Date: Tue, 19 Sep 95 06:08:45 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#024
Computer Privacy Digest Tue, 19 Sep 95 Volume 7 : Issue: 024
Today's Topics: Moderator: Leonard P. Levine
Re: Grocery Purchases and my Privacy
Re: Grocery Purchases and my Privacy
Re: Grocery Purchases and my Privacy
Re: Grocery Purchases and my Privacy
Re: Grocery Purchases and my Privacy
Re: Grocery Purchases and my Privacy
Re: 20/20 Security Camera Report
Re: RSA Evaluation Software
Re: Concerns about BC "PharmaNet" Computer System
New Privacy Book
Re: AOL and the FBI
NJ Hearings about Access to Criminal Records
Info on CPD [unchanged since 08/01/95]
----------------------------------------------------------------------
From: ssatchell@BIX.com (ssatchell on BIX)
Date: 16 Sep 95 00:11:45 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: Delphi Internet Services Corporation
I do NOT believe, however, that they have the right to compile data
on "what" I buy.
hrick@gate.net (Rick Harrison) writes: [...] Or did the information
enable me to serve her better? If the grocery store that tracks
your purchases later sends you coupons for items that you routinely
buy, in order to encourage your continued patronage of their store
as opposed to ther stores in the area, have you been harmed or
helped?
Tracking inventory closely is one thing. Keeping tabs on who buys what
when is another. One reason I stopped using credit cards for small
purchases is that I saw evidence that my card provider was using the
information about where I shopped to sell my name to others in a
closely targetted manner.
Coupons: Raley's here has a coupon printer which does what you
indicate but without the tracking and the postagel.
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 17 Sep 1995 03:42:04 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: The National Capital FreeNet
(Andrew_Hastings@transarc.com) writes: In this week's advertising
circular, Giant Eagle introduced a requirement that you present the
card in order to receive discounted prices on any of the advertised
specials. Without the card, you pay full price. Federal law
prevents Giant Eagle from disclosing to third parties the names of
the videos you rent. No law prevents Giant Eagle from disclosing
information about your purchases.
Save-on-foods has a similar scheme in British Columbia. A recent
decision by the Federal Competition watchdog agency requires stores to
make their scanner data tapes available to anyone who wants to buy
them. In the past they had been proprietary information. I avoid "air
miles" schemes for the same reason, and because I don't get on a plane
unless someone pays me to.
------------------------------
From: bcn@world.std.com (Barry C Nelson)
Date: 17 Sep 1995 22:35:28 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: The World Public Access UNIX, Brookline, MA
Actpccpek <actpccpek@aol.com> wrote: One of the local grocery store
chains here in Indianapolis is switching from an old fashioned
"check cashing" card to a new "scanned" card. They euphemistically
call it their "Fresh Idea" card. Not only will this new card carry
my personal information for me to write a check for my purchases,
it will also link "what" I buy to "who" I am. [...] that the
department that was in charge of the project was NOT the accounting
nor billing nor finance department, but was in fact the "Market
Research" department.
In the 1970s there were several technologies patented which dealt with
connecting supermarket scanners with particular purchasers. One system
automatically changed the television cable boxes of certain shoppers,
based on the purchasing habits demonstrated via UPC scanners at the
local shopping center. Given the addressability of set-top boxes, and
the ubiquitous scanners, it is only a small step to where the data for
a given household could be used by "market research" to target your
child or other loved ones with a carefully crafted schedule of
propaganda.
Of course, why would they do it if there were no profit motive?
By merely shopping elsewhere, or refusing to subscribe to cable, or
paying cash, one can easily insulate oneself from this intrusion.
Once enough people voice their concerns and vote with their feet and
their money, perhaps the purveyors of such systems will rethink the
social repercussions of their experiments.
Nahhh.
--
BCNelson (not a lawyer)
------------------------------
From: John R Levine <johnl@iecc.com>
Date: 17 Sep 1995 23:22:43 -0400
Subject: Re: Grocery Purchases and my Privacy
Collecting consumer data at the checkout is hardly new. Indeed, it was
the primary impetus for installing barcode scanners.
Until about 20 years ago, sales and marketing info was collected in
rather primitive ways, e.g. Procter and Gamble would run a coupon
promotion, then wait a month or so for reports from distributors and
wholesalers to see how much difference it made. Then Information
Resources Inc. revolutionized the business by using barcodes.
They picked a bunch of cities around the U.S. in which they approached
every grocery store in town and offered to install barcode scanners for
free if they could have a copy of the data collected. Then they signed
up most of the people in town in a shopper's club with a card that you
give the cashier to scan each time you go to the store. (Each use
enters you in a sweepstakes where once a year they give away something
like a car.) Participation is entirely voluntary, and IRI makes no
secret of why they sign people up.
This let IRI tell who was buying pretty much every grocery item sold in
the area. But wait, there's more: then they made a deal with the local
CATV companies so they can inject replacement commercials into
individual customers' sets. This way, a vendor can run two different
commercials one evening, and the next day get a report on what people
who'd seen each commercial bought. I believe they made similar deals
with local newspapers so they could test advertisements and coupons as
well. Last I heard they were mopping up the details signing up
drugstores and convenience stores.
This made IRI into an instant big gorilla in the marketing data
industry, muscling aside establised competitors like Nielsen of TV
ratings fame. So barcode data collection is hardly new.
These days every grocery chain in the world has scanners, and a lot of
them are setting up their own shopper's clubs so they can collect their
own data. One of our local chains has such a club where you can get a
card that qualifies you for discounts, can do check approval, let you
write a virtual check, act like an ATM card, can have stored value
(like a gift certificate) and a zillion other marginally useful
services. Personally I got a card with no services at all other than
the discounts, giving them an old out of town address (where if they
sent me something I would still eventually get it) and pay with my
Mastercard which gives me a month's float and frequent flyer miles. I
also do most of my shopping at a competing store next door with no
shopper's club and generally lower prices. Hmmn.
As has been noted elsewhere, this is a two-edged sword, since the data
they collect does let them tailor their offerings so that they more
often have what you want, as well as letting them compile a dossier on
you. The discount feature is nice, too, since they've completely given
up conventional coupons in favor of shoppers' club specials, so I don't
have to dig up their circular and tear out the coupons any more.
--
John R. Levine, Trumansburg NY
Primary perpetrator of "The Internet for Dummies"
and Information Superhighwayman wanna-be
------------------------------
From: david_boshears@il.us.swissbank.com (David Boshears)
Date: 18 Sep 1995 18:42:33 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: Swiss Bank Corporation CM&T Division
Rick Harrison writes [...] Or did the information enable me to
serve her better? If the grocery store that tracks your purchases
later sends you coupons for items that you routinely buy, in order
to encourage your continued patronage of their store as opposed to
ther stores in the area, have you been harmed or helped?
Rick, you must be kidding! Inventory management has been done long
before the advent of "customer ids." In fact, that was the whole point
of bar-code readers: purchased items could be immediately deleted from
stock and when they were deleted could be tracked. You *do not* need
to know *who* bought something to successfully manage inventory.
I despise the kind of marketing you describe. It is *too* intrusive.
'nuff said.
=========================================================================
C. David Boshears | My opinions are mine, and
bosh@swissbank.com | mine ALONE!
Swiss Bank Corporation | *You can't have them!*
------------------------------
From: barthele@ux1.cso.uiuc.edu (barthelemy kevin)
Date: 19 Sep 1995 04:26:26 GMT
Subject: Re: Grocery Purchases and my Privacy
Organization: University of Illinois at Urbana
Ellis Weinberger (ew3@soas.ac.uk) wrote: The answer is to pay
cash.
Right you are, my friend...I only found out today that one of the
largest (if not _the_ largest) grocery stores chains in
Champaign-Urbana (Jerry's IGA) has gone for the "check cashing card"
from hell...I hadn't been shopping there much lately anyway...so I
won't feel terribly bad about not shopping there in the future. But
I'm pissed. What I buy and when is nobody's business but mine. If
going to cash for all purchases is the answer, then I'm right there.
Can anyone suggest a way to short-circuit this Orwellian nightmare?
------------------------------
From: cburian@uiuc.edu (Christopher J. Burian)
Date: 16 Sep 1995 22:21:40 GMT
Subject: Re: 20/20 Security Camera Report
Organization: University of Illinois at Urbana
WELKER@a1.vsdec.nl.nuwc.navy.mil writes: It would seem to me that
personal privacy interests might be protected by having a "grass
roots" camera network, possibly organized by local neighborhood
watch organizations. Thus the government is not in custody of the
tapes, and individual volunteers can review them for [...]
This is worse than police cameras because, at least ostensibly, police-
operated cameras are subject to controls, under jurisdiction of the
courts, etc. Spying for which police would need a warrant
(eavesdropping, snooping, searching) individuals are often allowed to
do without justification. Civilian-monitored cameras are a greater
threat to privacy than police- monitored ones.
--
=<Christopher Burian>======<Orwell was an optimist.>======<cburian@uiuc.edu>=
=====<PGP public key on the server, or finger cburian@ux4.cso.uiuc.edu>======
============<WWW homepage URL: http://www.cen.uiuc.edu/~cburian/>============
===============<Extremism in defense of Liberty is no vice.>=================
------------------------------
From: PRUFROK@delphi.com
Date: 19 Sep 1995 03:18:10 -0400 (EDT)
Subject: Re: RSA Evaluation Software
In your last but one bulletin you gave details of the new rsa
evaluation software package downloadable from http:/www.rsa.com or by
FTP from rsa.com (pub/crypto/etc, etc. I tried both these routes but
found no trace of the item in question. Could you help me identify the
whereabouts of this? Thanks,
Nick Butt
------------------------------
From: bo774@freenet.carleton.ca (Kelly Bert Manning)
Date: 17 Sep 1995 03:36:01 GMT
Subject: Re: Concerns about BC "PharmaNet" Computer System
Organization: The National Capital FreeNet, Ottawa, Ontario, Canada
Melvin Klassen (klassen@sol.UVic.CA) writes: In response to a
newspaper editorial about the "PharmaNet" system in British
Columbia, Canada, which is a computer system for cross-province
tracking the distribution of prescription drugs, the following
"letter to the editor" was written. It seems to allay the
"security" and "privacy" issues raised in the editorial.
Actually no. It also seems to confuse security/confidentiality with
privacy. My most pressing concern this is name and address information,
which can be retrieved by name search. I have seen nothing to assure me
that a record of name and address searches(that don't proceed to a full
medication history list) will be tracked.
The mention of a password seems a bit deceptive, since it conveys an
impression of people punching a secret code into a debit card keypad.
In fact people are expected to recite it aloud to the pharmacist and
anyone else within earshot. Once given to the pharmacist it will be
captured by the system and allow future access util it is changed.
This is one of the more obvious signs that the designers of this sytem
know little about security. They seem quite stubborn about not allowing
people to enter their passwords in secret. When asked about this at a
public meeting they stated that they had reviewed the issue of password
entry and had confirmed that giving it out loud to the pharmacist "is
the best way to do it". Go figure.
When my wife got a prescription recently the address that popped out
was a PO box that we haven't used for 5 years, but that is small
confort in the face of rumours that the BC Government plans to extract
drivers names and addresses from vehicle and drivers registries, which
are restricted access, and publish them in voter's lists, rather than
do a voter enumeration for the election expected within a year. It
won't be too long before some bright bureaucrat gets the idea of having
a single name and address registry in government and using that for
pharmanet.
There has been some use of drivers records for property tax purposes in
the past, but it has always been done after receiveing consent from
home owners. This is the first I've heard of driver's records being
used by another area without prior informed consent from individuals.
In my original post I mentioned the proposal to use pharmanet to hand
out drugs at no charge or reduced charge if they are covered by the
universal pharmacare program. A news report last week mentioned that a
man who received a reimbursment from the current system also found
pharmacy receipts from a stranger in the same envelope, along with
their name, address, and telephone number.
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 17 Sep 1995 22:39:57 -0400 (EDT)
Subject: New Privacy Book
Subscribers to this digest may be interested in a new book on privacy
issues. The title is "Legislating Privacy: Technology, Social Values,
and Public Policy." The author is Priscilla Regan, an assistant
professor of public affairs at George Mason University. This is a very
readable account of how some important federal privacy statutes were
passed. Regan identifies the policy, the politics, and the players.
She also offers some original observations about why privacy advocates
have not been successful in getting more legislation passed.
I recommend the book highly. The publisher is the University of North
Carolina Press.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: robert.heuman@rose.com (robert heuman)
Date: 18 Sep 1995 04:14:57 GMT
Subject: Re: AOL and the FBI
Organization: Rose Media Inc, Toronto, Ontario.
Quoting RseoegAOL and the FBIite33.ping.at We have known for some
time that AOL was 'cooperating' with federal agents in their
investigation of child pornography, but until the massive raids and
arrests commenced on Wednesday followed by AOL's admission that the
'evidence' was found in email and private chat, we did not know the
extent to which AOL was abusing their subscribers in the process of
cooperating.
Encrypt using PGP... and make their monitoring HARDER.... If they have
to decrypt every transaction using your public key your email will
probably pass through without triggering anything. If EVERYONE does
this they either accept it or lose ALL their business....
You do NOT need to encrypt with the receipient's public key so only one
person can read it... You can encrypt with your private key so anyone
with your public key can read it IF THEY WANT TO.... since it will
require extra work at their end.
Your choice, of course, but do NOT assume that CompuSearch or Prodigy
do not also do this...
--
... Crypto for the masses is the bane of law enforcement - HURRAY!
My opinions are my own! They are NOT those of my [sons, employer....]
======================================================================
R.S. (Bob) Heuman <rn.1886@rose.com> | Willowdale, Ontario, Canada
------------------------------
From: j.abolins@meydabbs.com (Sysop)
Date: 17 Sep 1995 22:35:00 +0000
Subject: NJ Hearings about Access to Criminal Records
Organization: Meyda BBS 609-833-8124 (Ewing, NJ USA)
When I mentioned the NJ hearings about public access to NJ criminal
records to John Featherman of the Privacy Newsletter, he recommended
sending the info to various Usenet newsgroups, including this one. -JDA
------
On Friday, September 22nd, New Jersey State government will hold a
public hearing about a proposal to broaden access to criminal records
of NJ residents by selling them to the public. The hearing will be
held at the NJ Department of Personnel Training Center in the Princeton
Forrestal Center. The hearing starts at 10 am.
Back in May 1995, NJ Attorney General Deborah Poritz announced the
proposal. Under this proposal, the public could obtain criminal
records of any NJ resident for $15. For $5, NJ residents could find
out who has been checking their criminal records. Currently, the New
Jersey Administrative Code (NJAC 13:59) limits access to criminal
records to four basic categories: government agencies, employers
checking potential employees' background, attorneys, and licensed
private investigators.
Poritz's proposal was scheduled to take effect in August after an
evaluation of comments received during the 30-day public comment period
that ended July 5th. After the review of the comments, the state
decided to put the proposal on hold, pending the new hearings. The
State government has until July 1996 to act upon the regulations and
any proposed modifications. "We continue to operate under the existing
regulations until new ones are proposed and adopted," said John Hagerty
of the New Jersey State Police.
The American Civil Liberties Union and 16 other groups have objected to
the proposed public access to criminal records. They are concerned
that the public could get inaccurate and incomplete information. The
proposed changes would allow anybody to get criminal records
information without regard to the purpose of the query or to the
requester's residency. The ACLU calls the proposal "one-stop
shopping."
Anybody wanting to testify at the public hearing on September 22nd
should call Captain Daniel Hughes at the NJ State Police West Trenton
headquarters. The phone number is 609-882-2000 extension 2318.
Written comments may be sent before September 22nd to Colonel Carl A.
Williams, c/o State Bureau of Identification; New Jersey State Police;
P.O. Box 7068; Trenton, NJ 08628-0068.
Based upon the newspaper article, "State delays proposal to sell
criminal records" by Ivette Mendez; The Star Ledger (Newark, NJ)
Tuesday, September 12, 1995; page 49.
Some of my comments:
I called Capt. Hughes last Thursday and arranged to speak at the
hearing. I was surprised to discover that I was only the second person
to call. I hope that there will be more people testifying about the
hazards of the proposed changes.
Last Friday, I obtained a copy of the current NJAC 13:59. I am still
seeking the text of the proposed changes so that I can prepare a
fitting response. From the bits and pieces I already know of the
proposal, I see a number of serious problems.
The broadened access to criminal records came in the wake of objections
to New Jersey's Megan's Law, a set of laws regarding public
notification of the whereabout's of convicted sex offenders. The
broadened access has been presented as a way that the public could
check to see if their babysitters, co-workers, neighbors, etc. have a
criminal record. But the information the public would get is limited
and might be for the wrong person. The current regulations state that
unless a fingerprint match is done, there is no guarantee that the
record is that of the person being checked. If the requester was given
an alias or other data that does not match the person's data, the
requester could get back somebody else's criminal record or an
indication of there being no criminal record for the person.
Therefore, the claimed benefits of the public being able to check other
people's criminal records are very limited. Also, the public would not
get information about expunged offenses.
The risks of the misuse of the criminal records is great. The current
regulations limit the purpose of the queries to specific functions such
as employment and licensing screening. The proposed changes will
eliminate these limits. The risks for privacy intrusions increase
greatly as neighbors check upon each other, as parents check upon their
children's friends and their families, and as people dig for dirt upon
their competitors. The use of these criminal records checks is almost
certainly to become a part of various partisan disputes such as the
abortion controversy. Already, snooping is a part of many partisan
controversies; the public access to criminal records will make the
snooping easier.
The criminal records available to the four groups specified by the
current NJAC 13:59 include information about cases pending trial. The
requesters are warned that the guilt of the subject has yet to be
determined. If the criminal records are so readily available to
public, the information may be used for all kinds of grudges and
disputes. The concept "innocent until proven guilty" will often be
ignored.
The current regulations prohibit the disclosure of the information to
people not involved in the purpose for which the records were sought.
They also require the recipients of the criminal records information to
destroy the information once their purpose is accomplished. If the
criminal records are open to the public, what is to prevent the broad
disclosure of the information to others, say, via the Internet?
And this is barely scratching the surface of the issues raised by the
proposed changes.
--
J.D. Abolins
Meyda BBS [Ewing, NJ] 609-883-8124
WWW Page- http://pluto.njcc.com/~jda-ir/
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 11 Aug 1995 09:39:43 -0500 (CDT)
Subject: Info on CPD [unchanged since 08/01/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit or append to the text except for purely technical
reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #024
******************************
.