Date: Tue, 12 May 92 18:00:22 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#021 Computer Privacy Digest Tue, 12 May 92 Volume 1 : Issue: 021 Today's Topics: Moderator: Dennis G. Rears Re: "If you have nothing to hide..." Re: "IF you have nothing to hide..." Re: "IF you have nothing to hide..." Re: "IF you have nothing to hide..." Re: "IF you have nothing to hide..." Re: E-mail privacy should be independent of carrier. Is Email Private--NOT! Re: Census Bureau Database The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: 12 May 92 08:33:00 EST From: Ken Jongsma x7702 Subject: Re: "If you have nothing to hide..." A poster asked what was wrong with the subject concept. I'm sure many will respond with the typical examples of a government entity going way beyond rational behavior based on incomplete or inaccurate information. For a rather impressive example, although supposedly fictional, I'd recommend the movie Absence of Malace from a few years back. The advertising tag was something along the lines of: "Suppose everything they said about you was accurate, but none of it was true." Ken jongsma@benzie.si.com ------------------------------ Date: Tue, 12 May 92 11:35:44 EDT From: Brinton Cooper Subject: Re: "IF you have nothing to hide..." The Jester asks why the rationale "If you have nothing to hide, then you have nothing to fear" is wrong. Here are some examples of how unregulated gathering of information on you is wrong, immoral, unfair, counterproductive, etc: 1. Some personal information, while not illegal or immoral is, nevertheless, embarrassing. For example: a. Consider a single female parent, living in the religious-right South. Consider that her child was borne out of wedlock. Now, her child is socially a "bastard" in the community. b. You have non-contagious cancer. c. You are gay and live in an intolerant community. d. You were borne to Jewish parents and live in an intolerant community. e. Seven years ago, in another place in your life, you declared personal bankruptcy and started over. The law permits you to do this. At some point, your financial sins are to be forgiven. f. You are HIV positive. g. You are 45 years of age. Twenty years ago, you served 3 years in prison for a felony. You have lived an exemplary life since. There may be some organizations who have some legitimate need for isolated pieces of such information. This does not give every interested user the right to every piece of information that exists on every resident of the nation. 2. Some information may be wrong or wrongly used. Police use of demographic patterns in a database to seek fugitives from justice can result in the arrest, even killing, of innocent people. Such errors have occurred without the indiscriminate use of automated databases. 3. Criminals themselves can use personal information. Articles concerning the recent arrest of Social Security employees who sold employee records to "information brokers" suggested that drug dealers may purchase the records of prospective customers to learn if they are, in fact, undercover cops! Perhaps "The Jester" has a point. Perhaps many of us have something "to hide," and that such hiding is a legitimate restriction on our personal information. _Brint ------------------------------ From: Dan Sorenson Subject: Re: "IF you have nothing to hide..." Date: Tue, 12 May 1992 18:14:50 GMT In ygoland@edison.seas.ucla.edu (The Jester) writes: >One of the reasons that many people are against 'intrusive' laws is >because they disagree with the rational "If you have nothing to >hide, then you don't need to worry." However what I have failed to >see is a single cogent explination of WHY the rational of "If you >have nothing to hide, then you have nothing to fear" is a bankrupt >one. The statement is true; however, the worry may not be with what we have to hide, but how much security and liberty we have released so that others may probe for anything we may be hiding. The statement assumes that one is guilty until proven innocent, and this goes against the entire grain of the justice system in the USA and Britain. ------------------------------ From: Carl Ellison Subject: Re: "IF you have nothing to hide..." Date: 12 May 92 20:59:41 GMT In article ygoland@edison.seas.ucla.edu (The Jester) writes: >One of the reasons that many people are against 'intrusive' laws is >because they disagree with the rational "If you have nothing to >hide, then you don't need to worry." However what I have failed to >see is a single cogent explination of WHY the rational of "If you >have nothing to hide, then you have nothing to fear" is a bankrupt >one. Would anyone care to provide a concise explination of WHY the >previously mentioned rational is wrong? I have forgotten the name for this kind of fallacious argument. Thank God my mother doesn't read USENET. She'd never forgive me. (It's related to "when did you stop beating your wife?".) The fact is, I *do* have something to hide. For example, I want to hide from my mother the fact that I forgot the label for this bogus argument. If any of you tells her, I'll be in big trouble. :-) I might have other things to hide. I might be having an affair with the boss's secretary. I might be a member of the Communist Party. I might be an ex- drug addict. I might be a member of the Hair Club For Men. I might dye my hair. I might shave my legs. I might be a TV preacher and get turned on by strippers. None of these things is illegal. Any one of them might be embarrassing. When I have a private conversation with someone I might want to bring up things which are perfectly legal but which certain criminals in our society (can you spell Joe McCarthy, boys and girls?) might use to make my life miserable. Since the most dangerous criminals are in the government, it is from the government that we need protection. On the more serious side, what about the person who is HIV positive and wants an on-line support group? The way our society was paranoid, not only was encryption called for but also secret drops -- so that no one would know who was talking to whom. In this case, it was most especially the government who was the potential enemy and who had to be kept in the dark. It was the government which made noises about setting up concentration camps for infected people. Meanwhile, I haven't mentioned the Nixon administration and its use of the US intelligence community against private citizens. ---------- All this talk of the tyranny of the majority and its government reminds me of d'Toqueville. I haven't read it since high school but I believe he had something to offer on the subject. ------------------------------ From: Mike Johnston Subject: Re: "IF you have nothing to hide..." Date: Tue, 12 May 1992 21:05:21 GMT In article ygoland@edison.seas.ucla.edu (The Jester) writes: One of the reasons that many people are against 'intrusive' laws is because they disagree with the rational "If you have nothing to hide, then you don't need to worry." However what I have failed to see is a single cogent explination of WHY the rational of "If you have nothing to hide, then you have nothing to fear" is a bankrupt one. Would anyone care to provide a concise explination of WHY the previously mentioned rational is wrong? And please, though examples are useful for illustration of a point, they do not make one. The Jester Mr. Jester, If you have nothing to hide then would you object to a 'Usenet Law' that required real and full name disclosure? Your phone number? Social Security Number? Sexual preference? One of the biggest reasons I object to this type of thinking is because tends to lead in directions you hadn't initially considered. Personally this sounds like a bit of Marxist theory that should have gone the way of the U.S.S.R. I think you could find statements like 'If you have nothing to hide, then you have no need to worry', throughout history but that doesn't necessarily make them valid. The reason I say this because they're generally attached to opressive, totalitarian regimes like Nazi Germany or Stalinist Russia and were used to great advantage by the KGB and Gestapo during their respective reigns. There are tens of millions of people, I'm sure, who could argue strongly against this reasoning were it not for the fact that they've been 'done in' by the very same logic. In all but the aforementioned brand of governments there is at least a general concensus to a right of privacy which your premise attempts to circumvent. It also assumes the goverment will do the proper thing with information obtained. It should be clear, to all but the most jaded communist (or those masquerading as Social Democrats), that this simply isn't the case. Trusting the government, any government, has always been a bad idea. I apologize for being emotional about this issue but this is a hot spot with me. I would also suggest that this really be moved to a more appropriate newsgroup. MJ -- Michael R. Johnston mjohnsto@jenny.shearson.com Lehman Brothers (212) 464-3061 "I was a reporter, and this worried me a great deal and I could not understand how the devil I had gotten myself into such a fix." - Hesse ------------------------------ From: Mike Rose Subject: Re: E-mail privacy should be independent of carrier. Reply-To: mrose@stsci.edu Date: Tue, 12 May 1992 18:29:56 GMT On 11 May 92 01:35:10 GMT, cmcl2!panix.com!sbarber@uunet.uu.net (Steve Barber) said: >Solution? Get a cellular phone and >take it to work. Get one with a modem and jack into the internet via a >public access host that ensures your privacy by contract or statute (i.e. >the ECPA of 1986), from your own laptop. Ridiculous? Sure. The idea of using a public access host is not ridiculous, I use one for personal mail - but I only access it from home, no cellular phone needed. Your scenario above presumes that you have to do all this at work. The way I see it, if I'm doing something so private that I choose to use a public access host, then my employer shouldn't be paying me to do it. -- Mike Rose, mrose@stsci.edu, 410-338-4949 ------------------------------ From: "Darren E. Penner (Dokken" Subject: Is Email Private--NOT! Date: Tue, 12 May 1992 19:31:24 GMT The privacy of Email may seem sacred to most people, and I am sure that in the future steps will be taken to insure that it is made so but at the present moment many commercail systems do not garantee such. Mail sent to yourself over your mainframe at work it highly suspect. Any individual with Root/God privledges can get at your mail with enough work, even if a simple encryption scheme is used. (It is quite easy for an individual to become someone else on a mainframe, sure that gets logged, but logs can be altered). Now I don't know about the laws in the United States, but it seems in Canada this is quite an issue. All of the bulliten boards that I subscribe to have notices stating that NO garentee of privacy is assured by marking the message as private. This only assures the user that OTHER users can not access that information, not the Sysop. The very fact that this notice (Seems to be the same one used on most systems and if thier is interest I could wade through the Newuser Bullitens again and snag one) has cropped up so often seems to imply that we do have laws protecting ones rights, but since our current computer systems do not garantee such they have to "Cover thier ass" with legal mumbo-jumbo. While on the topic I should also state that if you do subscribe to local BBS system DO NOT EVER use a password that you may use at work or an a pay for use system. Many of the BBS programs I have evaluated do no encrypt your password in any way or form. As such the sysop may now have access to your valuable accounts. Mainframe systems in general encrypt your password but even here a word of caution must be used in selecting a password, Don't use common words, our system administrator regularly runs a program that guesses peoples passwords by encrypting a spell checking dictionary and then comparing the results with the /etc/password file on Unix. Note: the password file on UNIX is accessable to everyone, and this password checker is also in the public domain. In this case he is using the program to protect his users but a "Bad person" could just as easily do the same. Just a couple of things to think about the next time you log on..... -- ------------------------------------------------------------------------------ Darren E. Penner | dpenner@ee.ualberta.ca | Opinions are my KWM Consultants Limited (Work) | alberta!bode!dpenner | own unless stated U of A, Edmonton, (University) | Phone No. (403)-481-8785 | otherwise. ------------------------------ From: James Davies Subject: Re: Census Bureau Database Date: Tue, 12 May 92 19:53:52 GMT In article null!eric@sparky.imd.sterling.com (Eric J. Johnson) writes: >What got me started writing this article was a conversation I had >a few days ago with a genealogy fan in my office. I had tacked >up on the wall of my office one the many articles flying about >regarding all the information available to someone with your SSN. >He read the article and told me that he could get much more >information through an area genealogical society, which has been >tracing families through dial-up access to the Census Bureau's >computer. It seems they have access to individual's personal records. It's illegal for the Census Bureau to give out information that can be narrowed down to individuals. However, this restriction is removed after about 60 years -- they just released the information from the 1920 census. I think the delay is pegged to the average life expectancy somehow. I'd believe that they have genealogical records for your ancestors (maybe even you, if you're over 62 years old), but I refuse to believe that they can access 1990 individual data. I do think you have a legitimate concern about matching the Census tract data with other databases to narrow it down...maybe it's time to get the Census Bureau to enlarge their minimum census areas to a few thousand people. ------------------------------ End of Computer Privacy Digest V1 #022 ******************************