Date: Fri, 29 Jul 94 10:30:55 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V5#014
Computer Privacy Digest Fri, 29 Jul 94 Volume 5 : Issue: 014
Today's Topics: Moderator: Leonard P. Levine
National ID Card Idea Resurfaces
Re: Many Phone Taps are now Legal
Re: Many Phone Taps are now Legal
Re: Questions about using "discussion list" membership lists
Re: Questions about using "discussion list" membership lists
Re: Questions about using "discussion list" membership lists
Is License Plate No. a Key to Personal Info?
Re: Government E-Mail Directive
Re: Credit Card Opt Out?
---------------------------------------------------------------------
Housekeeping information is located at the end of this Digest.
----------------------------------------------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Jul 1994 08:21:06 -0500 (CDT)
Subject: National ID Card Idea Resurfaces
Organization: University of Wisconsin-Milwaukee
Taken from EPIC Alert 1.05 Published by the Electronic Privacy
Information Center (EPIC) Washington, DC (Alert@epic.org)
National ID Card Idea Resurfaces
On July 12, CBS Evening News reported that the National Commission on
Immigration Reform, a bipartisan group formed by the 1990 Immigration
Reform Act, was planning to recommend a national identity card for all
persons in the United States for the purpose of verifying employment
eligibility and facilitating transactions with government agencies.
CBS reported that each card will contain a name, photo, fingerprints,
magnetic stripe with info and a "verified SSN." The network reported
that the program would be implemented by age group over a number of
years.
The proposal was reportedly supported by Senator Alan Simpson of
Wyoming, a long-time supporter of ID cards. California Gov. Pete Wilson
has offered to make California a test-bed for the proposal. The
proposal was opposed by Xavier Beccera, a Congressman from California,
who expressed concern over cost and privacy issues. The Secret Service
has testified that a secure card system could be developed for an
estimated $2 - 4 billion but cautioned that within a few months, forged
cards would be available.
The day after the CBS report, the Commission issued a press release
stating that it was still in the process of completing a draft report
which is due on September 30. The release stated that the commission
"has not proposed a national identity card. Citizens will not be
required to carry a photo ID with fingerprints to prove that they are
legally in the United States, despite media reports." The Commission
said it would investigate a "simple, fraud resistant way of verifying
authorization to work, building on information the government already
maintains...."
Former Congresswoman Barbara Jordan will testify before the Senate
Judiciary Committee on August 3, 1994 regarding the preliminary
recommendations of the Commission on Immigration Reform for a
"Workplace Eligibility Card." Expect heated debate about the use of the
card as a national identifier, and also questions about the use of the
Social Security Number and linkages to the Social Security
Administration databases.
There have been several attempts in the past 20 years to implement ID
cards. Congress rejected proposals in 1986 and 1990 by Sen. Simpson to
require identity cards for employment. Martin Anderson, a former aide
to President Reagan also reported that Reagan rejected an ID card in
1981.
EPIC is working with Privacy International and several domestic groups
to investigate this issue. PI has led successful campaigns against
national ID cards in Australia, New Zealand and the Philippines.
------------------------------
From: Chuck Weckesser <71233.677@compuserve.com>
Date: 28 Jul 94 09:43:00 EDT
Subject: Re: Many Phone Taps are now Legal
One writer is mistaken when he states that "all" cordless phones are
fair game. One, available from the Sharper Image (A Uniden model)
operates on the 900 mghz range, making "accidential" interception
impossible.
P.S. Drawback: Phone currently costs $350 or so, but I think it's worth
it.
------------------------------
From: eck@panix.com (Mark Eckenwiler)
Date: 28 Jul 1994 09:43:03 -0400
Subject: Re: Many Phone Taps are now Legal
Organization: Uvula Debentures
71604.710@compuserve.com sez: The Electronic Communications Privace
Act (ECPA) defines protected communications, specifies the legal
requirements for interception and sets out the process for
authorizing interception. The ECPA specifically refers to the
handset to base portions of "cordless telephones" and permits
interception of that portion without any legal process (warrant).
The law draws a distinction between the handset to base portion of
the call, which it equates with all other radio communications
governed by the FCC; and the rest of the call (from the base to the
telephone company equipment). The terminology is different, but
the legal concept is exactly as related by Anderson. Basically,
the radio portion of a "cordless telephone" call is fair game.
Correct: ECPA excludes cordless calls from its penalty provisions.
Incorrect in several US jurisdictions: The radio portion of a "cordless
telephone" call is fair game.
from the draft misc.legal FAQ (really, I'll finish this year):
Q. Can I listen to cordless phone calls on my scanner legally?
A. It may be illegal, depending on which state you live in.
Cordless phone transmissions are explicitly exempted from the
protection of Title III, the federal eavesdropping/wiretap statute.
(As of this writing in Feb. 1994, however, the proposed Digital
Telephony legislation would extend coverage, making it a felony
comparably to tapping a normal wire-based phone conversation.)
Some states already protect such calls. The applicable eavesdropping
statute in NY is Penal Law sec. 250.05. Court decisions expressly
applying it to cordless phone calls include _People v. Fata_, 159
A.D.2d 180, 559 N.Y.S.2d 248 (2d Dep't 1990) and _Sharon v. Sharon_,
147 Misc. 2d 665, 558 N.Y.S.2d 468 (Sup. Ct. Nassau Cty. 1990).
Similarly, Connecticut's Supreme Court has interpreted that state's
general eavesdropping statute to cover cordless phone transmissions.
See State v. McVeigh, 224 Conn. 593, 620 A.2d 133 (1993). And in
California, listening in on cordless phone conversations is explicitly
prohibited by Penal Law Section 632.6.
Some people on Usenet have made repeated claims that a recent Supreme
Court decision invalidates these state laws. These same people have
never been able to identify the case in question, and a brief
investigation leads this author to conclude that no such case exists.
(I'll add this supposed case to the FAQ as soon as someone furnishes a
name or a cite for it.)
------------------------------
From: mkellis@ritz.mordor.com (Michael Ellis)
Date: 28 Jul 1994 15:58:22 GMT
Subject: Re: Questions about using "discussion list" membership lists
Organization: Mordor International BBS
David Bridge, MSC VAX System Manager (DAVID@SIMSC.SI.EDU) wrote: We
are compiling a "Directory" of people and their e-mail addresses in
one subject area (museums, museum staff, cultural organization, and
museum-related organizations) currently using the various worldwide
electronic networks. [...] THE PROBLEM: It has been suggested
that it would be very wrong for us to gather names from these
distribution list, (even though they are public domain in my
opinion) and include them in the directory without the explicit
approval of the individuals. We know that laws, customs, ethics,
and netiquette vary from country to country. Including names and
addresses from these discussion lists will be a VERY important and
major contribution to the final directory, if they can be
included.
Fourth Possibility: Compose an email message to the various mailing
list stating who you are, what you're trying to do, and why, and ask
that interested parties send *you* their names and email addresses.
This way you can communicate with everyone (via the list, since pretty
much anything on-topic for these lists is 'appropriate' so long you do
it via the list, and not via individual email). Those who respond
affirmatively get put on your final list. Those who do not respond or
who respond negatively are not put on your list.
This doesn't completely solve the problem of unsolicited email: you're
emailing to them via the mailing list rather than via individual
addresses, but it's still unsolicited. But it shows greater
sensitivity to those on the lists, and maintains the veneer of privacy:
lists are easily subscribed or unsubscribed to, so you're not tracking
them by their actual email address, merely by a general mailing list.
Does using the names of a public list, WITHOUT permission
constitute an invasion of privacy ?
I think so. Keep in mind that, if public mailing lists become a source
of names for this sort of thing, people will move over to concealed
lists entirely rather than put up with the hassle. An email, even one
where subscribers can be reviewed rather easily, is still a private
thing: an explicity association of that person with that list. If it's
considered poor form to cull email addresses out of news messages (like
this one) then it's doubly so to do that out of mailing lists.
If we include the names without permission, is it: completely
legal, "bad form", poor netiquette, or illegal ?
Can't answer you legally. It's definitely bad form and poor
netiquette.
I tend to think that the key to understanding the Net is using the
concept of explicit association: people will delve into areas where
they have an interest, and will associate via their own free will.
Postings made in public areas may serve to attract people to the
subject (FAQs, announcements in appropriate places, WWW sites, etc),
but it's not polite to solicit information (or gather it) without that
explicit association.
Therefore: just because I post here, or subscribe to a firewalls
mailing list, for example, doesn't mean I want everybody and their
brother who has interests along those lines to be gathering my email
address and sending me ads, putting me on lists, etc. If I want to
know about your organization, the best way to let me know about it is
to post about it in an 'announce' newsgroup (or to the mailing list, if
the list memebers aren't adverse to that sort of thing), and then let
me come to you.
--
Michael K. Ellis
mkellis@mordor.com
------------------------------
From: nevin@cs.arizona.edu (Nevin Liber)
Date: 27 Jul 1994 19:13:29 -0700
Subject: Re: Questions about using "discussion list" membership lists
Organization: University of Arizona CS Department, Tucson AZ
David Bridge, MSC VAX System Manager <DAVID@SIMSC.SI.EDU> wrote:
2. We could post a message to each list about our project, and
that their names and addresses will be included after some date,
UNLESS they issue the conceal command (with instructions on how to
do that).
How about:
4. You could post a message to each list about your project, and that
their names and addresses will be included if and only if they send you
a confirmation message.
It seems that you are of the opinion that most people would not want
their name and email address to be published here. If this is true,
then of course it is "wrong" to publish this list. If it is not true,
then be up front with them.
Me, personally: if you were up front and asked if I minded that you
published my email address in association with one of my interests, I
would probably say no problem. If you were sneaky about it and did it
behind my back deliberately, then I might, if mad enough, give you lots
of negative publicity (especially to anyone who sends me a message of
the form: I got your name out of this published book). Then again, I
might not care (eg: the Internet White Pages).
It's not just my name and email address you are publishing; you are
also implying (no matter how many disclaimers you put on) and
affiliation of me with some group.
Does using the names of a public list, WITHOUT permission
constitute an invasion of privacy ?
I would say yes, if the expectation of being on that list is private.
Generally, people don't like information being gathered about them.
If we include the names without permission, is it: completely
legal,
You probably won't lose a lawsuit based on it.
"bad form", poor netiquette,
I would consider it both of these.
or illegal ?
Probably not. Ask your lawyers, not us.
Coincedentally, this issue is relevant to me right now. A couple of
days ago, I got a piece of email to an old address of mine, with
someone asking me for information on software engineering. I politely
asked the person where they got my address from. It seems that some
software engineering newsletter published my email address for some
unknown reason (to me). I have no clue as to who did this, and I have
no idea why someone is using my name and associating it with something
to do with software engineering.
--
Nevin ":-)" Liber nevin@cs.arizona.edu (602) 293-2799
+++ (520) after 3/95
summer office: (602) 621-8112
Only 16 more shopping days 'til my birthday (August 12th)!!
------------------------------
From: kec@stubbs.ucop.edu
Date: 28 Jul 94 13:49:56 PDT
Subject: Re: Questions about using "discussion list" membership lists
Organization: University of California, Berkeley
Though I am a fairly seasoned list user, and I save the "about this
list" info that I get with each subscribe, almost none of the lists
made clear to me whether the default on the list was "conceal" or "no
conceal". And in almost all cases, the default was that my name was
not concealed.
So though the function is there and the lists are "public," I don't
think that most people on lists are aware that their email address can
be obtained with a simple command. For that reason, I think you should
follow your #2 plan:
2. We could post a message to each list about our project, and
that their names and addresses will be included after some date,
UNLESS they issue the conceal command (with instructions on how to
do that).
because it would be an education to the people on the lists about the
issue of their privacy. I don't think that list subscriber's names
should be public unless subscribers themselves explicitly make them
so.
--
Karen Coyle
CPSR/Berkeley chapter
------------------------------
From: harris.jarnold@ic1d.harris.com (Jon Arnold)
Date: 28 Jul 1994 12:36:42 GMT
Subject: Is License Plate No. a Key to Personal Info?
Organization: Harris Corp - ATCSD
While watching channel 6 late news last night, they did a short clip on
the fact that in Florida, if you get a vehicle's license plate number,
you are *readily able* to get the owner's name, date of birth, *social
security number*, address, etc. I can't believe this!?! The example
used in the clip was that if for example somebody cut you off while
driving and you got the license number, you could go to any tax
collector's office and simply ask for the information, and they are
*required* to give it to you.
There MUST be more to the story than this!?! The clip went on to say
that this law was repealed in California a few years ago because some
woman was stalked & killed by somebody who got information about her
this way. Is there a bright side to this law? Surely it can't be as
"open" as the news clip suggests?
--
harris.jarnold@ic1d.harris.com
------------------------------
From: newcombe@aa.csc.peachnet.edu (Dan Newcombe)
Date: 22 Jul 1994 14:58:58 UNDEFINED
Subject: Re: Government E-Mail Directive
Organization: Clayton State College
huggins@quip.eecs.umich.edu (Jim Huggins) writes: shown each time I
used it, but I disregarded them.) The theory being, of course,
that IBM wasn't paying for Internet access so that I could talk for
free with my girlfriend (now my wife).
I thought that for Internet access, places paid one flat annual fee.
So what difference does it make. It would seem you'd be getting your
moneys worth if people used it more and more.
--
Dan Newcombe newcombe@aa.csc.peachnet.edu
Clayton State College Morrow, Georgia
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"And the man in the mirror has sad eyes." -Marillion
------------------------------
From: "BETH GIVENS" <B_GIVENS@USDCSV.ACUSD.EDU>
Date: 28 Jul 1994 16:26:28 -0700 (PDT)
Subject: Re: Credit Card Opt Out?
Organization: Privacy Rights Clearinghouse, USD
Clarification for Eric Smith regarding California's new opt-out law for
credit cards. As far as we know, the new law in California is unique in
the country. No, this is not already a federal law. The proposed
amendments to the Fair Credit Reporting Act would require credit
*reporting* companies to offer consumers an opt-out from solicitations
generated from their files, a requirement that California passed into
law last year.
It's important to make the distinction between laws that affect credit
reporting companies (TRW, Equifax, Trans Union), and laws that affect
credit card companies. California's new opt out law is aimed at credit
*card* companies. A similar law passed last year in California was
aimed at credit *reporting* companies. Both laws give *California*
consumers some measure of control over the use of their personal
information for "junk mail" solications based on the transactional
information generated from credit transactions.
In general, we see the ability to control the use of one's *transaction
generated information* as being one of the key privacy issues to be
debated as the so-called information superhighway is developed.
--
Beth Givens, Privacy Rights Clearinghouse, Univ. of San Diego
------------------------------
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
End of Computer Privacy Digest V5 #014
******************************
.