Date: Sun, 26 Dec 93 15:09:33 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#011
Computer Privacy Digest Sun, 26 Dec 93 Volume 4 : Issue: 011
Today's Topics: Moderator: Leonard P. Levine
e-mail privacy
SS Used as Password
Driver Protection Act
Re: Cellular Phone Security
Re: Maryland to introduce high-tech drivers' license
Re: Encryption At School
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: Sharon Shea <sshea@world.std.com>
Date: Thu, 23 Dec 1993 08:57:40 -0500 (EST)
Subject: e-mail privacy
Hello list,
Thanks for all your replies. I tried to repspond to everyone, but my
mail since my post has been overwhelming. (As anyone secretly
monitoring my mail will surely know.)
Yes, my case (and Tewhey's) at MIT have been a real circus. FYI, my
problems started when I was brought in to hear that there was a
complaint against me, that I would be throughly investigated in every
aspect of my professional behavior, that I could be terminated and that
no, I would not be allowed to see the detail of the charges against me.
You heard that right, I would not be allowed to see the complaint. This
could happen only at the discretion of the investigator (which,
incidently, he decided to do). Most of the 'charges' were not related
to me, but were a sad diatribe about how shabbily Tewhey had been
treated. Also, there was nothing in the 'charges' that specified a
definite statement, a time or place that I was involved in. It did,
however, mention things such as what awful friends I had (people that
Tewhey had reason to to be upset about). The complainant didn't know
these individuals. The charges were dismissed.
These charges, BTW, were handed around to others before I even knew of
their existance (and while I was charged but had not yet been allowed
access to the charges). The stuff on my hard drive was accessed by
Tewhey friends, was given to Tewhey, not part of the investigation. The
contents of the e-mail, FYI, was a pretty benign inquiry about 'who
*is* this guy Tewhey & do you know what's up with him since I seem to
be brought into a very bizarre business around his issues and
harassment?' The reply was 'I dunno' and that was it.
I have learned: If someone is up to no good - duck. Don't report any
controversial issue to anyone above you, particularly through what is
presented as a confidential, legitimate avenue for this sort of stuff.
*Particularly* when asked. They are looking for what you know, and you
can be killed for reporting in confidence.
I do appreciate the many answers that I have received - they've been
helpful and very supportive. If you've been amused, well, I suppose
some good comes of this in being able to entertain the masses. I do
think it is very important to discuss the boundaries between what of
belongs to the corporation, and what belongs to our privacy and right
to moral expression. The one suggestion (that has come in a few times)
that I don't trust (where did trust go?) is to consult with the MIT's
attorneys. Hmmm....just can't bring myself to do that. I do, however,
Much appreciate any info on MIT policy around these issues. Comparing
them with state and federal laws, and then examining the implementation
of the 'rules', or 'policy' is just amazing. And I do have my own
attorney.
-Sharon
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Mon, 20 Dec 1993 20:04:38 -0600 (CST)
Subject: SS Used as Password
A friend in asked me to post this. For reasons that have nothing to do
with the posting he asked me to post it anonymously for him.
"Had an interesting experience making a purchase at the Bombay Company
in Milwaukee Wisconsin today. I tried to purchase two gifts with a
credit card. The clerk asked if I would like to be on the mailing list
for their catalog, and I agreed. As she rang up the order she then
asked for my mailing address, which I provided, and then she asked for
my Social Security number! Why? She said: "It's for your protection.
If you make a catalog order by phone and pay for it with a credit card,
we'll know that it really is you making the purchase." I told her that
if that was the reason, we'd make it really difficult for someone
wishing to commit fraud. We'll make up a number! I told her to put
down: 000-00-0000. Geesh!
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: Thu, 23 Dec 1993 11:30:52 -0600 (CST)
Subject: Driver Protection Act
Two bills have recently been posted, one in the US House by
Representative James P. Moran, D-VA and the other in the US Senate by
Senator Barbara Boxer D-CA. Both deal with the question of privacy for
drivers. They are available for ftp from:
ftp.cs.uwm.edu, pub/comp-privacy/library
as butler.bil and moran.bil
and from:
ftp.eff.org, pub/eff/legislation
as s1589 and hr3365.
A short excerpt from the salient parts of them follows. Any act
of omission on my part is an attempt at brevity. Anyone who
feels that I have omitted important parts of these two bills
should feel free to download those parts I have omitted and post
them as a part of his or her argument. Omissions are marked with
the symbol [...]:
[...]
This Act may be cited as the "Driver's Privacy Protection Act
of 1993".
[...]
"2721. Prohibition on release of certain personal information by
States
"(a) IN GENERAL.-It shall be unlawful for any person or other
entity to disclose personal information derived from an individu-
al's motor vehicle records to any other person or entity, other
than to the individual, except as permitted under this chapter.
"(b) EXCEPTIONS.-Personal information referred to in subsection
(a) of this section may be disclosed for any of the following
uses:
"(1) For use by any Federal or State court in carrying out
its functions.
"(2) For use by any Federal or State agency in carrying out
its functions.
"(3) For use in connection with matters of automobile and
driver safety, including manufacturers of motor vehicles conduct-
ing a recall of motor vehicles.
"(4) For use in the normal course of business by a le-
gitimate business (including an insurer or insurance support
organization) or its agents or employees or contractors, but
only-
"(A) to verify the accuracy of personal information
submitted by the individual to the business; and
"(B) if such information as so submitted was not
correct, to obtain the correct information, but only for the
purpose of pursuing remedies against an individual who provided
false information or presented a check or similar item that was
not honored.
"(5) For use in any civil or criminal proceeding in any
Federal or State court.
"(6) For use in research activities, if the motor vehicle
department determines that such personal information will not be
used to solicit the individual and that the individual is not
identified or associated with the requested information.
"(7) For use in marketing activities, if the motor vehicle
department-
"(A) has provided in a clear and conspicuous manner to
the individual an opportunity to prohibit such disclosure;
"(B) has received assurances that the information will
be used, rented, or sold solely for a permissible use under this
chapter, including marketing activities; and
"(C) has received assurances that each entity that
sells or uses the information so obtained keeps complete records
identifying each purpose for which the information is used and
each organization that receives the information.
"(8) For purposes of reselling the personal information for
a permissible use under paragraph (7) of this subsection, but
only if each person or other entity that sells or uses the infor-
mation so obtained keeps complete records identifying-
"(A) each purpose for which the information is used;
and
"(B) each person or other entity that receives the
information.
"(9) For use by any insurer or insurance support organi-
zation, or its employees, agents, and contractors, but only in
connection with claims investigation activities or antifraud
activities.
"(c) WAIVER PROCEDURES.-(1) Each State shall establish and
carry out procedures under which-
[...]
"(B) any motor vehicle department of the State may enter
into an agreement with any business (including an insurer or
insurance support organization) or its agents, employees, or
contractors, based upon a certification that the business has
obtained or will have obtained consent from the individual to
whom the information pertains, to obtain requested personal
information from such department.
[...]
The term 'personal information' is information that identifies
an individual, including an individual's photograph, driver's
identification number, name, address, telephone number, social
security number, and medical and disability information. Such
term does not include information on vehicular accidents, driving
violations, and driver's status.
end of excerpt
--
Leonard P. Levine e-mail levine@cs.uwm.edu
Professor, Computer Science Office 1-414-229-5170
University of Wisconsin-Milwaukee Fax 1-414-229-6958
Box 784, Milwaukee, WI 53201
------------------------------
From: decastro@netcom.com (Richard A. De Castro)
Date: Sat, 25 Dec 1993 20:59:26 GMT
Subject: Re: Cellular Phone Security
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
eck@panix.com (Mark Eckenwiler) writes:
>>I hope this is yet another hoax.
>Apparently not. Mr Grosso is listed in Martindale-Hubbell as an AUSA,
>so unless the post is forged, this is a gen-you-wine remark from a
>federal prosecutor.
Lets hope that he applies more diligence to other US laws. Personally,
I think that ECPA is a sham, designed by incompetents (both in
government and in industry) to show people who don't understand the
technology they're using that they have DONE SOMETHING TO MAKE SURE
THEY ARE SAFE!
--
==========================================================================
decastro@netcom.com Warning: I am a trained professional. No, Really!
Do Not try this yourself - it could get ugly..
Richard A. De Castro - California, North America, Sol-3
==========================================================================
------------------------------
From: silvers3@husc9.harvard.edu (Jolyon Silversmith)
Date: 23 Dec 1993 02:10:02 GMT
Subject: Re: Maryland to introduce high-tech drivers' license
Organization: Harvard University Science Center
In article <comp-privacy4.10.1@cs.uwm.edu>
Paul Robinson <PAUL@TDR.COM> writes:
>In "State to Fight Fraud With High-Tech Driver's License" (Page MD-1,
>Washington Post, Dec 16), Richard Tapscott reports on Maryland's new
>License to be issued January 1.
The license is already being issued... When I renewed my licence today
(December 22) it was being issued at the MVA office I was at for the
first time...
>- The photos of two front example licenses appear in the Post in color;
> the back of the new license is shown in black and white; the current
> license has the back printed in blue. This may be the way the post
> photographed it rather than actual appearance.
Nope. The back is printed only in black. In some ways, this seems like
a step backwards... I should note that the back is NOT laminated, only
the front (because of the magnetic strip, I assume); both sides of the
old licence were laminated.
Otherwise, this summary was accurate. One additional change, though: to
be an organ donor, you must say so when the licence is issued, as it is
printed on the card rather than affixed by a sticker. I suppose this
will mean that if you change your mind, you'll have to get a new
licence? Also, the "ghost" photograph under the hologram looks very
odd. My eyes are completely covered by the "weight" and "sex" data, and
the colors are noticebly lighter then in the "real" photo...
--
Jolyon ("Jol") Silversmith_____________________________________________________
silvers3@husc.harvard.edu Former Director: Civil Liberties Union of Harvard
Mather House 188 Editor: The Mather Messenger (House Newsletter)
Cambridge, MA 02138 Submissions Editor: Lighthouse Magazine
____________ I have a firm grip on reality. Now I can strangle it. ____________
------------------------------
From: decastro@netcom.com (Richard A. De Castro)
Date: Sat, 25 Dec 1993 21:01:52 GMT
Subject: Re: Encryption At School
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Chris Burris <cburris@cap.gwu.edu> writes:
> Suppose that I wrote a simple encryption program and ran it at school,
> and the administration searched my disk. Could the administration
> force me to give them the encryption key even if i refused?
Who's computer is it? If it's yours, no, they can't (privacy and
property laws). If it's there computer, they have a better case, but
probably not. They can, of course, just erase the encrypted data, and
send you home.
Never say anything you're not willing to repeat in Court! Including on
disk.
--
==========================================================================
decastro@netcom.com Warning: I am a trained professional. No, Really!
Do Not try this yourself - it could get ugly..
Richard A. De Castro - California, North America, Sol-3
==========================================================================
------------------------------
End of Computer Privacy Digest V4 #011
******************************
.