Date: Sat, 03 Feb 96 10:21:11 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#012
Computer Privacy Digest Sat, 03 Feb 96 Volume 8 : Issue: 012
Today's Topics: Moderator: Leonard P. Levine
Universal Tracking of Road Traffic
Re: Lotus [IBM] Blinks
Telecomm Bill Translation
Re: Computer Policy from American Library Association
The Computer Law Observer #16
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: Phil Agre <pagre@weber.ucsd.edu>
Date: 01 Feb 1996 19:25:04 -0800 (PST)
Subject: Universal Tracking of Road Traffic
I have here the most amazing document. It is a Request for Proposals
(number 95-7, dated January 1996) from the State of California Air
Resources Board (Research Division, 2020 L Street, Sacramento CA 95814)
entitled "Incorporation of Radio Transponders into Vehicular On-Board
Diagnostic Systems". The ARB wants someone to build transponders and
receivers that allow computers to automatically poll cars to determine
if their emissions systems are failing, in the process accumulating a
database of the cars' locations on particular dates and times.
According to the RFP, by 1996 new cars and light trucks in California
are required to have onboard systems that illuminate a dashboard light
if the emissions systems are malfunctioning. Since the appearance of
this light does not ensure that the car's owner will get the emissions
system fixed, the ARB is proposing that new cars and light trucks
starting in the year 2000 (it doesn't say all of them, but it does say
1,000,000 of them) be required to include transponders that can
broadcast the car's VIN number, the emissions system fault codes, the
vehicle's location at the time of the query, and a status code. The
receivers are supposed to be capable of automatically polling the
"fleet" of cars equipped with transponders and storing in a database
the following information: date and time of current and last query,
VIN, status and fault codes, and "vehicle location (to the zip code
level, and city)". The contractor also "shall produce a public service
video documenting the system and explaining the concept and the
benefits of such a transponder-assisted approach to enhancing the
present I/M [Inspection and Maintenance] program."
In case it's not clear, the ARB is envisioning a system under which
cars sold in California will be required to incorporate a device ("no
larger than a pack of cigarettes") that the state can use to track its
whereabouts at all times. This plan poses a greater threat to
individual privacy than automatic toll collection or any other plan
currently under development for non-commercial transport informatics,
so far as I know. Environmental concerns are real, and the air in Los
Angeles is a crime, but plenty of means are available for alleviating
air pollution without constructing the technological groundwork for an
authoritarian society.
--
Phil Agre
------------------------------
From: fyoung@oxford.net (F Young)
Date: 02 Feb 96 12:25:04 EST
Subject: Re: Lotus [IBM] Blinks
WELKER@a1.VsDeC.nL.nuwc.navy.mil wrote: The hazard of which I speak
is not fraud, but merely loss of data. If you are my broker and
don't get my encrypted/signed buy/sell order on time because you
lost my public key, or your private key, or if you later claim not
to have been able to validate the transaction, there could be large
amounts of money on the line. A key held in escrow by a trusted
third party thwarts deniability (or requires conspiracy to
compromise the system). The "low-tech" analogy would be having a
document notarized or co-signed -- the notary can attest that he
saw both of us sign it.
If it is believed to be beneficial to have keys held in escrow for
particular business transactions, the parties to the transaction(s)
can, in their free wills, have the keys (or part of) held in escrow by
their legal counsels or other third parties chosen by those involved in
the transactions. However, if the parties decide to retain their
privacy by keeping their keys secret to themselves and take the risk of
suffering from the potential financial lost you mentioned, then they
should have the choice to do so.
------------------------------
From: Monty Solomon <monty@roscom.COM>
Date: 02 Feb 1996 22:52:27 -0500
Subject: Telecomm Bill Translation
[moderator: I have excerpted from the following all of the information
the author reports on the Telecom Bill's impact on _privacy_. As some
of you must be aware, the impact of the bill on freedom of speech may
well be pivotal, but for our purposes here, the following excerpt is
appropriate.]
From: jfischer@supercollider.com (James Fischer)
Date: 02 Feb 1996 16:10:13 -0500
Subject: [NetWatch]: Telecomm Bill Translation
As a public service, I'd thought I translate some of this
loosely into English.
> SEC. 402. OBSCENE OR HARASSING USE OF TELECOMMUNICATIONS FACILITIES
> UNDER THE COMMUNICATIONS ACT OF 1934.
> (a) OFFENSES- Section 223 (47 U.S.C. 223) is amended--
> `(1) by striking subsection (a) and inserting in lieu thereof:
> `(a) Whoever--
> `(1) in the District of Columbia or in interstate or foreign
> communications--
> `(A) by means of telecommunications device knowingly--
> `(i) makes, creates, or solicits, and
> `(ii) initiates the transmission of,
> any comment, request, suggestion, proposal, image, or other
> communication which is obscene, lewd, lascivious, filthy,
> or indecent, with intent to annoy, abuse, threaten, or
> harass another person;
So, it seems that if I were to suggest that both the US House and
Senate take this ammendment and use it to check on their prostates,
this would possibly violate this section of the proposed law.
[snip by moderator cpd]
> `(B) makes a telephone call or utilizes a
> telecommunications device, whether or not conversation or
> communication ensues, without disclosing his identity and
> with intent to annoy, abuse, threaten, or harass any person
> at the called number or who receives the communications;
So, when that bill collector from Shylock Finance calls, simply tell
him that you will consider any further phone calls to be a clear
indication of an intent to harrass you. Looks like
this provision will do wonders for folks who are behind on their
payments...
> `(C) makes or causes the telephone of another repeatedly
> or continuously to ring, with intent to harass any person
> at the called number; or
And with caller ID and/or *69, you can find out that the person ringing
your phone at 9am on a Saturday morning >>IS<< the guy from Shylock
Finance.
[snip by moderator cpd]
--
james fischer jfischer@supercollider.com
------------------------------
From: Peter Marshall <rocque@eskimo.com>
Date: 02 Feb 1996 08:31:58 -0800 (PST)
Subject: Re: Computer Policy from American Library Association
Don't clap yet. Not only has the rotund lady apparently not yet sung on
this one, but the overall show seems to have more than one tune to it.
For starters, you might want to check this again. This appears to be a
draft interpretation modifying current ALA policy and seems to be
awaiting final adoption at an upcoming ALA meeting. Not yet a done
deal. Of course, it is also the case that such ALA policies are not
binding on member libs. and are therefore not "enforcable."
Also of interest in context: while this proposed ALA policy is pending,
here in WA State, also pending before the WLA Board is a proposed WLA
policy that could open the door to so-called "fee-based" services in
publicly-funded libraries; while in recent letters to Sen. Gorton and
Rep. White on the "CDA" amendments to the now-passed telecom bill, WA's
State Librarian and Co-Chair of a state "task force" on "public info.
access policy," only sought narrowly to "protect" libraries as such
from the effects of the legislation. Notably, it took a formal request
under WA's public disclosure law to obtain copies of the State
Librarian's letters.
In similar fashion, via a proposed amendment to a "harmful to minors"
measure in WA's Leg. that's awaiting its initial committee vote, the
WLA's lobbyist sought again simply to exempt libraries and some other
institutions.
Meanwhile, another part of this state-level scenario is another pending
bill that in seeking to implement the recommendations of this same
State Librarian co-chaired "task force," would give the State Library
some $200,000. Interestingly, the group's final report not only
displeased a number of public interest advocates and activists here,
but was particularly criticized for paying inadequate attention to
information privacy; while to boot, virtually none of the public
comment on the draft report nor even a list of those commenting, was
anywhere to be seen in the report that now supposedly provides the
basis for the bill to implement it.
If WA State's any example (and let's hope it is not), hold the
applause.
Peter Marshall
------------------------------
From: Galkin@aol.com
Date: 29 Jan 1996 18:01:16 -0500
Subject: The Computer Law Observer #16
WE HAVE A NEW NAME !!!!!!
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
THE COMPUTER LAW OBSERVER
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
January 29, 1996 [#16]
=====================================
GENERAL INFO: The Computer Law Observer is distributed (usually) weekly
for free and is prepared by William S. Galkin, Esq. The Observer is
designed specifically for the non-lawyer. To subscribe, send e-mail to
wgalkin@earthlink.com. All information contained in The Computer Law
Observer is for the benefit of the recipients, and should not be relied
on or considered as legal advice. Copyright 1996 by William S. Galkin.
=====================================
ABOUT THE AUTHOR: Mr. Galkin is an attorney in private practice in
Owings Mills, Maryland (which is a suburb of Baltimore). He is an
adjunct professor of Computer Law at the University of Maryland School
of Law and has concentrated his private practice in the Computer Law
area since 1986. He represents small startup, midsized and large
companies, across the U.S. and internationally, dealing with a wide
range of legal issues associated with computers and technology, such as
developing, marketing and protecting software, purchasing and selling
complex computer systems, and launching and operating a variety of
online business ventures. He also enjoys writing about computer law
issues!
===> Mr. Galkin is available for consultation with individuals and
companies, wherever located, and can be reached as follows: E-MAIL:
wgalkin@earthlink.com/TELEPHONE: 410-356-8853/FAX: 410-356-8804/MAIL:
10451 Mill Run Circle, Suite 400, Owings Mills, Maryland 21117.
Articles in The Observer are available to be published as columns in
both print and electronic publications. Please contact Mr. Galkin for
the terms of such usage.
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
ELECTRONIC PRIVACY RIGHTS AND POLICE POWER
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
[This is the third of a series of articles discussing privacy rights in
the digital age.]
It's no secret. Law enforcement agents are closely monitoring traffic
on the Internet. It is also no secret that crime is proliferating on
the Internet at a frightening pace. Law enforcement agents are a bit
unnerved as they watch their tried and true methods of law enforcement
become antiquated. However, law enforcement on the Internet is starting
to come of age.
Here are some recent examples:
(1) The Secret Service set up a bogus bulletin board system for the
purpose of attracting people who want to sell stolen cellular phone
codes. Thieves often get these codes by using scanners which pick up
the code-embedded signals emitted from moving cars. The result: six
arrests and seizure of 20 computer systems.
(2) The Justice Department ended a two-year investigation into use of
America Online (AOL) for the distribution of child pornography and
perpetration of other sex-crimes. The result: 125 homes were searched,
computer systems seized and numerous arrests made across the country.
(3) Just this month, the Secret Service noticed that Virtual Visions
(http://www.vv.com/~gilmore/head/heads.html) put up a new web page
which shows the heads of public figures such as Bob Dole, Boris Yeltsin
and Bill Gates, slowly exploding. Virtual Visions intended this to be
political satire. The result: the developer of the web page received a
visit from the Secret Service.
The Fourth Amendment -
The objectives of law enforcement and of personal privacy are on a
collision course on the Information Highway. Law enforcement personnel
desire access to as much information as possible to conduct their
investigations. Individuals want to restrict access to personal
information. It is necessary to achieve a balance between effective
law enforcement and personal privacy. How the Fourth Amendment to the
U.S. Constitution is interpreted will play a crucial role in
determining where this balance is reached.
The 4th Amendment prohibits government agents from conducting
unreasonable searches and seizures. The Supreme Court has defined a
seizure of property as a "meaningful interference with an individual's
possessory interest in that property." The concept of seizure of
information differs dramatically from seizure of tangible property.
Seizure of tangible property means that the owner has been deprived of
the use and possession of the property. Whereas, when information is
"seized" the owner may still have possession of the information. It is
just that the information has been copied and is now also in the hands
of someone else.
It could be argued that under the Fourth Amendment no seizure occurs
when digital information is merely copied. However, applying the
analysis used to prohibit wiretapping (which has been defined as a
seizure), seizure of information would also fall within the
constitutional definition of seizure. In the information context,
"seizure" should be interpreted as meaning being deprived of the
ability to control the disclosure and dissemination of the information.
This ability to control is the value of the possessory interest of
information.
The application of the term "search" in the digital environment is more
complicated. An unlawful search requires as a prerequisite that (1)
subjectively, the person in possession of the item searched had an
actual expectation of privacy and (2) objectively, the person had an
expectation of privacy. The subjective expectation of privacy element
has been criticized, because in theory, it would be very easy for the
government to eliminate any expectation of privacy by announcing that
it will perform broad searches. However, in practice, the Supreme
Court has focused on the objective requirement.
On one end of the spectrum is data resident in a stand-alone computer.
Here, there is certainly an objective expectation of privacy. On the
other end of the spectrum lie the vast open areas of the Internet, such
as web pages and newsgroups to which there can be no objective
expectation of privacy.
Accordingly, law enforcement agents are free to roam through these open
areas, assemble records on who is participating in which groups, and
what they are saying. For example, if the Secret Service wanted to
assemble all the messages that you posted in newsgroups in the last
year (the technology to perform this search available) in order to
determine your political positions, this would not violate the Fourth
Amendment.
The middle ground is where the legal battles will be fought. This will
primarily involve information that is in the possession of a third
party, and is not readily accessible to the public.
Under traditional constitutional analysis, where information is
disclosed to a third party, the expectation of privacy is abandoned.
For example, most state laws, and the federal Constitution, permit
wiretapping if one party to the conversation consents. However, the
scope of the abandonment will usually only apply to the amount of
information needed by the recipient.
For example, the telephone numbers you dial are disclosed to the phone
company in order that the phone company can perform its service.
Thereby, a person abandons the expectation regarding the number
dialed. However, even though the content of telephone conversations is
also given over to the phone company, this content is not needed for
the phone company to perform its service. Therefore, the content of
phone conversations retains the expectation of privacy.
By analogy, this would also apply to e-mail messages maintained on a
service provider's equipment. Information such as the senders' and
recipients' addresses, the file sizes and times of transmissions are
not private. But the content of the messages would be.
In the workplace, an employer is not permitted to consent to a search
of personal areas of an employee. For example, a desk draw that
contains personal correspondence. By accepted convention, this is a
private area.
Private network directories which require a password to enter would
probably also retain an expectation of privacy. However, in each case,
a court will look at specific corporate policies to determine whether
there is an objective expectation of privacy or whether the employee
was informed that the employer may at any time without notice enter
these pass-worded directories.
Along these lines, since a court wants to determine the objective
expectation of privacy, an agreement that an employer will not consent
to a search would have no effect. What would be needed is an agreement
that the employer will not access these private areas, which deprives
the employer of the right to consent.
When determining the objective expectation privacy, courts will have to
balance the value of the particular privacy interest claimed against
the level of the law enforcement interest. Only this month, America
Online under subpoena turned over personal e-mail records relating to a
criminal investigation where the murderer allegedly met the victim in
an AOL chat room. AOL has been criticized for not challenging the
subpoena. AOL's position is that if it receives a search warrant, it
will comply. This case highlights the valid competing interests of both
law enforcement and personal privacy.
-- END --
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 30 Jan 1996 18:45:30 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #012
******************************
.