The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Friday, 5 May 1995 Volume 04 : Issue 10 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS New FCC Order on Caller ID: Per-Line ID Blocking *Permitted* (Lauren Weinstein; PRIVACY Forum Moderator) Privacy and anonymity (Phil Agre) Privacy, cellular telephones, and 911 (Jerry Leichter) Re: Family Privacy Protection Act of 1995 (Bob Rahe) California Digital Signature Bill (Privacy Rights Clearinghouse) Re: Destruction of data (Gary Kremen) Clipper paper available for anon FTP (Michael Froomkin) Privacy Rights Clearinghouse Second Annual Report Available (Privacy Rights Clearinghouse) CPSR / Seattle Opposes WA State Bill ESSB 5466 (Susan Evoy) Olympic surveillance and ITS (Phil Agre) "Audience tracking system" for electronic newspapers (Jim Warren) The Road Watches You: 'Smart' highway systems may know too much (Simson L. Garfinkel) ASIS on WWW (Frederick B. Cohen) CFP - Advanced Surveillance (Dave Banisar) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 10 Quote for the day: "Where was it I lost control of this interview?" -- Hans Conried "Fractured Flickers" (1963; Syndicated) ---------------------------------------------------------------------- Date: Fri, 5 May 95 20:02 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: New FCC Order on Caller ID: Per-Line ID Blocking *Permitted* Greetings. Another chapter is unfolding in the seemingly never-ending saga of Calling Number ID (CNID) systems in the U.S. As you may recall, around March of last year, the FCC ordered that interstate transmission of CNID information be required, that free per-call ID blocking be made available (at least for interstate calls) and that per-line ID blocking for interstate calls would *not* be permitted, regardless of state rules. This latter point triggered a great deal of concern and the beginnings of litigation, since many states had already mandated the availability of per-line ID blocking, which would enable a subscriber to simply tell the telephone company that they wanted to protect their number on *all* calls by default, rather than having to dial the per-call blocking code on every call. The original FCC order was to become effective about now. However, very recently the FCC stayed that original order, both because of implementation timing and other concerns. A new FCC order on this matter was just issued. It is to become effective December of this year and still requires the interstate transmission of CNID data. However, in a major shift, it apparently no longer prohibits the implementation of per-line blocking for interstate calls. The upshot of this would be that states (e.g. California and many others) where per-line blocking was to be permitted will be able to allow telephone subscribers to specify that CNID display will not be available for any calls they dial by default, regardless of destination. The Commission apparently chose not to follow the California model which would have also mandated that all non-published numbers be set to per-line blocking initially without any action being needed by the subscriber. The result will be that virtually all subscribers will need to take specific steps to communicate their desire of per-line ID blocking to their local telco to protect their numbers, since by default most subscribers will not have CNID blocking on their lines. The telcos are promising an education campaign about this, though with the large numbers of persons who never read their bill inserts one can't help but wonder how many will miss the info until they have a CNID-related problem. The full text of the new order has not yet been made widely available, so I'm basing the above analysis on information gleaned from press releases and other sources. I'll report back on important details, and any variations from the above, after I've seen the full order. A number of issues (per-call unblocking of lines set to per-line blocking, issues surrounding ANI delivery of calling numbers to 800 and 900 services, and a variety of other points are still unclear at this moment, but hopefully will be clarified soon (800 numbers represent a particularly complex issue, due to their "collect call" nature). This move by the FCC, if it follows the framework described above, may put to rest many of the most contentious issues surrounding CNID, at least at the interstate level. One of the two large telcos in California (Pacific Bell) announced immediately after the order that they would now go ahead with making CNID available to subscribers. However, in this state where the majority of lines are non-published, and where the percentage of persons likely to choose per-line ID blocking can be expected to be extremely high, it remains to be seen how useful CNID services are really going to be for the (mainly marketing-oriented) applications the telcos have been promoting them. An interesting statistic to watch for will be the percentage of persons who order CNID service for themselves, but also request per-line ID blocking for their *own* lines! More as information becomes available... --Lauren-- ------------------------------ Date: Fri, 21 Apr 1995 21:33:00 -0700 From: Phil Agre Subject: privacy and anonymity The April 1995 issue of The Network Observer focuses on privacy issues in Intelligent Transportation Systems. To retrieve a copy, aim your web client at http://communication.ucsd.edu/pagre/tno/april-1995.html or send a message that looks like this: To: rre-request@weber.ucsd.edu Subject: archive send tno-april-1995 The industry group ITS America is circulating a "draft final" set of "fair information and privacy principles" for ITS. I regard these principles as extremely weak and encourage you to study them and send your comments to ITS America and your local transportation authority. The text, along with pointers to a long list of questions to ask about them, is available at http://weber.ucsd.edu/~pagre/its-privacy.html or by sending a message that looks like this: To: rre-request@weber.ucsd.edu Subject: archive send its-privacy Finally, courtesy of Dave Banisar at the Electronic Privacy Information Center, the very interesting new US Supreme Court decision favoring anonymous political leaflets -- a case with possible implications for the legal status of anonymous electronic messages -- can be obtained by sending a message that looks like this: To: rre-request@weber.ucsd.edu Subject: archive send anonymous Feel free to pass these resources along to others on the net who might benefit from them. ------------------------------ Date: Sat, 22 Apr 95 09:05:24 EDT From: Jerry Leichter Subject: Privacy, cellular telephones, and 911 This Tuesday's (18-Apr) Wall Street Journal had an article about the interactions of 911 with cellular phones. It had a nice discussion of the history of 911, including some of the political problems that have kept Enhanced 911 from become universal - to this day, Chicago doesn't have it - and of the real difficulties with 911 calls from cellular phones. With cell phones, of course, the 911 center gets no usable location information - and in many cases people on the phone can't give good information. (There's one story of a cellular dispatcher who happened to see a fire at a Safeway supermarket, and called it in on his cell phone. It took a while to get across to the person he spoke to where he was - and he wasn't sure he got it right. By chance, a few moments after he hung up, he spotted a pay phone. So he called back. This time, the E911 system provided the location - and a good thing, since subsequent discus- sion revealed that fire engines had been dispatched to the wrong Safeway!) The privacy connection: The FCC has proposed that a system be developed that will allow 911 centers to determine the location of a calling cellphone. They are asking for 150 meter resolution. The FCC and proponents see this as "just like E-911, but for cell phones". The problem, of course, is that E-911 uses information that has never been particularly private (the calling phone number - even before Caller ID, everyone knew from movies that the number *could* be traced if necessary), combined with a phone-number-to-fixed-physical-location map, which has no particular privacy implications. Cellular location, on the other hand, has to require some technology for pinning down the physical location of a cell phone quickly and reliably. Any such method would be impossible to limit to use just with 911. In addition, given the nature of cell phones and the on-air protocols, it would be quite possible to allow for remote interrogation of this information; in fact, that's likely. Since 911 is supposed to be useful to people in serious trouble, who may not be able to take an explicit action to acknowledge a system request, chances are overwhelming that any such system would not require explicit action by the cellphone owner. I would expect most phones wouldn't even provide an indication that they'd been interrogated. There's been a great deal of resistance to the proposal from the cell phone industry. It would require expensive modification to their equipment; it's not clear, in fact, whether the FCC's 150 meter goal can be reached without also modifying all the phones, a fantastically expensive proposition. There is also some debate about whether there really is any significant need for such a system. So it's all on hold for the moment. In principle, a cell phone can be located fairly accurately even today, though it may require a significant effort with specialized equipment. (Note the methods used to locate Kevin Mitnick when he was recently arrested.) It is also, in principle, possible to locate a cell phone that is simply turned on, even if it's not in active use. The next generation of PCS's, with their much smaller cells, will inherently know where a cell phone is to a much greater degree of precision than do current systems. This makes the public safety/ privacy tradeoffs all the more complex: If we are inherently going to lose the ability to keep our location secret when using (or even carrying) a cell phone, we might as well get the public safety features. On the other hand, perhaps we want to think twice about the grand vision of a cell-phone only network. (Of course, even with such a network, I suppose you can always leave your phone at home.) Phil Agre, UCSD ------------------------------ Date: Mon, 24 Apr 1995 09:03:47 EDT From: bob@hobbes.dtcc.edu (Bob Rahe) Subject: Re: Family Privacy Protection Act of 1995 Some comments on comments wrt FPPA of 1995. In V4:I9 Robert Gellman writes: Subject: Family Privacy Protection Act of 1995 ... > I offer a few observations about the bill. First, it >appears that this is part of the agenda of the new right. Buried >in the Committee report is this sentence which may explain the >principal purpose of the bill: > In some cases, survey questions have been phrased > in a manner that suggests neutrality or even tacit > approval of behavior or attitudes which may be contrary > to the values held by parents. In other words, survey questions have not been used to elicit information but to 'teach'? > Second, none of the key terms in the bill is defined. >"Sexual behavior" could arguably range from mating activities of >earthworms to fashion trends for seventh graders. Also, a survey >could arguably include a question asked by one teacher to one >student. It is also not clear what constitutes "antisocial" >behavior. Drinking? Rock concerts? Baseball strikes? Poorly >drafted legislation? Are ANY of those things valid and/or useful 'survey' questions? Maybe it does include some extraneous things, probably includes many other things that might seem silly. So what? It would seem that the point would be does it exclude things that SHOULD be valid/useful for a school to do a survey on? If not then it would seem that 'no harm, no foul' would be appropriate. > Third, the exclusion for tests of academic performance is >based on the intent of the test. Thus, prohibited questions >might be permissible in a test whose principal intent is the >measurement of academic performance. This may be true even if >the test is non-identifiable. On the other side, a sharp student >might argue that a biology test violates the rules without >parental consent and advance availability by questioning the >intent. This is not necessarily a winning argument, but it might >buy a postponement of an exam while the lawyers argue about >things. Every law has the nit-pickers who can do exactly that - produce a non- winning argument that delays and postpones while lawyers get to argue (and charge.) See the OJ trial for a great example of the power of lawyers to find the most inane things to argue and obfuscate. > Finally, the exceptions are worthy of note. You may not ask >a minor about sexual experiences without written parental >permission unless your purpose is to put the student or the >parent in jail or to collect taxes. This turns privacy >legislation on its head by denying anonymous and recourseless use >of information but permitting use of the information to harm the >provider. Thus, it is okay to ask children if their parents have >committed a crime if it is part of a criminal investigation but >not as part of a research project. This is neither particularly new nor unreasonable. All it says is that you can't use this law to avoid others that have been already argued (nitpicked?). I.e. the privacy issues wrt law enforcement and tax collection have been argued already and this law does not overrule such. It would seem the alternative is that the bill allow, say, sexual abuse because it would disallow the questioning when abuse is suspect? That would certainly not pass any reasonableness test, nor would it be what the framers had in mind I'm sure. Finally, I would suggest, rather than attempting to argue only the demerits of the law, show how it could be fixed to satisfy these complaints. It would seem there is an agenda in the attack, namely that of the 'old left' and that it is purely political. I find the argument that essentially says that schools should be allowed to ask any question they like in any method under any guise to be a large privacy problem. Maybe this bill is not the best solution but with no alternatives offered and no suggestions to 'repair' it, one must conclude the argument is not about privacy but possibly about advocating the exact behavior that the writer originally claimed was the reason for the bill in the first place, i.e. unfettered social engineering disguised as 'surveys' and social work. Let's address the privacy issues involved in those activities. ------------------------------ Date: Mon, 24 Apr 1995 13:49:29 -0700 (PDT) From: Privacy Rights Clearinghouse Subject: California Digital Signature Bill Those interested in on-line privacy should be aware of a bill in the California Legislature. A.B. 1577, sponsored by Debra Bowen, addresses the issue of digital signatures. There are versions of the same bill under consideration in Oregon, Washington, and Utah as well. Evidently, the bill would provide for a certification procedure that would be used to verify the digital signature of anyone who has had their signature "certified." The bill would provide for a publicly-accessible database of certificates, which could be accessed by anyone wishing to verify a digital signature. We have looked over the bill and, while we believe something along these lines is essential to prevent widespread fraud and misrepresentation in on-line activities, we are concerned that this specific bill raises several serious privacy concerns. The public database idea may be particularly intrusive. This sounds like a direct marketer's dream: a fully accessible database of e-mail addresses that are certified authentic and reliable for on-line sales up to an expressed amount. Will it be possible to access the repository and compile a list of e-mail addresses which could then be used for marketing purposes? For example, could a list of all certificates with "recommended reliance limits" above $1000 be culled from these repositories? If other information is included in the certificate, would direct marketers be able to search for all e-mail addresses, say, in a certain zip code or area code? There may be other privacy problems with A.B. 1577. We would like to hear comments from anyone regarding this bill. If you wish, we can forward your comments to Assemblywoman Bowen's office. The legislative counsel's digest of the bill is attached. The full text of the bill (about 30 pages worth) are available on the Net from: gopher sen.ca.gov [Under the Bills, Codes, & Analyses..] http://www.sen.ca.gov [Under the sen.ca.gov gopher interface] gopher mother.com [Under California/Assemblywoman Debra Bowen/Bills: 1995-96 Session] If you have comments, please contact the Privacy Rights Clearinghouse: voice 800.773.7748 (outside California 619.298.3396) e-mail prc@acusd.edu LEGISLATIVE COUNSEL'S DIGEST AB 1577, as introduced, Bowen. Digital signatures. Existing statutes do not generally govern the authenticity and verification of electronic or similar data intended to act as a signature, except in the case of electronic fund transfers in nonconsumer situations which provides for security procedures related to verification of authenticity of orders. This bill would add the California Digital Signature Act. A digital signature would be a sequence of bits meeting certain encryption requirements, that would be as valid as if it had been written on paper, except in the case of a digital signature that would make a negotiable instrument payable to bearer, which would be void except to effectuate a funds transfer or a transaction between financial institutions. The bill would further set forth the effect of certain actions taken with respect to digital signatures. The bill would provide for the issuance of a certificate by a certification authority that would contain information to verify a digital signature of a subscriber. The bill would provide for a database of certificates by repositories. The bill would provide for the licensure of certification authorities by the Office of Information Technology, and for the recognition of repositories. The bill would require the office to be a repository. The bill would provide for fees, and would impose related duties on the office. The bill would set forth provisions governing and limiting the liability of certification authorities and repositories. The bill would make it a misdemeanor for a person to knowingly or intentionally misrepresent to a certification authority his or her identity, name, distinguished name, or authorization when requesting suspension of a certificate, thereby imposing a state-mandated local program. ------------------------------ Date: Mon, 24 Apr 1995 21:19:20 -0800 From: gkremen@match.com (Gary Kremen) Subject: Re: Destruction of data A company that I use to work at (Los Altos Technologies - info@lat.com, http://www.lat.com) has as far I know the only government certified solution to destruction of data without destroying the media. As I remember the problems are quite complex with bad sectors, alternative cylinders and grown defects. However my information might be dated. ------------------------------ Date: Thu, 27 Apr 1995 15:24:59 -0400 (EDT) From: Michael Froomkin Subject: Clipper paper available for anon FTP My paper, "The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution" is now available for anonymous FTP. It is about 180pp. long, and contains more than 800 references. I would welcome your feedback on this paper -- even (especially?) contributions to the inevitable errata sheet. (Please note this docment resides at what is officially a "temporary" site, so that if you create a web link to it, please let me know so that I can notify you when it moves). Contents of FTP://acr.law.miami.edu/pub/.. File Type --------------- ---------- clipper.asc ASCII clipper.wp WP 5.1/Dos clipperwp.zip Pkzipped version of clipper.wp clipper.ps My best effort at Postscript. YMMV. (approx. 7Mb.) clipperps.zip Pkzipped version of clipper.ps clipper.ps.gz Gzipped version of clipper.ps Ports provided by nice people (please note I have not checked these) ------------------------------------------------------------------------ clipper.ps.Z Unix compressed version of clipper.ps with carriage returns removed -- courtesy of Whit Diffie clipperMSW.sea.hqx Binhexed self-extracting Microsoft Word 5.1 for Macintosh version of clipper.wp -- courtesy of Ted Byfield None of these files contains correct and final page numbers, and there are generally trivial typos that were corrected in the printed version. The printed version appears at 143 U.Penn.L.Rev. 709 (1995). I intend to put up a web version presently. The .index file in the above directory will have details when a clean copy is ready for prime time. A link to an experimental and highly buggy HTMLized version may appear at erratic intervals at http://acr.law.miami.edu at the very bottom of the homepage. A.Michael Froomkin Associate Professor of Law U.Miami Law School ------------------------------ Date: Thu, 27 Apr 1995 13:40:45 -0700 (PDT) From: Privacy Rights Clearinghouse Subject: Privacy Rights Clearinghouse Second Annual Report Available April 24, 1995 The Second Annual Report of the Privacy Rights Clearinghouse is now available. The 68-page report covers the time frame from October 1993 through September 1994, our second full year of hotline operation. We discuss project usage statistics and accomplishments as well as what we consider to be the most significant privacy issues affecting California consumers. This year we have reported privacy issues a little differently, selecting some of the more troubling privacy abuses from hotline calls and discussing them in a separate section of the report. The Second Annual Report highlights nearly 50 such case studies. We have made particular note of what we call invisible information gathering; we also focus on the growing crime of identity theft. In addition, we revisit some of the topics discussed last year, such as "junk" mail, unwanted telemarketing sales calls, medical records privacy and workplace monitoring. A 15-page Executive Summary of the Annual Report can be found on the PRC's gopher site. The Executive Summary includes all of the case studies featured in the full report. Gopher to gopher.acusd.edu. Go into the menu item "USD Campuswide Information Services" to find the PRC's materials. For a complete paper copy of the 68-page report, call the PRC at 800-773-7748 (Calif. only) or 619-298-3396. The PRC is a nonprofit consumer education program administered by the University of San Diego Center for Public Interest Law. It is funded in part by the Telecommunications Education Trust, a program of the California Public Utilities Commission. ==================================================================== Barry D. Fraser fraser@acusd.edu Online Legal Research Associate ------------------------------ Date: Thu, 27 Apr 1995 01:15:44 -0700 From: Susan Evoy Subject: CPSR / Seattle Opposes WA State Bill ESSB 5466 Computer Professionals for Social Responsibility / Seattle P.O. Box 75481 Seattle, WA 98145 206-783-4821 CPSR / Seattle Opposes WA State Bill ESSB 5466 For Immediate Release Wednesday, April 26, 1995 Contact: Eric Rehm 783-4821 (eves.) 865-8904 (days) Seattle -- Computer Professionals for Social Responsibility / Seattle is calling upon Washington State Governor Lowry to veto Senate Bill 5466. "ESSB 5466 is the wrong medicine at the wrong time!", says Eric Rehm, parent and President of the Seattle chapter of CPSR. "This bill purports to be an 'act relating to the well-being of children'. In fact, it takes away control from parents, unfairly burdens on-line providers to verify the age of it's clients and the nature of their postings. In doing so, it assaults freedom and privacy on the information highway." National CPSR Chair Doug Schuler, also a Seattle parent, is concerned that the Internet and other computer networks are being unfairly assessed for the ease at which information can be transmitted. "CPSR views the information highway as a new medium in which First Amendment rights must first be secured, not limited. Further, on-line services are more akin to a bookstore than a television or radio broadcast studio. On-line users can make choices about what to view and read, just as in a bookstore or library. CPSR NW Regional Director Aki Namioka is concerned about the educational impact of complying with a law like ESSB 5466. "On-line service system operators (sysops) in Washington will have to police all postings, and will effectively become available only to those 18 and older. This will deprive Washington K-12 schools of access to the Internet or other on-line services." Background: On April 14 the Washington State Legislature passed Senate Bill 5466 "An act relating to the well-being of children." This bill is similar to the Exon legislation (Federal bill S. 314, co-sponsored by WA Sen. Slade Gorton) that would restrict minors' access to pornography. On-line services were exempted from the bill in a Senate passed amendment on March 11. However, when the House passed the bill on the 14th, it removed the exemption for on-line services. The bill will go into effect immediately upon the signature of the governor. The result will be that every delivery or display of a picture or text viewed as obscene by community standards will subject the sysop to a $5000 fine or year in jail. Furthermore every day that the offending material is available on a BBS or Internet-connected-system counts as a separate offense! Since the sysop is liable for the infraction and not the person doing the uploading of material, all that is necessary for someone who doesn't like a service to put that service out of business is to upload an offending file, wait a couple of weeks, have an accomplice "find" the file, and turn it, and the hapless sysop, into the authorities. Alternatives: There are other ways to address the legitimate concerns that some Net users and parents have about material on the network without violating the First Amendment's guarantee of free expression. The Center for Democracy and Technology (CDT), a nonprofit public interest organization, suggests an alternative: giving parents and guardians the ability to screen what kids can access. A system akin to telephone restrictions on access to 900-numbers could be created to limit what content could come into one's home. This would not necessarily be foolproof or easy to create, but it is much better than attempting to police the information highway. CPSR History: Founded in 1981 by a group of computer scientists concerned about the use of computers in nuclear weapons systems, CPSR has grown into a national public-interest alliance of information technology professionals and other people. Currently, CPSR has 22 chapters in the U.S. and contacts with similar groups worldwide. CPSR/Seattle has over 200 members, and has been active on the state, county, and local level on computer-related issues confronting Washington's communities. ------------------------------ Date: Thu, 27 Apr 1995 15:02:59 -0700 From: Phil Agre Subject: Olympic surveillance and ITS The press is now rapidly putting together the story about privacy in Intelligent Transportation Systems. The first article, so far as I am aware, was Dan Gillmor's piece in the 10/18/93 Detroit Free Press. The latest article is by Rodger Brown in the Atlanta-based weekly tabloid "Creative Loafing" ("Secure Legacy", 4/22/95, pages 20-23). Its point of departure is the pervasive use of surveillance technologies at the Atlanta Olympic Games. ("More than 800 surveillance cameras will be placed around Atlanta for the Olympics. When the athletes go home, the cameras will stay.") It seems that the Olympics have become a public relations feeding frenzy, and this year the makers of surveillance gear are using the Olympics as a showcase for their products. The article's main focus is on technologies relating to Intelligent Transportation systems. After discussing the use of these systems as part of the Olympic infrastructure, Brown moves on to discuss the Georgia DOT's plans. He mentions that the national industry group ITS America is circulating "fair information and privacy principles" for ITS, but... Although Georgia's DOT is a member of ITS [America] and has agreed to abide by the common technical standards, it chooses to opt out of the privacy principles. "We're not interested in privacy issues", [Georgia DOT traffic operations engineer Marion] Waters explains. "It's not my understanding that we have to do a privacy assessment because we're not doing anything that addresses privacy. Despite the fact that the traffic management system includes nearly 400 surveillance cameras, DOT is comfortable operating on its own good faith. "We do have some locations where you could turn the cameras and look into nearby neighborhoods, but there's no location where we're next to an apartment building", Waters says. "If we find a location like that, we'll block the camera." The article goes on to explain the Georgia DOT's plans to cooperate with the police in using the cameras to issue traffic tickets. The article does not indicate, however, whether the Georgia DOT plans to employ any technologies that automatically identify individuals or cars, for example through toll collection. (Footnote: The article also mistakenly ascribes to me the view that the systems run the risk of forcing people to follow supposedly optimal paths to their destinations. Although this is obviously not impossible, I do not regard it as a likely enough possibility to get riled up about. A more likely danger, in my view, is that tracking data will eventually be used to set insurance rates, thereby creating a penalty for driving on the wrong side of the tracks. I have heard rumors of such schemes, but have never been able to document them. Most likely they are a decade off.) Phil Agre, UCSD ------------------------------ Date: Fri, 28 Apr 1995 12:14:28 +0800 From: jwarren@well.sf.ca.us (Jim Warren) Subject: "audience tracking system" for electronic newspapers From: PATCLAWSON@delphi.com Date: Thu, 27 Apr 1995 04:13:11 -0400 (EDT) Subject: TeleGrafix News Release To: jwarren@well.com Advanced Internet Publishing and Audience Tracking System <<====== !!!! Debuts At Newspaper Convention (NEW ORLEANS) April 25, 1995 -- TeleGrafix Communications Inc. of Huntington Beach, Calif., and Cykic Software Inc. of San Diego have announced the first media server systems dedicated to electronic newspaper publishing and online broadcasting that integrate the Internet and World Wide Web with advanced database, audiotex, fax-on-demand, advertising placement and audience measurement technologies. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ <====== !!! The media servers, which combine TeleGrafix's RIPscrip(TM) 2.0 online multimedia software with Cykic's MultiBase(TM) Internet networking platform, were demonstrated today for the 1,500 newspaper publishers attending the Newspaper Association of America's annual convention in New Orleans. <...> Multibase is a unique multiuser networking system and database environment for advanced online and Internet media systems. It operates on 386, 486 and Pentium-based IBM-compatible personal computers. Programs that run under dBASE, Clipper, FoxBase+ and other popular systems can be run under MultiBase with few changes. <...> The media servers combine TeleGrafix's Cybermedia Advertising Research System(TM) with Internet audience tracking technologies developed by Cykic. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ These tools are ideal for consortia such as the newly announced New Century Network founded by eight major newspaper publishers, or by any other group seeking ways to put electronic newspapers before the widest possible audience. Publishers can now determine exactly who is accessing World Wide Web sites, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ collecting precise individual user information. Advertisers may also receive ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ live, real-time reports on advertising reach and effectiveness. <...> Cykic Software was founded in 1987 and is privately held. Its networking and database technologies are widely used in the aerospace, defense and health care industries, by organizations such as the U.S. Department of Defense, Martin Marietta, Kaiser Permanente, TEAC of Korea, and John Deere & Co. Contact: Patrick Clawson, TeleGrafix Communications, Phone: (714) 379-2140. Fax: (714) 379-2132.. BBS: (714) 379-2133. Internet: patclawson@delphi.com ------------------------------ Date: Wed, 3 May 1995 15:37:38 -0400 From: simsong@acm.org (Simson L. Garfinkel) Subject: The Road Watches You: 'Smart' highway systems may know too much [ From Risks-Forum Digest; Thursday, 4 May 1995, Volume 17, Issue 11 -- PRIVACY Forum MODERATOR ] The Road Watches You: 'Smart' highway systems may know too much (C) 1995, Simson L. Garfinkel (This is slightly longer version of my article that appeared in the March 3 1995 issue of The New York Times.) Highway authorities throughout the country are building futuristic "smart road" systems designed to unclog our highways and bridges, improve driver safety, and create a variety of new services for our nation's motorists. But these smart roads could lead to an Orwellian surveillance state if we do not act now to change their course. One smart road system is already in operation on New York's Tappan Zee Bridge. Called E-ZPass, the system allows drivers to drive through the toll plaza without reaching for their wallets or rolling down their windows. Instead, a computer operated by the Thruway Authority reads an electronic tag mounted inside the car's windshield, and automatically deducts the toll from a special pre-established account. Other systems are going up around the country. In Florida, the Orlando-Orange County Expressway Authority has a system called E-PASS which lets drivers pay their tolls on the East-West Expressway and certain parts of the Central Florida GreeneWay. Instead of a windshield tag, E-PASS uses a radio transponder the size of a flashlight mounted under the car's front bumper. A similar system is being planned for the San Francisco Bay Area. These automatic toll collection systems are just the beginning of a nationwide plan called Intelligent Transportation Systems, or ITS. Rather than have each city adopt its own tag or transponder, the Department of Transportation and ITS America, a Washington-based organization that promotes the system, are scrambling to create a single, national standard. As envisioned, smart roads could further reduce highway congestion by alerting drivers to upcoming accidents; a computer display mounted on the dashboard could suggest alternative routes. With its planned two-way communication between the car and the intelligent road, ITS could even eliminate the search of a place to park. Instead, your car's computer could automatically locate the nearest lot with an opening and electronically reserve you a place. But there is a dark side to this plan, a privacy problem that its boosters are trying to pave under. These systems offer unprecedented opportunities to monitor the movements of drivers. It would create a bank of personal information that government and private industry might have difficulty resisting. Consider Florida's E-PASS system. Each month, every E-PASS subscriber gets a detailed statement listing the exact time, date and location that each toll was collected. ITS America has adopted a set of privacy principles which say that states shouldn't take advantage of this dat, yet the organization specifically envisions that "states may legislate conditions under which ITS information will be made available." Phil Agre, who teaches communications at the University of California, San Diego, and closely follows privacy issues, warns that there might be other unintended consequences of the widespread use of ITS systems. Auto insurance companies already offer discounts to driver who don't live in areas of high auto theft or accidents; in the future, says Agree, they might offer discounts to drivers who can prove that they haven't driven onto "the wrong side of the tracks." The data could also be sold illegally by insiders. Information about a person's movements might be a key fact in forcing an out-of-court settlement in a divorce or worker's compensation case. Private investigators would have a big incentive to bribe low-paid clerical workers for a photocopy of somebody's toll-crossing bill. There is an alternative to this system. Instead of transmitting an account number, a radio would transmit "digital cash" using a smart card inside the car similar to the telephone cards used in many European countries. But judging by plans under way so far, state agencies and the Government haven't shown much interest in making privacy a priority in the design of the tomorrow's intelligent highways. Americans have always loved the freedom that their cars give them. Could that too become a thing of the past? Simson Garfinkel is a Cambridge-based writer who covers privacy issues. His fourth book, PGP: Pretty Good Privacy, was published by O'Reilly in January. ------------------------------ Date: Fri, 5 May 1995 09:37:02 -0400 (EDT) From: fc@all.net (Dr. Frederick B. Cohen) Subject: ASIS on WWW The American Society for Industrial Security's (ASIS) Security Management Magazine is now making select articles available on an experimental basis over World Wide Web. This WWW area is still under development, but you might want to read a fine article about the problems of erasing electromagnetic media no on-line in this area. The URL is: http://all.net:8080 ------------------------------ Date: 29 Apr 1995 13:22:30 -0400 From: "Dave Banisar" Subject: CFP - Advanced Surveillance CALL FOR PAPERS Advanced Surveillance Technologies Sponsored by Privacy International, and Electronic Privacy Information Center 4 September 1995 Copenhagen, Denmark Overview Over the past decade, fundamental changes have taken place in the nature and the environment of surveillance. New information systems offer an unprecedented ability to identify, monitor and track a virtually limitless number of individuals. Some leading-edge technologies are likely to revolutionize the practice of surveillance. The factors of cost, scale, size, location and distance have, in many instances, become largely irrelevant. The impact of political and economic change throughout the world has also created unforeseen dimensions to surveillance. The evolution of a Global Information Infrastructure will have a profound impact on the scope of potential surveillance of individuals. The end of the cold war and the privatization of public sector activities has magnified the impact of change. The merging of technologies has also created new opportunities for wide-scale surveillance. The nature of surveillance has changed to the extent that modern information systems involve a pre-requisite of general surveillance of populations. The pursuit of perfect identity has created a rush to develop systems which create an intimacy between people and technology. Advanced biometric identification and sophisticated ID card systems combine with geographic tracking to create the potential to pinpoint the location of any individual. The use of distributed databases and data matching programs makes such tracking economically feasible on a large scale. Extraordinary advances have recently been made in the field of visual surveillance. Closed Circuit Television (CCTV) systems can digitally scan, record, reconfigure and identify human faces, even in very poor light conditions. Remote sensing through advanced satellite systems can combine with ground databases and geodemographic systems to create mass surveillance of human activity. The globalization of information systems will take information once and for all away from the protection and jurisdiction of national boundaries. The development of data havens and rogue data states is allowing highly sensitive personal information to be processed outside any legal protection. At a more intimate level, research is underway in more than a dozen countries with the aim of implanting microchip technology directly into the human brain. US and European medical institutes have already conducted many such operations. The creation of a direct link between the human brain and computer technology is at an advanced stage. Such procedures are initially aimed at stimulating dead senses and paralyzed limbs. Within two decades, it is possible that such implants will be at a sufficiently advanced stage to enable complex interaction between the brain and external technology. The science of nanotechnology, which involves the re-configuration of individual atoms and molecules, will present the potential for virtually undetectable covert surveillance. These and other developments are changing the nature and meaning of surveillance. Law has scarcely had time to address even the most visible of these changes. Public policy lags behind the technology by many years. The repercussions for privacy and for numerous other aspects of law and human rights need to be considered sooner rather than later. This one day conference will present an overview of these leading-edge technologies, and will assess the impact that they may have in the immediate future. Experts and analysts will discuss the nature and application of the new technologies, and the public policy that should be developed to cope with their use. The conference theme is unique, and interest in the event has already been expressed from throughout the world. Program contents The first session will assess new dimensions in current surveillance technologies. The remainder of the day will be devoted to exploring technologies which are in the formative stage of development. Preliminary List of Topics: o Advanced Satellite Surveillance o Microchip Implants o Nanotechnology o Biometrics and perfect identity o Advanced Geodemographic Systems o Data Havens and Rogue Data States o Information Warfare o Cryptography The conference will be held in Copenhagen, and is timed to coincide with the 17th annual international meeting of privacy and data protection commissioners. Number of participants : approximately one hundred Cost: US $75 - Individuals/non-profit organizations $175 - Commercial organizations Privacy International and the Electronic Privacy Information Center are now requesting abstracts for papers. Papers should be directed at a general audience, and should either present an overview of an aspect of advanced surveillance technology, or they should discuss the likely use and impact of the technology. Abstracts or papers can be emailed to Privacy International at: pi@privacy.org Alternatively, they can be sent to : Privacy International Washington Office 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 USA 1-202-544-9240 (phone) 1-202-547-5482 (fax) Web address: http://privacy.org/pi/ gopher/ftp cpsr.org /cpsr/privacy/privacy_international/ ------------------------------ End of PRIVACY Forum Digest 04.10 ************************