The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Saturday, 5 December 1998 Volume 07 : Issue 19 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Image Recognition on the streets of London (Jason Ross) Re: Image Recognition on the streets of London (Lauren Weinstein; PRIVACY Forum Moderator) Dejanews also uses "click-through" urls (Andrew Isaacson) Swedish (and EU) privacy protection provisions (Klaus Rieckhoff) NW Frequent Flyer Miles are publically accessible--and usable (Sandy Antunes) Crypto policy in Finland (Jaakkola Joel) Public utilities' use of social security numbers (C Matthew Curtin) ACLU Special Web Collection on 'Civic Morality' (Jessica Botta) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 07, ISSUE 19 Quote for the day: "Doesn't anything work around here?" -- Chief Supervisor (Alan Oppenheimer) "Westworld" (1973) ---------------------------------------------------------------------- Date: Wed, 18 Nov 1998 07:47:38 -0000 From: "Jason Ross" Subject: Image Recognition on the streets of London In PFD V07 #18, Keith Parkins submitted the article "CCTV", detailing a scheme now in use in Newham, London to automatically identify criminals as they walk along the road. I've obtained a little more information which focuses more on the technical side of the system, and which I thought may be of interest. The #60,000 ($96,000 approx.) system, which was launched on 14 October, uses the council's 140 CCTV cameras. The images from these cameras are fed into SSI's Mandrake Face Recognition Software, running on council-owned PCs. The software the compares these faces with a set of 'mugshots' which it also holds. Currently 100 images from two police stations are on file. If any of the faces prove to be an 80% match or better, a council camera operator is alerted to call the police. I believe this system was also mentioned earlier this year in Computing Magazine, when the trials first started. Apparently the system uses, amongst other things, the distances between, and sizes of, the eyes, nose and mouth. Therefore you can't just grow a beard to avoid being recognised. Newham has received enquiries from twenty councils and eight police forces so far. Their emergency services manager believes many of the 250 councils in the CCTV User Group would also adopt the technology in the near future. Charles Nisbet, the secretary to the Association of Chief Police Constables' IT Committee said that his group had held talks on face recognition software during the summer, and had supported local police force moves to introduce it. However, he did say that there were no plans to create a national system linked to the police's central database of 5.7 million known offenders, 'in the near future'. There are both privacy and risks implications with this system. The UK's Data Protection Registrar wants a meeting with the Metropolitan Police on the issue. Jonathan Bamford, the assistant data protection registrar was quoted as saying "People are being compared to convicted felons - there are clear civil liberties implications," He also pointed out that the 80% threshold left a sizeable scope for error. Personally, having seen the quality of images from CCTV cameras, especially in poor weather or at night under sodium or IR floodlights and when someone is standing some distance away from them, I'm surprised that they can claim an accuracy of even that high. So, we now have a local council in the UK whose computer system watches every face that passes any of its CCTV cameras, and has an operator call the police if it recognises convicted felons, or anyone who looks enough like one of the ones on its database. I feel it is important to point out that the camera operators are employed by the local council. Prospective police officers are investigated to find any criminal records they may have. I do not believe that council camera operators are investigated in the same way, so there seems little to prevent convicted criminals from operating the system. I would also assume that, due to the intended purpose of the system, it could also track a given face, or group of faces, as they make their way around. If it cannot already do so, I don't think it would take a huge amount of engineering effort to add such a feature. The police have said that there are no plans to create a national system 'in the near future'. They have not totally discounted the idea, and will no doubt implement it when the price of the technology has decreased enough to bring it within their budget. It may take a few years, but it will happen. Then it will be possible for the police, and anyone else who can get to the records, to find where you were at any given time, on any given day, and where you were before and afterwards. Naturally, the "If you have nothing to hide you have nothing to worry about" brigade will be ecstatic when such a system is introduced. After all, it's only the convicted criminals who have to worry isn't it? ------------------------------ Date: Wed, 18 Nov 98 08:36:30 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Re: Image Recognition on the streets of London > Currently 100 images from two police stations are on file. If any > of the faces prove to be an 80% match or better, a council camera operator > is alerted to call the police. > ... > clear civil liberties implications," He also pointed out that the 80% > threshold left a sizeable scope for error. Personally, having seen the > quality of images from CCTV cameras, especially in poor weather or at night > under sodium or IR floodlights and when someone is standing some distance > away from them, I'm surprised that they can claim an accuracy of even that > high. Greetings. In the previous message (excerpted above), Jason Ross discusses the London CCTV system which is programmed to "scan" for particular individuals. As described, that 80% figure quoted by the London authorities says nothing about the actual *accuracy* of the system in performing that task. The system accuracy, in terms of actually alarming only when it has really found a targeted person, could be 0%, for all we know. All that the 80% number appears to mean is that when the system gets an 80% or better match between the data points in the image and the data points in their database, it triggers an alarm. But that doesn't tell us whether or not the person who triggered that match actually is the person for whom the database was targeted. To judge the real accuracy of the system, you'd need to know (for real world situations, not laboratory environments): (a) how often the system claims it has found a match and it turns out that it was incorrect (alarmed on the wrong person) (b) how often the system fails to recognize a targeted person within its view One also has to wonder exactly what actions are taken when such an alarm sounds. Do the authorities rush out to that location, hoping the target will still be in the area? How often will a wanted person be apprehended thanks to this system? How often will an innocent person be confronted? I agree with the stated skepticism. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Sun, 1 Nov 1998 17:01:17 -0500 From: Andrew Isaacson Subject: Dejanews also uses "click-through" urls On Sun, Nov 01, 1998 at 12:40:00PM -0800, PRIVACY Forum wrote: > Meanwhile, the trend towards search engines wanting to keep track of the > links you select seems to be spreading. As reported earlier, the Netscape > "What's Related" system already does this. Now it appears that "Hotbot" has > begun doing something similar. The link choices returned are clearly > routing back through Hotbot, even though the plain text versions of the URLs > in the displayed summary information show direct addresses without the > Hotbot redirection. Dejanews does this as well. If a document contains a URL, it will be displayed as the straight URL, but clicking on it takes you to (for example) http://x9.dejanews.com/jump/http://www.tux.org/ . -andy -- Andy Isaacson adisaacs@mtu.edu adi@acm.org Fight Spam, join CAUCE: http://www.csl.mtu.edu/~adisaacs/ http://www.cauce.org/ [ The trend towards "trapping" of selected URLs in this manner clearly seems to be expanding. Of course, there's no way to judge (externally) whether such actions are used only to maintain a numerical count of persons choosing a URL, or whether more detailed data on the users choosing these links are also archived and/or cross-referenced with other data. -- PRIVACY Forum Moderator ] ------------------------------ Date: Thu, 5 Nov 1998 10:32:45 -0800 From: Klaus Rieckhoff Subject: Swedish (and EU) privacy protection provisions Forwarded message: Sender: Lars Aronsson Subject: Re: CPSR-GLOBAL digest 928 Steven Clift wrote on DO-WIRE (?), quoted on CPSR-GLOBAL: > Today I was attempting to access an e-mail list archive for the > OldNorseNet and ran into this: > > Our discussion lists archive > > 1998-10-24. > Due to a new swedish law (harmonizing to the EU directives) > we are no longer allowed to publish archives of our > discussion lists. This will be a severe obstacle for the > democracy and the free debate. This statement is obviously the result of the webmaster's (or list administrator's) own interpretation. There is a new law in Sweden, and it is much debated, but I have not heard any news of any verdict or even an interpretation from the responsible Swedish governmental agency in the direction described above. On the referenced URL, there is also a logotype of a political campaign against this new Swedish law ("R=F1r inte mitt Internet", Don't touch my Internet). This campaign is launched by Bitos (http://www.bitos.org/), a Swedish non-profit organization for issues concerning Internet content providers. The campaign is also applauded by the Electronic Frontier Sweden (http://www.efs.se/), an independent branch of the EFF, where much of the current debate is taking place. The way "legal harmonization" works in the European Union (EU), is that the European Commission (EC) writes up a "directive" that each member country has to implement in its national legislation. This new Swedish law is intended to implement a EC directive on privacy. The idea seems to be that companies should not be allowed to store and sell your address, and other data pertaining to you, without your consent. This sounds fine in principle, but the rest is a matter of interpretation. For example, the language of the Swedish law does not make any difference between "companies" storing personal data about individuals and individuals storing data about other individuals, or even individuals storing information about the government. If I happen to mention that the name of the Swedish prime minister is Goran Persson and the fact that he is rather FAT, then this is personal information, which I hereby store in my computer and even export to countries outside the EU, thus making me a criminal, as I do not have his consent. I think you see the problem. In order to avoid stupid questions, or at least postpone them, the Swedish Database Inspection Agency (http://www.din.se/), which has to supervise the implementation of the new law, has declared that systems already in use before the enactment of the new law (ten days ago), will be allowed to continue for a transitional period of three years. This of course is not very reassuring for the average Internet user. And nobody seems to know what will happen after these three years. Surely, life goes on as normal in Sweden. The referenced URL is one of very few examples where people actually cared to abide by this new law. Members of the Swedish parliament, from all political parties, are currently busy writing bills to withdraw the new law, even though they voted in favor of it, not too long ago. I hereby give my consent to store and export the personal data below. Lars Aronsson. -- Aronsson Datateknik tel +46-70-7891609 Teknikringen 1e tel +46-13-211720 lars@aronsson.se 583 30 Link=F1ping, Sweden fax +46-13-211820 www.aronsson.se ---- End of Forwarded Message Klaus E. Rieckhoff, Ph.D.,LlD.(h.c.), Professor Emeritus, Department of Physics, Simon Fraser University ------------------------------ Date: Tue, 27 Oct 1998 16:32:59 -0500 From: antunes@xeno.gsfc.nasa.gov (Sandy Antunes) Subject: NW Frequent Flyer Miles are publically accessible-- and usable Flyers beware-- I've run into a severe privacy/security hole in Northwest's frequently flyer program, "WorldPerks"-- one that NW is not interested in changing. The short summary is, it seems anyone who knows your phone number can use your Northwest "WorldPerks" frequent flier miles to get an E-ticket issued in their name with your miles (or can simply find out your mileage balance). This is intentional, by design. I found this out when my mother was able to upgrade a "gift" ticket I gave her to First Class-- using my miles-- without my authorization. It turns out that it doesn't even have to be a relative or someone you got a ticket for-- just someone who knows your phone number. The record of this transaction (a receipt) is provided as the only notification of the transactions. Tickets issued can be for travel as soon as 4 days in the future (at which point the receipt is FedExed or faxed) or over 14 days in the future (receipt is just sent postal mail). In my case, 3 weeks passed between the ticket request and arrival of a receipt. The privacy concerns are this: - anyone can get your frequent flyer mileage balance knowing only your phone number, - anyone can deplete your mileage balance with malicious intent, knowing only your phone number, and - the only sign that a ticket was issued is a receipt mailed by post, so people with open mailboxes, people changing addresses, people on vacation, bosses with secretaries, and people with housemates are easy prey to having their miles stolen without knowing. Unlike credit card fraud, NW does not consider banked miles as currency, and it is the account holder's responsibility to find and file fraud charges against the ticketholder. 1st line managers have the option of waiving the $35 'rebank' fee if you wish to cancel such a ticket, if the flight has not already occurred. The most likely safeguard-- that only the person who ownes the frequent flyer account can request a ticket be issued-- is not something NW will consider. Quothe Jay (with permission), "The system is a great system, and it works, and we don't have problems with it. You're taking a situation that happened to you, and trying to completely blame it on Northwest, and I don't appreciate it." So, your account information is available to anyone who has access to a phone book (a privacy concern), the actual balance can be tampered with by same (an authorization risk), and catching such deeds is the responsibility of the account holder (verification after the fact). "Some People Just Know How to Fly", indeed. Sandy Antunes antunes@xeno.gsfc.nasa.gov ------------------------------ Date: 9 Nov 1998 15:52:00 +0300 From: "Jaakkola Joel" Subject: Crypto policy in Finland The Ministry of Transport and Communications of Finland gave today an international press release which may be of interest to you. It outlines the national cryptography policy in Finland. As you have an extensive mailing list of experts in this field, you might want to consider to share this information with them. I would be grateful if you did. For further information, please do not hesitate to contact me. Sincerely, Joel Jaakkola legal adviser Ministry of Transport and Communications, Finland t. +358 9 1609151 f. +358 9 1602588 e. joel.jaakkola@lm.vn.fi **** 9.11.1998 Finland Announces a National Cryptography Policy The Ministry of Transport and Communications of Finland published the national cryptography policy in English on the Internet. The policy was agreed by the Finnish Government on October 7th, 1998. The Government was unanimous that nationally there should be no restrictions on the use of strong encryption for confidentiality purposes. There should be no mandatory key recovery systems either, at least not provided for by law. Businesses and private persons should be encouraged to use voluntary key management systems. However, they are not obliged to do so by law and there will be no special privileges or rights offered by public authorities for that purpose. With regard to exports and export restrictions, Finland observes those arrangements to which it is internationally committed. However, with regard to reform of control lists and procedures Finland's aims are to examine the restrictions on cryptographic products so that control lists correspond to technical development, and to ensure that the necessary restrictions will not unreasonably impede normal foreign trade of industry and businesses. The complete policy can be found on the website http://www.vn.fi/lm/telecom.htm. The policy guidelines and the accompanying memorandum were prepared by the Ministry of Transport and Communications in close consultation with other ministries and law enforcement authorities. The ministry has also noted the remarks made by the industry. Furthermore, a proposal for a new law on privacy in the telecommunications sector is being studied by the Finnish Parliament. The law, which is to enter into force in the coming months, would provide everyone for the right to use any technical means available to ensure the confidentiality of his or her telecommunications messages. ------------------------------ Date: Mon, 23 Nov 1998 08:05:06 -0500 (EST) From: C Matthew Curtin Subject: Public utilities' use of social security numbers My story is not new. But it is annoying. Perhaps it's annoying because it is so routine. Establishing service with a public utility can be quite the hassle if you are the sort who wisely prefers not to divulge your social security number (SSN). For the most part, I've been able to work around this "requirement" by simply refusing steadfastly. When I attempted to establish new electrical service via telephone with American Electric Power in central Ohio, I was asked for my SSN. I declined to give it, and then was told that there's no reason to worry. I was told that SSNs are used only to do credit checks, and aren't stored in the computer. I was told that there isn't a way around this, except that if I prefer to give my SSN by letter or in person, I may do so. But the SSN is a requirement. (It's noteworthy that laws regarding what may and may not be done with SSNs apply only to government entities. AEP, though a public utility, is a private entity. See the SSN FAQ for details.) I asked to speak to a supervisor person. I told the supervisor person that I wanted to establish new service, and that I absolutely refuse to divulge my SSN. (What am I going to do? Run up a month's bill and skip the country?) She suggested that I could make a deposit, which is what they require of those with bad credit, and after the service has been established a while (12 months), my deposit will be returned. This seems reasonable to me, and I did this when first establishing telephone service with Ameritech. However, the deposit cannot be added to my first month's payment, as was done with my first Ameritech phone bill. I needed to actually go in person, and they told me to bring my driver's license. (Hmm.) When I did, I sat in there, answering the questions to establish the service, check in hand. I watched the clerk's fingers, and when I saw her typing the SSN (until recently, it wasn't possible to get a driver's license without having your SSN printed on the card in Ohio), I stopped her and told her I don't want my SSN in the computer. She didn't give me any hassle at all, backed up, and put 9s through the SSN field. We were done, and in the end, I didn't even need to make my deposit. Lessons learned: o Bureaucrats aren't generally familiar with the less-routine rules of the system, and will tell you there are no options when there are none. o Systems in which bureaucrats work are designed for the efficiency of the organization, even if it comes at the expense of the customer's privacy. o People will make assurances that "everything is OK" and try to give the customer warm fuzzies when they have absolutely no basis for assuring safety or privacy. The "it's not even in the computer" remark is especially disturbing. Clerks might not be able to see it, but I do not believe any assertion that SSNs are purged from the system. If they're interested in checking credit, they're also interested in reporting collection problems. o Organizations train their employees to make assumptions (like it's OK to require SSNs, and just take it off of a license, without asking). I am not pleased how assertive I have to be in order to maintain any level of privacy in dealing with these huge organizations. As we see these utilities begin to deregulate, you might want to give consideration to how the utilities in question have respected your privacy when it comes to decide if you want to keep using their service. -- Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/ [ Since establishment of credit is not a "right," credit checks in such situations are of course very common, and whether one likes it or not the SSN is really the only universal identifier that can be used to access the credit reporting databases as they exist today. Nor is it necessarily clear (at least in the short term) how to replace the SSN in such applications without creating another identifier of similar scope. So it's difficult to fault the utility for their use of SSN for their "standard" credit check in this situation, given the state of the real world. As you point out, however, it is very unfortunate that you needed to effectively jump through hoops to avail yourself of the alternative payment method that did exist. If such alternatives are not simple and direct to use, their usefulness becomes greatly degraded and they can have various negative consequences. -- PRIVACY Forum Moderator ] ------------------------------ Date: Mon, 16 Nov 1998 15:47:07 -0500 From: Jessica Botta Subject: ACLU Special Web Collection on 'Civic Morality' The ACLU on Morality: Special Web Collection On 'Public Morality' Launched The American Civil Liberties Union this week launches a special Web site aimed at provoking discussion over what constitutes public "morality" in America. The new Web collection -- which can be found at: -- includes an interactive survey, links to special faxable letters to Congress and the ACLU's new National Freedom Scorecard. Additional features will be added over the next several weeks. The Web collection is an online counterpart to a year-long awareness campaign on the same topic that has been running in The New York Times and other publications since February. Each of the advertisements in that campaign -- all of which are featured as part of the Web collection -- has contained a brief message from ACLU Executive Director Ira Glasser on topical subjects ranging from the war on drugs to religious freedom to government intrusions in the bedroom. "Some people may be surprised that the ACLU is talking about morality," Glasser said. "But we believe it is crucial to counter the voices of people like Pat Robertson, like Jesse Helms and Pat Buchanan. They want to use government power to tell you how to live your life. "They've whined about the 'moral decay' of our society. They've said people shouldn't be allowed to make their own sexual choices. They've tried to have government force particular religious views down our childrens' throats in public school. And they've tried repeatedly to censor books, libraries and the Internet," Glasser added. The ACLU campaign is designed to encourage people to think back to the moral principles upon which our nation is founded: what used to be called 'civic virtue' as opposed to personal virtue, which, Glasser said, is usually none of the government's business. "The ACLU believes that the morality of a nation is measured not by what occurs in the privacy of our bedrooms or doctor's offices or telephone conversations, but by how the government treats its people," Glasser said. "Through this Web collection, we hope to offer a vision of a world where it's safe to be different and easier to be free." The ACLU is a nationwide, non-partisan organization dedicated to defending and preserving the Bill of Rights for all individuals through litigation, legislation and public education. Headquartered in New York City, the ACLU has 53 staffed affiliates in major cities, more than 300 chapters nationwide, and a legislative office in Washington, D.C. The bulk of its $35 million annual budget is raised by contributions from members -- 275,000 strong -- and gifts and grants from other individuals and foundations. The ACLU does not accept government funds. The new Web collection can be found at: ------------------------------ End of PRIVACY Forum Digest 07.19 ************************