be nice and I'd never advocate it.
--
My Opinions Only | Who is John Galt? | --------- Space Available -----------
Gerald Walls | NRA Life Member | Don't blame me. I voted Libertarian.
walls@saifr00.ateng.az.honeywell.com / int_walls@ecc6.ateng.az.honeywell.com
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Subject: CallerID Approved in Wisconsin
Date: Fri, 3 Dec 1993 07:00:12 -0600 (CST)
The state of Wisconsin Public Service Commission has just approved the
CallerID service that Ameritech and PTI Communications had requested.
That service will permit per-call blocking for no charge, per-line
blocking for no charge for agencies such as law enforcement and social
service and for clients of such agencies. No others will be allowed
per-line blocking. The monthly charge for receiving CallerID will be
about $6.50. According to an Ameritech spokesman service probably
will begin in March in the Milwaukee-Racine-Kenosha area unless
further legal challenges occur.
This is excerpted from a front page (below the fold) story in
Thursday's (12/2/93) Milwaukee Journal.
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: KH3@cu.nih.gov
Subject: New GAO report on Communications Privacy
Date: Fri, 03 Dec 1993 16:10:13 EST
GAO recently issued a report "Communications Privacy:
Federal Policy and Actions", GAO/OSI-94-2, dated
November 4, 1993, that may be of interest to members
of your group. The report focused on the following issues:
--The need for information privacy in computer and
communications systems--through such means as
encryption, or conversion of clear text to an
unreadable form--to mitigate the threat of economic
espionage to U.S. industry;
--federal agency authority to develop cryptographic
standards for the protection of sensitive,
unclassified information and the actions and policies
of the National Security Agency (NSA), Department of
Defense, and of the National Institute of Standards
and Technology (NI ST), Department of Commerce,
regarding the selection of federal cryptographic
standards;
--roles, actions, and policies of NSA and the
Department of State related to export controls for
products with encryption capabilities and industry
rationale for requesting liberalization of such
controls; and
--the Federal Bureau of Investigation's (FBI)
legislative proposal regarding telephone systems that
use digital communications technology.
I have placed an electronic version of the report named
OSI-94-2.TXT in the GAO-REPORTS anonymous FTP directory at
NIH (ftp.cu.nih.gov).
Joe Sokalski, GAO--Los Angeles
kh3@cu.nih.gov
------------------------------
End of Computer Privacy Digest V4 #003
******************************
.