The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Friday, 20 February 1998 Volume 07 : Issue 04 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS AT&T alters phone lookup database after PRIVACY Forum article (Lauren Weinstein; PRIVACY Forum Moderator) Driver Privacy Protection in Maryland (Senator Brian E. Frosh / David Brewster) New Book on Telecommunications Privacy (Jud Wolfskill) McCain Introduces Internet School Filtering Act; U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy (EPIC-News List) Satellites (Ross Kerber) Conferences of Interest (Susan Evoy) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 07, ISSUE 04 Quote for the day: "If you're going to be a monster, be the *best* monster!" -- Dr. Zachary Smith (Jonathan Harris) "Lost in Space" (Episode: "The Flaming Planet") (CBS; Original airing: 2/21/68) ---------------------------------------------------------------------- Date: Sat, 14 Feb 98 17:49 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: AT&T alters phone lookup database after PRIVACY Forum article Greetings. Regular readers of the PRIVACY Forum may remember my recent discussion of an AT&T database, available to their business customers, which revealed names associated with most phone numbers, including unlisted numbers. This database was designed to provide a way for customers to investigate "unknown" numbers on their bills, but failed to verify that entered numbers were actually on any bill. Instead, it allowed any numbers to be entered (one after another) and happily read out the names for entries. At the time of my initial query to AT&T regarding the privacy problems inherent in this system, I was informed that I was the first person to draw this to their attention. However, while they thanked me for my query, they made no promises regarding any changes, and in fact implied that they did not feel that the operations of the database constituted a privacy problem. I've been told that AT&T gave similar responses regarding the "non-problem" nature of the database to other PRIVACY Forum readers who contacted AT&T on this issue after reading my original article. So it was with considerable surprise that I recently received a call from AT&T media relations, informing me that they have now taken the primary step I had recommended--they have restricted their database lookups to numbers actually on customer bills. While it is obviously true that it is possible to get virtually any number onto your bill (by calling it and getting it answered), it is also definitely the case that such an event is not a major problem scenario. Although some of the other privacy problems associated with the database may still be present, the most serious privacy issue associated with the database has apparently been eliminated by the imposition of the new restrictions. The PRIVACY Forum readers who expressed their opinions to AT&T about the database after my original article are to be congratulated, and AT&T's action in correcting the most serious privacy flaw in their database is definitely a positive step. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Fri, 06 Feb 1998 14:15:48 -0800 From: "Senator Brian E. Frosh" Subject: Driver Privacy Protection in Maryland Legislation recently introduced in the Maryland General Assembly by Senator Brian Frosh and Delegate Nancy Kopp will provide new protections for personal information in the State's Motor Vehicle Administration records. Under the proposal, MVA won't be able to release personal information without the individual's consent except for limited purposes such as auto recalls, insurance claims, and the like. The bill also establishes a new classification called "sensitive personal information"--social security numbers and data concerning physical appearance, medical conditions and disabilities--and puts added restrictions on disclosure. Hearings are likely in February. Bill text and hearing schedule updates are available through the General Assembly's web page: http://mlis.state.md.us/ The Senate bill number for the Motor Vehicle Administration Privacy Act of 1998 is SB 159. The House number is HB 354. David Brewster ------------------------------ Date: Wed, 28 Jan 98 16:24:55 EST From: wolfskil@MIT.EDU (Jud Wolfskill) Subject: New Book on Telecommunications Privacy The following is a book which readers of this list might find of interest. For more information please visit http://mitpress.mit.edu/promotions/books/DIFPHS98 Privacy on the Line The Politics of Wiretapping and Encryption Whitfield Diffie and Susan Landau Telecommunication has never been perfectly secure, as the Cold War culture of wiretaps and espionage taught us. Yet many of us still take our privacy for granted, even as we become more reliant than ever on telephones, computer networks, and electronic transactions of all kinds. Whitfield Diffie and Susan Landau argue that if we are to retain the privacy that characterized face-to-face relationships in the past, we must build the means of protecting that privacy into our communication systems. The development of such protection, however, has been delayed--and may be prevented--by powerful elements of society that intercept communications in the name of protecting public safety. Intelligence and law-enforcement agencies see the availability of strong cryptography as a threat to their functions. In fact, the US government has used export control to limit the domestic availability of cryptography, and has made legal attempts to limit encryption to forms that provide a "back door" for government wiretapping. Diffie and Landau examine national-security, law-enforcement, commercial, and civil-liberties issues. They discuss privacy's social function, how it underlies a democratic society, and what happens when it is lost. They also explore how intelligence and law-enforcement organizations work, how they intercept communications, and how they use what they intercept. Whitfield Diffie, the inventor of public-key cryptography, is Distinguished Engineer at Sun Microsystems, Inc. Susan Landau is Research Associate Professor in the Department of Computer Science at the University of Massachusetts in Amherst. February 1998 352 pp. ISBN 0-262-04167-7 MIT Press * 5 Cambridge Center * Cambridge, MA 02142 * (617) 625-8569 ------------------------------ Date: Mon, 9 Feb 1998 23:44:35 -0500 From: "EPIC-News List" Subject: -- McCain Introduces Internet School Filtering Act -- U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy [ From EPIC Alert 5.02 -- PRIVACY Forum Moderator ] ======================================================================= McCain Introduces Internet School Filtering Act ======================================================================= On February 9, Senator John McCain (R-AZ) introduced "The Internet School Filtering Act." The proposed legislation would require schools and libraries receiving federal Internet subsidies to install systems "to filter or block matter deemed to be inappropriate for minors." The bill is co-sponsored by Senators Ernest Hollings (D-SC), Dan Coats (R-IN) and Patty Murray (D-WA). Libraries would be required to certify that at least one computer uses a filtering system so that "it will be appropriate for minors' use." A library would have to inform the Federal Communications Commission within 10 days if it decided to change its filtering system or drop its use completely. A number of surveys have shown that all current filtering and rating systems block out thousands, if not millions, of web pages that are not obscene or indecent. A recent study of a popular filtered search engine conducted by EPIC found that it filtered out 99 percent of material on non-controversial topics such as the American Red Cross, the Boy Scouts, and pages created by elementary school students. More information on the McCain bill and filters is available from the Internet Free Express Alliance web page at: http://www.ifea.net/ ======================================================================= U.S. Appeals Court Rules Secret Genetic Tests Violate Privacy ======================================================================= A federal appeals court ruled on February 3 that a government research laboratory that secretly tested employees for various genetic and medical conditions had violated their privacy. The U.S. Court of Appeals for the Ninth Circuit ruled that the testing of administrative and clerical workers for syphilis, sickle cell trait and pregnancy without their consent was a violation of Federal and State constitutional rights to privacy and the Civil Rights Act of 1964. The employees had consented to a general medical exam as a condition of being hired and filled out questionnaires. The court found the genetic tests were intrusive and that completing the questionnaire was not sufficient grounds to justify the intrusion: [I]t is not reasonable to infer that a person who answers a questionnaire upon personal knowledge is put on notice that his employer will take intrusive means to verify the accuracy of his answers. There is a significant difference between answering on the basis of what you know about your health and consenting to let someone else investigate the most intimate aspects of your life . . . That one has consented to a general medical examination does not abolish one's privacy right not to be tested for intimate, personal matters involving one's health -- nor does consenting to giving blood or urine samples, or filling out a questionnaire. As we have made clear, revealing one's personal knowledge as to whether one has a particular medical condition has nothing to do with one's expectations about actually being tested for that condition. The court also found that the state constitutional right to privacy was violated. In the matter of black and female employees who were given additional tests, the court found that those tests violated the Civil Rights Act of 1964. A claim based on the Americans with Disabilities Act was rejected. The appeals court directed the lower court to make additions findings on the adequacy of the notice given to the employees. More information on medical privacy is available at: http://www.epic.org/privacy/medical/ ------------------------------ Date: Tue, 27 Jan 1998 13:04:00 -0500 From: Ross Kerber Subject: Satellites [ Used with permission of WSJ author. -- PRIVACY Forum Moderator ] Privacy: When is a Satellite Photo An Unreasonable Search? ---- By Ross Kerber Staff Reporter of The Wall Street Journal The Wall Street Journal via Dow Jones Over the years, satellite photos have plotted the course of Soviet warships and tracked the movements of Iraqi troops. Last year, they also nailed Floyd Dunn for growing cotton on his Arizona farm allegedly without an irrigation permit. Mr. Dunn contends that he did have the required permits but paid the $4,000 fine to maintain good relations with the Arizona Department of Water Resources. "You can't argue with a satellite," he says. "Being caught like I was caught is kind of unfair." As state and local agencies make more use of satellite imagery -- for everything from surveying illicit crops to detecting unauthorized building -- they're raising questions about the propriety of spying on American civilians from the sky. "It certainly has a `Big Brother Is Watching You' flavor to it," says Larry Griggers, a director at the Georgia Department of Revenue. "But it prevents us from having to spend money for other types of enforcement." The state tax authority plans to use National Aeronautics and Space Administration satellites to check all 58,910 squares miles of the state for unreported timber cutting. It also plans to share the photos with any state agency that asks, which could lead to a wide variety of enforcement actions. Does taking satellite photos of private citizens and their property -- generally without their knowledge-violate the Constitution's Fourth Amendment protections against unreasonable searches? The American Bar Association has organized a task force to explore that question, as well as such issues as how long photos can be kept on file and how freely they can be shared with police. Because U.S. Justice Department officials are on the task force, the recommendations are expected to influence how law-enforcement authorities and civil agencies use the new images and at what point they require warrants. Use of satellite images has increased markedly since the early 1990s, when the Russian space agency, Sovinformsputnik, began selling spy-quality photos to raise cash. The U.S. lifted its own restrictions on sale of high-resolution satellite photos in 1994, which encouraged entreprenuers to launch satellites of their own that could compete with the Russian imagery. Those efforts may soon pay off. This year a joint venture of Lockheed Martin Corp. and Raytheon Co. hopes to launch a satellite that will yield imagery detailed enough to distinguish sedans from minivans. Another firm, Earthwatch Inc. of Longmont, Colo., says it is proceding with plans to launch a similar satellite in 1999 -- despite the recent loss of radio contact with a less-advanced model the firm launched in December. Both enterprises decline to discuss their public-sector clients. Some state and local agencies have been purchasing photos from French, Indian and U.S. government satellites since the 1980s, and increasingly powerful computer software is allowing them to make better use of the imagery. The Arizona Department of Water Resources spotted Mr. Dunn's cotton crop, for example, because it routinely obtains photographs from the French government's SPOT satellites of 750,000 acres of central Arizona farmland. State officials then compare the images with a database of water-use permits to determine which farmers might be exceeding water-use rules. "A week doesn't go by where somebody doesn't propose a new use," says John Hoffman, whose Raleigh, N.C., business, Aerial Images Inc., has become the main reseller of images taken by Russian intelligence satellites. Much of what Mr. Hoffman has available is old imagery of Western cities. But he says he can also take orders for new photos on upcoming missions. Price: $6,500 to photograph 10 square kilometers with resolution of about six feet. In North Carolina several counties are using Mr. Hoffman's photos to find unreported building activities, agricultural development and other property improvements that would raise property-tax assessments. Demand from state and local agencies in his region is so strong, he says, that Sovinformsputnik, the Russian space agency, has scheduled a Feb. 17 launch of a satellite that will concentrate mainly on photographing the Southeastern U.S. Pictures taken from airplanes at lower altitudes are often more revealing, but satellite imagery can be much more costeffective. Photographing an area the size of a small town, for example, can cost tens of thousands of dollars by airplane, approximately twice the cost by satellite. Some satellite imagery is faster as well. Although the satellites Mr. Hoffman works with use conventional film that is developed after the satellite returns to earth, newer camera platforms can transmit images digitally just minutes after they are taken. To date, there have been few legal challenges to the use of satellite imagery. But the technology of overhead photography is evolving faster than the law. Courts have allowed government officials to take detailed pictures from airplanes flying as low as 1,200 feet. And in 1986, the U.S. Supreme Court ruled that the U.S. Environmental Protection Agency was permitted to photograph a Dow Chemical facility in Midland, Mich., because the EPA used relatively conventional airplane-camera equipment. But the high court raised a red flag in that case: "It may well be . . . that surveillance of private property by using highly sophisticated surveillance equipment not generally available to the public, such as satellite technology, might be constitutionally proscribed absent a warrant." The ABA task force is exploring just these questions. Sheldon Krantz, chair of the task force and a partner at Piper & Marbury LLP in Washington, says that it will propose in April that law-enforcement agencies be required to obtain warrants to use "satellite cameras [that] can focus on images of a few feet across." That standard would probably include most advanced satellite images, although the task force has yet to agree on more specific definitions. "We need to make some big value judgments about these practices before they become so widespread," says Mr. Krantz. Some businesses say they welcome oversight from space. Georgia-Pacific Corp. and other big timber concerns support the Georgia Department of Revenue's forest survey, saying it will help to disprove accusations that they have secretly cut trees without paying taxes. Several small timber owners already have been fined a total of $2,000 in a test of the statewide program that took place in Wayne County, near Savannah. And as sharper-resolution photos become available, some Georgia officials suggest the program could be used to look for objects as small as backyard porches, to check if homeowners have their construction permits in order. Copyright (c) 1998 Dow Jones and Company, Inc. ------------------------------ Date: Fri, 6 Feb 1998 23:23:39 -0800 From: Susan Evoy Subject: Conferences of Interest Below is a schedule of upcoming conferences, events, and publications that may be of interest to those interested in Computer Professionals for Social Responsibility. We are posting this, now, to CPSR-ANNOUNCE, which consists of thousands of people who want to hear of our work, but, in the future it only will be sent to CPSR members and the press with email addresses on record on our database. As a nonprofit membership-based organization, we depend on membership dues and donations for our existence. CPSR membership will give you notices of upcoming events,The CPSR Newsletter, and other benefits of membership. To join, please check out our web pages at http://www.cpsr.org, and/or write to cpsr-info@cpsr.org. Members of the press should write to cpsr@cpsr.org with their name, title, company, address, phone, and email address to be included in future postings of announcements. Computers, Freedom, and Privacy, Austin, TX, Feb. 18-20. Contact: http://www.cfp98.org 512 475-6700 512 475-6876. Connecting All Americans for the 21st Century: Telecommunications Links in Low Income & Rural Communities, Washington, DC, Feb. 24-26. Contact: http://www.pulpny.org/CAM/ 800-255-7857. K-12 Networking: Realizing the Promise, Washington, DC, Feb. 26-28. Contact: http://www.cosn.org 202-466-6296 ext. 55 202-462-9043 (fax). Avoiding the Digital Potholes: Empowering People to Make Choices, Washington, DC, Feb. 26-28. Contact: apt@apt.org 202-408-1403. Association for Practical and Professional Ethics, Dallas, TX, Feb 26-28. Contact: appe@indiana.edu 812-855-6450. Community Networking / Networking Communities, Victoria, AUSTRALIA, Feb. 27-28. Contact: www.vicnet.net.au/~vacab/callpap1.htm vacic@vicnet.net.au 61-3-96505322. Workshop on Societal, Ethical, and Policy Dimensions of Information Technology, Computer Science Dept, Princeton University, Feb. 28 -Mar 1. Contact: http://dimacs.rutgers.edu/Workshops/Ethical/index.html. Universal Service: New Conceptions for a New Age A Special Issue of the Information Society. Deadline for submissions: March 15, 1998. Contact: hsawhney@indiana.edu 812-855-0954 812-855-7955 (fax). New Information Technology, Hanoi, VIETNAM, March 24-26. Contact: cchen@simmons.edu. Ethical Issues of Information Technology, THE NETHERLANDS, March 25-27. Contact: www.ccsr.cms.dmu.ac.uk ccsr@dmu.ac.uk 44-116-250-6143. Ethical Issues of Information Technology, Erasmus University, THE NETHERLANDS, March 25-27. Contact: www.ccsr.cms.dmu.ac.uk/conf/ethicomp/eth98-anmt.html ccsr@dmu.ac.uk Socioeconomic Dimensions of Electronic Publishing Workshop: Meeting the Needs of the Engineering and Scientific Communities, Santa Barbara, CA, April 23-25. Contact: christine.nielsen@rollins.edu j.herkert@ieee.org. Information Infrastructure, Beijing, CHINA, April 26-29. Contact: zyx@bupt.edu.cn 8610-6228-2023 8610-6228-5008 (fax). Security and Privacy, Oakland, CA, May 3-6. Contact: http://www.nrl.navy.mil/ITD/5540/ieee/index.html ACM Policy98, Washington, DC, May 10-12. Contact: http://www.acm.org/usacm/events/policy98/reginfo.html policy98@acm.org Information Society: Looking Ahead: Promises and Achievements, Strasbourg, FRANCE, June 10-12. Contact: ufr-info-p6.ibp.fr/~creis/ nolod@ccr.jussieu.fr 33-1-44277113. Wiring the World: The Impact of Information Technology on Society, South Bend, IN, June 13-14. Submission Deadline: Jan. 15, 1998. Contact: kperusich@iusb.edu Digital Libraries U98, Pittsburgh, PA, June 23-26. Contact: dl98@ks.com Teaching Research Ethics, Bloomington, IN, June 24-27. Contact: www.indiana.edu/~poynter pipmple@indiana.edu 812-855-0261 Advances in Social Informatics and Information Systems, Baltimore, MD, Aug. 14-16. Contact: http://info.cwru.edu/rlamb/ais98cfp.htm rel@po.cwru.edu 216-368-3914. The Human Factors and Ergonomics Society, Chicago, IL, Oct. 5-9. Subsmission deadline: March 9. Contact: http://hfes.org hfes@compuserve.com CPSR Annual Conference - Internet Governance, Boston, MA, Oct. 10-11. Stay tuned to http://www.cpsr.org, CPSR-ANNOUNCE, and The CPSR Newsletter for details. >From the Universities to the Marketplace:The Business Ethics Journey, Chicago, IL Oct. 29-31. Contact: lpincus@wppost.depaul.edu. PDC '98, Seattle, WA, Nov. 12-14. Contact: http://www.cpsr.org/conferences/pdc98 pdc98@cpsr.org. Stay tuned to CPSR-ANNOUNCE, and The CPSR Newsletter for details Computer Supported Cooperative Work, Seattle, WA, Nov. 14-18. Contact: http://www.acm.org/sigchi/cscw98/ ------------------------------ End of PRIVACY Forum Digest 07.04 ************************