Date: Wed, 29 Mar 95 14:45:49 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#031
Computer Privacy Digest Wed, 29 Mar 95 Volume 6 : Issue: 031
Today's Topics: Moderator: Leonard P. Levine
Re: Proving your Citizenship
Re: Proving your Citizenship
EPIC Statement on Communications Decency Act
Commerce Dept. to Recommend Relaxing Crypto Export Control
Maryland Debates Online Privacy
Re: Can My Neighbor Peruse my Medical Records?
Re: Can My Neighbor Peruse My Medical Records?
Press Release by Wisconsin Privacy Ombudsman
Re: Fair Information Practices
Copyright vs Freedom on the GII
Nationwide Electronic Open Meeting - Call for Public Access Sites
Intelligent Transport Systems
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: dale@winternet.com (Dale Borgeson)
Date: 28 Mar 1995 00:28:34 GMT
Subject: Re: Proving your Citizenship
Organization: StarNet Communications, Inc
Mara Smith (msmithn@129.174.1.13) wrote: enough to prove my
citizenship at a SSN office. So I handed over my military I.D.
card--I was active duty at the time. THAT wasn't good enough--the
SSN office employee did not know you had to be a citizen to serve
in our military and I had no luck trying to convince her. She
Unless the laws have changed since I was in the Navy in the late 60's
you don't need to be a US citizen to serve in the US military or be
subject to the draft (when there was one). You do (did, at least) have
to be a US citizen to get certain levels of security clearance.
There were two non-citizens in my boot camp company: One was Danish and
the other Philipino. There were thousands Philipino's in the Navy and
all were non-citizens when they enlisted. Many became citizens later if
their duties allowed them to meet the requirements.
--
Dale Borgeson Minneapolis, MN U.S.A. dale@winternet.com
------------------------------
From: tron!ops1.bwi.wec.com!cas@uunet.uu.net (Bob Casanova)
Date: 28 Mar 1995 18:21:18 GMT
Subject: Re: Proving your Citizenship
Organization: Westinghouse
John Stanley <stanley@skyking.OCE.ORST.EDU> wrote: There are
millions of Americans who cannot prove US citizenship. They were
born in Canada, Mexico, Chile, Brazil ... In fact, any
{North|South} American country that wasn't the USA.
msmithn@129.174.1.13 (Mara Smith) writes: It doesn't even take
being born in a foreign country; all it takes is a little
ignorance. I was born in Puerto Rico, a U.S. commonwealth whose
citizens are U.S citizens, to U.S. citizen parents who were in the
U.S. military assigned at a U.S. military base in Puerto Rico.
That wasn't good enough to prove my citizenship at a SSN office.
So I handed over my military I.D. card--I was active duty at the
time. THAT wasn't good enough--the SSN office employee did not know
you had to be a citizen to serve in our military
Unless this has changed since the early 60's, this is incorrect. There
were two Canadians in my platoon at Parris Island in late 1963.
--
Bob C.
<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>
<<< Good, fast, cheap! (Pick 2) >>>
<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>
What the net needs is a good bus arbiter
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 27 Mar 1995 22:15:03 -0500
Subject: EPIC Statement on Communications Decency Act
Taken from EPIC Alert Volume 2.05 March 26, 1995 by the Electronic
Privacy Information Center (EPIC) Washington, DC info@epic.org
EPIC STATEMENT ON COMMUNICATIONS DECENCY ACT
March 24, 1995
The Electronic Privacy Information Center opposes the Communications
Decency Act as adopted by the Senate Commerce Committee on March 24,
1995. We believe that the bill is an unconstitutional restriction on
free expression, personal privacy, and intellectual freedom.
EPIC has urged Senator Exon and his staff to explore all
non-legislative solutions before further action on this bill.
Comprehensive hearings are still necessary. We recognize that there is
a genuine concern about the type of materials that are available to
children via the Internet. EPIC also believes that a thoughtful,
long-term solution to this problem will require the participation of
parents and schools, and the development of good technical and
educational measures. We do not believe that the contents of private
communication or the expression of public opinion should be regulated
by the government
The National Center for Missing and Exploited Children has produced a
fine publication for parents and others who are concerned about these
issues. This brochure, "Child Safety on the Information Highway," was
written by Lawrence J. Magid, a syndicated columnist for the Los
Angeles Times. Mr. Magid encourages parents to take an active interest
in the on-line activities of their children, and opposes passage of the
Communications Decency Act. For a copy of the brochure, contact The
National Center for Missing & Exploited Children 2101 Wilson Blvd,
Suite 550, Arlington, VA 22201-3052 or call 1-800-The-LOST
(1-800-843-5678).
EPIC will continue to oppose the Communications Decency Act. We urge
others to do the same.
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 27 Mar 1995 22:15:03 -0500
Subject: Commerce Dept. to Recommend Relaxing Crypto Export Control
Taken from EPIC Alert Volume 2.05 March 26, 1995 by the Electronic
Privacy Information Center (EPIC) Washington, DC info@epic.org
The Bureau of National Affairs reports that the Department of Commerce
will recommend that the United States relax export controls on
cryptography. The recommendations will be presented to the President
in early July. The National Security Agency is expected to release a
report on the availability of foreign encryption software which will
be presented to the President at the same time.
The Commerce Department has also filed a request with the Office of
Management and Budget to collect information on the damage to US
businesses resulting from current export controls.
The Software Publishers Association, in a December survey of
encryption software currently available, identified 407 foreign
encryption products, 120 of which used the Data Encryption Standard
(DES). The SPA found 480 domestic encryption products.
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 27 Mar 1995 22:15:03 -0500
Subject: Maryland Debates Online Privacy
Taken from EPIC Alert Volume 2.05 March 26, 1995 by the Electronic
Privacy Information Center (EPIC) Washington, DC info@epic.org
On March 11, the Maryland House of Delegates held landmark hearings on
online privacy. The hearing marked the first time that a state
legislature had taken up the issue of privacy on the NII.
The bill, SB 524, was prompted by revelations last year that America
Online and other service providers were selling information about their
customers to direct marketers. In the case of AOL, the users were not
informed until after newspapers reported that advertisements for AOL
member profiles appeared in a direct marketing magazine.
The legislation requires that an "online computer service may not
disclose personal information concerning a subscriber to any other
person unless the subscriber ...has received notice ... and consented
to the disclosure." The consent can be in electronic or written
form. Online providers are also required to tell customers up front
what information is being collected, how it is being used, and how
customers can access their records.
Dave Banisar from EPIC testified on behalf of the bill. He argued that
the bill was a modest attempt to protect individual privacy. He noted
that the provisions of the act were already incorporated in the 1980
OECD guidelines on privacy which was endorsed by many US companies in
the early 1980's and the Code of Fair Information Practices, first
developed in 1973.
Opposing the bill were representatives from AOL, AT&T, Sprint, MCI and
the Direct Marketing Association. The online providers argued that
legislation should be placed on hold until national legislation is
enacted, which is highly unlikely this term in Congress. The DMA
strongly opposed the bill. Bell Atlantic, said that they may support
the bill if it were revised to require an opt out. The sponsors of the
bill indicated that they were agreeable to the change.
The bill was sent to a committee for review over the summer break. It
is expected to be reintroduced again next session.
------------------------------
From: robert.heuman@rose.com (robert heuman)
Date: 28 Mar 95 12:06 EST
Subject: Re: Can My Neighbor Peruse my Medical Records?
Organization: Rose Media Inc, Toronto, Ontario.
From: Maryjo Bruce <sunshine@netcom.com> There is an article - "Is
your health history anyone's business" in McCalls magazine. David
Linowes, who chaired the U.S. Pravacy Protection Commission under
presidents Ford and Carter and wrote PRIVACY IN AMERICA; IS YOUR
PRIVATE LIFE IN THE PUBLIC EYE? "conducted a survey of Fortune 500
companies and found that half of them had used medical records to
make hiring decisions, often without informing the potential
employee." Reason: cost of health care. "Linowes expects that a
follow up survey this year will reveal that even more companies now
engage in the practice."
Move to Canada, where no one has to worry about company medical
plans... so this type of action is NOT required.
--
RoseReader 2.52 P001886 Entered at [ROSE]
RoseMail 2.60 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285
------------------------------
From: cm5585@scitsc.wlv.ac.uk (J.Tench)
Date: 29 Mar 1995 17:00:01 +0100
Subject: Re: Can My Neighbor Peruse My Medical Records?
Organization: University of Wolverhampton, U.K.
This bring to mind a television program sometime ago over here, where
they hired several private detective agencies to obtain private
information on certain individuals, including financial and medical
histories. The PI's were surprisingly effective in obtaining very
accurate personal information. Including a celebrity who had had her
daughter treated privately and under a different name, they were able
to identify where the daughter had been treated and what she was
treated for. It is surprisingly easy to get all kinds of private
information on individuals, quite scary really and I don't suppose it's
much different over the pond.
--
~)~. ~)~ _ _ |_ || || ||\ || || || \\ //
(_/ / /') / (' / ) (_ | ) || || ||\\|| || || )X(
Wolverhampton Polyversity ||__| || || \|| \\_// // \\
E_MAIL cm5585@scitsc.wlv.ac.uk UNIX++
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Mar 1995 13:19:51 -0600 (CST)
Subject: Press Release by Wisconsin Privacy Ombudsman
Organization: University of Wisconsin-Milwaukee
FOR IMMEDIATE RELEASE March 1995
Contact: Carole Doeppers
Office of the Privacy Advocate
148 East Wilson St., Suite 102
Madison, WI 53702-0001
(608) 261-6261
The state Privacy Advocate, whose job is threatened by the governor's
proposed budget, Monday called for the development of a State
Information Policy. The Office of the Privacy Advocate, which
officially opened just 11 months ago, was created in response to
concerns raised by rapidly emerging electronic and telecommunications
technologies.
The Privacy Advocate functions under the direction of the Wisconsin
Privacy Council, one of the handful of agencies that would be
eliminated under the governor's proposed biennial budget. According to
Carole Doeppers, the nation's first Privacy Advocate, the impact of
technology on personal and data privacy needs to be considered by both
government and private businesses that use public information. "If
technology is to be utilized to improve efficiency, streamline
record-keeping, track benefit recipients, cut costs and root out fraud,
then standards of fair information practices must be developed and
followed," she said.
With the impending termination of her office at hand, the Privacy
Advocate is approaching her mission with an intensified sense of
immediacy. "I have much to say and not a lot of time to say it,"
Carole Doeppers said.
Doeppers believes that new concerns about data protection and
information privacy result from the ease and speed with which disparate
bits of personal information can be merged, mixed, manipulated and
linked to other information systems. She cited the more than 1,000
databases containing personal descriptors that are maintained by state
agencies as one area of concern for citizens.
"While the databases of the state government are not secret," Doeppers
said, "I am certain that the average citizen is unaware of the vast
amounts of personal information in state and local government records
that are being stored and shared."
The Registry of Records Series, published by the state Records and
Forms Board, identifies and describes records maintained by state
agencies that contain personal information. A quick glimpse at the
Registry reveals that records include: demographic data, legal
documents, employee grievances cases, performance standards and letters
of recommendation.
"There are public records identifying absentee voters, hunters,
pesticide users, and disabled license plate holders to name but a few,"
said Doeppers. "The information contained in these public records must
be released upon request even if the data is reused for private
commercial gain."
She also expressed concern for the privacy of medical information.
Although Wisconsin has strong confidentiality protections for medical
records, "there seem to be gaps in the legal protection," Doeppers
said, "especially when medical information is re-released or
transmitted outside the state."
She referred to the Principles For Fair Information Practices which
were approved by the Privacy Council last November. The standards
range from allowing individuals to access and correct their own
personal information to requiring disclosure when personal information
collected for one reason is then used for some secondary purpose.
Doeppers said that the standards should encourage state and local
agencies to formulate and enforce policies that preserve the integrity
and privacy of identifiable personal information about private
citizens.
"Hopefully the Principles For Fair Information Practices will help to
guide the development of a State Information Policy that balances the
Wisconsin tradition of openness and accountability with reasonable
expectations of personal and information privacy, " said Doeppers.
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 29 Mar 1995 05:35:47 GMT
Subject: Re: Fair Information Practices
Organization: The National Capital FreeNet
A Code of Fair Information Practices
Prepared by Robert Gellman, Washington, D.C.
---------------------------------------------------------
snip
This formulation of a code of fair information practices is
derived from several sources, including codes developed by the
Department of Health, Education, and Welfare (1975); Organization for
Economic Cooperation and Development (1981); and Council of Europe
(1981).
A reference to any code of fair information practices is always useful,
particularly because there are so many people who think that privacy of
databanks only became an issue yesterday, or that it involves computers
in some essential way.
I'm interested in your reference to a 1975 DHEW code. Can you post the
name of the dcocument and it's DHEW publication number? I first read
the term "Code of Fair Information Practices" in the "President's
Letter" section of the April 1995 issue of "Communications of the ACM".
The next month's issue published a statement that the ACM Council had
endorsed an affirmation of support for the Code of Fair Information
Practices.
That particular Code seems to be the one first mentioned in "Records
Computers and the rights of citizens" Report of the Secretary's
Advisory Committee on Automated Personal Data Systems, U. S. Department
of Health, Education and Welfare, July 1973, DHEW Publication No. (OS)
73-97. I believe that the report was reprinted the following year by
MIT Press.
The committee was chaired by ACM member Willis Ware.
Privacy Journal has described this report as a seminal document which
formed the basis for the US Federal Privacy Act and much state privacy
law in the US.
The section in the report about the history of the U.S. Census should
serve as a good antidote to anyone who thinks that privacy is an issue
that only emerged recently. It contains a quote from the 1850 Census
marshall about privacy violations involving 1840 census data and of the
opposition from citizens to the expanded questioning related to
economic data in the 1840 Census.
------------------------------
From: mkj@world.std.com (Mahatma Kane-Jeeves)
Date: 29 Mar 1995 12:47:39 GMT
Subject: Copyright vs Freedom on the GII
Organization: The World Public Access UNIX, Brookline, MA
-----BEGIN PGP SIGNED MESSAGE-----
In the coming age of the Global Information Infrastructure (GII), the
interests of major intellectual property holders appear to be in direct
conflict with the interests of the average individual. I see major threats
to intellectual freedom and civil liberties arising from the world's
copyright-based information industries.
It is fundamental to the nature of informational networking to eliminate
informational scarcity within its scope. This is one of the most
predictable effects which a network is bound to have in any informational
"ecology". It is also the chief benefit; if you frustrate this effect,
there's usually not much point left in having a network at all.
Copyright, on the other hand, may be described as a strategy of deliberate
economic scarcity. The practicality of copyright has depended largely on a
presumption that copying and distribution are in themselves valuable
services, likely to take the form of identifiable ventures for profit.
Today, with the advent of various technologies which facilitate cheap and
easy copying and distribution of information, copyright is becoming an
increasingly artificial and difficult strategy. The U.S. Copyright Act
itself recognizes the impracticality of protecting intangibles; songs and
stories passed by word of mouth were never intended to qualify for
protection, and with the advent of the Internet and other precursors of the
GII, the notion of "word of mouth" is taking on a vastly expanded meaning.
It seems to me that copyright and networking are in opposition at their very
roots, and I fear that ill-conceived efforts to reconcile copyright with the
GII will undermine our most important freedoms.
Let's bear in mind that neither copyright nor informational networking are
ends in themselves. The value of each of these strategies resides primarily
in the contribution it makes to the quantity and quality of information
available throughout a society. Which strategy makes a more valuable
contribution? Is our society better served by copyright, which encourages
the creation of valuable informational products? Or by public and private
libraries, sales of used materials, sharing among friends, casual xeroxing
of articles for distribution or personal archives, and the freedom to read
newspapers aloud around the water cooler? If we have to choose just one of
these information strategies for the future, which one should we preserve?
Up to now, we've enjoyed the luxury of having it both ways: An adequate
informal separation between casual use and commercially significant piracy
has been maintained by the physical difficulties which still exist in
copying and distributing large quantities of verbatim information (although
this informal separation does not always conform to the letter of the law).
But the separation is rapidly breaking down, and in the world of the GII, it
is unlikely that this traditional de-facto compromise will work.
The U.S. has already taken a strong position that copyright must be defended
on the GII -- a position so strong in fact that, even if we wanted to, we as
a nation couldn't back down now; we've pressured too many other nations into
line! But how, in practical terms, can copyright be enforced on the GII?
That is a scary question. Every Cypherpunk knows that if privacy and free
speech are protected, copyright will soon be deader than Elvis!
Copyright-based businesses are fighting for their lives. Their survival now
depends on the willingness and ability of governments to exert enormous
control over civilian communications. And with such huge financial
interests at stake, individual rights are likely to take a beating.
(This process, by the way, is already well underway in the U.S. The recent
recommendations of the President's Information Infrastructure Task Force's
Intellectual Property Working Group have created controversy and concern in
the academic community; Wayne State University Law Professor Jessica Litman,
for instance, has characterized the report as a threat to a citizen's "right
to read"! See documents available at iitf.doc.gov for more information.)
Then comes the really scary part. As society moves more and more of its
informational activities onto the GII, the lines which now separate
copyrightable properties from everyday "general knowledge" and "word of
mouth" will begin to blur. (This process, too, is already underway; it has
even been seriously suggested in U.S. government policy hearings that the
National Information Infrastructure should be re-named "The Intellectual
Properties Network", in order to better reflect its "true" nature and
purpose as some in Washington see it.) Before long, large areas of speech
and knowledge will be subsumed within the arena of private property, and
freedoms of thought and self-education will decline.
The GII is the technological leap which makes such new property rights
possible; in fact, it may make them inevitable, since the vast economic
expansions which such new rights would represent may be a temptation too
enormous for any nation to resist. Moreover, the GII creates for the first
time a practical power to enforce such rights, by providing an opportunity
for cheap automated surveillance of most public informational activities.
(Listing some of the other powers which such an instrumentality would create
for governments is left as an exercise for the reader.)
Within a generation or two, the notion of intellectual freedom -- defined as
the freedom to learn and know and teach important things, and to use that
knowledge, without having to pay anyone for a legal right to do so -- may
seem as archaic to the average person as the freedom to live nomadically off
the land (a seemingly inalienable God-given right from the dawn of time
through the early 20th century A.D.) seems to most of us today.
--- mkj
March 27, 1995
(THE AUTHOR OF THIS ARTICLE HEREBY GRANTS PERMISSION for anyone to copy and
redistribute the article without restriction, provided only that the article
and its original PGP signature are kept intact, whole and unmodified.)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBL3iRjF11Wd4tm8clAQGoUAP+MMYnLhc6etgq0MdTLaV3i0BruU2RyIKh
I+vb4PA8/3E1ysoamDNhtTyzrOa1f2QKtB0HC6JAGwAotI994fJodJ5E8rlUZOJZ
TpBJU2cF8gttVADe3Tfc0pKi3k6NkXQY7vMRnW5/cL2BOsEYn7EzEV7Sb3jn0/vO
bIH4ibCmV/o=
=fXBC
-----END PGP SIGNATURE-----
------------------------------
From: "Lewis W. Olenick" <lewo@Laser.NET>
Date: 29 Mar 1995 13:19:32 -0500 (EST)
Subject: Nationwide Electronic Open Meeting - Call for Public Access Sites
>From the EXECUTIVE OFFICE OF THE PRESIDENT, OFFICE OF MANAGEMENT AND
BUDGET
Please repost as appropriate.
PEOPLE AND THEIR GOVERNMENTS IN THE INFORMATION AGE
NATIONAL ELECTRONIC OPEN MEETING
May 1-14, 1995
CALL FOR PUBLIC ACCESS SITES
BACKGROUND:
In recognition of the growing importance of information technology as a
means for communication and participation in democratic government, the
Office of Management and Budget (OMB), the National Telecommunications
and Information Administration (NTIA), the National Technical
Information Service's (NTIS) FedWorld, and the National Performance
Review (NPR) will be sponsoring an electronic open meeting entitled
"People and Their Governments in the Information Age," from Monday, May
1 to Sunday, May 14, 1995. The US Government Printing Office (GPO)
will assist by providing telephone registration for Public Access Sites
and preconference information.
The meeting will seek to garner public opinion on the use of
information technology by Federal, State, Tribal and local
governments. The electronic open meeting will encourage public
discussion about the respective roles of the Federal government, State,
Tribal, and local governments, industry, the public interest and
library communities, academia, and the general citizenry in creating an
electronic government.
One of the fundamental tenets of the Clinton Administration is that
government information is a public asset and valuable national
resource. This open meeting is an extension of earlier efforts, such
as the Government Information Locator Service (GILS) initiative, to
establish a framework for governments' roles and activities in the
information age. In early April, OMB will publish a "Notice of
Inquiry" in the Federal Register setting forth the five topics
mentioned below, referencing key reports and other documents, and
seeking comment.
Along with the traditional method of mailing in responses to a "Notice
of Inquiry," the open meeting will be conducted through our nation's
electronic networks including: the World Wide Web, newsgroups, e-mail
listservs (mailing lists), commercial on-line providers, Public Access
Sites, and dial-up bulletin board connections.
HOW THE CONFERENCE WILL BE CONDUCTED:
FedWorld will create five e-mail discussion groups. The five
discussion groups will also be accessible through five corresponding
Internet newsgroups, the World Wide Web, and dial-up bulletin board
connection. Each discussion group will be devoted to a specific topic
relating to "People and their Governments in the Information Age."
Each topic will be hosted by one or more experts, who will provide an
introductory statement to initiate the discussion and who will also
take part in the discussion.
Attendees will participate in the conference by replying to the hosts'
introductory statements, posting statements or comments, and by
replying to the statements and comments of other attendees. We are
seeking the broadest possible level of participation emphasizing input
from a wide spectrum of Americans. The open meeting will focus on five
topics:
Services -- from emergency help and health care to business
licenses.
Benefits -- from social security and food stamps to small business
grants.
Information -- from declassified secrets and travel aids to
satellite weather maps.
Participatory Democracy -- ensuring everyone's chance to be heard
in a democracy.
Technology -- how the technical portion of electronic government
will work.
NEED FOR PUBLIC ACCESS SITES:
A primary goal of the meeting is to enable as many Americans as
possible to participate in the dialogue. This includes people who do
not have a computer with a modem, or access to the Internet. In order
to ensure participation by the "unconnected," public and private
organizations are needed to volunteer as "Public Access Sites."
The following criteria will apply to institutions interested in serving
as a Public Access Site:
* Willingness and ability to make computer facilities
available, free-of-charge, to the general public on a full- or
part-time basis throughout the two-week meeting, and to provide
logistical and technical support to the public.
* Ability to access Internet e-mail, newsgroups, or the
World Wide Web. Public Access Sites should not use Telnet to
access the FedWorld bulletin board. Because the number of access
ports at FedWorld is finite, FedWorld prefers to reserve dial-in
and Telnet capacity for individuals who seek to use the FedWorld
BBS as their primary means of participating.
* Willingness and ability to publicize your institution's
participation as a Public Access Site to the local media and
community, and answer local public and press questions about
participation.
* Willingness to be listed in a national directory of Public
Access Sites that will be made available to the public and press,
before and during the meeting.
If your institution would like to serve as a Public Access Site, please
do one of the following:
Point your World Wide Web browser to:
http://meeting.fedworld.gov
Or, send a blank e-mail message to:
pas-info@meeting.fedworld.gov
In response to your e-mail, you will receive an automated response
detailing how to register as a Public Access Site. If you do not
presently have e-mail, newsgroup, or World Wide Web capability but plan
on having such capability by the time of the meeting, you may register
as a Public Access Site or receive general end user information by
calling the GPO Access User Support Team at (202) 512-1530.
If you would like more information about the content and format of the
meeting, please send a blank e-mail message to
info@meeting.fedworld.gov. You will receive an automated response
providing additional detail for the electronic open meeting.
Thank you for your interest in making this meeting more accessible to
the public!
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Mar 1995 14:02:58 -0600 (CST)
Subject: Intelligent Transport Systems
Organization: University of Wisconsin-Milwaukee
Privacy Issues in Intelligent Transportation Systems
[Taken from http://weber.ucsd.edu/~pagre/its-issues.html by L. P.
Levine, CPD moderator]
Intelligent Transportation Systems (ITS) is a very large program
organized by industry and government to apply computer and
communications technologies to transportation. If ITS lives up to its
proponents' hopes then it will eventually affect virtually everybody.
Particular ITS systems are already implemented in many American states
and other countries, including numerous systems for automatic
toll-collection. Architectures, standards, and regulatory frameworks
for US national ITS systems are being formulated through a long,
complex private-public partnership process that is already well under
way. Although ITS promises to bring many benefits, if implemented
incorrectly it can also pose a grave threat to personal privacy by
making extensive information on individuals' travels available to
governments, marketing organizations, and others.
The industry group ITS America recently issued a "draft final" version
of the " Intelligent Transportation Systems Fair Information and
Privacy Principles". This draft is open for public comment right now,
and I encourage you to read it and submit comments on it to ITS
America's general counsel:
D. Craig Roberts
ITS America
400 Virginia Avenue SW, Suite 800
Washington DC 20024-2730
ITS America works very closely with the United States Department of
Transportation (DOT). DOT recently completed a set of public hearings
on the DOT/ITS America national architecture plan. I highly recommend
that you read a report on this plan, issued in November 1994, that can
be obtained from:
Mr. George Beronio
Federal Highway Administration
HTV-10 Room 3400
US Department of Transportation
400 7th St SW
Washington DC 20590
For Jerry Werner's helpful ITS Online, click here. For a directory of
other Web resources on transportation issues, click here.
The remainder of this page includes some issues to think about in
reading the ITS America draft privacy principles. For a broader account
of the issues, you can click here for my comments on the subject for
the CFP'95 conference.
I am circulating the draft ITS privacy principles on my own initiative
and not as a representative of ITS America or any other organization.
The comments that follow reflect my own views. Here are some issues to
consider:
What will prevent states from giving local police broad powers to use
ITS information for law enforcement purposes? Do the democratic
processes in state legislatures provide enough protection, or should
the architecture for ITS systems resist abuse through anonymity and
other measures? What does "ambushed" mean, and what if anything does
"reasonable expectation" mean in practice?
Is an opt-out system sufficient to prevent abuse of ITS information by
marketers? Do opt-out systems work well enough in other areas, such as
secondary uses of personal mailing addresses and associated
demographic information? What specific guidelines might be required to
ensure that the opt-out is "user friendly" enough? Would an opt-in
system be preferable? Such a system would set the default differently,
so that your personal ITS information would not be available to
marketing organizations without your express consent.
Should ITS systems collect individually identifiable information at
all? That is, should the architecture be designed so that databases
end up containing personal travel information that is indexed in some
form that can be merged with personal information from other sources?
Or should the system be entirely anonymous?
To what lengths should ITS implementers be required to go in order to
provide drivers with the option of using ITS anonymously? How easy
should it be to pay with cash -- or with digital cash?
Should ITS privacy guidelines have the force of law? Which ones? What
would these laws be like, what level of government would be
responsible for them, and how would they be enforced? If the
guidelines do not have the force of law, what guarantee is there that
ITS implementers will follow them in a substantive way?
Who should be liable when ITS information is employed to violate an
individual's privacy? ITS developers? States? Both? What statutory
framework is required to ensure that violated individuals can pursue
and receive adequate legal remedies?
How is the adequacy of ITS privacy safeguards to be determined? Who
will make this determination? Will there be an ongoing evaluation? By
whom?
Is it practical to specify privacy guidelines without detailed
reference to the ITS system architecture? How could the guidelines
specify relevant aspects of the architecture more precisely without
sacrificing adaptability to a wide range of settings? Are restrictions
on the architecture required to ensure privacy, or does it suffice to
formulate guidelines like these independently of the development of
the architecture?
Should ITS development be permitted to proceed before privacy
requirements are adequately defined, widely discussed, and broadly
approved? Have these requirements been adequately articulated thus far
in the process?
Are the guidelines clear enough? Are any passages vague or ambiguous?
Does the Freedom of Information Act really require a balance between
privacy and right to know? Or does privacy take priority?
Does the requirement for "visibility" (also known as "transparency")
need to be defined more precisely? What guidelines might be needed to
ensure that information about ITS data flows are available to the
general public in a useful form?
Is it alright to permit non-ITS organizations to make unlimited use of
ITS information that does not identify individuals? Can we envision
any types of non-individualized information whose use the public has
an interest in regulating?
In the paragraph on secondary uses, is the expression "information
absent personal identifiers" restrictive enough? What about
information without personal identifiers but with identifiers for
particular automobiles? What about information with identifiers for
particular "smart cards" or bank account numbers? Might there be other
types of information that permit individual identities to be readily
reconstructed through merger with other sources?
The word "appropriate" appears four times. Does this notion need to be
spelled out more specifically? Can this be done without introducing
excessive inflexibility? How?
Who should have an opportunity to comment on these guidelines? Should
the comments be publicly available? How?
Is it reasonable that these guidelines are being developed by a
private organization rather than by the government? What initiatives,
if any, should the government be taking to ensure privacy protection
in this area?
You are obviously free to draw your own conclusions about these matters
and others I might not have mentioned. In any event, once again, I
encourage you to communicate your views and to help make the issues
known to the broad public that they affect.
Phil Agre
pagre@ucsd.edu
http://communication.ucsd.edu/pagre/agre.html
The ITS America Fifth Annual Meeting and Exposition will be held in
Washington on 15-17 March 1995 at the Sheraton-Washington Hotel. ITS
America technical committees will be meeting at this conference, and
these meetings will be open to all conference attendees. These
committees are important because, once technical standards are set, it
will be difficult if not impossible to change ITS in any fundamental
way because actual systems will begin proliferating that depend on the
standards, thereby creating a large and well-organized interest group.
The address for conference registration is: Registrar, ITS America,
(same street address as above), phone (202) 484-4847 fax (202)
484-3483.
Phil Agre <pagre@ucsd.edu>
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #031
******************************
.