Date: Mon, 29 Apr 96 15:52:49 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V8#035
Computer Privacy Digest Mon, 29 Apr 96 Volume 8 : Issue: 035
Today's Topics: Moderator: Leonard P. Levine
Privay and Security on the Internet
Re: Alternatives to SSN
Re: Still more on middle C [end of thread]
Individuals Being Screened
whowhere.com Stealing Addresses?
Medical Privacy on Nightline
Security and E-Commerce Info. Needed
Info on CPD [unchanged since 11/22/95]
----------------------------------------------------------------------
From: martina@unibw-hamburg.de (Martina Schollmeyer)
Date: 25 Apr 1996 06:29:07 GMT
Subject: Privay and Security on the Internet
Organization: University of Hamburg -- Germany
The world wide web survey:
Data Privacy and Security on the Internet, sponsored by the University
of Lethbridge, Canada, Texas A&M University-Corpus Christi, USA, and
the University of the German Federal Armed Forces at Hamburg, Germany,
is entering its final three weeks. We would like to close up shop after
May 15, 1996, to start the data analysis.
So far we have received about 300 filled out surveys, and we would like
to hear more opinions about the privacy issues that are discussed in
the survey.
If you are interested, the survey will take about 20-30 minutes to
complete, and there are two URLs to access the survey:
in North America: http://www.sci.tamucc.edu/~martinas/Survey/intro.html
in Europe: http://www.unibw-hamburg.de/WWEB/bwl/urs/intro.html
The survey is completely anonymous, and the filled out survey cannot be
traced back to a specific sender. This is to ensure absolute
confidentiality. Please take the time to fill out the survey. We want
to know your opinions.
Sincerely, Martina Schollmeyer
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Martina Schollmeyer, Ph.D.
University of the German Federal Armed e-mail: martina@unibw-hamburg.de
Forces at Hamburg phone: (+49)(40) 6541-2889
FB WOW fax: (+49)(40) 6541-2780
Holstenhofweg 85 http://www.sci.tamucc.edu/~martinas
22039 Hamburg/Germany
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
------------------------------
From: rutgera@ut1.mey.nl (Rutger Alsbach)
Date: 25 Apr 1996 15:28:42 +0200
Subject: Re: Alternatives to SSN
Robert Ellis Smith <0005101719@mcimail.com> wrote: Does anyone have
ideas and suggestions for alternatives to using Social Security
numbers to manage large personal data bases - methods like Alpha
Search and Soundex? Are there other ways to manage a huge data
base and make matches and retrieve files without using SSNs or even
numerical identifiers?
A complete study of ideas and suggestions is the joint report of the
Dutch Data Protection Authority (Registratiekamer) and the Information
an Privacy Commissioner for the Province of Ontario, Canada (IPC) of
August 1995, called "Privacy-enhanicing Technologies: The Path To
Anonymity" (Vols. I en II, ISBN 90 346 32 024). This report is part of
the series "Achtergrondstudies en Verkenningen", nrs 5A and 5B.
Volume I contains theoretical background info and the results of a
survey that was conducted in The Netherlands and Canada. Volume II
(written by the Registratiekamer and the TNO Physics and Electronics
Laboratory (TNO-FEL) elaborates on the technological concepts and
possibilities for engineering "privacy enhanced" information systems.
I heard the Report is available on the Net, but I wouldn't know where
to find it.
By the way, in April 1996 a new provision in the Dutch Privacy Act came
into force that forbids ANY use of the SoFi- (Dutch equivalent of SSN)
and similar id-numbers provided by the government, EXCEPT when this is
permitted / prescribed by law or when this is requisite for carrying
out legal obligations. Before April, the Privacy Act was not very clear
on this point, although a restricted use of the SoFi- and similar
numbers could already be assumed to follow from the general rules of
the Act. Given all the discussions on the use of SSN's this may sound
somewhat utopian to you... Enforcement, I expect, will not be too easy
however.
--
Rutger Alsbach
------------------------------
From: "James Brady" <jlbc@eci-esyst.com>
Date: 25 Apr 1996 14:14:26 -0400
Subject: Re: Still more on middle C [end of thread]
G. Branden Robinson responded to my note as follows: Whoops. I'm
sure radio astronomers would be shocked to hear that the phenomena
they have spent their careers studying are not natural. The
technological means argument may hold, but that one doesn't.
Actually, I didn't say RF isn't a natural phenomenon. I simply noted =
AUDIO frequencies are a naturally occuring phenomenon in human speech
and = other things. RF for _communications_ is NOT a natural
phenomenon = outside of the visible light portion of the spectrum.
Obviously, there = _are_ natural RF sources.
What I was really getting at is that they are completely different =
phenomenon and the rules for one do not necessarily apply to the
other.
Scott Wyant wrote: Am I the only one who still listens to Neil
Young's "Cinnamon Girl?" The one with the hilariously cool guitar
break that consists of the same note played about 40 times?
Can't say I recall the song. Perhaps that betrays my age, or my taste
in = music, or my lack of paying attention to song titles, or the fact
that I = hear the "Barney" song a lot more than any other single song
these = days....
I'd have to hear it to tell, but I suspect the "about 40" repetitions
of = the same note are punctuated by rests of varying duration that may
make = the song fail the 8-bar test.
--
Jim Brady
[moderator: This gets pretty far from privacy, so let's close the
thread here.]
------------------------------
From: jrakoff462@aol.com (JRakoff462)
Date: 27 Apr 1996 11:52:56 -0400
Subject: Individuals Being Screened
Organization: America Online, Inc. (1-800-827-6364)
I've read a little (too little) about systems companies use to screen
individuals (relational data-bases, data havens, electronic
profiling). I also have been informed ofthe NCIC (national Computer
Index of Crime) and the BCI (Bureau of Criminal Information) which are
apparently for use by law enforcement officials, and CDB Infotech, for
licensed private investigators.
I wonder what the legal protections are for individuals and if they are
at all effective. An example: I knew a man who submitted the license
plate of his ex-wife's new boyfriend to an investigation company in
order check the other man's police record (he'd spent time in prison).
This information was used at a custody trial. Also, I imagine pretty
detailed credit histories are easily available. Any info would be
greatly appreciated.
--
Robert Anasi
------------------------------
From: rich@c2.org (Rich Graves)
Date: 27 Apr 1996 19:54:22 -0700
Subject: whowhere.com Stealing Addresses?
Organization: Uncensored Internet, http://www.c2.org/uncensored/
In addition to by-now-routine snarfs of Usenet and such, the database
behind www.whowhere.com includes 27,128 names and email addresses taken
rather recently from a large shadow password file at a certain major US
university a few miles from whowhere.com's "headquarters." It is
patently obvious that this is what they did, because there are
misspellings and daemon IDs in their database that can only be traced
to said shadow password file. They are not available via finger or in
any directory.
I urge you to investigate whether the password file at your site has
also been obtained by whowhere.com, and to act accordingly.
Also, the InterNIC contact addresses for whowhere.com bounce.
That's all I can say for now.
- -rich
http://www.c2.org/~rich/
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 28 Apr 1996 08:22:37 -0500 (CDT)
Subject: Medical Privacy on Nightline
Organization: University of Wisconsin-Milwaukee
Last night on Nightline (Friday April 26) Ted Koppel discussed the
problems inherent with people with genetic defects. He discussed two
cases, one with a problem called Fragile X Syndrome (in which a woman
has a 50% chance that each child she bears is mentally defective) and
one with a genetic defect in a family where many of the women in the
family have died before the age of 45 from complications due to breast
and ovarian cancer.
Not only is this a medical problem, it is also a serious privacy
problem. Who has the right to know about the defects that all of us
carry in our genes?
Dr. Francis Collins, a Physician Geneticist was on the show speaking as
an expert. He defended the research on the grounds that a physician
has the moral duty to alleviate suffering. He pointed out that the
information gained can be used for good or evil and that we must be
sure that we maximize the benefits while minimizing the risks. He
discussed the problems linked with abortion of defective fetuses, and
asked where the boundary line falls between aborting a fetus that has a
fatal defect and aborting a fetus because it is the wrong sex. He
correctly indicated that when a person has a test performed, he or she
can use use the information gained to allow for effective preventive
medicine targeting on the particular health aspects which are at risk.
Collins used as an example the case of a person who knows of an at-risk
condition due to colon cancer. As a positive result he now can get
ready to do annual colonoscopies so as to find the polyps when they are
small and easily treated. On the down side, he now may well get a
letter from his insurance company telling him that they just heard
about this too and that his insurance has been canceled.
Collins made the point that testing must be voluntary, we have to give
a great deal of attention to informed consent. He spoke of being
gratified with the moves currently in Congress with respect to genetic
testing and is looking forward to something positive becoming law. He
sees bills moving forward that would forbid insurance companies
denying coverage in health insurance based on information gained from
such tests. He pointed out that no law had yet passed both houses and
been signed by the President however.
They got to the meat of the privacy issue when Koppel pointed out that
once the doctor, the patient and his or her family knows about a
genetic problem, how do we keep future employers, the military and
insurance companies from knowing and using this information. Collins
pointed out that legislation is moving forward on this issue also, but
has yet to see law passed and signed that would properly control this
issue. He called for the people to talk to their legislators about
this to get the point across. His final remark was "...we all have
glitches in our DNA... probably 4 or 5 genes that are pretty fouled up,
and we are going to have the opportunity to find that out pretty soon.
If that is going to be used against us, who will be left insurable,
whose privacy is going to be safe. We have to act now."
I must ask if someone in this group has information as to the status of
legislation on medical privacy issues. Perhaps people who work in the
insurance industry have some comments here.
------------------------------
From: DCQ006@ps.uib.es ()
Date: 29 Apr 1996 08:37:42 GMT
Subject: Security and E-Commerce Info. Needed
Organization: Universitat de les Illes Balears
Hi,
I'm doing a project on Security and E-Commerce, and I would appreciate
any informations on two subjects:
* Graphics and statistics about the growth of the e-commerce in the
last years, and also on the comercial cracks and hackers' activity on
this period
* Future tendencies, projects... on e-commerce, and how security is
going to affect the future on the commercial sites.
When I say 'any informations' I'm talking about URL's (of course)
Thanks a lot, and please forgive my bad use of English!
Joan Andreu (Universitat de les Illes Balears)
dcq006@ps.uib.es
aiq005@teix.uib.es
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 17 Mar 1996 09:14:50 -0600 (CST)
Subject: Info on CPD [unchanged since 11/22/95]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours of
submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the Subject: line of an article in order to make it
easier for the reader to follow a discussion. He will not, however,
alter or edit the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Web browsers will find it at gopher://gopher.cs.uwm.edu.
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V8 #035
******************************
.