PRIVACY Forum Digest Saturday, 8 April 1995 Volume 04 : Issue 08 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS Data Mining (Phil Agre) NIST Digital Signatures (Lim Chiang) EPIC Alert 2.05 [Decency Act] (Dave Banisar) Destruction of data (Charles M. Preston) Destruction of data [more] (Charles M. Preston) Misleading privacy claims (Charles M. Preston) Medical Records Access (Valerie F. Gerberich) Re: Perhaps privacy is not what it seems (Cliff Sojourner) Protection of Youth Against Trashy and Smutty Literature (Jim Warren) More on "Communications Decency Act" (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 08 Quote for the day: "Bombs away, pretzel boy." -- Military Commander (Lloyd Bridges) "Rolled Gold Pretzels" Television Commercial (1995) ---------------------------------------------------------------------- Date: Fri, 24 Mar 1995 16:02:22 -0800 From: Phil Agre Subject: data mining Perhaps a bit out of date but still very interesting: The 8/16/94 Wall Street Journal includes an article about the use of "data mining" by companies with large amounts of customer transaction data. The full reference is: Laurie Hays, Using computers to divine who might buy a gas grill, Wall Street Journal, 16 August 1994, pages B1, B4. The prototype of this kind of processing is American Express, which is reported to have half a terabyte of information about its customers' charges on its 35 million cards. The idea is to find patterns that predict what product categories individual purchasers might be interested in, and then send them advertisements accordingly. This kind of processing is ideal for massively parallel computers, and many makers of such machines are doing well. (Thinking Machines Corporation, unfortunately, is not one of them. The same issue of WSJ reports on its imminent bankruptcy filing. This is ironic, given that American Express was one of its first important customers outside the military-government-research world.) From the numbers in the article, it sounds like the number of companies using these techniques is in the hundreds and growing rapidly. What I find most interesting here is the set of cultural assumptions that goes into the data searches. For example, people who recently bought outdoor patio furniture are pitched gas grills. A woman who buys her dresses at Saks is pitched Saks shoes. A bank analyzed customers' financial situations and pitched home equity loans to those who were likely to pay them back. In each case, a certain amount of social reasoning has gone into the algorithms, based on assumptions about normal or average behavior and the connections in people's lives between different categories of commodities. All of the examples in the story involve companies mining information on their own customers, though perhaps setting up partnerships with other companies to fashion offers to them. No mention is made of mined information being sold. Maybe that's because people would be too offended to hear of such information being sold, or maybe it's because it's advisable to keep the practice quiet. In any case it's hard to believe there's no market for it. The data-mining techniques are used for other purposes as well, including fraud detection and inferring bad batches of parts from patterns of warranty service. (That one is my favorite.) Some employees are reported resisting the new technology, though the one case the article reports doesn't have specifically to do with data mining, just with high-tech logistics in mass retailing. It seems reasonable to guess that the resistance comes from deskilling: if restocking decisions are taken away from local store managers (and this is definitely the trend) then, other things being equal, the skill levels and thus the salaries of those store managers tends to go down. The massive aggregation of data in things like marketing databases and some proposed intelligent vehicle-highway systems leads to new questions about privacy. If any given fact about me is innocuous, or at least innocuous enough that I'm willing to let a company store it in exchange for credit or automatic toll collection etc, it doesn't follow that ten thousand facts about me are equally innocuous. How to even conceptualize, much less regulate, this phenomenon of emergent personal information? In many cases, the problem is actually harder. If you've just bought patio furniture then you might want a gas grill: this surmise only requires a few facts about you. But heretofore those few facts had a sort of anonymity; they were lost in the enormous crowd of other, equally arbitrary facts. But with massively parallel processing, it becomes possible for numerous individual facts to take on individual consequences. It's one thing if your charge slip for patio furniture (or plastic surgery, or condoms) gets processed and filed in a huge pile with a million others, but it's quite another thing if someone pulls out your charge slip and says "hey, this person might want to hear from a dating service!" or whatever. Can we even say that someone's privacy has been invaded here? We need new words for these things, rather than stretching the word "privacy" to cover all information-related offenses to human dignity under the sun. Phil Agre, UCSD ------------------------------ Date: Mon, 27 Mar 1995 16:18:00 +1000 From: Lim Chiang (Tel 02 746 4832) Subject: NIST Digital Signatures Can anyone direct me to documents describing the implementations of digital signatures and NIST's digital signature standard. If there is any information regarding central agencies/organisations generating the public and private key pairs, the issuing of such and the certificates, the auditing of organisations' and users' use of the key pairs, etc., please indicate where such information is also available. With appreciation, Chiang Lim Standards Australia X.400: S=LIM; O=SAA; P=SA; A=TELEMEMO; C=AU Internet: lim@saa.sa.telememo.au ------------------------------ Date: Mon, 27 Mar 1995 02:54:36 -0800 From: banisar@epic.org (Dave Banisar) Subject: EPIC Alert 2.05 [Decency Act] [ Extracted from EPIC Alert 2.05 by PRIVACY Forum Moderator ] ======================================================================= [1] Senate Committee Approves "Decency" bill ======================================================================= The Senate Commerce Committee voted on March 23 to incorporate a revised version of S. 314, the Communications Decency Act of 1995, into the telecommunications reform legislation. The amendment makes every person who creates, makes or solicits "any comment, request, suggestion, proposal or other communication which is obscene, lewd, lascivious, filthy, or indecent" subject to criminal prosecution. The bill also gives the FCC sweeping new authority to regulate on-line communications, and curtails First Amendment rights that currently exist for print communication. In a revision pushed by online providers, commercial carriers may avoid liability if they do not exercise editorial control over content, or if they take a series of good faith steps to comply with the statute. A provision criminalizing anonymous messages that "annoy, abuse, threaten, or harass" was also removed. However, users of on-line services, content providers, electronic publishers, and journalists face new restrictions on speech and private communications. For this reason, there is still considerable opposition to the bill. Civil liberties groups believe that the bill is unconstitutional. The Senate Commerce Committee approved the amendment, sponsored by Senator Slade Gorton (R-WA), unanimously by voice vote. The entire bill was approved by the Committee 17-2, subject to amendments. The bill now goes to the full Senate, where more amendments are expected to be added. The legislation has generated considerable controversy. Earlier this week, the presidents of the major computing societies in the US - ACM, IEEE, SIAM, CPSR and AAAI - wrote to Senator Exon expressing concern about the effects on the development of computer networks if the legislation was enacted. An Internet petition calling for the withdrawal of the legislation gathered over 100,000 signatures in only a few weeks and Senators on the Telecommunications subcommittee received a large number of calls, faxes and email messages on the bill. The bill is expected to be considered by the full Senate in the next few months. ======================================================================= [2] EPIC Statement on Communications Decency Act ======================================================================= EPIC STATEMENT ON COMMUNICATIONS DECENCY ACT March 24, 1995 The Electronic Privacy Information Center opposes the Communications Decency Act as adopted by the Senate Commerce Committee on March 24, 1995. We believe that the bill is an unconstitutional restriction on free expression, personal privacy, and intellectual freedom. EPIC has urged Senator Exon and his staff to explore all non-legislative solutions before further action on this bill. Comprehensive hearings are still necessary. We recognize that there is a genuine concern about the type of materials that are available to children via the Internet. EPIC also believes that a thoughtful, long-term solution to this problem will require the participation of parents and schools, and the development of good technical and educational measures. We do not believe that the contents of private communication or the expression of public opinion should be regulated by the government The National Center for Missing and Exploited Children has produced a fine publication for parents and others who are concerned about these issues. This brochure, "Child Safety on the Information Highway," was written by Lawrence J. Magid, a syndicated columnist for the Los Angeles Times. Mr. Magid encourages parents to take an active interest in the on-line activities of their children, and opposes passage of the Communications Decency Act. For a copy of the brochure, contact The National Center for Missing & Exploited Children 2101 Wilson Blvd, Suite 550, Arlington, VA 22201-3052 or call 1-800-The-LOST (1-800-843-5678). EPIC will continue to oppose the Communications Decency Act. We urge others to do the same. ------------------------------ Date: Tue, 28 Mar 1995 10:13:12 +0900 From: cpreston@alaska.net (Charles M. Preston) Subject: Destruction of data I'd like to mention that the Security Management article on destruction of data is available in text format on CompuServe in the NCSA forum, Library 22, as sm9502.zip. This is the one referenced in Privacy Digest 04-06. I hope to have it formatted as an HTML document in a few days, so it will be more widely available. I have recently come across a program designed to overwrite a Windows (virtual memory) swap file semi-automatically, and a version of Linux has an option for keeping its swap file encrypted. The note didn't say how the encryption key was stored. Tom Zmudzinski (Privacy Digest 04-07) mentions, regarding recovery of data, that saying "with enough processing power and time" is not a useful way to discuss the subject. I thought the IDA report was very useful in several regards. First, many people are not aware that "overwritten" or degausser erased data may be recoverable at all. Second, it's very helpful when deciding "how much is enough" to have some guidelines as to the level of risk. The report states that it takes a magnetic field 5 times the coercivity of the media to make large scale recovery impractical, and defines "impractical". It also states "there is no known process or equipment that will completely erase Type II magnetic media (coercivity 350-750 Oe)" All high density floppy disks fall into this group. Many hard drives and tape backup products, including DAT, 8 MM, and video tape, have even higher coercivity. Here's an example of needing to know "how much is enough". Let's say someone in the business world depends on current software file overwriting options for extremely valuable data. The two leading U.S. utility software vendors have products that overwrite files 7 times when you use their highest security - "US Department of Defense" settings. A commercial data recovery firm told me they have recovered data that has been overwritten 7 times. To summarize: If the people who want your data don't have a lot of money and expertise, overwrite -all- the file storage locations and don't worry about it. Otherwise, you need expert help to consider not only erased data recovery, but your overall security situation. Smart opponents won't attack your strongest area. Charles M. Preston Information Integrity cpreston@alaska.net ------------------------------ Date: Tue, 28 Mar 1995 10:44:00 +0900 From: cpreston@alaska.net (Charles M. Preston) Subject: Destruction of data [more] Discussions of when data is really gone from magnetic media (Privacy Digest 04-05,06,07) are helpful to people partly because program documentation is incomplete. To avoid filling their manuals with ugly fudge words like "almost", "maybe", "under most circumstances", the two leading U.S. utility software companies have this to say about their overwriting programs: Company 1 XXX protects the confidentiality of deleted data by erasing it completely from a hard or floppy disk.....Once you wipe a file or disk, you can no longer recover or read the data by any means. Company 2 YYY protects confidential data by erasing it from the disk so that it is unrecoverable, even using the most sophisticated hardware and software recovery techniques. These claims are not unusual. Some software companies have continued to claim strong security features that other commercial software could crack in a second or two. All of us deal with risks every day, but to deal with them rationally it's nice to have a good idea what the real level of risk is. Charles M. Preston Information Integrity cpreston@alaska.net ------------------------------ Date: Tue, 28 Mar 1995 11:20:08 +0900 From: cpreston@alaska.net (Charles M. Preston) Subject: Misleading privacy claims Some months ago in a leading health magazine I saw an announcement that a "home AIDS test" would be available. This wasn't really a home test, since a sample had to be sent to the company for determination. Confidentiality was supposed to be maintained because the person with suspected AIDS had a special ID number to inquire about the test results. But the inquiry was through an 800 number. I called and FAXed the magazine to ask if they could caution readers that all callers' numbers are available to the company furnishing the 800 service. I explained that phone records and other seemingly routine records are not well protected in many companies. An employee of the company probably could match the time of the call, ID, and phone number. People can and have done this sort of thing for blackmail, to furnish information to extremist groups, and for other reasons. If the testing company wanted to, for less than $300 for a CD-ROM, they could pull up a name and address for any published number in a matter of seconds. I don't think that is the kind of confidentiality many people would prefer after testing positive for HIV. So far, I have not seen any kind of notice in the magazine. Shortly after that, I saw an announcement for confidential AIDS counseling from a U.S. Government agency using, of course, a convenient 800 number. Charles M. Preston Information Integrity cpreston@alaska.net ------------------------------ Date: Fri, 7 Apr 1995 19:37:04 -0700 (MST) From: "Valerie F Gerberich" <65393@ef.gc.maricopa.edu> Subject: MEDICAL RECORDS ACCESS Did you know that there is a leading credit information warehouser (Equifax) that is now proposing to create a mega-database comprised of your/our medical records? Their reply is that they are doing it to make it easier for hospitals and doctors to have access to pertinent medical information about you, especially in the situation where a hospital needs to know your allergic status, past medical history, etc, before they treat you in a manner that may adversely affect you. That is all well and good, but what about our privacy. Will they do the same thing with that information as they did with our credit information? They just recently lost a lawsuit against them that dealt with the manner in which they (mis)handled our credit history. They allowed access to it in an unfavorable manner. Do you want that to happen to your medical information also? I don't know about you, but I want my medical information kept highly confidential. People can and will refuse you insurance should they have information about you that is not positive. You can bet that Equifax will harvest this database for all it's worth, selling it's contents to whoever is willing to pay. I am sure the insurance companies would pay good money to avoid giving insurance to someone with the slightest blemish on their medical history. Take this scenario: I had two high risk pregnancies, although the outcome was good, the costs were astronomical, but, I have no intention of having anymore children. Do you think any insurance company would give a care? No, they would see that, they would see that I was still very young, and think "Hmmm...she is still in prime child bearing years, and it just is not a good risk." The insurance industry already has some access to this kind of information, but this would just make it too easy for them. It is unfair to reject someone for insurance, but they get away with it....why make it any easier. I say NO to this, and I hope that there is some way that they are unable to do this. ------------------------------ Date: 30 Mar 95 17:01:00 -0800 From: SOJOURNER_CLIFF@tandem.com Subject: Re: Perhaps privacy is not what it seems Steve Mann's point is well taken. Later in the same issue, the debate about CNID continues. There is a parallel. In both cases, the product defect (anonymity and privacy) has become a feature. Remember the trouble Mr. Bell had convincing people to install telephones in their houses. The problem was that "it was like opening your front door and letting anyone walk in". You couldn't tell who was calling until you answered. (Why, some lower class person might telephone and you'd actually have to be civil to them.) That product defect is now a feature. People are demanding anonymity in telephone use, despite attempts to fix the defect. The situation with credit card records is similar. Purchase records used to be private. The marketers decided that product feature was a defect. If we had a workable, anonymous digital cash system I'd use it. As it stands now, I'm off of credit cards and checks and on cash for most things. (Ever try to pay the mortgage or buy an airline ticket or rent a car with cash?) And I'd sure like to get rid of all the junk mail (~5 pounds a week) and marketer's cold calls (4 last night (!), usually 1 a day). Cliff ------------------------------ Date: Wed, 5 Apr 1995 23:16:53 +0800 From: jwarren@well.sf.ca.us (Jim Warren) Subject: Protection of Youth Against Trashy and Smutty Literature "Those who cannot remember the past are condemned to repeat it" Santayana, _The Life of Reason_ In 1926, seven years before the National Socialists achieved absolute power, a bill similar to Exon amendment was passed in the German Reichstag. I quote the following passage from page 266 of _Purity in Print_ (Scribner's: 1968) by Paul S. Boyer: The purity crusade now found a focus in the "Act for the Protection of Youth Against Trashy and Smutty Literature," a national censorship bill proposed to the Reichstag late in 1926. This _Schmutz und Schund_ (Smut and Trash) bill, as it was dubbed, aroused fears in German literary and intellectual circles, but the Minister of the Interior soothed the apprehensive with assurances that it "threatens in no way the freedom of literature, [the] arts, or [the] sciences," having been designed solely for the "protection of the younger generations." It was aimed only at works which "undermine culture" and purvey "moral dirt," he added, and had been devised "not by reactionaries, but by men holding liberal views..." On December 18, 1926, after a bitter debate, the _Schmutz und Schund_ bill passed the Reichstag by a large majority. The Catholic Center and the Nationalist parties were strong in it support, the Socialists divided. In accordance with the provisions of the new law, the Interior Minister appointed boards of censorship for each of the Federal states. These eight-member panels, including representatives from publishers', authors', and booksellers' groups as well as from youth, welfare, and educational organizations, were empowered to prohibit the advertising, display, or sale to minors of any book deemed morally objectionable. Presented for your information by, David Dubin@notes.pw.com [via pys@well.com] ------------------------------ Date: Sat, 8 Apr 95 20:29 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: More on "Communications Decency Act" Greetings. As you can see from some preceeding items, controversy continues over the issues surrounding the provisions of the "Communications Decency Act". While recent changes may be good news for information service providers (though the borderline between "transmitting information" and "creating information" seems to open up a can of worms), the lumping together of a variety of non-obscene speech types by the provisions would still seem likely to conflict with existing First Amendment protections. However, there seems to be considerable agreement that *some* sort of controls need to be in place in some situations, at least to bring computer-based communications into line with existing telephone conversation legislation. And there would also seem to be agreement by most observers that some mechanism to help prevent minors from accessing material online that they are not supposed to obtain through other venues is also desirable. To agree that Senator Exon's provisions seem to be the wrong way to deal with the problems is not to say that there aren't problems in need of solutions in this area. During a question and answer period after a speech to the American Society of Newspaper Editors on April 7, 1995 (yesterday), President Clinton briefly addressed this topic. I've included this exchange below. --Lauren-- -------------------- Q You alluded to our being in the Information Age. Many of us in this room are investigating and developing ways of disseminating information electronically. There are thousands outside this room who are doing the same. What role, if any, does the federal government have in censoring or regulating that information and news? THE PRESIDENT: Let me begin by saying I support what you're doing and I've tried to bring the White House up to date electronically. You know, we have a pretty sophisticated e-mail operation. And now you can take a tour of the White House and all the federal agencies on the Internet and find out more than you ever wanted to know. So we're trying to be there for you in virtual reality land. I guess you're asking me about the bill that Senator Exon introduced on trying to regulate obscenity through the e-mail system, or through the electronic superhighway. To be perfectly honest with you, I have not read the bill. I am not familiar with its contents, and I don't know what I think. I do believe -- about this specific bill. (Laughter.) I'll tell you what I think about the issue. I believe that insofar as that governments have the legal right to regulate obscenity that has not been classified as speech under the First Amendment, and insofar as the American public widely supports, for example, limiting access of children to pornographic magazines, I think it is folly to think that we should sit idly by when a child who is a computer whiz may be exposed to things on that computer, which in some ways are more powerful, more raw and more inappropriate than those things from which we protect them when they walk in a 7-Eleven. So as a matter of principle, I am not opposed to it. I just can't comment on the details of the bill, because I do not know enough about it. And I do not believe in any way, shape or form that we should be able to do on e-mail, or through the electronic superhighway, in terms of government regulation of speech, anything beyond what we could elsewhere. I think the First Amendment has to be uniform in its application. So I'm not calling for a dilution of the First Amendment. But if you just imagine, those of us who have children and who think about this, you just think about what's the difference in going in the 7-Eleven and hooking up to the computer. I think that we have to find some resolution of this. And within the Supreme Court's standards, which are very strict, I am not -- am philosophically opposed to some action. ------------------------------ End of PRIVACY Forum Digest 04.08 ************************