PRIVACY Forum Digest Tuesday, 6 December 1994 Volume 03 : Issue 23 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS UK CLI gets go ahead (Sue Schofield) How to remove "SSN as account number"? (Michael McKay) Re: Orwell, 499 channels, and where privacy begins (Jerry Leichter) Re: Sears captures signatures (Bernard Gunther) New Penal Code in Spain (Rafael Fernandez Calvo) How to stop invasions of privacy (Gary Martin) PATNEWS: A review of a book on PGP (Gregory Aharonian) EPIC Alert 1.07 [items selected by MODERATOR] (Alert@epic.org) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW home page at the URL: "http://www.vortex.com/". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 03, ISSUE 23 Quote for the day: "I've got a bad feeling about this..." Han Solo (Harrison Ford) "Star Wars" (1977) ---------------------------------------------------------------------- Date: Mon, 14 Nov 94 14:57:47 +0000 From: Sue Schofield Subject: UK CLI gets go ahead UK Caller Identification Scheme goes awry By Sue Schofield - Sussex, UK While most of the USA telecoms providers appeared to learn the hard way that subscribers don't want their phone numbers disclosed without their consent, BT, the premier UK telecomms supplier, launched a caller line identification scheme (CLI) on November 5th last. At least it would have done if the launch hadn't been delayed until the end of November for 'research' reasons, despite massive hype for the previous launch date of November 5th. BT had already market tested the CLI scheme on the East Coast of Scotland, where 'most users were delighted' by the ability to return home from a night out, dial a number, and have the exchange relay the numbers and times of all the calls they'd missed. Domestic testers were also pleased that the CLI feature 'would cut down on abusive and threatening calls'. Surprisingly BT has not make much out of the fact that CLI can be disabled for each call by adding three digits in front of the number dialled, something which might be of more use to malicious callers than to paying subscribers. Nor do they overplay the very small print in the full page ads of National newspapers, which discloses that the CLI feature can be permanently disabled by calling a Freephone number. The Freephone number is answered by BT sales staff, and suprisingly it doesn't give direct access to an automatic CLI-disabler at the exchange. BT's CLI scheme also covertly dismisses the popular 'ex-directory' (unlisted) feature explicitly requested by many single parents and lone females. This dismissal makes CLI a negative option - you get it even if you don't want it - unless you take action at your time and expense to disable it. From its launch date BT's CLI will automatically disclose the number of tens of thousands of BT ex-directory phones, unless subscribers remember to add the disable code, or dial the Freephone number to get it removed permanently. This is hardly suprising in view of BT's dislike of supplying unlisted numbers - an unlisted domestic number does not allow for unsolicited telemarketing or sales opportunities, devices much loved in the UK by companies selling home improvement and security products. Nor do domestic UK phones generate much in the way of call revenues. - BT estimate that UK domestic lines are in use for calls for only two minutes per day on average. UK readers who might be dismissive of CLI's abilities to erode privacy will be interested to hear of forthcoming telephony applications for personal computers. Cheap 'Tapi-compliant' or 'Computer/Telephony Integration (CTI) systems will be on sale by early 1995. They will allow CLI data to be interrogated by anyone with a cheap PC. It will be possible for instance, for anyone with a Tapi system and a CLI reader to automatically pull out the address of any UK caller - unlisted or not - from one of the growing heaps of pirated directory-listings CD's of UK addresses. The original source of these CD's in many cases is BT's 'unhackable ' UK Directory CD, some hundreds of which are in illicit circulation in the UK. And Tapi makes call-number logging easy. Any sales company can use such a system to identify and log the postal address of any caller with a non-disabled CLI phone. The automatic creation of highly focussed mail-list data is a salesman's dream and it's unlikely that any rights issues will be observed, unless legislation is put in place to stop abuses. A spokesman for Mercury Communications, BT's main UK competitor, disclosed that they wouldn't be offering CLI until they saw how BT handled the complex issues arising from displaying previously unlisted phone numbers, although technically Mercury is equipped to carry the CLI datastream from subscribers. And while privacy and personal rights lobbies in the UK are already preparing for battle, many elderly UK subscribers are unaware of the rights implications of CLI, and will not know how to remove CLI transmission capability from their 'lifeline' phones, unlisted numbers or otherwise. ------------------------------------------------------------------------------ Sue Schofield (sue@s-sco.demon.co.uk) is a UK technology journalist, and the author of the UK Internet Book, amongst others. ------------------------------------------------------------------------------ ------------------------------ Date: 14 Nov 94 11:24:00 -0800 From: MCKAY_MICHAEL@Tandem.COM Subject: How to remove "SSN as account number"? Over the years, I have been frustrated in my attempt to get my student loan account number changed. The account number is my Social Security Number, followed by "-0" (indicating the 1st loan, I'm told). Despite the fact that most univerisities have "alternates" available to avoid the use of SSN, Union Bank refuses to use a different account number. I've escalated matters in the bank (famous "Our computer does not allow us to change it" defense), as well as the California State education board. According to the Social Security Division, it is illegal for them to use it, but when asked who to complain to, I've gotten conflicting information. I've tried both FBI and the Secret Service, as well as more obscure agencies. The bank seems to think I want to deny them the use of my SSN ("We have the right to know it"), despite repeated attempts to explain that I just don't need it as my account number (which is included with each payment I send; hell, they even want me to write it on the check). My problem will go away in a year or two, but I'm sure other people will continue to get student loans (and have no more choice about who administers it than I do). Any suggestion on how to get this changed? What can we do to make this institution [and others] more sensitive to privacy issues? Michael McKay (aka. MCKAY_MICHAEL@tandem.com) (408) 435-5320 Work ------------------------------ Date: Wed, 16 Nov 94 09:12:18 EDT From: Jerry Leichter Subject: Orwell, 499 channels, and where privacy begins An article in a recent Privacy Forum mentioned the potential for video-on- demand providers to track customer usage and use that to target ads, say for the latest Steven Segall movie to viewers with a history of interest in "adventure" flicks. Of course, other forms of buying habit data collection and targeting have been around for a while. An issue I've raised before, but have never seen a serious discussion on, is: Exactly what is it that people find objectionable in such practices? Let's look at a little history. These days, more and more of the services we rely on are provided by very large institutions: Huge supermarkets, clothing store chains, mega book stores. This is a fairly recent phenomenon; how recent varies for different services. Supermarkets have been around at least since the '50's, but even 10 years ago most bookstores were small, local operations. When I went into my local bookstore, I knew the proprieter. He knew me. He also knew my tastes in reading, and would recommend books he'd seen that I might like. Did this bother me, or others? Did it bother people that the owner of the local clothing shop might suggest some clothing that had just come in as "just your style"? That the owner of the mom-and-pop grocery might tell them that fresh apples were in and were particularly tasty this year? (I doubt the owner would have suggested this to a denture wearer - and he'd know who bought the Dentu-cream.) Not only didn't people object to this kind of thing, they liked it. It was a part of personalized service - something that was being lost with the arrival of a new massified society. Ten, twenty, thirty years down the road, we no longer feel that loss. We've come to assume that anonymity is not only our right, but desireable. It shocks us to hear that a book store might keep track of our buying habits. Now, there's certainly a difference between a local book store and a branch of a mega chain like Borders. It's certainly true that a large enough quantita- tive difference results in a qualitative difference. And I certainly have the same feeling that there's no problem with the local book seller knowing what I like to read, but there is a potential problem with Borders keeping track of such information. But it bothers me that I can't elucidate exactly why. Is it only that I personally know the local book seller, while Borders has no human face? Perhaps, but in many ways it's *less*, not more, intrusive to reveal such information to someone you don't have a personal relationship with. What does Borders care? At most, they'll send me some ads. The local book seller may comment on my tastes to others I know, which is much more likely to cause me embarrassment. Is it some gut feeling that Borders does this for the money, while my local book seller does it out of friendship? Perhaps, but that's a misperception: My local book seller is - well, was; they're almost all gone now - in business to eat, too. Good customer relations is as much an issue for him as for a chain; probably more so, as he has many fewer customers. Is it that the information my local book seller has is unlikely to be shared, while Borders will resell what it knows? Perhaps, but again (a) my local book seller is more likely to share the information with people who know me than is Borders, which will sell it with information about thousands of others in an essentially anonymous fashion; and (b) in fact, this information is becoming too valuable to be sold - Borders wants to use the information it gathers to gain an advantage over other mega chains. (BTW, I should say that I'm using Borders as an example because I happen to live near one; I don't even know if they do collect such information.) Is it that I can't get away from this information - it gets passed all around the country faster than I can move? Again, perhaps, but the mobility we take for granted - and the potential for anonymity that comes with it - is also a relatively recent phenomenon. Historically, people didn't move around very much - and one of the things they missed from "the old neighborhood" was the feeling of knowing those around them, and being known to them. I suspect there's another not-so-obvious factor at work here. To be put in a category with two or three or thirty other people by the local book seller is one thing; that re-affirms my uniqueness, since clearly those two or three or thirty others just happen to share some of my reading tastes - the book seller knows each of us as individuals. To be put into a marketing category with hundreds of thousands of others by Borders *denies* my individual iden- tity. It makes me one of a mass. If we aren't noticed at all, we can cling to our belief that, in this big crowd, we are unique and individual. But when we are selected out, our individuality is paradoxically called into question. When my local book seller recognizes my tastes, he recognizes *me*. When Borders does, it simply classifies and, in effect, dismisses me as a person. I'd like to hear any thoughts others have on these issues. If we don't know what it is we treasure, we'll have a great deal of trouble deciding how to protect it. -- Jerry ------------------------------ Date: 16 Nov 94 13:45:25 EST From: Bernard Gunther <72122.2770@compuserve.com> Subject: Re: Sears captures signatures I am not involved with Sears on any credit card issues, but I can easily imagine one reason for capturing all the signatures electronically: - getting rid of paper. I think Sears sells ~$25 billion of stuff every year. Let's assume the average cash purchase is $50 and the average credit card purchase is $200 and that 25% of purchases are on credit cards. X * $200 + 3 X * $50 = $25 billion $350 X = $25 billion x = 71 million charge transactions [Supply your own estimates if you prefer...] Imagine collecting, storing, warehousing, accessing that many little slips of paper. Imagine the cost savings if you could do this electronically. Imagine the benefit for a fraud case where you can say to the judge, this is my signature on the last 10 charges, this most recent one doesn't look anything like it. If you told me I could spend a few hundred dollars per store and save doing something 70+ million times, I certainly would think about it. Bernard Gunther ------------------------------ Date: Mon, 5 Dec 94 00:23:33 -0100 From: rfcalvo@guest2.atimdr.es (Rafael Fernandez Calvo) Subject: New Penal Code in Spain A new Penal Code is about to be discussed in the Parliament of Spain. CLI (*) is putting up a proposal on crimes related to misuse of Information and Communications Technologies against the rights of citizens (specially --but not solely-- privacy). That proposal will be sent to the political parties represented in the Parliament. Legislation to that respect existing in different countries would be of great help to achieve our purposes. Please send text of such legislations --before Dec. 12-- via email or fax to the following addresses: ----------------------------------------------------------------------- Rafael Fernandez-Calvo | rfcalvo@guest2.atimdr.es Member of the Presidential Board of | CLI (Comision de Libertades e Informatica) * | (34-1) 309 3685 Fax (Commission for Liberties and Informatics)| (34-1) 402 9391 Phone Padilla 66, 3 dcha., E28006 Madrid Spain | --------------------------------------------------------------------------- * CLI is an independent coalition created in Madrid on Dec. 1991 by several entities (consumers leagues, trade unions, associations of human right advocates, DP professionals and judges, and the direct marketing sindicate) with a joint membership of about 3 million people. Its main purpose is to promote citizens' rights, specially privacy, against misuse of Information and Communications Technologies. ------------------------------ Date: Fri, 25 Nov 1994 19:39:29 -0500 (EST) From: G Martin Subject: How to stop invasions of privacy I heard a rumor yesterday that I wanted to run past all of you. A relative of mine told me that at least one, possibly more commercial online service(s) may be invading your privacy without you knowing it when you're connected to them. I was told that a particular company routinely uploads your entire directory structure, and sometimes even data within certain files. In one case, they allegedly uploaded part of an attorney's customer database, and this attorney caught them because he had software that told him about the activity. I started thinking about this and realized that it probably would be pretty easy for a BBS or any commercial service you're connected to to grab copies of your directories and files while you're connected to them, especially if you're using their proprietary software to connect with. Allegedly this particular service has something in their contract that tells you they can do this, but I haven't seen how it's worded or how vague it may be. Can you imagine what a problem this could be for you if they upload your personal or business financial records, or customer records that may contain credit card numbers, etc? I also wonder if this is happening when you use the built-in features of some software packages to automatically register them? For instance, I installed a new modem two days ago. The modem came with software that allows me to manage voice and fax communications. It asked me if I wanted to register the software during the setup. I said "yes", and my C-drive was going nutts while I did it. Hmmmmm. 1. Does anyone know where I can find freeware or shareware that will allow me to track every directory read, file read/write and upload or download? I would prefer that it be Windows 3.1 or OS/2 2.1 based software. 2. Are you aware of any software that would PREVENT a commercial service from doing these things? 3. Is there anything I can do using existing MS-DOS or Windows options to track or prevent this short of password protecting or encrypting everything? I intend to check some of the computer privacy mailing lists to see if I can find out more about this. Will update all of you with a single posting to this list when I do. Thanks in advance for your help. Gary ------------------------------ Date: Thu, 17 Nov 1994 23:29:30 -0500 From: srctran@world.std.com (Gregory Aharonian) Subject: PATNEWS: A review of a book on PGP [ From "patents@world.std.com" mailing list. -- MODERATOR ] For those of you who follow the cryptography world, one of the more interesting recent developments has been the PGP (Pretty Good Privacy) encryption program. Developed by an individual, it is a relatively strong encryption technique that runs on a variety of platforms, is available as both shareware and commercially, and came be downloaded from computer sites around the world. If you don't use PGP, you might have noticed strange ASCII signatures in postings to USENET - often these are personal signatures for people who use PGP. A book has been published (or is being released) that is an excellent guide both to the use of PGP, and its' and cryptography's history. The book is titled "PGP:Pretty Good Privacy" and is written by Simson Garfinkel. It is availble from O'Reilly & Associates (1-800-998-9938) - I am not sure of the price, but O'Reilly's books are reasonably priced. Amongst other things, the book has a fair amount of material on the patent aspects of cryptography (yes this review has some relevance for my patent news service), including the latest wranglings involving RSA. (This book is filled with tons of acronyms). My review of the book is that it is an excellent book, both as a user guide to PGP, and as a history of cryptography. For PGP, it explains how the program works, how to get a copy of the program and install it, and how to use the various options. I don't use PGP because encryption key management to me sounded as burdensome as contact lens cleaning management, which I also don't use. However Simson's explanation of PGP is convincing enough for me to eventually use PGP, once I find something worth encrypting. d PGP was quite interesting, with many ancedotal stories about the various characters involved. As the book goes to press, patent and business shenigans continue, so the book is quite timely. The book also explores some of the privacy, policy and national security aspects of cryptography, including the recent brouhaha over the Clipper chip, triple-DES, and the whys of dual secret key PGP. (Fortunately for those weak at heart, Galois Fields are not mentioned). So if you are in to this stuff, or considering using PGP, get a copy of the book. Greg Aharonian Internet Patent News Service (for subscription info, send 'help' to patents@world.std.com ) (for prior art search services info, send 'prior' to patents@world.std.com ) (for WWW patent searching, try http://sunsite.unc.edu/patents/intropat.html ) ------------------------------ Date: Sat, 12 Nov 1994 10:30:06 -0800 From: Alert@epic.org Subject: EPIC Alert 1.07 [items selected by MODERATOR] [ Items from the full Epic Alert newsletter were selected by the PRIVACY Forum moderator for inclusion in this issue of the digest. -- MODERATOR ] ============================================================= Ohio Court Upholds Privacy of SSNs ---------------------------------- In a decision handed down on October 26, the Ohio Supreme Court has ruled that governmental disclosure of Social Security numbers (SSNs) violates individuals' constitutional right to privacy. At issue was a request by the Akron Beacon Journal for release of computer tape records of the City of Akron's year-end employee master files. The payroll files contain various information including employees' names, addresses, telephone numbers, SSNs, birth dates, education, employment status and positions, pay rates, service ratings, annual and sick leave information, overtime hours and pay, and year-to-date employee earnings. The City had provided the records to the newspaper, but deleted the SSNs on privacy grounds. EPIC staff, on behalf of Computer Professionals for Social Responsibility, joined with the Public Citizen Litigation Group in filing a "friend of the court" brief in the case. The CPSR/Public Citizen brief highlighted the privacy implications of SSN disclosures and argued in support of the City's decision to withhold the numbers. The brief urged the Ohio Supreme Court to follow the lead of the U.S. Court of Appeals for the Fourth Circuit in the case of Greidinger v. Davis, where Virginia's practice of requiring SSNs for voter registration purposes was held unconstitutional. EPIC staff had similarly participated in the Greidinger litigation as friends of the court. Significant excerpts from the Ohio Supreme Court decision: The city's refusal to release its employees' SSNs does not significantly interfere with the public's right to monitor governmental conduct. The numbers by themselves reveal little information about the city's employees. ... While the release of all city employees' SSNs would provide inquirers with little useful information about the organization of their government, the release of the numbers could allow an inquirer to discover the intimate, personal details of each city employee's life, which are completely irrelevant to the operations of government. As the Greidinger court warned, a person's SSN is a device which can quickly be used by the unscrupulous to acquire a tremendous amount of information about a person. ... Thanks to the abundance of data bases in the private sector that include the SSNs of persons listed in their files, an intruder using an SSN can quietly discover the intimate details of a victim's personal life without the victim ever knowing of the intrusion. Coming a year after the Greidinger decision, the Akron Beacon Journal case continues a trend toward judicial recognition of the privacy implications of SSNs. EPIC will continue to participate in related litigation in an attempt to establish a body of caselaw protecting the confidentiality of SSNs and other personal information. A copy of the decision is available at cpsr.org /cpsr/privacy/ssn ohio_ssn_case_1994.txt. Canada Asks for Comments on Information Superhighway Privacy ------------------------------------------------------------ The Canadian Information Highway Advisory Council has released a discussion paper entitled "Privacy and the Canadian Information Highway." The Council is asking for comments on the paper and recomendations on how privacy should be protected on the Canadian information superhighway. The paper discusses privacy issues relating to transactional data and profiling, transaction security and individual identification, identity cards and single identifier numbers, and monitoring. It provides a general overview of Canadian and international privacy for both government and private sector data. The report reviews possible approaches to privacy protection: legislation and regulation; voluntary codes and standards; technological solutions; and consumer education and the possible benefits and drawbacks of each. It asks for comments from interested parties on possible approaches. Comments are due by December 23, 1994, and should be sent to Parke Davis, Director General, Information Highway Advisory Secretariat, Room 614, Journal Tower North, 300 Slater Street, Ottawa, Ontario Canada K1A 0C8 or emailed to council@istc.ca. An electronic version of the paper is avaiable from the CPSR Internet Library. See below for details. ------------------------------ End of PRIVACY Forum Digest 03.23 ************************