Date: Thu, 10 Mar 94 08:27:39 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V4#040
Computer Privacy Digest Thu, 10 Mar 94 Volume 4 : Issue: 040
Today's Topics: Moderator: Leonard P. Levine
Re: Computer Databases of Information
Re: Computer Databases of Information
Re: Computer Databases of Information
Re: Time Magazine on Clipper
Re: Ideas for PGP Implementation
What MIB stores...
Re: Looking for lawyers who use encrypted/signed email
CHIPS... (Possibly worse than the clipper?)
CHIPS... (what ended up happening to Hawke...)
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: bernie@fantasyfarm.com (Bernie Cosell)
Date: 6 Mar 1994 07:42:20 GMT
Subject: Re: Computer Databases of Information
Organization: Fantasy Farm, Pearisburg, VA
rinewalt@GAMMA.IS.TCU.EDU writes: MIB is a commercial, not
governmental, database. Quoting from RISKS 10.63 (which was
quoting from the Christian Science Monitor):
Perhaps one of the most mysterious consumer-reporting companies
is MIB, formerly the Medical Information Bureau, in Brookline,
Mass. "It's a very difficult company to learn very much
about," says Massachusetts state senator Lois Pines. "They
don't want people to know that they exist or what they do."
I assume you've posted this as a "Hooray, a *victory* for privacy".
Here's a company quietly doing busines, breaking no laws [at least
there was no allegation of any wrongdoing] and saying "leave us
alone". Isn't that what privacy is all about?
------------------------------
From: Laura Sullivan <LSULLIV3@UA1VM.UA.EDU>
Date: 8 Mar 94 12:16:11 CST
Subject: Re: Computer Databases of Information
rinewalt@GAMMA.IS.TCU.EDU writes: Perhaps one of the most
mysterious consumer-reporting companies is MIB, formerly the
Medical Information Bureau, in Brookline, Mass. "It's a very
difficult company to learn very much about," says Massachusetts
state senator Lois Pines. "They don't want people to know that
they exist or what they do."
Well, what do they do? (i.e. what data do they store?)
They store your medical records. If you have insurance and you signed
a release to give your insurance company access to your medical records
(presumably so they can determine whether your illness is covered under
your policy), they are not generally bound to keep that information
confidential. They obtain as much of your medical record as possible,
whether it pertains to their coverage or not. Personnel in doctors'
offices usually just xerox the whole file rather than only what relates
to a specific insurance claim. The insurace company then sells that
file to MIB, who sells it to other insurance companies. That's is how
insurance companies decide whether to sell you insurance, and that's
how they know about pre-existing conditions. MIB naturally does not
want you to know they exist, because if Joe Q. Public knew how many
people had access to *confidential* medical records, he would write his
Congressman. Insurance companies and MIB certainly wouldn't want
that.
Of course, as with any such covert invasion of privacy, it is almost
impossible to correct errors. It also has medical ethics implications,
especially regarding genetic testing. If you have a genetic test that
shows some sort of propensity for illness, you could be barred from
employment (insurance companies aren't the only customers of MIB) and
certainly from obtaining insurance.
Scary stuff.
Laura Sullivan
SLIS, University of Alabama, Tuscaloosa
lsulliv3@ua1vm.ua.edu
------------------------------
From: oracle!us.oracle.com!sblack@uunet.UU.NET (Steven T. Black)
Date: 8 Mar 1994 23:50:26 GMT
Subject: Re: Computer Databases of Information
Organization: Oracle Corporation
In article <comp-privacy4.39.9@cs.uwm.edu>
palbert@netcom.com (Phil Albert) writes:
rinewalt@GAMMA.IS.TCU.EDU writes: Perhaps one of the most
mysterious consumer-reporting companies is MIB, formerly the
Medical Information Bureau, in Brookline, Mass. "It's a very
difficult company to learn very much about," says
Massachusetts state senator Lois Pines. "They don't want
people to know that they exist or what they do."
Well, what do they do? (i.e. what data do they store?)
I just saw a special news segment on our local news last night
regarding the MIB. It seems they are an information clearinghouse
intended for the insurance industry. It seems as though when you sign
an insurance agreement, one of the fine print clauses allows them to
send your personal information to MIB. (This only goes for the member
insurance companies -- check with your insurance company to be sure.)
The information can be quite personal - besides the raw statistics of
age, sex, weight, height, etc., they also have categories such as "bad
driving record", "participation in high-risk sports", "alcoholic",
etc.
The story was brought on when a local man was rejected for disability
insurance because of incorrect data in MIB. It seems they had him down
as an overweight alcoholic who, according to the MIB report, drank
several six-packs a day. It looked like they got their records
confused with another person, as they also had him down as being 6"
shorter than he was in real life. After he tracked down the problem,
it took him over 6 months to get MIB to correct their mistake,
whereupon he was then granted insurance.
MIB claims they dump their records every seven years, but who really
knows, as they are quite secretive as to what their corporate policies
are.
They report gave the number of MIB if you have any questions. The
number is 617-426-3660. (Note: not all insurance companies subscribe
to their service, so it is still possible that you might not be listed
in their database. They will tell you if you are listed or not if you
call the number.)
Steven T. Black
------------------------------
From: mea@intgp1.att.com
Date: 8 Mar 94 12:07 CST
Subject: Re: Time Magazine on Clipper
Rather than outlaw PGP and other such programs, a policy that
would probably be unconstitutional, the Administration is taking a
marketing approach. By using its purchasing power to lower the
cost of Clipper technology ...
If all the government is doing is taking a marketing approach with this
Clipper chip technology, what's all the fuss? By simply adding another
layer of encryption on top of Clipper will defeat its backdoor and
threats from snooping. The government rarely suceeds at anything when
it comes to business -- especially if it involves marketing. Although
the government may try to corner the market by undercutting on price,
an encryption chip isn't all that hard to design. And if it costs a
few dollars more to buy a chip that defeats Clipper, I'm sure there
will be a large demand for this product.
Is this really much ado about nothing?
------------------------------
From: news@cbnewsh.att.com
Date: 9 Mar 94 02:10:32 GMT
Subject: Re: Ideas for PGP Implementation
Organization: AT&T Global Information Solutions, NCR's new name
soren@argon.gas.uug.arizona.edu (Soren F Ragsdale) writes: Ideas For A
New Implementation of PGP
PGP Limitations: Ideally, users would use PGP on all mail as a
simple but impermeable "envelope" against snooping hackers.
Unfortunately, PGP implemented as an application makes encrypting
anything but the most sensitive of information a relative waste of
time and energy. To use PGP on my Macintosh, for
[complains about it being too much trouble to use, especially
between his Mac and his host email system] [wants a friendly
interface from PINE or something]
Limitations of the new program: I realize that this method is by no
means as secure as the original PGP
You're missing the flexibility of implementing something as an
application in a software tools environment (not surprising, since
you're a Mac user) (<-ObFlameBait:-) There's no reason to use a less
secure system than PGP for convenience - PGP takes a bunch of input,
demands a key if it needs one, and produces a bunch of output. That's
the kind of thing that can easily be built into an application, if
anybody wants to write the glue to do it. Folks are talking about that
kind of stuff over on alt.security.pgp all the time, since it's
something people would obviously want, especially Mac users not used to
a relatively raw interface. Listen in for a while, and find who's
working on it to see if they want help or suggestions.
Some of your comments seemed directed to the kind of environment where
you have a personal computer and a multi-user mailhost, and you want a
convenient way to either read your mail from the PC or to do your
encryption on the mailhost. PGP will run on Unix systems, though there
are obvious security risks in handling sensitive information on
machines that are shared, especially if someone else is the
administrator or if you're communicating over an easily eavesdropped
network like Ethernet (including dialup to terminal servers...) If you
don't care about that, you can use real PGP, and I think I've heard
people talk about putting PGP hooks into Elm or Pine; they're certainly
available for gnuemacs if you like it.
If you *do* care about running your PGP only on your PC/Mac, you need
to find a mailreader that does the user interface there and hauls the
mail down from the mailhost relatively transparently. The POP Post
Office Protocol is designed to do this for TCP/IP networks, and there
are similar things to do it over dialup. Some of the mail-readers you
can use on Macs include Eudora and Intercon's TCP/Connect; there are
others, and lots of others for PCs. I think I've heard of people
working on PGP hooks for Eudora; certainly for similar systems.
------------------------------
From: reed@interval.com (David P. Reed)
Date: 9 Mar 1994 13:59:10 -0500
Subject: What MIB stores...
Here is my understanding, which may be incomplete or out of date, but
was true in the early '70's. MIB (The Medical Information Bureau) is a
service company to the insurance industry. retains individual medical
information gathered during the processing of life insurance
applications, for use in later insurance transactions. On a typical
application for life insurance you will sign an agreement granting
permission for the insurer to gather medical information about you, and
grant them and MIB explicit permission to hold that information for
later use. On an insurance application I filled out around '85, the
MIB still was mentioned.
What I understand this to mean is that they can collect hospital
records and doctor records, and any tests they run in the process of
deciding you are insurable, and any info you provide about your health
on the application (allergies, hypertension, smoking...) and retain
that in their database. They can also release previously acquired
info.
------------------------------
From: oppedahl@panix.com (Carl Oppedahl)
Date: 9 Mar 1994 23:50:13 -0500
Subject: Re: Looking for lawyers who use encrypted/signed email
Organization: PANIX Public Access Internet and Unix, NYC
In <2llpuq$12p@fido.asd.sgi.com> Nelson Bolyard <nelson@bolyard.wpd.sgi.com> writes:
Sometime in the last 3 months, I saw a Usenet news article in one
of these newsgroups, in which the writer, a lawyer, was talking
abount an organization to which he belonged. It was some kind of
association of lawyers, possibly a regional bar association. They
were trying to set their own association's rules for the use of
email with encryption (e.g. PEM, RIPEM, etc - things that can do
electronic signature and also protect confidentiality of data).
He explained how lawyers were computerizing more and more, and how
they needed to have some common conventions, and mutual
understandings about the strengths of digital signatures, etc.
Anyway, at the time I read the article, I thuoght it was very
interesting, but I didn't save a copy because I figured I'd never
have anything to do with them. Now I find that a group of lawyers
in a neaby city has invited an associate of mine to come and speak
to them about this very same topic. I'd like to provide my
associate with a contact for the person/group behind that article I
read.
I've already checked with "SEA", the Society for Electronic Access,
and was told the article wasn't written by one of them.
Anyway, if you happen to remember this article, and have a copy or
remember the name of the group behind it, I'd really appreciate any
info you can send my way. Thanks.
I don't recall the article. But in case it may be of interest, for my
law firm the big development was the availability of a patent-licensed
version of PGP. So we just got a multi-user license, and pursuant to
the license we are able to distribute it to our clients and can use it
for secure email.
--
Carl Oppedahl AA2KW
Oppedahl & Larson (patent lawyers)
Yorktown Heights, NY
voice 212-777-1330
------------------------------
From: lile@netcom.com (Lile Elam)
Date: 9 Mar 1994 11:13:10 GMT
Subject: CHIPS... (Possibly worse than the clipper?)
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Last Sunday I ran into a situation that made me completely nausiated
and feel like my privacy had been completely invaded... It involves a
chip which is implanted in animals and used for identification...
Prehaps I over-reacted but my gut tells me that I haven't. That's what
makes me still feel nausiated when I think about it. So I thought I
would see what you thought about it.
My housemate and I are looking to get some cats for our house. We
decided to go to the Peninsula Humane Society (in the south San
Francisco area) and see about adopting them from there as this is where
lost or stray animals are kept and if unclaimed after a month, are put
to sleep.
I fell in-love with a beautiful black simi-long hair cat named "Hawk",
a five year old male with yellow eyes. We got along really well (I am
a cat person by nature) and I decided to adopt him. He is very gental
and loving which seems so strange for such a big male cat. I kept
calling him "she" :).
So, I went to the front desk and spoke with the Animal
Coordinator/Advisor. Everything was going great and they were
impressed that my dad's a veterinarian. Said it sounded like we could
provide Hawk with a wonderful home. Then the woman said, "All we have
to do is implant a microchip in the animal and you'll be set". Well, I
turned pale and said, "What's this chip and why is it needed?" I was
told that it was used to identify the animal in case it became lost. A
identifaction number is stored on this microchip and can be used to
find the pet's owner and home.
Well, I said I didn't want a chip in this cat and that it was a
violation of privacy. There was a woman standing next to me, awaiting
getting her pet, and she turned to me and said, "I don't see what the
problem is?" I responded, "Well, if their doing this to animals, how
soon will it be before they implant the same sort of thing in us?" She
said, "Oh, I hadn't thought about it like that." and became quiet. I
told the attendant that I was strongly opposed to this chip implant and
couldn't accept the cat with it. So she is going to check with her boss
tomorrow to see if I can get the cat without the chip. She said she
understood my concerns about big brother and that a few people have had
similar reactions. I'll send you an update tomorrow and let you know
if I can get the cat without the chip...
I was really upset about this. My housemate asked me why and I said,
"It's too close. Don't forget that we are animals too! We can't really
talk til we're 2 so I could see this I.D. microchip being used in human
babies. And what about people who might suffer from memory loss? A
reason to use a chip in adults would be to "identify" you if you forgot
who you were or if you were not using your born identity. The
possiblities are endless!" And with the NII coming, well it's as bad as
the clipper chip, if not worse!
So, am I totally over-reacting? I really do feel like this chip is
wrong and don't know what to do...
Below is the brocure contents about the C.H.I.P. program. How do you
feel about it?
thanks,
-lile
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lile Elam | "Remember... No matter where you go, there you are."
lile@netcom.com |
Un*x Admin / Artist | Buckaroo Banzai
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C. H. I. P.
Campaign to Help Identify Pets
Peninsula Humane Society
12 Airport Blvd.
San Mateo, CA 94401
Seventy percent of missing animals never come home because they have no
permanent I.D. or their owners don't know how to find them. Here at PHS, only
3% of the stray cats and 57% of the stray dogs brought to the shelter ever
return to their family.
Because you care about your animals, your home is as secure as possible. But
thefts, accidents and natural desasters such as fires and earthquakes, do
happen - even to caring and responsible pet owners like you. Despite your best
efforts, your animal could get loose and become lost.
That's why your newly adopted friend has become part of our new Campaign to
Help Identify Pets (CHIP).
PHS is working in conjunction with InfoPet, maker of computerized identification
microchips, to expand our lost and found services. With the new microchip
implant program, we hope to reunite as many animals as possible with their
families.
High-Tech Identification:
-------------------------
When you adopted your animal, a tiny microchip implant, no larger than a grain
of rice, was implanted under his/her skin.
There was no additional cost for this implant, and the procedure was easy and
required no anesthetic. It was as simple as a routine vaccination.
The microchip contains a unique I.D. number which can be activated by a special
hand-held scanning device (much like bar codes in grocery stores). In the
future, if your animal becomes lost and is brought to the shelter or a local
participating veterinary hospital, his/her unique I.D. number will be read by
the scanner.
This number can then be traced through a computer database that stores vital
information such as your name, address and phone number. If your animal was
adopted from PHS, his/her records will be kept on a computer at our shelter,
and InfoPet's national registry, will list the PHS Adoptee" and our phone number
next to his I.D. number. When other, non-PHS aniamls are "chipped" by a private
veterinarian, their records go on file directly with th InfoPet national
computer registry.
InfoPet National Registry:
--------------------------
Although your adopted pet is automatically registered with PHS, for an
additional fee of $30 you can also register your animal directly with the
InfoPet national registry. (To do so, use the InfoPet form that was given to
you at the time you brought your animal home from the shelter.) The InfoPet
database is accessable 24 hours a day and can be reached by calling toll free
1-800-INFOPET.
If you choose to register directly with InfoPet, they will replace the PHS
Adoptee listing with your animal's record which includes your name, address,
phone number, and other facts that will be helpful to someone trying to
reunite you with your pet.
Regardless of where you are registered, however, keep in mind that the
registries are only helpful if they are kept up to date with current
information. If you move or change your phone number, be sure to notify PHS
and/or InfoPet right away.
Licensing and Microchip Identification:
---------------------------------------
The microchip does not replace the need to license your animal with the
San Mateo County Animal Services Division. By law, every dog and cat must be
licensed and have proof of rabies vaccination. In addition, under the current
ordinance in the unincorporated areas of San Mateo County, dogs and cats must
be spayed or neutered unless the owner possesses a breeding or unaltered
animal permit.
You have 60 days to licenses your animals(s). A current tag should be worn by
both dogs and cats at all times. However, the microchip implant is an acceptable
alternative to waaring a tag for cats only.
Dogs are encuraged to have the implant in the event their collar is broken
or lost.
Commonly Asked Questions:
-------------------------
Q) How is the chip implanted? Is it painful?
A) Done with a specialized sterile needle containing the chip, the injection
is simple and requires no anesthetic. The procedure takes seconds and causes
no more discomfort than a routine injection.
Q) Is the chip large? Will it bulge under the skin?
A) The microchip is 11 mm in length or the size of a grain of rice. Once
implanted it is invisible from the skin's surface.
Q) Will the chip move around in my animals body?
A) No, it is injected under the skin. The body naturally forms a wall around
the chip and keeps it secure.
Q) Will the implant mictrochip cause any medical problems?
A) No, it is made of bio-comptible glass which is naturally accepted by the
tissue of your animal.
Q) Why should I microchip my animal when he already has a license or never
goes outside?
A) For extra protection. Animals can accidently escape the confines of your
home or lose their collars in a variety of situations.
Q) Can the I.D. number be changed?
A) No, it is unalterable and provides permanent identification.
Q) Can the information be accidently erased or deactivated in any way?
A) The microchips have a lifespan of approximately 20 years. To date, no chip
has gone inactive.
Q) Can other companion animals get the microchip implant?
A) Right now PHS will only implant adopted cats and dogs. Howerver, microchips
have been implanted in other animals. Contact InfoPet or your local veterinarian
for more information.
Q) Are all microchips the same? Can the InfoPet chip be read by other company
scanners?
A) No, unfortunately there are several different companies currently producing
microchips and scanning devices. At this time, most of the chips can only be
read by the scanning devices produced by the sanme ccompany. It is our hope
that a common scanning device will be available in the future.
In the meantime, PHS will check each animal brought to the shelter first for
the InfoPet chip (the chip being used throughout San Mateo County) and then for
the other chip that is being used in a few other communities in the bay area.
Q) What happens if I move out of the area?
A) Notify InfoNet's computer bank (Tool-Free: 1-800-INFOPET), then contact
your new veterinarian, aniaml shelter or humane society in your new location
to find out if they have the InfoPet microchip scanning program available.
For More Information, Please call:
(415) 340-7022, ext.320
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lile Elam | "Remember... No matter where you go, there you are."
lile@netcom.com |
Un*x Admin / Artist | Buckaroo Banzai
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: lile@netcom.com (Lile Elam)
Date: 9 Mar 1994 11:15:00 GMT
Subject: CHIPS... (what ended up happening to Hawke...)
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
I have received about 200 email messages from people who were concerned
about this issue... About 90% of the responses were against the
microchip implants... The 10% remaining, thought the chip was a good
idea and a small percentage felt that the chip should be implanted in
humans (mostly babies). I am continuing to receive responses from all
over the net... :)
I still feel that the C.H.I.P. program is not good.
As for the chip, I ended up getting Hawke *without* the chip. The
adoption coordinator went to her boss with my complaint and then was
sent to the director of the Peninsula Humane Society. She fault hard
for me and was able to get the cat to me without a chip. She is a
vegetarian like myself.
Turns out that they decided the chip was not vital to the life of the
animal and that putting it to sleep because I would refuse it with a
chip, was vital to it's life.
I took Hawke home yesterday and he has been recovering from the pound.
He started eating again and after I wiped him down with a warm cloth
(several times), he started to clean himself. This is a really good
sign. :) I noticed last night that he had nightmares in his sleep. I
guess it will take awhile for him to get over it...
I am so glad I said "No" to the chip. I feel so much better and feel
that I not only took a stand for animal rights but I also took a stand
for human rights. I feel we have to stand up to such situations or we
will be in a place that we will not want to be, before too long.
-lile
ps. Please note that the chip is still not an option. I just received
an exemption from the rule. All animals leaving the shelter are still
required to have the chip. There is still a battle to be won though.
Because of this, I have sent email to the San Jose Murcery News in
hopes that they will bring this issue up to the public in the Bay
Area.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lile Elam | "Remember... No matter where you go, there you are."
lile@netcom.com |
Un*x Admin / Artist | Buckaroo Banzai
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
End of Computer Privacy Digest V4 #040
******************************
.