Date: Wed, 15 Nov 95 07:01:16 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V7#041
Computer Privacy Digest Wed, 15 Nov 95 Volume 7 : Issue: 041
Today's Topics: Moderator: Leonard P. Levine
Re: Unsolicited email Advertising
Re: Unsolicited email Advertising
Re: Unsolicited email Advertising
Re: Unsolicited email Advertising
Re: Copyright Notice
Re: Phone Number Privacy
Re: Phone Number Privacy
Re: Health Privacy Legislation - Part II
Re: First Interstate Bank's Inkless Fingerprint Program
Re: First Interstate Bank's Inkless Fingerprint Program
United Way uses SSN now
Re: Can you Sue if Credit is Denied for Lack of SSN?
Company Network email Reading by Network Ad/Sup?
Info on CPD [unchanged since 08/18/95]
----------------------------------------------------------------------
From: bruno@cerberus.csd.uwm.edu (Bruno Wolff III)
Date: 09 Nov 1995 21:31:44 GMT
Subject: Re: Unsolicited email Advertising
Organization: University of Wisconsin - Milwaukee
haz1@kimbark.uchicago.edu (Bill) wrote: Unfortunately, there is no
such thing as an "unlisted" email address; if you wish to receive
legitimate responses to your posted comments, then it is also
possible for someone to use that address to send you junk mail.
Even using an anonymous-remailer does not shield you-- if you read
replies to your posts, you will also find junk email.
One way to handle unsolicited email is to use a mail filter that checks
the digital signature of all incoming mail and discard all messages
that don't come from a source permitted to send you mail. Right now
this isn't practical because there isn't software that makes doing this
convenient. In my opinion something like this will be necessary within
the next few years because we will be receiving many more junk mail
messages than useful ones.
------------------------------
From: Dave Mann <mannd@zemu.candw.com.ai>
Date: 09 Nov 1995 22:37:42 -0500
Subject: Re: Unsolicited email Advertising
There have been many recent discussions about receipt of e-mail junk
messages, spam, advertisements, all interrelated with an expectation of
privacy on the internet. Privacy invasions always seem to be viewed as
*someone* is using our name. (Jimi sang it well: *There's a Po-Liceman
on the Corner and He Know My Name") I submit that we also should
include what we do to ourselves (yep, let's stand right up and say
"That incident was MY fault, not the provider, advertiser, other
person". I can mention two stupid mistakes on my part, and I have been
a computer user, engineer, manager, and programmer since 1963: big
machines and little blivits.
The day hasn't passed by since then that there weren't screwups that
were my fault. Case One: subscribing to a group then neglecting to
remember the name/server/domain combination under which I subscribed.
How is the list adminstration going to unsubscribe me when I don't even
know how I am subscribed? Not his fault; *my fault*. Case Two:
sending my name off to a software purveyer asking for updates on their
software. This generated an average of 100 messages per day until
their mail machine went brain dead. I got what I wanted ... updates
... but also a whole forum full of other stuff. OK, my point here (if
it isn't clear enuff yet) think before you send the message and if the
spam starts rolling in, investigate how best to eliminate it just as
you would deal with a particularly pesky bug review and repair.
We can't always blame the other guy all the time ... it is easier to
paranoically finger *the other guy*, but that undermines the system.
Even the Clueless get off my hook too, they should have Mentors willing
to help them answer questions like "What happened when I pushed that
button?" rather than receive a nasty-gram telling them to RTFM, when
they have RTFM but don't understand it because people like *us* write
TFM. Privacy is certainly a right and not a privilege, but there are
times when we do ourselves in.
[May be attributed to Dave Mann, no copyright protection desired or
sought, close cover before striking; you mileage may vary. Vlad the
Impaler had his Good Points]
------------------------------
From: gmcgath@condes.MV.COM (Gary McGath)
Date: 10 Nov 1995 12:45:43 GMT
Subject: Re: Unsolicited email Advertising
Organization: Conceptual Design
haz1@kimbark.uchicago.edu (Bill) wrote: There's a big difference
between one person doing something that annoys only yourself, and
dozens (soon to be hundreds, at current rates of growth) of people
doing something that annoys not only yourself, but also many other
people. This may be the first junk email Philip Duclos has
received, but I guarantee it won't be the last. I'm getting about
one a week, and I know several people who get one almost every
day. Junk email is a common problem, growing in proportion, that
needs to be solved before it achieves the status of junk
snail-mail. Deterring junk email by "calling the cops" is, in my
view, a laudable public service.
The number of people being annoyed does not convert annoyance into
force or fraud; if it did, then one would have to accept the premise
that a book or article which annoyed a sufficiently large number of
readers could justifiably be censored. "Emotional harm" cannot be a
justification for criminalization in a free society.
A law which protects you from feeling annoyed would stomp on free
communication. If sending unsolicited E-mail were a crime, then I could
not use E-mail to contact an old friend whom I hadn't seen in years. Or
if the law were that unsolicited E-mail is permitted with limitations
on mailing list size and/or content, then it's guaranteed that as soon
as someone sent out an alert against a deadly piece of legislation that
some politician really wanted, that person would find his computer
raided, his disks and laser printer seized, and himself threatened with
prosecution.
More broadly, what we have here is a variant on the old false
alternative of "security vs. freedom"; here, the imagined alternative
is "privacy vs. freedom." It's supposed that if only the government
puts enough restrictions on E-mail, then nobody will dare to send us
E-mail which we don't want, and we'll thus achieve privacy. But in
implementing this, the government would be giving itself the right to
police and examine E-mail; and once it had that power, we'd suffer a
loss of privacy far more grievous than that resulting from unwanted
advertisements. Give up freedom, and you give up privacy as well.
If junk (snail) mail could have been fined under the law, back when
it was just getting started, would you have been making similar
remarks about someone who went to the trouble to punish the
offenders?
I certainly hope so.
--
Gary McGath
gmcgath@condes.mv.com
http://www.mv.com/users/gmcgath
------------------------------
From: "John E. Bredehoft" <72604.2235@CompuServe.COM>
Date: 11 Nov 1995 15:10:36 GMT
Subject: Re: Unsolicited email Advertising
Organization: CompuServe, Inc. (1-800-689-0736)
haz1@kimbark.uchicago.edu (Bill) writes: Junk email is a common
problem, growing in proportion, that needs to be solved before it
achieves the status of junk snail-mail. Deterring junk email by
"calling the cops" is, in my view, a laudable public service.
I would *much* rather have to put up with the annoyance of junk mail of
any medium. The idea of having some entity (governmental or otherwise)
control my incoming mail is chilling.
Market forces will take care of the more notorious junk e-mailers. As
more businesspeople learn about Slaton's tactics and his effectiveness
or lack thereof, his business will probably decrease. "Oh, *you're* the
guy who sends e-mail to two-year old discontinued addresses. No, I'll
pass..."
--
John E. Bredehoft
72604.2235@compuserve.com
------------------------------
From: les@Steam.Stanford.EDU (Les Earnest)
Date: 09 Nov 1995 23:42:13 GMT
Subject: Re: Copyright Notice
Organization: Stanford University, CA 94305, USA
John C. Rivard writes: There is a fundamental distinction in
copyright law that you cannot copyright an IDEA, but you can
copyright the ESPRESSION of that idea. That is why it is a stated
in US copyright law that the copyright is "automatically" created
when an author first records the work in a "fixed, readable" form.
The law specifically states that this form can be machine readable
(a phonograph record or a computer disk, for example).
Yes, but typing something into a computer doesn't necessarily record it
locally in a "fixed, readable" form. Who owns the copyright if some
other computer on the Internet is the first to record the work on its
disk? And what if the person who typed it in is merely recording an
oral statement made by someone else? Not clear in either case, it
seems to me.
--
Les Earnest (les@cs.stanford.edu) Phone: 415 941-3984
Computer Science Dept.; Stanford, CA 94305 Fax: 415 941-3934
------------------------------
From: night@acm.rpi.edu (Trip Martin)
Date: 09 Nov 95 23:50:57 GMT
Subject: Re: Phone Number Privacy
Organization: Rensselaer Polytechnic Institute, Troy NY, USA
bcn@world.std.com (Barry C Nelson) writes: When you can see the
redial button or memory on your telephone you KNOW that the
information is stored there for the taking. When you have no
knowledge of *69, you're information is being placed at risk by
your phone company without you knowing about it. [...] I agree
that it's somewhat paranoid for those of us with no secrets ;-) but
it could be a shock to someone who finds out the hard way. I also
agree with moderator's note that the biggest risk is to those who
have an urge to keep their unlisted numbers private, yet make toll
calls to people who have *69 features.
One thing that is available in my area (518 area code) is call return
blocking. It means that if I call someone, they can't call me back by
using *69. I don't know if this is available in other areas, but it's
worth asking about for those who are concerned about it.
--
Trip Martin
night@acm.rpi.edu
------------------------------
From: eichin@mit.edu
Date: 10 Nov 95 20:52:32 EST
Subject: Re: Phone Number Privacy
Imagine you get a late-night phone call from a secret paramour and
tell your spouse that it was a "wrong number." The suspicious
spouse can just press *69 to call back your wrong number, and find
out who it was, or wait for the phone bill and work from there.
On a recent CD, folk singer Christine Lavin included a song actually
titled "*69" about a similar, though different in the details,
scenario... interesting from the "raising public awareness" perspective
at least.
------------------------------
From: Robert Gellman <rgellman@cais.cais.com>
Date: 09 Nov 1995 21:35:05 -0500 (EST)
Subject: Re: Health Privacy Legislation - Part II
This is the second in a series of postings with excerpts from
studies of health privacy. These studies show uniformly that
health records have inadequate legal protection today.
From "Protecting Privacy in Computerized Medical
Information" by the Office of Technology Assessment (1993):
There is tremendous variation in the number and quality of State laws
on medical confidentiality. While it may be difficult to generalize
about the adequacy of State medical confidentiality laws, a report of
the Committee on Government Operations of the House of Representatives
concluded in 1980 that "most States do not have well defined, modern
laws on the confidentiality of medical records." A survey of State
statutes governing privacy in medical records published by Robert Ellis
Smith emphasizes this point.
<begin italics> These statutes, however, do not address the flow of
medical information to secondary users outside the treatment process
who are deemed to legitimately have access to the information. They do
not address the responsibilities of third-party payers in handling this
information, nor do they impose rules about the use of medical
information by secondary users of that data: parties that use medical
records for nonmedical purposes. This patchwork of law addressing the
question of privacy in personal medical data is inadequate to guide the
health care industry in carrying out its obligations in a computerized
environment. <end italics>
* * * * * * * * * * * * * * * *
<begin italics> Legal and ethical principles currently available to
guide the health care industry with respect to obligations to protect
the confidentiality of patient information are inadequate to address
privacy issues in a computerized environment that allows for intra- and
interstate exchange of information of research, insurance and patient
care purposes. Lack of legislation in this area will leave the health
care industry with little sense as to their responsibilities for
maintaining confidentiality. It also allows for a proliferation of
private sector computer databases and data exchanges without
regulation, statutory guidance, or recourse for persons wronged by
abuse of data. <end italics>
The scheme, as it exists, does not adequately take into account the
tremendous outward flow of information generated in the health care
relationship today . . . . This problem has always existed, but was
not serious because medical records were only occasionally used outside
the medical treatment process. <begin italics> The expanded use of
medical records for nontreatment purposes exacerbates the shortcomings
of existing legal schemes to protect privacy in patient information.
The law must address the increase in the flow of data outward from the
medical care relationship by both addressing the question of
appropriate access to data and providing redress to those that have
been wronged by privacy violations. Lack of such guidelines, and
failure to make them enforceable could affect the quality and integrity
of the medical record itself. <end italics>
Comment: The health privacy situation today is awful and it is getting
worse. In the absence of new legislation, new and expanded uses of
health records will continue to expand in a largely uncontrolled
fashion. Private, computerized databases are unregulated and are
growing.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +
------------------------------
From: "Dave Banisar" <banisar@epic.org>
Date: 10 Nov 1995 16:35:34 -0500
Subject: Re: First Interstate Bank's Inkless Fingerprint Program
I understand that banks in AZ and TX are also demanding that anyone who
does not have an account at a bank who wants to cash a check must be
fingerprinted. They claim that the fingerprints are only used after a
bad check appears.
--------------------------------------
Date: 11/10/95 2:44 PM
To: Dave Banisar
From: Jim Warren
Just received this prelim note from a net contact. At first blush, it
sounds pretty scary for its privacy and surveillance *potential*,
regardless of its initial purpose(s) -- regardless of whether it
utilizes digital fingerprinting technology such as is (for instance)
now used by the Calif DMV.
Just wait until the start asking for a hair strand for genetic-marker
proof of identity! (I'm joking. Aren't I?)
===
From: Rich.Woods@245.genesplicer.org (Rich Woods)
Date: 03 Jan 00 23:22:31 -0800
Recently Wells Fargo Bank of CA took over First Interstate Bancorp.
I bank at 1st Interstate in Nevada (Henderson, NV 13 miles outside
of Las Vegas).
I got the following information today from the bank (posted on
their countertops)
Introducing First Interstates Inkless Fingerprint Program ...
===
Rich is forwarding a copy of the bank's fingerprint-program brochure. Will
write it up in GovAccess as soon as I get a chance.
In the meantime, do other folks have information/thoughts?
--
Jim Warren, GovAccess list-owner/editor (jwarren@well.com)
Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc.
=== EXPLANATION OF WHAT GOVACCESS IS & WHERE TO FIND ITS ARCHIVES ===
GovAccess is a list distributing irregular info & advocacy regarding
technology and civil liberties, citizen access to government - and
government access to citizens, covert and overt.
To add or drop GovAccess, email to Majordomo@well.com ('Subject' ignored)
with message: [un]subscribe GovAccess YourEmailAddress (insert your eaddr)
For brief description of GovAccess, send the message: info GovAccess
------------------------------
From: jdav@mcs.com (Jim Davis)
Date: 13 Nov 95 13:27 CST
Subject: Re: First Interstate Bank's Inkless Fingerprint Program
The other big use of fingerprinting (outside of law enforcement) in CA
is the use of electronic fingerprinting ofgeneral assistance welfare
recipients in several CA counties (LA, Alameda, SF, Contra Costa,
proposed for Santa Clara), and being tested for AFDC (mostly women &
kids) in LA, with legislation (AB 275) propsing to alternatively extend
it to 3 or 4 outher counties, or statewide. Since AFDC is a
federally-mandated program, this would open the way for a national
welfare database. I'm not sure of the status re: FBI standards for
digital fingerprinting, but once those are in place, I should think we
will see vendors supporting those standards, so we might/probably will
see a convergence in storage techniques, and merging of databases.
The welfare databases in CA, by the way, are not maintained by the
various Dept of Social Services agencies, but are maintained by EDS out
of their LA facility, and linked together by design. More and more
goverment and other data is being handled by private firms like EDS as
data processing activity is contracted out or privatized, as the NYT
pointed out: "The rapid growth of EDS and its biggest competitors
raises the intriguing question of how much of the nation's computing
capacity will one day end up in the hands of a few computer services
giants." (New York Times, October 30, 1991.)
Finally, historically welfare programs have been important areas where
new incursions on privacy vis-a-vis data gathering have been introduced
and/or sold to the public.
--
Jim Davis
------------------------------
From: wrf@ecse.rpi.edu (Wm. Randolph U Franklin)
Date: 10 Nov 1995 03:39:41 GMT
Subject: United Way uses SSN now
Organization: ECSE Dept, Rensselaer Polytechnic Institute, Troy, NY, 12180 USA
The United Way pledge form that my employer, Rensselaer Polytechnic
Institute, a private university, sent me has my SSN printed on it along
with my name. RPI probably printed the forms, so that United Way
doesn't know my SSN, unless I contribute. Gee, that's a dilemma:
should I give away money and thereby spread my SSN around, or keep my
money and also keep my SSN a little more secret?
I think that Death certificates often have the deceased's SSN on them.
Dunno whether this is required by law, or whether the relevant
government flunky just heavily suggests, w/o actually stating, that
this is required.
--
Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
------------------------------
From: JF_Brown@pnl.gov (Jeff Brown)
Date: 10 Nov 1995 22:21:34 +0000 (GMT)
Subject: Re: Can you Sue if Credit is Denied for Lack of SSN?
Organization: Battelle Pacific Northwest Labs
jcr@mcs.com says... Not to be a fly in the ointment, but when they
pulled your TRW with your name and address, your SSN appeared big
and bold at the top of the screen. The question is, did they then
add it to your bank records?
The Credit Manager and I were in the same room when he looked up my
credit record. Yes, my SSN was on the record. The Credit Manager
promised that he would have my credit application processed without
adding it to their records.
BTW, I have other accounts at this institution, so they could have just
transferred the number from there. They were up front about that
also.
--
Jeff Brown
JF_Brown@pnl.gov
------------------------------
From: sanders@pipeline.com (John C. Sanders)
Date: 12 Nov 1995 11:04:28 -0500
Subject: Company Network email Reading by Network Ad/Sup?
Organization: The Pipeline
We use Word Perfect Office for internal email where I work and we have
a LAN over which the email runs. A friend and I were having a
discussion about the issue of whether or not the LAN system
administrator/supervisor has the capability to see, monitor, review,
save the email of all employees. My friend says he has such a
capability if he chooses to use it. It seems doubtful to me, though.
This would make this LAN administrator/supervisor very powerful if he
had access to everybodies email, especially the email of key people in
the organization. Could a LAN administrator/supervisor have this
capability and not know it? Can anyone cite any articles or other
sources of information on this topic?
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 18 Oct 1995 13:55:25 -0500 (CDT)
Subject: Info on CPD [unchanged since 08/18/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
[new: Ordinary copyrighted material should not be submitted. If a]
[copyright owner wishes to make material available for electronic]
[distribution then a message such as "Copyright 1988 John Doe.]
[Permission to distribute free electronic copies is hereby granted but]
[printed copy or copy distributed for financial gain is forbidden" would]
[be appropriate.]
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V7 #041
******************************
.