PRIVACY Forum Digest Friday, 12 March 1993 Volume 02 : Issue 08 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Re: Should the information industry be consentual? (Tommy O'Lin) Re: Should the information industry be consentual? (kaiser@heron.enet.dec.com) B.C. Will Choose New Privacy Commissioner (Leslie Regan Shade) Quebec examines personal data law (Leslie Regan Shade) Reverse directories (Joseph Pearl) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------- ------------ The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are also available through the Internet Gopher system via a gopher server on site "cv.vortex.com". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------- ------------ VOLUME 02, ISSUE 08 Quote for the day: "I would like to be on some cutting-edge Bell Labs thing. But I'm just not smart enough, so I'd probably be backing up stuff and getting coffee." -- Illusionist Penn Jillett (of Penn & Teller), when asked what he'd like to be doing if he were working in high-tech. ----------------------------------------------------------------- ----- Date: Tue, 9 Mar 93 14:05:50 EST From: adiron!tro@uunet.UU.NET (Tommy O'Lin) Subject: Re: Should the information industry be consentual? From: John Pettitt Continuing the public discussion with Larry .... I submit that he has yet to prove a case where free flow of _accurate_ information has caused a problem. [paragraphs omitted] Data collection and trading is going to happen no matter what - even if it moves off shore (a silly concept in the digital age). The sooner we face the reality and establish norms, conventions and taboos regarding data the better. A start would be to: 1) don't restrict the free flow of _accurate_ data Well, then, how about if John posts to the rest of us: - a full (and accurate, of course) financial disclosure, including a list of all bank accounts (with balances), all credit accounts (with balances), all investment holdings, all real property holdings, etc. Be sure to include accurate income information. - a list of all publications to which he subscribes or has subscribed in the past 5 years. - a list of all organizations to which he has donated money or other property over the past 5 years. - a list of all books and audio/video recordings he has bought, rented, or borrowed over the past 5 years. - anybody want to know anything else? Send in your queries today! As long as he's at it, he might as well post the information on the front of his home and business - and it would be convenient for some people if he posted it on the bulletin board at the grocery store, too. Of course, no harm would come from any of this, as long as the information is _accurate_. 2) establish clear, enforced methods of trcking data 3) make provision for reaonable penalties for selling inaccurate data The problem with all this it is completly impossible to enforce. If not impossible, perhaps difficult. Laws against homicide cannot prevent murders, but society still tries. If you can find a real case of harm by accurate information used lawfully and a way of enforcing privacy I would be happy to look at it. You might be right. Let's give it a try. Post your accurate information and see if anything happens. Tom Olin tro@partech.com uunet!adiron!tro (315) 738-0600 Ext 638 PAR Technology Corporation * 220 Seneca Turnpike * New Hartford NY 13413-1191 ------------------------------ Date: Wed, 10 Mar 93 11:22:18 +0100 From: kaiser@heron.enet.dec.com (European Technology & Architecture) Subject: Re: Should the information industry be consentual? John Pettitt writes: I submit that [Larry Seiler] has yet to prove a case where free flow of _accurate_ information has caused a problem. Problems for whom? Experience shows that in the business of accumulating and exchanging databases about personal information there is a high rate of corruption, of both data [1] and individuals [2]. Moreover, there are plenty of obvious cases where the free flow of accurate information is unwise, inhumane, or illegal [3]. [1] As a consultant I've worked with businesses on their billing and marketing databases, and my professional experience is that the best of these has a high error rate. I've also worked with governmental agencies on similar databases, and once had the dismal pleasure of seeing two years' work -- on a project funded by a UN agency, not done by me -- having to be abandoned when I demonstrated the internal inconsistency of personal data in the database. Read "Consumer Reports" (Consumers Union) about the problems with credit-reporting companies. Good rule of thumb: all data are dirty until proven otherwise. Many of us can provide anecdotal evidence from my own credit life. I can. [2] Anecdotal evidence from many recent cases, for instance those involving the sale of police data by trusted insiders, or the sale of banking and credit information by trusted insiders. Several of these in the news recently. [3] Medical information? Sexual information? Arrest records? The information may be accurate, but should it flow freely? What about a complete and accurate transcription of all your conversations and activities with the last three boyfriends/girlfriends you haven't married? These aren't only civil liberties problems; there are business costs for using inaccurate data, or using even accurate data inappropriately; but businesses -- at least in America -- can, so far, force society and individuals to shoulder much of those costs. We shouldn't have to. ___Pete ------------------------------ Date: Wed, 10 Mar 1993 19:46:43 -0500 (EST) From: Leslie Regan Shade Subject: B.C. Will Choose New Privacy Commissioner The March 9, 1993 issue of The Globe and Mail (Canada's national newspaper) had an article on p. A9 entitled "How B.C. is forming open society" by Robert Matas. Paraphrasing from the article: Matas mentions that the province of British Columbia has just closed their job competition for the province's first information and privacy commissioner. The recommendation for hiring should happen next month when the all-party legislation decides who is the lucky person--out of 170 applicants. B.C.'s first freedom of information law passed last year. This law assumes that "Canadians no longer trust politicians and bureaucrats to handle public policy" B.C., although the 8th province to introduce such legislation, promises to be more advanced than other laws. Beginning in the fall, information and privacy provisions are to be phased in over 18 months, with public access to the files of about 200 provincial boards, agencies, commissions, and corporations. The "leading edge" provision will require senior government officials to disclose information (with or without a request) that reveals a serious health, safety, or environmental hazard. As well, the provisions will be extended to cover school boards, municipalities, hospital boards, police boards, postsecondary institutions, and local government agencies. By 1995, self-governing professional bodies (doctors, lawyers, architects, engineers, etc) will be required to comply by 1995. ------------------------------ Date: Wed, 10 Mar 1993 19:58:56 -0500 (EST) From: Leslie Regan Shade Subject: Quebec examines personal data law >From the Globe and Mail (Canada's national newspaper), February 24, 1993, "Quebec examines proposal on guarding personal data", by Rheal Seguin. Paraphrase: the article mentions that a bill for the Province of Quebec which aims to protect personal information (credit card records, medical files) is being scrutinized by a Quebec National Assembly committee. The bill would require that personal information obtained by credit bureaus or other private companies not be available to third parties without the individual's consent. Several instances have alarmed privacy advocates, and these have been raised by the Parti-Quebecois communications critic, Michel Bourdon. For instance, it is alleged that employees of Equifax Canada have passed themselves off as Revenue Ministry employees in order to obtain the addresses of individuals who have defaulted on their Hydro-Quebec (electricity) payments. Equifax Canada is the largest credit bureau in Quebec. Their biggest client is the Quebec Ministry of Manpower, Income Security and Skills Dept., which frequently requests credit checks on welfare recipients. As well, a Montreal woman, after receiving treatment in a hospital for heart problems, received information about a pre-arranged funeral package. Critics of the legislation, such as Rebe Laperriere of the University of Quebec's Groupe de recherche informatique et droit, believe that the law should state clearly under what circumstances a company could have access to personal information, as well as imposing tighter restrictions on how it is used. ------------------------------ Date: Thu, 11 Mar 93 09:28:03 EST From: joep@jaguar.informix.com (Joseph Pearl) Subject: reverse directories Just a little more into the fray... I was at Sears with my wife, returning something, when the cashier asked what our phone number was. Without thinking, my wife told the cashier (one of those rough days where the brain shuts down after 6pm). The cashier then recited our name and address and asked if it was correct. Well, this had me thinking the rest of the night -- what are they doing with such information readily available at the cashier level? Also, of what importance is that information when returning a $3 item? I think that, next time, we're going to either use a fictitious phone number or simply refuse. I wonder what will happen... It's not that I'm keeping that information private - I'm listed in the phone book. I just can't understand why it's necessary. -> From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) -> -> A final suggestion is the use of "canary traps" - creative mispellings -> of your name for different uses - to pinpoint what list information -> was garnered from. I, too, use creative mispellings of my name. It's *really* interesting to see from where the lists come from. joe. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+ Joe Pearl Tel: 212-753-3920 Informix Software, Inc. Fax: 212-753-4210 757 Third Avenue Email: joep@informix.com New York, NY 10017 [ I have removed somewhat extensive quoted text (from previous digest messages) that was originally included in the above message. A comment: I would suggest that it is never a good idea to use a fictitious phone number in response to a clerk's query. Doing so simply risks dragging some other person, who might have that number, into the situation. If the clerk insists on a number, and you don't want to give it, ask for the manager, or consider doing business elsewhere. Keep in mind that in most cases you're simply dealing with a clerk who has a specific set of information he has been instructed to get and may not realize that not everyone is willing to provide a number. However, in almost all cases, when faced with a choice of not getting the number or losing the sale, the clerk will opt for the former. -- MODERATOR ] ------------------------------ End of PRIVACY Forum Digest 02.08