Date: Fri, 29 Jul 94 10:30:55 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#014 Computer Privacy Digest Fri, 29 Jul 94 Volume 5 : Issue: 014 Today's Topics: Moderator: Leonard P. Levine National ID Card Idea Resurfaces Re: Many Phone Taps are now Legal Re: Many Phone Taps are now Legal Re: Questions about using "discussion list" membership lists Re: Questions about using "discussion list" membership lists Re: Questions about using "discussion list" membership lists Is License Plate No. a Key to Personal Info? Re: Government E-Mail Directive Re: Credit Card Opt Out? --------------------------------------------------------------------- Housekeeping information is located at the end of this Digest. ---------------------------------------------------------------------- From: "Prof. L. P. Levine" Date: 29 Jul 1994 08:21:06 -0500 (CDT) Subject: National ID Card Idea Resurfaces Organization: University of Wisconsin-Milwaukee Taken from EPIC Alert 1.05 Published by the Electronic Privacy Information Center (EPIC) Washington, DC (Alert@epic.org) National ID Card Idea Resurfaces On July 12, CBS Evening News reported that the National Commission on Immigration Reform, a bipartisan group formed by the 1990 Immigration Reform Act, was planning to recommend a national identity card for all persons in the United States for the purpose of verifying employment eligibility and facilitating transactions with government agencies. CBS reported that each card will contain a name, photo, fingerprints, magnetic stripe with info and a "verified SSN." The network reported that the program would be implemented by age group over a number of years. The proposal was reportedly supported by Senator Alan Simpson of Wyoming, a long-time supporter of ID cards. California Gov. Pete Wilson has offered to make California a test-bed for the proposal. The proposal was opposed by Xavier Beccera, a Congressman from California, who expressed concern over cost and privacy issues. The Secret Service has testified that a secure card system could be developed for an estimated $2 - 4 billion but cautioned that within a few months, forged cards would be available. The day after the CBS report, the Commission issued a press release stating that it was still in the process of completing a draft report which is due on September 30. The release stated that the commission "has not proposed a national identity card. Citizens will not be required to carry a photo ID with fingerprints to prove that they are legally in the United States, despite media reports." The Commission said it would investigate a "simple, fraud resistant way of verifying authorization to work, building on information the government already maintains...." Former Congresswoman Barbara Jordan will testify before the Senate Judiciary Committee on August 3, 1994 regarding the preliminary recommendations of the Commission on Immigration Reform for a "Workplace Eligibility Card." Expect heated debate about the use of the card as a national identifier, and also questions about the use of the Social Security Number and linkages to the Social Security Administration databases. There have been several attempts in the past 20 years to implement ID cards. Congress rejected proposals in 1986 and 1990 by Sen. Simpson to require identity cards for employment. Martin Anderson, a former aide to President Reagan also reported that Reagan rejected an ID card in 1981. EPIC is working with Privacy International and several domestic groups to investigate this issue. PI has led successful campaigns against national ID cards in Australia, New Zealand and the Philippines. ------------------------------ From: Chuck Weckesser <71233.677@compuserve.com> Date: 28 Jul 94 09:43:00 EDT Subject: Re: Many Phone Taps are now Legal One writer is mistaken when he states that "all" cordless phones are fair game. One, available from the Sharper Image (A Uniden model) operates on the 900 mghz range, making "accidential" interception impossible. P.S. Drawback: Phone currently costs $350 or so, but I think it's worth it. ------------------------------ From: eck@panix.com (Mark Eckenwiler) Date: 28 Jul 1994 09:43:03 -0400 Subject: Re: Many Phone Taps are now Legal Organization: Uvula Debentures 71604.710@compuserve.com sez: The Electronic Communications Privace Act (ECPA) defines protected communications, specifies the legal requirements for interception and sets out the process for authorizing interception. The ECPA specifically refers to the handset to base portions of "cordless telephones" and permits interception of that portion without any legal process (warrant). The law draws a distinction between the handset to base portion of the call, which it equates with all other radio communications governed by the FCC; and the rest of the call (from the base to the telephone company equipment). The terminology is different, but the legal concept is exactly as related by Anderson. Basically, the radio portion of a "cordless telephone" call is fair game. Correct: ECPA excludes cordless calls from its penalty provisions. Incorrect in several US jurisdictions: The radio portion of a "cordless telephone" call is fair game. from the draft misc.legal FAQ (really, I'll finish this year): Q. Can I listen to cordless phone calls on my scanner legally? A. It may be illegal, depending on which state you live in. Cordless phone transmissions are explicitly exempted from the protection of Title III, the federal eavesdropping/wiretap statute. (As of this writing in Feb. 1994, however, the proposed Digital Telephony legislation would extend coverage, making it a felony comparably to tapping a normal wire-based phone conversation.) Some states already protect such calls. The applicable eavesdropping statute in NY is Penal Law sec. 250.05. Court decisions expressly applying it to cordless phone calls include _People v. Fata_, 159 A.D.2d 180, 559 N.Y.S.2d 248 (2d Dep't 1990) and _Sharon v. Sharon_, 147 Misc. 2d 665, 558 N.Y.S.2d 468 (Sup. Ct. Nassau Cty. 1990). Similarly, Connecticut's Supreme Court has interpreted that state's general eavesdropping statute to cover cordless phone transmissions. See State v. McVeigh, 224 Conn. 593, 620 A.2d 133 (1993). And in California, listening in on cordless phone conversations is explicitly prohibited by Penal Law Section 632.6. Some people on Usenet have made repeated claims that a recent Supreme Court decision invalidates these state laws. These same people have never been able to identify the case in question, and a brief investigation leads this author to conclude that no such case exists. (I'll add this supposed case to the FAQ as soon as someone furnishes a name or a cite for it.) ------------------------------ From: mkellis@ritz.mordor.com (Michael Ellis) Date: 28 Jul 1994 15:58:22 GMT Subject: Re: Questions about using "discussion list" membership lists Organization: Mordor International BBS David Bridge, MSC VAX System Manager (DAVID@SIMSC.SI.EDU) wrote: We are compiling a "Directory" of people and their e-mail addresses in one subject area (museums, museum staff, cultural organization, and museum-related organizations) currently using the various worldwide electronic networks. [...] THE PROBLEM: It has been suggested that it would be very wrong for us to gather names from these distribution list, (even though they are public domain in my opinion) and include them in the directory without the explicit approval of the individuals. We know that laws, customs, ethics, and netiquette vary from country to country. Including names and addresses from these discussion lists will be a VERY important and major contribution to the final directory, if they can be included. Fourth Possibility: Compose an email message to the various mailing list stating who you are, what you're trying to do, and why, and ask that interested parties send *you* their names and email addresses. This way you can communicate with everyone (via the list, since pretty much anything on-topic for these lists is 'appropriate' so long you do it via the list, and not via individual email). Those who respond affirmatively get put on your final list. Those who do not respond or who respond negatively are not put on your list. This doesn't completely solve the problem of unsolicited email: you're emailing to them via the mailing list rather than via individual addresses, but it's still unsolicited. But it shows greater sensitivity to those on the lists, and maintains the veneer of privacy: lists are easily subscribed or unsubscribed to, so you're not tracking them by their actual email address, merely by a general mailing list. Does using the names of a public list, WITHOUT permission constitute an invasion of privacy ? I think so. Keep in mind that, if public mailing lists become a source of names for this sort of thing, people will move over to concealed lists entirely rather than put up with the hassle. An email, even one where subscribers can be reviewed rather easily, is still a private thing: an explicity association of that person with that list. If it's considered poor form to cull email addresses out of news messages (like this one) then it's doubly so to do that out of mailing lists. If we include the names without permission, is it: completely legal, "bad form", poor netiquette, or illegal ? Can't answer you legally. It's definitely bad form and poor netiquette. I tend to think that the key to understanding the Net is using the concept of explicit association: people will delve into areas where they have an interest, and will associate via their own free will. Postings made in public areas may serve to attract people to the subject (FAQs, announcements in appropriate places, WWW sites, etc), but it's not polite to solicit information (or gather it) without that explicit association. Therefore: just because I post here, or subscribe to a firewalls mailing list, for example, doesn't mean I want everybody and their brother who has interests along those lines to be gathering my email address and sending me ads, putting me on lists, etc. If I want to know about your organization, the best way to let me know about it is to post about it in an 'announce' newsgroup (or to the mailing list, if the list memebers aren't adverse to that sort of thing), and then let me come to you. -- Michael K. Ellis mkellis@mordor.com ------------------------------ From: nevin@cs.arizona.edu (Nevin Liber) Date: 27 Jul 1994 19:13:29 -0700 Subject: Re: Questions about using "discussion list" membership lists Organization: University of Arizona CS Department, Tucson AZ David Bridge, MSC VAX System Manager wrote: 2. We could post a message to each list about our project, and that their names and addresses will be included after some date, UNLESS they issue the conceal command (with instructions on how to do that). How about: 4. You could post a message to each list about your project, and that their names and addresses will be included if and only if they send you a confirmation message. It seems that you are of the opinion that most people would not want their name and email address to be published here. If this is true, then of course it is "wrong" to publish this list. If it is not true, then be up front with them. Me, personally: if you were up front and asked if I minded that you published my email address in association with one of my interests, I would probably say no problem. If you were sneaky about it and did it behind my back deliberately, then I might, if mad enough, give you lots of negative publicity (especially to anyone who sends me a message of the form: I got your name out of this published book). Then again, I might not care (eg: the Internet White Pages). It's not just my name and email address you are publishing; you are also implying (no matter how many disclaimers you put on) and affiliation of me with some group. Does using the names of a public list, WITHOUT permission constitute an invasion of privacy ? I would say yes, if the expectation of being on that list is private. Generally, people don't like information being gathered about them. If we include the names without permission, is it: completely legal, You probably won't lose a lawsuit based on it. "bad form", poor netiquette, I would consider it both of these. or illegal ? Probably not. Ask your lawyers, not us. Coincedentally, this issue is relevant to me right now. A couple of days ago, I got a piece of email to an old address of mine, with someone asking me for information on software engineering. I politely asked the person where they got my address from. It seems that some software engineering newsletter published my email address for some unknown reason (to me). I have no clue as to who did this, and I have no idea why someone is using my name and associating it with something to do with software engineering. -- Nevin ":-)" Liber nevin@cs.arizona.edu (602) 293-2799 +++ (520) after 3/95 summer office: (602) 621-8112 Only 16 more shopping days 'til my birthday (August 12th)!! ------------------------------ From: kec@stubbs.ucop.edu Date: 28 Jul 94 13:49:56 PDT Subject: Re: Questions about using "discussion list" membership lists Organization: University of California, Berkeley Though I am a fairly seasoned list user, and I save the "about this list" info that I get with each subscribe, almost none of the lists made clear to me whether the default on the list was "conceal" or "no conceal". And in almost all cases, the default was that my name was not concealed. So though the function is there and the lists are "public," I don't think that most people on lists are aware that their email address can be obtained with a simple command. For that reason, I think you should follow your #2 plan: 2. We could post a message to each list about our project, and that their names and addresses will be included after some date, UNLESS they issue the conceal command (with instructions on how to do that). because it would be an education to the people on the lists about the issue of their privacy. I don't think that list subscriber's names should be public unless subscribers themselves explicitly make them so. -- Karen Coyle CPSR/Berkeley chapter ------------------------------ From: harris.jarnold@ic1d.harris.com (Jon Arnold) Date: 28 Jul 1994 12:36:42 GMT Subject: Is License Plate No. a Key to Personal Info? Organization: Harris Corp - ATCSD While watching channel 6 late news last night, they did a short clip on the fact that in Florida, if you get a vehicle's license plate number, you are *readily able* to get the owner's name, date of birth, *social security number*, address, etc. I can't believe this!?! The example used in the clip was that if for example somebody cut you off while driving and you got the license number, you could go to any tax collector's office and simply ask for the information, and they are *required* to give it to you. There MUST be more to the story than this!?! The clip went on to say that this law was repealed in California a few years ago because some woman was stalked & killed by somebody who got information about her this way. Is there a bright side to this law? Surely it can't be as "open" as the news clip suggests? -- harris.jarnold@ic1d.harris.com ------------------------------ From: newcombe@aa.csc.peachnet.edu (Dan Newcombe) Date: 22 Jul 1994 14:58:58 UNDEFINED Subject: Re: Government E-Mail Directive Organization: Clayton State College huggins@quip.eecs.umich.edu (Jim Huggins) writes: shown each time I used it, but I disregarded them.) The theory being, of course, that IBM wasn't paying for Internet access so that I could talk for free with my girlfriend (now my wife). I thought that for Internet access, places paid one flat annual fee. So what difference does it make. It would seem you'd be getting your moneys worth if people used it more and more. -- Dan Newcombe newcombe@aa.csc.peachnet.edu Clayton State College Morrow, Georgia -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "And the man in the mirror has sad eyes." -Marillion ------------------------------ From: "BETH GIVENS" Date: 28 Jul 1994 16:26:28 -0700 (PDT) Subject: Re: Credit Card Opt Out? Organization: Privacy Rights Clearinghouse, USD Clarification for Eric Smith regarding California's new opt-out law for credit cards. As far as we know, the new law in California is unique in the country. No, this is not already a federal law. The proposed amendments to the Fair Credit Reporting Act would require credit *reporting* companies to offer consumers an opt-out from solicitations generated from their files, a requirement that California passed into law last year. It's important to make the distinction between laws that affect credit reporting companies (TRW, Equifax, Trans Union), and laws that affect credit card companies. California's new opt out law is aimed at credit *card* companies. A similar law passed last year in California was aimed at credit *reporting* companies. Both laws give *California* consumers some measure of control over the use of their personal information for "junk mail" solications based on the transactional information generated from credit transactions. In general, we see the ability to control the use of one's *transaction generated information* as being one of the key privacy issues to be debated as the so-called information superhighway is developed. -- Beth Givens, Privacy Rights Clearinghouse, Univ. of San Diego ------------------------------ The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. End of Computer Privacy Digest V5 #014 ****************************** .