PRIVACY Forum Digest Saturday, 14 January 1995 Volume 04 : Issue 02 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS Re: Caller-ID harassment syndrome (Robert A. Rosenberg) Re: Orwell, 499 channels, and where privacy begins (David Stodolsky) Re: Orwell, 499 channels, and where privacy begins (Peter Knoppers) Re: Orwell, 499 channels, and where privacy begins (Derek Atkins) Privacy & the blood supply (c_farer@gate.net) AIDS & the blood supply (was Orwell, 499 channels...) (Adam Shostack) Re: AIDS & the blood supply (Christopher Zguris) Mandatory HIV registration (Karl Anderson) Cruising for murder (Paul Gloger) Looking for testimonals (EricJM) Phone bill balance by phone - no security? (Michael W. Gardiner) Montgomery Ward Class Action (B. Daniel Lynch) Connection Logging by Web Servers (Scott Coleman) Communities that discourage privacy (Craig Partridge) International Cryptography Institute 1995 (Dorothy Denning) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW home page at the URL: "http://www.vortex.com/". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 02 Quote for the day: "Two men, on a vampire hunt. Simple? They certainly are." -- From the trailer for "The Fearless Vampire Killers or Pardon Me, But Your Teeth Are In My Neck" (1967) ---------------------------------------------------------------------- Date: Sun, 25 Dec 1994 01:33:02 -0500 From: hal9001@panix.com (Robert A. Rosenberg) Subject: Re: Caller-ID harassment syndrome On 19 Dec 1994 at 12:52:01 -0800, Paul Baclace wrote: >Apparently there is a service that allows one to dial the caller-ID of >the most recent in-coming call. The $5 a month service causes *69 >to return the call and requires no special hardware. Luckily, the number >is erased after another incoming call, but one woman had her answering machine >outgoing message state her phone number... > >A defense against this is either for everyone to have caller-ID or everyone >to block the caller-ID when making calls. Neither option is reasonable and >doing both is the best defense, but it adds no value to the use of the >phone system--it simply is an extra cost for a creep-deflector and a >creep-enabler. I am sorry to inform Mr. Baclace that *69/Call*Return and *67/Call*Trace (which prints out a copy of calling number which will then be available to turn over to the Police when you report a Harassing Phone Call) work even if the caller has the Call Blocking Feature. All that does is NOT display it on your Caller*ID Unit. It is still stored for use with the other features. There are also issues with the non-optimal (and in some cases fraudulent) way Caller*ID has been implemented in certain areas. For example, Unlisted and/or Unpublished numbers may not automatically assign the Caller*ID All-Calls Blocking Feature to the line (you must request [and possibly pay for] the feature on your line). Also, in many places the [Un]Block-a-Call *xx number is just a toggle to switch between the standard line state (which can be Blocked/UnBlocked) to the other state for the current call. There is no indication of which state it is selecting. Some places do have Separate Codes that sets the State for that call to Blocked or Unblocked (Use of the Code thus Insures the State even if it is the default state for that line). ------------------------------ Date: Sun, 25 Dec 94 16:55:42 +0100 (CET) From: david@arch.ping.dk (David Stodolsky) Subject: Re: Orwell, 499 channels, and where privacy begins Christopher Zguris <0004854540@MCIMAIL.COM> writes in Subject: Re: Orwell, 499 channels, and where privacy begins: > karl@reed.edu (Karl Anderson) wrote: > >I signed up to donate blood when I was 18, before I had ever been > >tested for HIV. I was given a questionnaire first. The fine print > >mentioned that in accordance with state or federal law > >something-or-other, names associated with several types of positive > >tests, including syphillis and HIV, would be forwarded to state or > >federal agency this-or-that. Some government official had been > >recently blathering to himself in the media about quarantine camps and > >glow in the dark tattoos. I turned around and walked out. > > This dangerous attitude is obscene. How about my -- and everyone else's -- > right, Karl, to get uninfected blood should we require a transfusion or find > out if a sexual partner has tested positive so that we may know? AIDS has > spread like wildfire partly due to the blood supply being such a mess and > refusal to allow for any sort of partner tracking due to "privacy" concerns. > If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger to > the community and anyone he/she may have had sex with. The point of This is one of those arguments in which both sides have good points, within the current context. However, one side has a better argument for changing the current context, which is both possible and seriously needed. Christopher Zguris exaggerates the risks to the blood supply and to sexual partners. Chances of receiving HIV contaminated blood are about one in a quarter of a million in the USA. Sexual partners should always be assumed to HIV positive, unless there is an exclusive sexual relationship. However, not enough has changed in the social relationships surrounding blood donation to ensure that the next slowly developing virus disease will be stopped before many people are infected. And we can be reasonably confident that there will be a next one. Social relationships surrounding sexually transmitted disease have seen virtually no change in most places, and HIV transmission is continuing to increase, facilitating spread of TB and who knows what else. A restructuring of social relationships to make the protection of individual rights and of the public's health mutually supportive are urgently needed. The approach taken by Karl Anderson is one which could force policy makers to rethink this problem. If people stop giving blood because of inadequate privacy protection, something will be done. I have been working on this problem since about 1979 and have yet to receive any support. This is the abstract of my recently rejected research proposal: ==================== Security in Blood Donation: Privacy Protection and the Safety of Donated Blood. Improved methods of data collection and improved data security can enhance blood donors' privacy. Better privacy for donors reduces the risk that sensitive data are withheld and increases flexibility in data utilization. Therefore, privacy enhancement can improve the safety of donated blood and ease identification of new infectious agents. The first phase of this project investigates the acceptability and feasibility of computer interviewing and improved data security. Rate of elicitation of HIV-related risk factors and judged privacy are expected to be greater in computer interviews as compared to traditional interviews. Perceived desirability of cryptographic data security is expected to vary widely among countries because of differing data protection regulations. Feasibility of an enhanced donor data security system will be assessed in view of current chip-card initiatives in different countries. The second phase integrates computer interviewing into blood bank operations and pilot tests the enhanced security system. Notification methods which preserve donor privacy will also be tested at this stage. Harmonization of data security methods among the participating countries will be investigated from a comparative ethical and legal perspective. Phase three involves deployment of an integrated interviewing, notification, and data security system. Data collection started in phase one will continue throughout the study. Methods for automatic detection of clusters of risk factors and biological markers will be investigated. Secure and harmonized data collection will permit early warning of risks to the safety of donated blood in the cooperating countries. ==================== A theoretical paper that deals with the same technology applied to sexually transmitted disease is under revision. The chances of it being published in the near future are low, since the referee's comments include that it is impossible to do (b), so I must be trying to explain how to do (x), etc. See below for (b). If you can help by commenting the draft, request a copy: ====================== Anonymous Partner Notification Abstract The very long latency between HIV infection and the appearance of AIDS imposes extensive information processing requirements on partner notification efforts. The apparently contradictory needs of maintaining the right to privacy of infected persons, while simultaneously providing information to persons at risk of infection, imposes severe security requirements. These requirements can be satisfied by a Contagion Management System based upon networked personal computers of a kind now becoming available. Security of information is based upon cryptographic protocols that implement anonymous partner notification (contact tracing) and privacy preserving negotiation. The proposed scheme has the following properties: (a) Contact tracing is automated, (b) contacts remain anonymous, (c) sensitive information is kept private, and (d) risk conscious users can act in a manner indistinguishable from that occurring if secured information were made public. Optimal health protection can thus be obtained while securing informational rights. Privacy preserving negotiation (c & d) is addressed separately (Stodolsky, in review). Key terms: Preventative health services, patient data privacy, real time systems, distributed data bases, epidemiology. David S. Stodolsky, PhD Internet: david@arch.ping.dk Tornskadestien 2, st. th. (C) Tel.: + 45 38 33 03 30 DK-2400 Copenhagen NV, Denmark Fax: + 45 38 33 88 80 ------------------------------ Date: Mon, 26 Dec 1994 13:36:36 +0100 From: knop@duteca8.et.tudelft.nl (Peter Knoppers) Subject: Re: Orwell, 499 channels, and where privacy begins Christopher Zguris <0004854540@MCIMAIL.COM> wrote: >karl@reed.edu (Karl Anderson) wrote: >>I signed up to donate blood when I was 18, before I had ever been >>tested for HIV. I was given a questionnaire first. The fine print >>mentioned that in accordance with state or federal law >>something-or-other, names associated with several types of positive >>tests, including syphillis and HIV, would be forwarded to state or >>federal agency this-or-that. Some government official had been >>recently blathering to himself in the media about quarantine camps and >>glow in the dark tattoos. I turned around and walked out. > >This dangerous attitude is obscene. How about my -- and everyone else's -- >right, Karl, to get uninfected blood should we require a transfusion or find >out if a sexual partner has tested positive so that we may know? AIDS has >spread like wildfire partly due to the blood supply being such a mess and >refusal to allow for any sort of partner tracking due to "privacy" concerns. HIV is a sexually transmitted disease. However HIV does not transmit very easily. There are many diseases that are much more easily trans- mitted. Dangerous diseases that can be transmitted through airborne particles, or by a simple handshake require active tracking to find and cure (or isolate) their bearers. Some forms of tuberculosis do warrant such measures. Like Karl Anderson, I would never have donated blood if there was the least bit of chance that my name would be entered on an HIV list of some government agency. Of course the blood bank has every right and need to ensure and protect the quality of its product. In the Netherlands, the blood bank informs all persons whose blood turns out HIV-positive of their situation. (This policy is advertised in very clear terms.) Naturally, the blood bank will no longer take blood from said persons. The blood banks here ask a lot of questions each time anyone donates blood. The relevance of these quistions is very clear: recent infections with HIV can not (yet) be detected with blood-tests. All persons donating blood know that their blood (every donation) is tested for HIV (and quite a few other things) and that they shall be informed if any of those tests turns out positive. In case of HIV, the blood bank may suggest some aid-organization that can help you reorganize your life. If you want to find out if your sexual partner has tested positive, _ask_ him or her. If you're not sure whether you'll get an honest reply, use adequate protection (or don't have sex). This protects you from HIV and many other sexually transmitted diseases and also from pregnancy. YOU are responsible for practicing safe sex, not some government agency. Peter Knoppers - knop@duteca.et.tudelft.nl ------------------------------ Date: Mon, 26 Dec 1994 12:25:20 -0500 From: Derek Atkins Subject: Re: Orwell, 499 channels, and where privacy begins > Do you realize what a stupid -- and dangerous -- concept that is? The blood > supply, as it is, is a mess. "Screening" hasn't done a whole hell of a lot. > Instead of one organization, you want a bunch of "mom and pop" operations > collecting blood from whoever using their own guidelines (or lack there-of)? > Why? Because they'll guarantee _your_ privacy while damning the rest of us > who may need blood (god help those who do) to whatever disease you may have > but "choose" not to disclose (I'm not saying you have a disease, I'm making No, you are extremely confused about what was being said. The point is not that blood should not be tested or screened. The point is that the information about positive results shouldn't be given to anyone other than the person whose blood it is! The Red Cross should just destroy the blood, or mark it as bad and give it to testing labs, or whatever. But they should not go and tell any organization, government, medical, insurance, whatever, the results of my tests. The red cross does not need to tell anyone the results of blood tests, and you can still be assured of gettihg good blood. The choice is not privacy vs. good blood. You can have both. So why give up your privacy? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available ------------------------------ Date: Mon, 26 Dec 1994 13:14:52 -0500 From: c_farer@gate.net Subject: Privacy & the blood supply In PRIVACY 03:25, Christopher Zguris <0004854540@MCIMAIL.COM> takes exception to a post by karl@reed.edu (Karl Anderson), in which Anderson remarked that he had refused to give blood rather than face the risk that his blood test results would be forwarded to various government agencies. Zguris writes Z> How about my -- and everyone else's -- right, Karl, to get Z> uninfected blood should we require a transfusion or find out if a Z> sexual partner has tested positive so that we may know? AIDS has Z> spread like wildfire partly due to the blood supply being such a Z> mess and refusal to allow for any sort of partner tracking due to Z> "privacy" concerns. There are at least two issues and one highly questionable assertion here. The first issue, ensuring the safety of the blood supply, can be (and in most places has been) addressed without reporting test results to any centralized authority. The Red Cross can simply not use blood that tests positive for HIV. The second issue, assuring the safety of sex partners of infected people, is more reasonably addressed by requiring reporting. I'd be interested in seeing some rational discussion of how such information might be collected and used while assuring that it wouldn't be abused (for example by the pets of Senators who advocate the burning of AIDS patients at the stake). Zguris trivializes such concerns by referring to "privacy" in quotes. A reasonable and responsible person, discovering that he was HIV-positive, would want to ensure his sex partner(s) learned about it. He could be excused for wanting to be certain that the information never became available to the minions of Sen. Helms or Sen. Thurmond, to name just two. The questionable assertion is that the spread of AIDS is attributable, in significant part, to a lack of partner tracking and blood supply monitoring. The main reason that AIDS has become such a problem is that for years it was treated by the Federal government as a disease of faggots and junkies (without whom the world would be a better place anyway) of no real concern to decent people. If the first couple of hundred AIDS victims had been heterosexual lawyers or even car salesmen the situation would now be very different. (I realize that this last paragraph has little to do with privacy as such but I couldn't let the implied attack on privacy concerns pass unchallenged). ------------------------------ Date: Tue, 27 Dec 94 14:51:07 EST From: Adam Shostack Subject: AIDS & the blood supply (was Orwell, 499 channels...) | From: Christopher Zguris <0004854540@MCIMAIL.COM> (In response to | karl@reed.edu (Karl Anderson) wrote: | >glow in the dark tattoos. I turned around and walked out. | | This dangerous attitude is obscene. How about my -- and everyone else's -- | right, Karl, to get uninfected blood should we require a transfusion or find | out if a sexual partner has tested positive so that we may know? AIDS has | spread like wildfire partly due to the blood supply being such a mess and | refusal to allow for any sort of partner tracking due to "privacy" concerns. Its important to note that Karl walked out. His action poses danger to the blood supply only in that the supply is slightly smaller than it would be had he donated. Its been quite some time since the US supply of blood was so low that anything beyond voluntary surgery was affected. Further, on the order of 5 people got AIDS last year from blood. That is a quite small number, compared to the other new cases. See the AIDS faq for details. http://www.cis.ohio-state.edu/hypertext/faq/usenet/aids-faq1/faq.html | If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger to | the community and anyone he/she may have had sex with. The point of | contacting "state or federal agency this-or-that" is to try to stop that | person from unknowingly spreading the disease, and to contact his/her former | partners to alert them and hopefully stop them from spreading the disease | further _if_ they're infected. There are anonymous testing centers available, and the FDA recently approved a saliva based test. It may or may not approve a home test. There are ways to be tested without having your name go to the CDC. | >If the Red Cross was administered by "mom and pop", who would do | >nothing with this knowledge except tell me whatever helpful | >information they knew, then I might not have done so. | | Do you realize what a stupid -- and dangerous -- concept that is? The blood | supply, as it is, is a mess. "Screening" hasn't done a whole hell of a lot. I think your characterization of the state of the blood supply is incorrect. Screening, both pre- and post-donation, have done quite a bit to clean up the blood supply. The number of people infected by contaminated blood has dropped substantially since the introcution of the HIV antibodies test and the introduction of pre-screening questions about practices that might lead to exposure to HIV. | Instead of one organization, you want a bunch of "mom and pop" operations | collecting blood from whoever using their own guidelines (or lack there-of)? | Why? Because they'll guarantee _your_ privacy while damning the rest of us | who may need blood (god help those who do) to whatever disease you may have | but "choose" not to disclose (I'm not saying you have a disease, I'm making | a point). We're talking about life-and-death here, I can't go along with | "privacy" concerns outwaying the common good of society as-a-whole. If you | have a sexually transmitted disease, it should be _required_ that anyone you | may have exposed be notified, period. I didn't mean to come down on you | Karl, but this is a subject that really ticks me off. There may well be a good to society, the questions involve what invasion of privacy do you justify for what social good? I come down strongly on the side of privacy in this one. I can't see what good will be done by your knowing who has AIDS. Please note that all comments are mine, and should not be taken as the opinions of my employer. ------------------------------ Date: Tue, 27 Dec 94 17:48 EST From: Christopher Zguris <0004854540@mcimail.com> Subject: Re: AIDS & the blood supply | From: Christopher Zguris <0004854540@MCIMAIL.COM> (In response to | karl@reed.edu (Karl Anderson) wrote: | >glow in the dark tattoos. I turned around and walked out. | | This dangerous attitude is obscene. How about my -- and everyone else's -- | right, Karl, to get uninfected blood should we require a transfusion or find | out if a sexual partner has tested positive so that we may know? AIDS has | spread like wildfire partly due to the blood supply being such a mess and | refusal to allow for any sort of partner tracking due to "privacy" concerns. Adam Shostack (adam@bwh.harvard.edu) responds: > Its important to note that Karl walked out. His action poses >danger to the blood supply only in that the supply is slightly smaller >than it would be had he donated. Its been quite some time since the US >supply of blood was so low that anything beyond voluntary surgery was >affected. Further, on the order of 5 people got AIDS last year from >blood. That is a quite small number, compared to the other new cases. >See the AIDS faq for details. >http://www.cis.ohio-state.edu/hypertext/faq/usenet/aids-faq1/faq.html I wasn't taking issue with walking out, what disturbed me was thinking it unacceptable, in the case of a positive test, for health agencies to be notified so that -- I presume -- partner-tracking could be done. Partner-tracking occurs with all sexually transmitted diseases -- except AIDS, due to politics -- in an effort to notify people who may have unknowingly been infected. This is handled discreetely, there are no public lists (employers are not notified, etc.). I challenge the figure of 5 people, it is misleading. I suspect the true statistic was "5 verified cases", which ignores a great deal of "suspect" and "unverified" cases. For quite some time, there were "no verified cases" of health workers getting AIDS from patients until it became a proven fact. Statistics lie and are warped in the case of AIDS. AIDS has a negative-test window of up to several years, therefore "5 people got AIDS last year" is a highly suspect statistic. | If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger to | the community and anyone he/she may have had sex with. The point of | contacting "state or federal agency this-or-that" is to try to stop that | person from unknowingly spreading the disease, and to contact his/her former | partners to alert them and hopefully stop them from spreading the disease | further _if_ they're infected. Adam Shostack (adam@bwh.harvard.edu) responds: > There are anonymous testing centers available, and the FDA >recently approved a saliva based test. It may or may not approve a >home test. There are ways to be tested without having your name go to >the CDC. I said "unknowingly". Why would someone get tested for something they didn't think they had? The people who are "unknowingly" infected -- as I said -- pose a risk until they know. | >If the Red Cross was administered by "mom and pop", who would do | >nothing with this knowledge except tell me whatever helpful | >information they knew, then I might not have done so. | | Do you realize what a stupid -- and dangerous -- concept that is? The blood | supply, as it is, is a mess. "Screening" hasn't done a whole hell of a lot. Adam Shostack (adam@bwh.harvard.edu) responds: > I think your characterization of the state of the blood supply >is incorrect. Screening, both pre- and post-donation, have done quite >a bit to clean up the blood supply. The number of people infected by >contaminated blood has dropped substantially since the introcution of >the HIV antibodies test and the introduction of pre-screening >questions about practices that might lead to exposure to HIV. I don't think so. The blood supply has been cleaned up quite a bit, but I wouldn't consider it "safe" and I certainly wouldn't want a transfusion. The fact that there is a negative-test window of weeks to years should also be taken into account, I think the safety of the blood supply and success of screening is suspect because of this. Screening is subjective, uses intrusive questions that some may find offensive, and as such is open to errors. Somehow, "dropped substantially" does not inspire confidence, maybe someone who likes to play the odds would take comfort in claims like "dropped substantially." To me, it sounds like a claim of "new and improved" -- compared to what? Look at the history of the "safe" blood supply, the entire US hemophiliac population became infected before the blood industry decided to do anything. | Instead of one organization, you want a bunch of "mom and pop" operations | collecting blood from whoever using their own guidelines (or lack there-of)? | Why? Because they'll guarantee _your_ privacy while damning the rest of us | who may need blood (god help those who do) to whatever disease you may have | but "choose" not to disclose (I'm not saying you have a disease, I'm making | a point). We're talking about life-and-death here, I can't go along with | "privacy" concerns outwaying the common good of society as-a-whole. If you | have a sexually transmitted disease, it should be _required_ that anyone you | may have exposed be notified, period. I didn't mean to come down on you | Karl, but this is a subject that really ticks me off. Adam Shostack (adam@bwh.harvard.edu) responds: > There may well be a good to society, the questions involve >what invasion of privacy do you justify for what social good? I come >down strongly on the side of privacy in this one. I can't see what >good will be done by your knowing who has AIDS. So you're saying it is your *exclusive* right to decide whether or not you will tell anyone you may have passed the disease on to? I disagree, but I think I made that clear. By private email, someone else pointed out my use of the term "public good" could be mis-interpreted. Let me clarify that: by "public" I am not talking about lists made available to everyone. I have no right to know, the public-at-large has no right to know. You need to know, and _everyone_ you may have passed it on to has a _right_ to know. That was the point I was trying to make, and I honestly cannot see how that can be debated. Christopher Zguris czguris@mcimail.com ------------------------------ Date: Mon, 2 Jan 95 00:45 PST From: karl@reed.edu (Karl Anderson) Subject: mandatory HIV registration The topic seems to have shifted to forced disclosure of whether one's blood contains HIV antibodies (which is also interesting!). Christopher Zguris <0004854540@MCIMAIL.COM> wrote: >karl@reed.edu (Karl Anderson) wrote: [I had refused to donate blood because I hadn't previously been tested for HIV, and HIV+ donors were reported to a government agency] >This dangerous attitude is obscene. How about my -- and everyone else's -- >right, Karl, to get uninfected blood should we require a transfusion Since my behavior reduced the amount of blood available, I would say that the government's violation of the privacy of potential donors has caused a reduction in the amount of voluntary blood donations. Of course, if it was _my_ refusal to donate that violated _your_ right to my blood, then there wouldn't be anything wrong with holding me down and opening my veins, would there? You'd just be exercising your rights. >or find out if a sexual partner has tested positive so that we may >know? No. I refuse to submit to an involuntary search and seizure of my antibodies because you might wish to have me as a future sexual partner. Goodness, if you think that it is your right to know whether someone has AIDS, then they don't have much grounds for refusing that glow-in-the-dark tattoo! If you want to avoid HIV+ sexual partners, you can demand proof of a negative blood test. You can refuse to engage in dangerous activities with a potential partner until that person has accompanied you to a testing site and shown you their negative result. I personally prefer to simply ask potential partners. AIDS is an epidemic, and yes, anyone who has AIDS and doesn't take precautions to avoid infecting others is dangerous to our society. Looking at Typhoid Mary's actions, I would support imprisoning her against her will. No responsibility, no rights. However, there are many people with AIDS who do not recklessly spread their infection, and who fit perfectly well in our society. Having AIDS is not (and should not be) a crime, and there is no reason to treat people with AIDS like criminals. I'm honestly surprised that this discussion is taking place. >Christopher Zguris >czguris@mcimail.com karl@reed.edu http://www.reed.edu/~karl/ ------------------------------ Date: Fri, 6 Jan 1995 02:24:53 PST From: Paul_Gloger.ES_XFC@xerox.com Subject: Cruising for murder An item from the Associated Press, printed in the Los Angeles Times on Sunday, January 1, tells of a family, in Memphis, Tennessee, listening to their new Christmas-gift radio scanner. They overhear a woman speaking on a cordless phone to her boyfriend, the two plotting to kill the woman's husband to get rid of him and collect his life insurance. The family then scans the same woman in other phone calls, which enables them to identify the woman. Sheriff's deputies have arrested the woman and her boyfriend, and charged them with conspiracy and attempt to murder. The article ends with the Sheriff's Captain on the case declaring that "there was nothing illegal in [the family]'s listening to the cordless phone conversations because it was a random scanning." I don't precisely remember the laws regarding the legality of scanning cordless phones, but I sure don't recall that they're conditioned on whether the scanning is "random." Paul Gloger ------------------------------ Date: Fri, 6 Jan 95 16:15:16 -0500 From: "EricJM" Subject: Looking for testimonals Dear All: I am working on a project with the Walker Art Center in Minneapolis which exploring the U.S. Bill of Rights. I am in need of some *first-person* testimonials/stories by people who feel their civil liberties have been violated. I am especially interested in stories relating to privacy and/or the Fourth Amendment. I have read many stories and Supreme Court opinions, but these are too edited, and often too unemotional, for our needs. If anyone has any text they can relay, or suggestions as to where I can find such information quickly, I would be most grateful. Thank you, Eric JM ------------------------------ Date: Sat, 7 Jan 1995 17:19:53 -0500 (EST) From: "Michael W. Gardiner" Subject: Phone bill balance by phone - no security? Having managed to mis-place a bill, I called the local phone company customer service number to get the information. I was interested to hear that the information I was after was available without talking to an operator. I went theough the system, and, with only my TOUCH-TONED phone number (I wasn't calling from home anyway) it gave my current amount due. Needless to say I routed myself to an operator, then to a supervisor, and lodged a complaint. I doubt that anything will come of this, as they don't see what the problem is. When I asked if anyone could walk into an office and get my balance without identification, he said no, but couldn't see that this was not a different situation. He even wondered why anyone would be interested in my phone balance. I mean to pursue this locally, but you might want to check your local phone company and see if they are up to this sort of thing also. It may take some detailed explanations, and how effective that will be is debateable, as the person I complained to couldn't grasp why a private investigator or other nosy type would consider this a nugget in the search for information gold. Mike Gardiner mwg@msen.com ------------------------------ Date: Mon, 9 Jan 1995 15:19:51 -0500 From: BDLLO@aol.com Subject: MONTGOMERY WARD CLASS ACTION MONTGOMERY WARD CLASS ACTION FOR CALIFORNIA RESIDENTS ONLY. If you made a purchase at a Montgomery Ward store in California between July 23, 1992 through December 12, 1994, using a Visa, Mastercard, American Express or Discover credit card. How to Make a Claim: To make a claim, write to Montgomery Ward Class Action, c/o B. Daniel Lynch Law Office, 301 E. Colorado Blvd., Suite 709, Pasadena CA 91101-1911. You must include your name, address, city, state and zip code. Also state the number of times you received an approximately 2 1/2" wide transaction form (sales receipt) showing the words PHONE #, or were requested or required to provide your telephone number or address. Include for each such transaction a copy of the charge slip, credit card statement, or other document showing the purchase, or a declaration stating that you were requested or required to provide your telephone number or address. CLAIMS MUST BE POSTMARKED BEFORE JANUARY 24, 1995. Please contact me at bdllo@aol.com or fax (818)796-1136 if you have any questions. Thank you B. Daniel Lynch B. Daniel Lynch Law Office Pasadena, California ------------------------------ Date: Wed, 28 Dec 94 07:01 PST From: asre@uiuc.edu (Scott Coleman) Subject: Connection Logging by Web Servers Neil Briscoe points out: > I think the reason that you never hear about the logging facilities > of a site are, apart from any conspiracy to just collect the stats, > you can connect to a server at any page, you never have to go in via > a login page. A valid point. But there *is* a common access point for all users, whether they enter via the web site's home page or not: the web browser itself. Newer versions of Netscape have a dialog box which pops up when submitting input to a form. This dialog box informs the user in no uncertain terms that the method of submission they are about to use is insecure, and that the contents could be intercepted or monitored by a third party. A simple way to make people aware that their connections are being logged would be to employ a dialog box in a fashion similar to the above. > The question then arises as to whether the facilities providers, UNC > in this case, then make these stats available to the people for whom > they are providing pages, or whether they keep this information to > themselves and use it merely to provide faster machines, more disk > space, as demand arises. While the motives of UNC are undoubtedly benign and probably helpful, in cases where a commercial enterprise is both the information provider and the owner of the site, there is no question - the marketing staff at XYZ Corp. clearly has access to the stats generated from the http server on www.xyz.com. The only question is, what will these marketing people, under constant pressure both from upper management and creative competitors, DO with this information? -- Scott Coleman, President ASRE (American Society of Reverse Engineers) asre@uiuc.edu ------------------------------ Date: Tue, 27 Dec 94 15:05:29 -0800 From: Craig Partridge Subject: communities that discourage privacy Over the years I've been interested to observe that there are groups of people who either by occupation or prediliction live in communities where privacy of the type often discussed in this digest are discouraged. At some point I'd love to find time to actually collect all the instances together and present a more coherent presentation about such communities and their impact on privacy concerns, but I think simply pointing out that these communities exist may be useful. So here are two examples I've run across: * In the Washington DC area, where I grew up, if you work for the US Government, anyone can know your salary plus or minus a few thousand dollars if you tell them what you do. The reason is that most people know how Government job titles translate to Government Service (GS) pay scale classifications, your GS number determines your salary range, and the salary ranges are public (indeed, often posted on office bulletin boards). So growing up in DC, I grew up with the sense that knowing how much someone made wasn't a big deal. (I.e., you didn't talk about salary because it was gauche, but you didn't worry about it getting out). * While many people try to avoid getting into Government records, folks interested in genealogy often are interested in being recorded in more detail. For instance, there were a number of letters to genealogical journals complaining that one could not request to fill in the long 1990 census form rather than the short one. Genealogists routinely use census data for genealogical purposes, and many genealogists wanted to ensure that there was at least as much information on them for their descendants as they currently have on their ancestors. Furthermore, since genealogists are often trying to trace people to the present day from some distant ancestor, they are heavy users of databases that contain personal information (such as death records) and work to try to ensure records, especially records on the deceased, are kept open. New York's recent laws closing access to death certificates for something like 25 years is widely deplored among genealogists. (I'll note that genealogists are more sensitive about information on people still living). Craig Partridge craig@bbn.com ------------------------------ Date: Fri, 13 Jan 95 11:25:27 EST From: denning@cs.cosc.georgetown.edu (Dorothy Denning) Subject: INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995 Call for Participation (Deadline: March 15, 1995) INTERNATIONAL CRYPTOGRAPHY INSTITUTE 1995: GLOBAL CHALLENGES September 21-22, 1995 Washington, DC Presented by The National Intellectual Property Law Institute The International Cryptography Institute will focus on the cryptography challenges associated with meeting the information protection needs of users and the law enforcement and national security needs of nations. The Institute will address such topics as: - national encryption policies and regulations - meeting user needs for information security and data recovery - meeting law enforcement and national security needs - national and global encryption markets and product availability - international approaches and standards - creating an international cryptography infrastructure - the use of encryption technologies in different countries - cryptography in the financial industry and other industries - legal and policy issues of digital signatures and digital cash - new developments in encryption policies and technologies Persons interested in speaking at the conference are invited to submit a proposal to the Institute Chair: Prof. Dorothy E. Denning, Chair ICI '95 Georgetown University Computer Science Department 225 Reiss Building Washington DC 20057-0997 ph: 202-687-5703, fax: 202-687-6067 e-mail: denning@cs.georgetown.edu Proposals must be received by MARCH 15, 1995, and should include the following: - Name, title, organization, address, phone, fax, and e-mail address - Brief biography - Title of presentation - Abstract of presentation or paper - Amount of time requested for presentation and discussion Notification of acceptance will be made by April 15, 1995. Papers and materials for the proceedings will be due on August 15, 1995. Inquiries about registration or the proceedings should be addressed to: The National Intellectual Property Law Institute P.O. Box 27913, Washington, DC 20038-7913 ph: 800-301-MIND or 202-962-9494 fax: 800-304-MIND or 202-962-9495 ------------------------------ End of PRIVACY Forum Digest 04.02 ************************