Date: Thu, 26 Oct 95 13:46:14 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#034
Computer Privacy Digest Thu, 26 Oct 95 Volume 7 : Issue: 034
Today's Topics: Moderator: Leonard P. Levine
Privacy of Email over the Internet
Re: Author Profiles at Deja News
Re: Author Profiles at Deja News
Re: Author Profiles at Deja News
Re: Author Profiles at Deja News
Re: Author Profiles at Deja News
Re: Author Profiles at Deja News
Re: The Information Rights Act of 1996
Re: The Information Rights Act of 1996
Re: The Information Rights Act of 1996
UC Berkeley Ethics of the Internet Conference
Re: Inappropriate Access to Absentee Ballot Lists?
Re: Inappropriate Access to Absentee Ballot Lists?
Re: Call Blocking
Clickshare(sm) alpha up; "test drives" available
CDT POLICY POST No.27 -- Landmark Health Privacy Bill Introduced
Info on CPD [unchanged since 08/18/95]
----------------------------------------------------------------------
From: mciseis@aol.com (McisEis)
Date: 25 Oct 1995 12:14:24 -0400
Subject: Privacy of Email over the Internet
Organization: America Online, Inc. (1-800-827-6364)
I've discovered an interesting software helping privacy of material we
all send over the internet
The site address is : http://www.netvision.net.il/~vts/
------------------------------
From: converse@cs.uchicago.edu (Tim Converse)
Date: 25 Oct 1995 22:28:08 GMT
Subject: Re: Author Profiles at Deja News
Organization: Univ. of Chicago Computer Science Dept.
Eric Hunt <hunt@austin.metrowerks.com> writes: Upon learning from
this discussion group of the Author Profiles available to anyone
with a web client at Deja News (http://www.dejanews.com), I
investigated. Sure enough, they had their database engine compile a
summary of all the newsgroups I had posted to. At that point, I
used their mailto: form to politely but firmly request that they
remove me from their database, as I felt it was an invasion of my
privacy.
I checked it out too, and it was sort of disturbing to see my author's
profile.
Does anyone have any sense of the legal situation here? That is, what
rights if any does the author of a netnews article retain over its
future distribution? Is it conceivable that I could post articles but
not grant rights to duplicate them in this kind of "compilation"?
--
Tim Converse U. of Chicago CS Dept. converse@cs.uchicago.edu (312) 702-8584
------------------------------
From: leppik@seidel.ncsa.uiuc.edu (Peter Leppik)
Date: 25 Oct 1995 19:35:13 -0500
Subject: Re: Author Profiles at Deja News
Organization: University of Illinois at Urbana
Eric Hunt <hunt@austin.metrowerks.com> wrote: By virtue of its
entirely unmanageable size, UseNet was essentially a "private"
place. Just as you can move to New York City and do *lots* of
things that absolutely no one will notice, you could post to weird
and potentially sensitive areas on UseNet and no one would be the
wiser. [snip] Again, my point is this: there was an expectation of
privacy with UseNet before your service.
Is it just me, or is the idea of an expectation of "privacy" in a
USENET posting laughable?
You compose a message, then broadcast it to literally millions of
computers all around the world, with potentially tens of millions of
readers, and unknown storage time, and you expect this to be
"private"?
I might buy the notion that it is unethical to attempt to gather names
of people who post to mailing lists (which are inherently limited
distribution), but USENET, almost by definition, is the widest possable
distribution for a given post in a given field.
This is hardly the first example of USENET filtering (cf. Kibo), and it
won't be the last--nor the most convenient. When you post tu USENET,
you simply have to expect that anyone, anywhere might read your message
for any reason.
Amusing aside: I use the SIFT Netnews filter to filter any message
containing the word "Leppik" and mail it to me (make sure nobody's
talking behind my back--it helps to have a very unusual name). This
week, I was mailed a post from my younger brother in the Babylon 5
newsgroup (this was the first post he's made anywhere in a year or
longer--since before I started using SIFT)....So I sent my brother a
note explaining how I had SIFT configured, and added, "Big Brother is
Watching You."
--
Peter Leppik leppik@seidel.ncsa.uiuc.edu
Lost in the Information Supercollider
http://seidel.ncsa.uiuc.edu/
------------------------------
From: "Bill McClatchie" <wmcclatc@nyx10.cs.du.edu>
Date: 24 Oct 1995 09:19:13 +0000
Subject: Re: Author Profiles at Deja News
Organization: the Twilight Zone
I'd welcome any comments public or private on my arguments. Is the
reality of UseNet completely different from the banners and
net.guide documents, or am I being completely silly for assuming
there was any expectation of privacy when posting to obscure
newsgroups?
I think the biggest problem with this profile what it leaves out. I am
a frequent poster in a couple of big groups - yet I'm apparently not in
their database (not that I'm complaining).
And the profile could show someone as posting to groups like the
alt.pedophilia.* groups, and quite possibly they won't have the article
you followed up to which had a "unusual" follow-up line. Something
like that ought to look good on a quick check of what you do online.
------------------------------
From: kf7qz@bcstec.ca.boeing.com (Ricky Scott)
Date: 26 Oct 1995 13:18:51 GMT
Subject: Re: Author Profiles at Deja News
Organization: The Boeing Company
Eric Hunt (ehunt@bga.com) wrote: I went to their feedback page and
firmly but politely requested they remove my two active UseNet
posting accounts from their database. I also informed them I would
not bring out the lawyers but I would become very active elsewhere
in UseNet to bring pressure on them to remove this service.
Eric. I did this also and I was wondering if you recieved their polite
form letter. It was about how we compromise our privacy everyday on
the net, etc etc etc. Its my feeling that yes I do in some way or form
by posting but it was the way that they do it that bothers me. And the
fact that they have an Authors profile.
--
Ricky J. Scott | The comments expressed here in do not
Ship Side Support | reflect the views of my company or my
767 Electrical | supervisor. In fact they wish I would not
kf7qz@bcstec.ca.boeing.com | express my opinions.
------------------------------
From: "David H. Klein" <davidhk@dciexpo.com>
Date: 26 Oct 1995 10:26:51 -0400 (EDT)
Subject: Re: Author Profiles at Deja News
On the issue of privacy in the Newsgroups, IMHO, the service such as
Dejanews was bound to happen.
I agree with it.
In the form of communication of the usenet newsgroups, when you post,
you are willfully making a public statement for the potential
readership of millions of people. If you would like to conduct a
communication of users wishing to discuss a difficult issue, I would
highly suggest a _private_ mailing list. The list is the form of
internet communication which allows multiple people to talk without
having to worry about public accountability.
Newsgroup parallels to other forms (or inefficiencies) of communication
cannot necessarily apply in cyberspace. Remember, there is not a lack
of the ability to discuss issues privately, only amongst the newsgroups
(privacy is definitely not their overall purpose). The press has shown
clearly that events and issues in cyberspace are pubilc by reprinting
them in the other mediums.
For more information on establishing a private mailing list, please
send e-mail to mail-list@mail.cint.com
------------------------------
From: Ted Lemon <mellon@fugue.com>
Date: 25 Oct 1995 20:48:51 -0700
Subject: Re: Author Profiles at Deja News
Eric Hunt <hunt@austin.metrowerks.com> writes: Just as you can move
to New York City and do *lots* of things that absolutely no one
will notice, you could post to weird and potentially sensitive
areas on UseNet and no one would be the wiser.
Would that it were so. The fact of the matter is that archiving all
news has never been a terribly difficult thing to do - all it takes is
a lot of disk space. There are plenty of government agencies who have
the money to do this sort of thing, both in the U.S. and abroad. Sure,
none of your *friends* might be the wiser, but the gummint will be.
Actually, you don't even need a lot of disk space - just watch articles
as they go by and record the number of times each user posts to each
newsgroup. This gives you your marketing survey without wasting disk
space on actual content.
If you're the Secret Police, search for keywords like sugar, gas and
tank, or spike and tree, or whatever, in the same sentence, and record
articles that match. You'll still get all the monkey wrenching
articles, but you won't have to store as much junk. This is all
really easy, obvious stuff, unfortunately.
The UseNet is and always has been the equivalent of the podium at the
Rialto. If you incriminate yourself, expect the Doge's men to come
after you. If you behave badly, expect it to be remembered. There is
a price to be paid for being a public personality, and posting to the
UseNet makes you just that.
For better or worse, it's probably a good thing that DejaNews is here
to remind us of our mortality.
--
MelloN
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 26 Oct 1995 00:13:27 -0400 (EDT)
Subject: Re: The Information Rights Act of 1996
Dick Mills posted a message asking for suggestions about what might
belong in an Information Rights Act. This is a response.
Actually, it is a relatively easy question to answer. The code of fair
information practices, a complete and coherent set of data protection
principles, forms the basis for just about every modern privacy law
around the world. There has been a tremendously strong policy
convergence around these principles. Any new attempt to develop an
information privacy law should start with the code. Most formulations
look something like this:
A Code of Fair Information Practices
1) The Principle of Openness, which provides that the existence of
record-keeping systems and databanks containing data about individuals
be publicly known, along with a description of main purpose and uses of
the data.
2) The Principle of Individual Participation, which provides that
each individual should have a right to see any data about himself or
herself and to correct or remove any data that is not timely, accurate
relevant, or complete.
3) The Principle of Collection Limitation, which provides that
there should be limits to the collection of personal data, that data
should be collected by lawful and fair means, and that data should be
collected, where appropriate, with the knowledge or consent of the
subject.
4) The Principle of Data Quality, which provides that personal
data should be relevant to the purposes for which they are to be used,
and should be accurate, complete, and timely.
5) The Principle of Use Limitation, which provides that there must
be limits to the internal uses of personal data and that the data
should be used only for the purposes specified at the time of
collection.
6) The Principle of Disclosure Limitation, which provides that
personal data should not be communicated externally without the consent
of the data subject or other legal authority.
7) The Principle of Security, which provides that personal data
should be protected by reasonable security safeguards against such
risks as loss, unauthorized access, destruction, use, modification or
disclosure. Sufficient resources should be available to offer
reasonable assurances that security goals will be accomplished.
8) The Principle of Accountability, which provides that record
keepers should be accountable for complying with fair information
practices.
This version is derived from several sources, including codes
developed by the Department of Health, Education, and Welfare (1973);
Organization for Economic Cooperation and Development (1981); and
Council of Europe (1981).
Bob
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: rj.mills@pti-us.com (Dick Mills)
Date: 26 Oct 1995 07:39:04 -0400
Subject: Re: The Information Rights Act of 1996
I'll respond to my own challenge. (Did you think I wouldn't :)
I think there are only three principles needed to provide fundamental
definition of rights.
1) Information is either public or private.
The net especially has been contributing to lack of clarity and
confession by failing to make this distinction. This week's
furor over the Deja News service is a good example. "I want to
post on the thousands of people who read the UseNet group but
that doesn't mean I want the whole world to know. Not my
employer, not my parents." Get real.
Private information is private only in that the owner takes
specific steps to keep it private. For example, UseNet posters
can use an anonymous remailer. If they don't then they have no
right to expect their post to be treated as private.
In the case of disputes, courts will have to look for evidence of
specific efforts to keep the information private. In other
words, these vague and indefinable "expectations of privacy" have
to go.
2) Information providers, including consumers, have the right to
enter legally binding contracts restricting the use of the
information provided. No business or government may demand
information not directly relevant to the transaction as a condition
for commerce or services, nor to use the relevant information for
secondary purposes except as granted by contract.
This is the means needed for citizens to take actions to keep
their information as private as they wish. Contracts must follow
all the standard conditions, including consideration for each
side.
If the phone company wants to sell your demographics to a mailer,
they have to contract with you in writing, and offer
consideration such as money. In real life, I don't expect the
phone company to negotiate 300 million individual contracts, but
in the absence of a written contract, they couldn't use anybody's
information for secondary purposes. Commerce and government can
offer incentives for people to make their information public.
It will probably be necessary to provide exceptions to this rule
for law enforcement purposes.
3) Information gathered by lawful direct observation is owned by the
observer.
If I see you buy something in a store, or I see you murder
someone on a surveillance camera, or I read your post in UseNet,
I gain information about you. That information is my property.
I can sell it. You have no right to restrict me in its use.
Abuses, like peeping Toms, are addressed by laws such as
trespass, which make some kinds of observation unlawful.
Sometimes (3) may appear to conflict with (2). The grocery store can
observe what you buy and sell the information under (3). However they
can't demand to know your name, nor use the name from your check
without entering a contract with you under (2). Of course if the
grocer knows you anyhow, he won't need a contract. The solution should
be for you to conclude a contract with your grocer granting him some
rights to use your information in exchange for consideration.
--
Dick Mills +1(518)395-5154
http://www.albany.net/~dmills
------------------------------
From: prvtctzn@aol.com (Prvt Ctzn)
Date: 26 Oct 1995 13:09:22 -0400
Subject: Re: The Information Rights Act of 1996
Organization: America Online, Inc. (1-800-827-6364)
As technology tightens world community links, access to the
avalanche of available personal information must be EFFECTIVELY
regulated for the sake of us all. As the direct marketing industry
has failed to effectively regulate itself the past, its future `effort'
in that regard will be judged as insufficient.
Who should manage personal information? Not the custodian of
that information, but rather its owner/subject; the person that the
information describes.
The mechanism for that management should require the custodian
to have (before it may release or allow access to that data) a
S.P.A.D.E. authorization from the owner/subject (O/S):
1) S pecific- custodian to itemize (for the O/S) all personal data it
collected
2) P rior- release of data is denied until authorized by O/S (opt-in
policy)
3) A ffirmative- the authorization must be given in a pro-active
fashion by the O/S
4) D ocumented- the authorization must be recorded & available for
inspection
5) E xpress- it must come directly from an O/S, no 3rd party
transmittals Information custodians who have your SPADE authorization,
may allow others to dig into your private affairs concerning
information held by that custodian. SPADE authorizations may be
revoked at any time.
A SPADE authorization, held and transmitted by a third party
will not be sufficient to access the S/O's information, unless
the S/O and the custodian have negotiated such an allowance in
advance.
SPADE violations would preferably be enforced through a
`private right of action' available in a civil court.
The news media get's away with invading a person's privacy on
the basis that the person they report on is a celebrety, and
abandoned their expectation of privacy when they became that
celebrity. The circular conundrum regarding this rational is that;
when the media reports on a person, that person becames a celebrity
That logic now seems to be sweeping us all into a
`privacy-challenged' society. Unless we take charge of our privacy,
others will.
Bob Bulmash
Private Citizen, Inc.
1/800-CUT-JUNK
------------------------------
From: Lisa Schiff <lschiff@info.SIMS.Berkeley.EDU>
Date: 25 Oct 1995 12:52:51 -0700
Subject: UC Berkeley Ethics of the Internet Conference
----------------------------Original message----------------------------
This is an announcement regarding a one day conference on the Ethics of
the Internet to be held on the UC Berkeley Campus, Saturday Nov. 18th
(agenda outlined below). The conference is cosponsored by the UC Berkeley
Division of Undergraduate and Interdisciplinary Studies, the UC Berkeley
School of Information Management and Systems, and UC Berkeley Extension.
Funding is provided by the Steven V. White Endowment for the Teaching of
Ethics. Please feel free to repost this announcement.
The conference is open to the public ($35) and is free to UC Berkeley
Students and Staff who pre-register with a UC ID. There is limited
attendance, so if you are interested in attending, pre-registration is
recommended. Please call UC Berkeley Extension at (510) 642-4111
(reference number EDP 391938). For more information go to the Web page
for
the conference: http://www.sims.berkeley.edu/conferences or send email to
RKR@unx.berkeley.edu.
Hope to see you there.
Lisa Schiff
doctoral student
School of Information Management and Systems
UC Berkeley
lschiff@info.berkeley.edu
*************************************************************************
***
Ethics of the Internet
Saturday November 18
145 Dwinelle
UC Berkeley Campus
9:30 am - 4:30 pm
Welcome
Dr. Hal R. Varian
Dean, UCB School of Information Management and Systems
Setting the Stage: Ethics of the Internet
Dr. Yale Braunstein
Associate Professor, UCB School of Information Management and Systems
Morning: Perspectives on Access and Democracy
Access as an Ethics Issue: How Access to the Internet Affects Children
Cynthia Samuels
founding executive producer of Channel One; former planning producer of
Today
Universal Access: Social and Political Implications.
Karen Coyle
Technical Specialist, University of California Library Automation
Unit; Internet instructor; chair of the Berkeley chapter of Computer
Professionals for Social Responsibility
Free Expression, Copyright, and Democracy.
Steve Arbuss
attorney and unofficial legal advisor to the Internal Interactive
Communications Society (IICS); expert on privacy and authors' rights
in cyberspace.
Panel of all 3 morning speakers answers remarks from student
responders and questions from audience
Afternoon: Freedoms, Rights, and Crimes
Authenticity, Ownership, and Commercialism of Digital Images.
Howard Besser
Visiting Associate Professor, School of Information and
Library Studies, University of Michigan; expert on image databases and
the impact of multimedia and new information technologies.
Surveillance and Censorship on the Internet.
Jim Warren
MicroTimes columnist; founder of the Computers, Freedom and Privacy
Conferences
and InfoWorld Magazine; pioneer in computer-assisted political action
and civil liberties advocacy.
Controlling Criminal Contamination of the NET.
Don Ingraham
Assistant District Attorney, Alameda County; head of the High Tech
Crime Team; international consultant on computer crime and its
prosecution.
Panel of all 3 afternoon speakers answers remarks from student
responders and questions from audience.
Wrap-up and conclusion - Panel of all 6 speakers.
------------------------------
From: John Medeiros <71604.710@compuserve.com>
Date: 26 Oct 95 00:40:31 EDT
Subject: Re: Inappropriate Access to Absentee Ballot Lists?
clearnts@coho.halcyon.com (Steve Habib Rose) was surprised to
get a political mailing based on his having used an absentee ballot in
the past. He inquired as to the legality of absentee ballot lists.
Voter registration records and derivatives thereof are public
records. I have not yet seen a service which had automated that
information, unlike other public records such as property tax, property
ownership and court records.
Should absentee voter lists be available? Personally, I have
no objection. I can forsee that protecting voter records could make it
difficult for minority parties to prove voter fraud. Should they be
automated (on disks)? I see no other practical way but to use a
computer to cross check to uncover several types of voter fraud. So
how do you limit their use to purely benificent purposes?
Is the existence of voter records as "public records" common
knowledge? I knew it, but I would guess that most people outside of
this list don't.
------------------------------
From: "Dennis G. Rears" <drears@Pica.Army.Mil>
Date: 26 Oct 95 10:31:12 EDT
Subject: Re: Inappropriate Access to Absentee Ballot Lists?
Steve Rose <clearnts@coho.halcyon.com> writes: I live in Seattle,
Washington. I just got a mailing from a candidate named Richard
B. Sanders encouraging me to: "Mark your absentee ballot today..."
I found this, shall we say, interesting, considering I also
happened to get an absentee ballot this same day. This mailing was
clearly addressed: "Attention Absentee Voter" and my next door
neighbor, who had not ordered an absentee ballot, didn't get the
same mailing.
This brings up things I had never thought of before. Voting
information is a public record. Anyone can go to the township clerk
and look at my voting record in Morris County. They will find my
current address as well as all my addresses for the last 10 years.
They will find out my party affiliation (if I had one) and well as all
the elections I voted in and did not vote in. They will find out how
many times I voted absentee.
We all know of the privacy implications. Why is this information
public? To protect the integrity of the voting process. What's more
important the voting process or privacy issues? I don't know.
Interesting question.
Among my many questions: 1. Is it legal to distribute to political
campaigns the list of people who have asked for absentee ballots?
I think the question here is really "Does a candidate (or anyone) have
access to who is filing for absentee ballots"? I would certainly hope
so. This is a front line way of stopping absentee voter fraud.
2. Should it be?
yes. Maybe guidelines should be in place on what to do with this
information.
3. In what format is this information supplied, and to whom? Is it
provided on disk, for convenience? Or "just" on easily scanned
printouts? Is there a cost for this "public service"?
I think this depends on the individual township or county.
4. Is it common knowledge that absentee ballot lists are made
available in this fashion?
I would doubt it. It is common knowledge to people involved in the
voting record process, just like ANI is common knowledge to telecom
savvy people. People would be surprised just what information on them
is available because it is public record: births, marriage, divorce,
home ownership, and other information. Most newspapers publish real
estate transactions. Never make the FBI fugitive list, on the wanted
posters they publish the SSN of the criminal. Is that an invasion of
privacy?
I would bet that Mr. Sanders doesn't even see this as a
government/privacy issue. Candidates have always gone to the voting
records. Why else do only democrats get democratic primary mailings
and republicans republican maillings. When a process has always been
done a certain way very few if any look at process. It's not right but
it is human nature.
BTW, what is worse that people have access to these records or the junk
mail they send? I have problems with the access but I wonder what is
the worse evil, lack of accoutability of voting records or lack of
privacy of records. If it is the junk mail, even if the access was
denied they would probably end up junk mailing everyone. Either way we
lose.
--
dennis
------------------------------
From: "Peter M. Weiss" <PMW1@PSUVM.PSU.EDU>
Date: 26 Oct 1995 08:47:59 -0400 (EDT)
Subject: Re: Call Blocking
Organization: Penn State University
Bell Atlantic-PA had proposed changing the monthly fee for Private
Telephone Number Service from $1.75 to $3+. Fortunately, they recinded
it. Instead they upped the D.A. rates from $.40 to $.59 per call
(after 2 "free" per month for residential service).
/Pete Weiss -- Penn State
------------------------------
From: "Newshare Corp." <newshare@rmc1.crocker.com>
Date: 24 Oct 1995 12:40:03 -0700
Subject: Clickshare(sm) alpha up; "test drives" available
CLICKSHARE UNIVERSAL-ID, PROFILING AND MICRO-TRANSACTION
SYSTEM ENTERS ALPHA; PERSONALIZED "TEST DRIVES" BEGIN
WILLIAMSTOWN, Mass., Oct. 23 -- Newshare Corp. begins shipping to
selected publishers this week the alpha version of its breakthrough
Clickshare(SM) system to track and settle Internet-wide micro-
transactions.
"Clickshare removes one of the biggest barriers to the evolution
of the Internet by giving users universal-ID access to a free market
for digital information," said Bill Densmore, Newshare president and
cofounder. "Yet the information -- and the user relationship -- remain
physically controlled by the publisher."
Clickshare's personal Newshare(sm) topic-profiling and
custom-linking facilities are open for public use at
<http://www.clickshare.com/tryit.html>. Transaction-handling
capabilities, and an initial base of Publishing Members, will be
launched in early 1996.
"At that point, publishers will be able to sell each others'
information for as little as a dime per click, exchanging royalties and
commissions seamlessly," added Densmore. "Internet Service Providers
will be able to act as on ramps into this content universe as well."
Clickshare requires no special software for consumers beyond their
Web browser and costs a publisher as little as $795 to join. Publishers
can sell information by subscription or per-query to their own users,
and set all pricing. Newshare is now soliciting a broader group of
"beta" publishers.
"Publishers thinking toward the next century want to maintain a
close relationship with their users," says David M. Oliver, Newshare's
managing director-technology and principal Clickshare author. "And this
implies registering them, profiling their interests and preferences,
authenticating and verifying their use of resources, and billing them
for charged items. Clickshare does this for publishers and for users in
background, not in-your-face."
WHAT IS CLICKSHARE(sm)?
Clickshare is a complete, distributed, user-management system
which provides the only true third-party validation of web usage. It
differentiates "eyeballs" rather than just counting them. It protects
personal privacy and the publisher/subscriber relationship.
Clickshare(SM) permits consumers to access information on
multiple, unrelated Internet Web servers with a single ID and
password. It gives publishers revenues not only from their own
information but from the information their users buy elsewhere. And it
gives advertisers the best way to measure web traffic by specific
user.
"Clickshare's versatile architecture is core technology for a
worldwide free market for digital communications -- a true information
exchange," said Densmore.
Newshare Corp., is based in Berkshire County, Massachusetts, a
region which has spawned several multimedia startups because of its
high quality-of-life, accessibility to New York and Boston and good
talent pool. Formed in September, 1994, it is privately held.
HOW IT WORKS
Clickshare has two principal components, Oliver says.
Clickshare-enhanced Web server software runs on publishers' computers
as a primary piece of controlling software or as an adjunct to other
UNIX-based server software. It logs user registration, authentication,
personalization and micro- transactions.
The second piece of essential software, the Clickshare
token-validation service (TVS) server, is run by Newshare Corp. or
licensees. It creates and validates authentication tokens, brokers
non-personal user preferences among publishers, and maintains "page
visit" records from multiple independent sites sortable by anonymous
user number, page visited and site ID.
"At no time does Clickshare know a user's name or demographic
profile," says Oliver. "Only the user's home-base publisher has this
information."
Clickshare has been called a an example of "wise thinking" (Steve
Outing, Editor & Publisher Interactive, Sept. 18, 1995) and "the
excelsior that will allow web businesses to sell information by the
page" (WEBster, Oct. 3, 1995).
Each user has a single "home base" at a Publishing Member (likely
to be a local or speciality publication with whom they have a
continuing relation). Clickshare users register just once with their
home base, providing credit-card information by phone, fax, mail or
secure Internet connection. At no time do credit-card numbers or other
personal information traverse the Clickshare system.
Thereafter, a user begins a Clickshare(sm) session as simply as
logging in to the online world in the first place. The user must enter
a personal ID and password just once during each session. In response,
their home Publishing Member provides them a personalized, updated,
jumpoff page of useful links, based on the personal topical-interest
profile the user provided at initial registration.
As they browse effortlessly to Clickshare-enabled and other sites,
users can be confident that the link between their identity and their
tracks does not go beyond their home Publisher. Clickshare provides
mechanisms to establish charge limits and receive periodic reports of
charges.
The Clickshare-enhanced Web Server -- which is browser independent
-- is provided to Member Publishers by Newshare Corp. free under
license. Newshare's back-end service network exchanges data with the
Internet servers of Clickshare-enabled sites, validating users and
tracking all discrete page accesses -- chargeable or free -- across
every participating site.
Clickshare tracks content served to users regardless of the location of
their "home" Publishing Member. Aggregate micro- charges, settled
monthly or more frequently, allocating commissions, royalties and
transaction fees, thus form the basis of a system resembling an ATM
network.
Clickshare leaves to each Publishing Member the marketing contours
of its relationship to its customers. Each Publishing Member is thus
free to use its own model for user subscription or per-page rates.
A portion of all fees accumulated by a user for all visited
Clickshare-enabled sites is retained by the user's home Publishing
Member. This is termed a "referral commission." And Newshare retains a
portion for its role in tracking and clearing transactions. At least 50
percent of each transaction goes to the content owner as a royalty.
MORE THAN IP NUMBERS
Beyond the model of payment for access to information, because it
tracks known users (rather than Internet Protocol (IP) numbers),
Clickshare may also serve as a third-party circulation/viewership
auditing mechanism for the advertising and publishing industry, while
leaving to users control of release of demographic and other data, and
respecting their desires for privacy.
"This transparent and efficient mechanism makes it economically
practical to bill information purchases of as little as a dime and
possibly less," says Oliver. "Thus Clickshare provides the platform on
which the consumer of the 21st century can freely and conveniently
access independently owned information worldwide, paying through
existing credit structures."
For more news and information, send email to info(at)newshare.com
or see: http://www.newshare.com/clickshare/
"Clickshare" and "Newshare" are registered servicemarks of
Newshare Corp.
For media information contact: Felix Kramer, Kramer
Communications, (212) 866-4864 (felix@newshare.com); all other queries
to: Bill Densmore or Lynn Duncan at Newshare Corp., (413) 458-8001
(mail@newshare.com).
------------------------------
From: editor@cdt.org (editor@cdt.org)
Date: 24 Oct 1995 15:54:51 -0500
Subject: CDT POLICY POST No.27 -- Landmark Health Privacy Bill Introduced
------------------------------------------------------------------------
****** ******** *************
******** ********* *************
** ** ** *** POLICY POST
** ** ** ***
** ** ** *** October 24, 1995
** ** ** *** Number 27
******** ********* ***
****** ******** ***
CENTER FOR DEMOCRACY AND TECHNOLOGY
------------------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
------------------------------------------------------------------------
CDT POLICY POST Number 27 October 24, 1995
CONTENTS: (1) Landmark Privacy Legislation Introduced in Senate -- Would
Ensure Confidentiality of Medical Records
(2) CDT Led Coalition Letter In Support of Bennett Bill
(4) How To Subscribe To The CDT Policy Post Distribution List
(3) About CDT, Contacting Us
This document may be re-distributed freely provided it remains in its
entirety.
-------------------------------------------------------------------------
(1) LANDMARK PRIVACY LEGISLATION INTRODUCED IN SENATE
Bill Would Ensure Confidentiality of Medical Records
Landmark privacy legislation designed to protect the confidentiality of
medical records was introduced today in the Senate by Senators Robert
Bennett (R-UT), Robert Dole (R-KS), Nancy Kassebaum (R-KS), Edward Kennedy
(D-MA), and Patrick Leahy (D-VT). If enacted, the "Medical Records
Confidentiality Act" would create strong, comprehensive, privacy safeguards
for the health data of all Americans. Similar legislation has been
introduced in the House by Representative Gary Condit (D-CA).
As CDT Deputy Director Janlori Goldman stated during a press conference
announcing the Introduction of the bill, "the Medical Records
Confidentiality Act is desperately needed to close a gaping hole in current
law that leaves peoples' most personal, sensitive information extremely
vulnerable to abuse and misuse. Strong protections are needed to safeguard
peoples' health records as the information moves on the Global information
highway. Congress must seize the opportunity to pass this bill this
session." Towards this end, CDT has organized a broad range of privacy and
consumer advocates, along with representatives from the health care and
information industries to work towards its passage. (see attached letter
below)
The 'Medical Records Confidentiality Act' would:
* Give people the right to see, copy, and correct their own medical
records;
* Limit disclosure of personal health information by requiring an
individual's permission prior to disclosure of his or her health
information by doctors, insurance companies, and other health
information 'trustees' (e.g.: researchers and public heath
departments);
* Require the development of security guidelines for the use and
disclosure of personal health information; and
* Impose strict civil penalties and criminal sanctions for violations
of the Act, and provide individuals with a private right of action
against those who mishandle their personal medical information.
CDT believes that strong uniform privacy rules for the handling of personal
health data are critical to ensuring public trust and confidence in the
emerging health information infrastructure. Recent studies by the
Institute of Medicine and the Office of Technology Assessment have shown
that state laws are inadequate to protect peoples' health records, and that
a federal law is needed to address this shortfall.
More information, including the text of the bill and a section-by-section
summary, are available from CDT's Health Information Privacy web page
(URL:http://www.cdt.org/health_priv.html).
BACKGROUND -- THE NEED FOR MEDICAL RECORDS PRIVACY PROTECTIONS
The public is continually told that increased data collection, linkage and
sharing is necessary to improve the quality of health care and reduce
costs. Yet without giving individuals confidence that their most sensitive
personal information will be protected, we risk falling short of these
health reform goals. If people don't trust the health care system to
maintain the confidentiality of personal health information, they will be
reluctant to fully participate. A 1993 Lou Harris poll shows that a
majority of Americans favors new, comprehensive legislation to protect the
privacy of medical records. The poll found that nearly 50 million people
believe their own medical records have been improperly disclosed.
It is no wonder individuals are nervous about the privacy of their health
information. One need only read the paper to learn about leaks of the
sensitive health information of politicians, sports figures, and
celebrities. The ordeals of Representative Nydia Velazquez (D-NY) and the
late tennis star Arthur Ashe expose the dire consequences that can occur
when health information is wrongly disclosed. Both Velazquez and Ashe
suffered the disclosure of the most private intimate details of their lives
-- a suicide attempt and HIV infection respectively -- to the world.
Public figures are not the only victims of unauthorized, egregious
disclosures. The average American also suffers from leaks of sensitive
medical information. Recently, information on the HIV status, drug-abuse
history, and sexual practices of volunteers at an Ohio Health Department's
AIDS prevention unit was wrongly disclosed. Following another breach of
confidential information, the office closed for retraining.
Weak security also leads to unauthorized internal access and misuse of
peoples' health records. In March of this year, a 13-year-old daughter of
a hospital clerk printed out the names and phone numbers of patients who
had been treated at the University of Florida's Medical Center. As a hoax,
the 13-year old girl then contacted seven patients and erroneously told
them they were infected with HIV. After receiving one of these prank
calls, a young girl attempted suicide believing she had the HIV virus.
CDT believes that the Medical Records privacy act is the most important
privacy bill since the Electronic Communications Privacy Act of 1986
(ECPA). Furthermore, enacting health information privacy legislation is a
critical first step in health care reform. The Medical Records
Confidentiality Act is supported by nearly everyone with a stake in the
debate. If passed, CDT believes the legislation will go a long way to
restore the public's faith and confidence in the integrity and security of
our nation's health care system.
NEXT STEPS:
The bill has been referred to the Senate Labor and Human Resources
Committee (Chaired by Sen. Kassebaum (R-KS), a co-sponsor). Committee
hearings are scheduled for mid-November, and the bill is expected to be
considered by the full Senate early in 1996. Similar legislation is
pending in the House (HR 435, sponsored by Rep. Condit (D-CA).
For More Information Contact:
Janlori Goldman, CDT Deputy Director <jlg@cdt.org>
Deirdre Mulligan, CDT Staff Counsel <deirdre@cdt.org>
+1.202.637.9800
------------------------------------------------------------------------
(2) CDT LED COALITION LETTER IN SUPPORT OF BENNETT BILL
October 20, 1995
Senator Robert Bennett
431 Dirksen Senate Office Bldg
Washington, DC 20510
Dear Senator Bennett:
We write to express our appreciation and strong support for your efforts to
enact a comprehensive privacy law to protect personal health information.
We believe that safeguarding the privacy of peoples' health information is
a necessary and critical component of health care reform. As the health
system's infrastructure grows increasingly automated, it is essential that
people have confidence that their participation in the health care system
does not mean the loss of their privacy.
Although we are still in the process of resolving certain issues in the
draft Medical Records Confidentiality Act developed by your office, a
substantial consensus has emerged on the central policy of providing
Americans uniform, strong confidentiality protection for their health
information.
We look forward to continuing to work with you on this important bill.
Sincerely,
Aimee Berenson
AIDS Action Council
Kathleen Frawley
American Health Information Management Association
Rick Pollack
American Hospital Association
American Association of Retired Persons
Leanord Rubenstein
Bazelon Center for Mental Health Law
Joel Gimpel
Blue Cross and Blue Shield Association
Janlori Goldman
Center for Democracy and Technology
Arthur Levin
Center for Medical Consumers
Christopher G. Caine
IBM Corporation
Susan Jacobs
Legal Action Center
John Rector
National Association of Retail Druggists
Blair Horner
New York Public Interest Group
Don E. Detmer, M.D.
University of Virginia Health Sciences Center
---------------------------------------------------------------------------
(3) HOW TO SUBSCRIBE TO THE CDT POLICY POST LIST
CDT Policy Posts, which is what you have just finished reading, are the
regular news publication of the Center For Democracy and Technology. CDT
Policy Posts are designed to keep you informed on developments in public
policy issues affecting civil liberties online.
SUBSCRIPTION INFORMAITON
1. SUBSCRIBING TO THE LIST
To subscibe to the policy post distribution list, send mail to
"Majordomo@cdt.org" with:
subscribe policy-posts
in the body of the message (leave the subject line blank)
2. UNSUBSCRIBING FROM THE LIST
If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@cdt.org" with the following command
in the body of your email message:
unsubscribe policy-posts youremail@local.host (your name)
(leave the subject line blank)
You can also visit our subscription web page URL:http://www.cdt.org/join.html
-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance constitutional civil liberties
and democratic values in new computer and communications technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: URL:http://www.cdt.org
FTP URL:ftp://ftp.cdt.org/pub/cdt/
Snail Mail: The Center for Democracy and Technology
1001 G Street NW * Suite 500 East * Washington, DC 20001
(v) +1.202.637.9800 * (f) +1.202.637.0968
-----------------------------------------------------------------------
End Policy Post No. 27
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 18 Oct 1995 13:55:25 -0500 (CDT)
Subject: Info on CPD [unchanged since 08/18/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
[new: Ordinary copyrighted material should not be submitted. If a]
[copyright owner wishes to make material available for electronic]
[distribution then a message such as "Copyright 1988 John Doe.]
[Permission to distribute free electronic copies is hereby granted but]
[printed copy or copy distributed for financial gain is forbidden" would]
[be appropriate.]
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #034
******************************
.