Date: Tue, 19 Jul 94 10:51:32 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#008
Computer Privacy Digest Tue, 19 Jul 94 Volume 5 : Issue: 008
Today's Topics: Moderator: Leonard P. Levine
University of New Mexico use of SSN as ID
Monitoring of International Calls and Clipper
Privacy at risk: Educational Records
Re: Video Camera on Utility Poles
Re: Video Camera on Utility Poles
Re: Video Camera on Utility Poles
Re Sprint Canada and SIN
Re: Clipper security and other lies
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: ead@netcom.com
Date: 17 Jul 1994 13:15:31 -0700
Subject: University of New Mexico use of SSN as ID
Organization: Netcom
Folks,
What do you make of this paragraph from the application to the
University of New Mexico's Office of Graduate Studies:
The University of New Mexico uses students' social security
numbers as identification at the University. The number is used
for record- keeping purposes only. The authority to use the social
security number comes from the Board of Regents and was adopted on
March 24, 1967. It is mandatory, therefore, that students disclose
their numbers in order to enroll at UNM.
Is this permitted even if the University complies with the Family
Educational Rights and Privacy Act of 1974 (the "Buckley Amendment"),
which prohibits them from giving out personal information (e.g. the
SSN) on students without permission?
Thank you,
Eric De Mund <ead@netcom.com>
------------------------------
From: ninjo@MIT.EDU
Date: 18 Jul 94 19:32:08 EDT
Subject: Monitoring of International Calls and Clipper
I have been following the Clipper debate and I have a question for all
of you Privacy readers out there.
A. to my understanding the NSA monitors all international
commmunications without the need to get any judges approval.
B. with the clipper chip, wouldn't the NSA need to have all the
escrowed keys at their disposal, in order for them to continue this
monitoring?
The reason I bring this up is that, in all the proposals for the
clipper that I've seen. There is supposed to be a third party that is
entrusted with the escrowed keys. Seems to me that, the NSA's proposal
is not entirely realistic. I wonder if the drafters of this proposal
realized this.
-- John Muir Kumpf
ninjo@mit.edu
robot fish 'r' us
------------------------------
From: cpsr-announce@cpsr.org
Date: 18 Jul 1994 18:03:24 -0700
Subject: Privacy at risk: Educational Records
Seattle CPSR Policy Fact Sheet
K-12 Student Records: Privacy at Risk
---------------------------------------------------------------------------
TOPIC
The U.S. education system is rapidly building a nationwide network of
electronic student records. This computer network will make possible the
exchange of information among various agencies and employers, and the
continuous tracking of individuals through the social service, education
and criminal justice systems, into higher education, the military and the
workplace.
WHAT IS THE ISSUE?
There is no adequate guarantee that the collection and sharing of personal
information will be done only with the knowledge and consent of students or
their parents.
Changes Are Coming to Student Records
National proposals being implemented today include:
- An electronic "portfolio" to be kept on each student, containing
personal essays and other completed work.
- Asking enrolling kindergartners for their Social Security Numbers,
which will be used to track each student's career after high school.
- Sending High school students' transcripts and "teachers' confidential
ratings of a student's work-related behavior," to employers via an
electronic network called WORKLINK.
At the heart of these changes is a national electronic student records
network, coordinated by the federal government and adopted by states with
federal assistance.
Publication 93-03 of the National Education Goals Panel, a federally
appointed group recently empowered by the Goals 2000 bill to oversee
education restructuring nationally, recommends as "essential" that school
districts and/or states collect expanded information on individual
students, including:
- month and extent of first prenatal care,
- birthweight,
- name, type, and number of years in a preschool program,
- poverty status,
- physical, emotional and other development at ages 5 and 6,
- date of last routine health and dental care,
- extracurricular activities,
- type and hours per week of community service,
- name of post-secondary institution attended,
- post-secondary degree or credential,
- employment status,
- type of employment and employer name,
- whether registered to vote.
It also notes other "data elements useful for research and school
management purposes":
- names of persons living in student household,
- relationship of those persons to student,
- highest level of education for "primary care-givers,"
- total family income,
- public assistance status and years of benefits,
- number of moves in the last five years,
- nature and ownership of dwelling.
Many of these information categories also were included in the public draft
of the 'Student Data Handbook for Elementary and Secondary Schools',
developed by the Council of Chief State School Officers to standardize
student record terminology across the nation. State and local agencies
theoretically design their own information systems, but the handbook
encourages them to collect information for policymakers at all levels.
Among the data elements are:
- evidence verifying date of birth,
- social security number,
- attitudinal test,
- personality test,
- military service experience,
- description of employment permit (including permit number,)
- type of dwelling,
- telephone number of employer.
WHO CAN ACCESS THIS COMPREHENSIVE INFORMATION?
Officers, employees and agents of local, state and federal educational
agencies and private education researchers may be given access to
individual student records without student or parent consent, according to
the federal Family Educational Rights and Privacy Act of 1974 (20 USC
1232g) and related federal regulations (34 CFR 99.3). Washington state law
echoes this federal law.
WHAT IS COMING NEXT?
Recent Washington state legislation (SB 6428, HB 1209, HB 2319) directly
links each public school district with a self-governing group of social
service and community agencies that will provide services for families.
This type of program is described in detail in the book, Together We Can,
published jointly by the U.S. Department of Education and the U.S.
Department of Health and Human Services. The book speaks of "overcoming
the confidentiality barrier," and suggests creating centralized data banks
that gather information about individuals from various government agencies -
or in other ways ensuring agencies, "ready access to each other's records."
The book calls for a federal role in coordinating policies, regulations and
data collection. A group in St. Louis, MO, called Wallbridge Caring
Communities, is cited as a model for seeking agreements to allow computer
linkups with schools and the social service and criminal justice systems to
track school progress, referrals and criminal activity.
WHAT HAPPENED TO ONE COMMUNITY
In Kennewick, WA, over 4,000 kindergarten through fourth graders were rated
by their teachers on how often they lie, cheat, sneak, steal, exhibit a
negative attitude, act aggressively, and whether they are rejected by their
peers. The scores, with names attached, were sent to a private psychiatric
center under contract to screen for "at-risk" students who might benefit
from its programs. All of this was done without the knowledge and consent
of the children or their parents.
CPSR's POSITION
CPSR Seattle believes that schools other agencies should minimize the
collection, distribution and retention of personal data. Students and/or
their parents should decide who has access to detailed personal
information.
CPSR ACTIONS
Representatives of CPSR Seattle have gone to Olympia to:
- oppose the use of the Social Security Number as the standard student
identifier,
- urge legislators to set educational goals that can be measured without
invading privacy,
- oppose turning over individual student records to law enforcement
officials apart from a court order or official investigation.
Computer Professionals for Social Responsibility - Seattle Chapter
P.O. Box 85481, Seattle, WA 98145-1481 (206) 365-4528
cpsr-seattle@csli.stanford.edu
--- CPSR ANNOUNCE LIST END ---
------------------------------
From: tnyurkiw@laplace.uwaterloo.ca (Tom Yurkiw)
Date: 18 Jul 1994 00:09:38 GMT
Subject: Re: Video Camera on Utility Poles
Organization: University of Waterloo
bernie@fantasyfarm.com (Bernie Cosell) writes:
Tom Yurkiw writes: ... A person standing on a side street in the
middle of the night has an expectation of privacy, wheras a person
in the town square with 8 cameras pointed at him does not.
Is this a tenet of estabished law about 'expectations of privacy', or
just your opinion?
No, this is not a tenet. This is my own opinion.
I am amazed at how quickly many advocates of one thing or another
leap to paint a solid black or white world, when reality is, of
course, zillions of shades of gray [even if one entertains your
distinction, it only raises more questions than it answers:
No, I see a clear distinction between *hidden* cameras and visible cameras.
Overall, I think that folks are rather liberal with deciding that
there are "expectations of privacy" in arenas where the law doesn't
make any such distinction. [in particular, as far as I know, if
you are out in public [that is, not on private property] you have
virtually no 'expectation of privacy', no matter whether it is
midnight or noon, or the Rose Garden or a back alley]
I wasn't aware that legal expertise was necessary to discuss privacy
issues. I'm not really interested in the legal/constitutional
implications, since they will differ greatly among jurisdictions.
Unquestionably, people have the right to operate all the cameras they
want, as long as they don't trespass while doing it. My concern is
with *government-operated* cameras.
Personally I find the concept of state-operated hidden cameras to be
repugnant. I do, however, believe that cameras in public places can
sometimes be justified. Recently, the City of Hull, Quebec decided to
place video cameras along the main bar strip, due to the large number
of fights, stabbings, vandalism, and shootings that have happened in
the past. No one walking along "the strip" in Hull on Saturday night
has an "expectation of privacy" (not meant in the legal sense). As
long as publicly-operated cameras are visible, they can be properly
evaluated by the citizens, as to their effectiveness and whether their
use is justified. No such evaluation is possible if the state puts
hidden cameras all over the place.
------------------------------
From: jgd@dixie.com (John De Armond)
Date: 17 Jul 94 23:28:30 GMT
Subject: Re: Video Camera on Utility Poles
Organization: Dixie Communications Public Access. The Mouth of the South.
A couple of posts addressed here:
tnyurkiw@lambert.uwaterloo.ca (Tom Yurkiw) said: hopefully in
Singapore! Better yet, the homeowner is watching in real-time and
is forced to subdue said Armondite while making a citizen's
arrest. Of course, the homeowner isn't trained in the niceties of
restraining someone painlessly...
But since Mr. De Armond is trained in self-defense and is always armed,
he dispatches Mr. Kiw (see, dropping the first syllable of a name can
be fun) with a double-tap to the chest.
flash@csd.uwo.ca (Andrew D. Marshall) said: Professor Levine raises
an interesting point. I read John De Armond's post -- in fact, I
chose to read the thread because my newsreader showed that he was a
contributor to it. I have often seen posts in other newsgroups
from him (the one that springs to mind first is
misc.consumers.house) and, while I don't always agree with what he
has to say, I often find his posts entertaining. The post in this
thread attributed to De Armond was consistent stylistically, and in
the point of view expressed, to what I've seen elsewhere under his
name.
The more general issue, which I suspect has been hashed out here
and elsewhere, is that of writing style being used to identify an
article's writer or, to extend Professor Levine's suggestion, even
being used to discredit a writer by imitating his or her style.
But like any good writer, I can write in a number of voices and I find
the net to be an exquisit place to practice and perfect that art.
Though I don't do it so much anymore because of lack of time and
interest, I have in the past used two other identities on other hosts
for the purpose. Both identities are still active and I occasionally
use them. In some instances, my alter-ego has debated me on a topic
just to spice things up or when I thought the other side was doing such
an incompetent job of stating its case that debate was dying.
I mention this for a couple of reasons, not the least of which is to
send some of my "fans" off on a frenzy trying to figure out who my
alter-egos are. Yes, I'll tell you if you guess correctly - I can
always establish another.
The larger point is, however, that there is nothing one can to truly
validate one's identity or to protect one's privacy. PGP and other
crypto products? Not hardly. As long as one can get an account
somewhere, as long as open hosts exist, as long as open NNTP servers
exist, anyone can create any identity one desires AND make it appear
authentic including PGP keys. I don't use PGP because I have no need
but if I did, I'd have public keys available for all my identities.
So not only do I have to keep my SIN/SSN private, and guard my bank
card PIN and all that stuff, if I truly want to maintain my
privacy, I probably shouldn't be posting on the net.
Not really. This is the other important point I want to make. One can
much better preserve his privacy by obscuring reality with noise than
he can by trying to build a fort around it. Noise is simply false
information presented to appear real.
John
--
John De Armond, WD4OQC, Marietta, GA jgd@dixie.com
Performance Engineering Magazine. Email to me published at my sole discretion
Respect the VietNam Vet, for he has survived every attempt by this country
to kill him.
------------------------------
From: glr@ripco.com (Glen Roberts)
Date: 18 Jul 1994 16:12:32 GMT
Subject: Re: Video Camera on Utility Poles
Organization: RCI, Chicago, IL
Tom Yurkiw (tnyurkiw@lagrange.uwaterloo.ca) wrote: To me, the issue
of video cameras **hidden on utility poles, is completely different
than the question of **visible cameras in public places. A person
standing on a side street in the middle of the night has an
expectation of privacy, wheras a person in the town square with 8
cameras pointed at him does not.
Which came first? The Chicken or the Egg?
For example, many would feel that sitting in a restruant, seeing no one
else around, would give us an expectation of privacy on our
conversations, but Dunkin-Donuts at 300 locations in MA says no, and
installs audio monitoring device (for security).
Does the FACT that someone can put in monitoring devices (visible or
not) affect our expectations of privacy?
Are you not arguing that privacy invasion is OK everywhere... because
once the invasion device is installed VISIBLY we have no expectation of
privacy there anymore?
Or, is the installation of such devices an invasion of our privacy, and
something that should be prohibited?
--
--------------------------------------
Glen L. Roberts, Publisher, Directory of Elect Surv Equip Suppliers
Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central)
Box 734, Antioch, Illinois 60002 Fax: (708) 838-0316
Voice/FAX on demand: (708) 356-9646
--------------------------------------
------------------------------
From: at372@freenet.carleton.ca (David Mitchell)
Date: 18 Jul 1994 04:16:13 -0400
Subject: Re Sprint Canada and SIN
Michael Slavitch wrote of his encounter with Sprint Canada and its
demand for his Social Insurance Number, a demand that was later dropped
due to "customer requests". Sprint uses the numbers for customer
identification.
In Canada, it is illegal to require SIN for a purpose such as that
proposed by Sprint. Unfortunately, requiring SSNs seems to be legal in
the US and most US companies don't think to check to see if we do
things differently.
Since SINs are sensitive and important information, and not the kind of
thing that you would want to fall into the wrong hands, the law only
requires that they be disclosed for certain purposes. Obviously,
governments can demand them - that's why they came into existence int
he first place. Also, since SINs are used for tax purposes, persons
who have to provide information to Revenue Canada about you can demand
your number. This group includes financial institutions and
employers.
Given the damage that can be done if the wrong person has your SIN, it
is good practice to refuse to give it out if it isn't required. It
would be nice if it were not only illegal for companies like Sprint o
demand your SIN, but also illegal to ask for it. However, this would
produce howls from the legion of US companies that object to amending
forms and filing systems for Canada.
--
David Mitchell Tel: (604) 370-1731
Faculty of Law Email: ul155@freenet.victoria.bc.ca
Victoria, BC at372@freenet.carleton.ca
------------------------------
From: barmar@Think.COM (Barry Margolin)
Date: 18 Jul 1994 21:00:44 GMT
Subject: Re: Clipper security and other lies
Organization: Thinking Machines Corporation, Cambridge MA, USA
lupienj@wal.hp.com (John Lupien) writes: A better question might be
"what would the cop do if they DID have Clipper?" Unless the
suspect is not only crooked but stupid, they won't be using Clipper
for sensitive communications.
Crooks currently use ordinary, unencrypted phones for sensitive
communications. Clipper phones are at least as secure as unencrypted
phones, so why wouldn't they use them?
--
Barry Margolin
System Manager, Thinking Machines Corp.
barmar@think.com {uunet,harvard}!think!barmar
------------------------------
End of Computer Privacy Digest V5 #008
******************************
.