PRIVACY Forum Digest Friday, 15 September 1995 Volume 04 : Issue 20 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS Deadbeat Dads (Simson L. Garfinkel) Security, Privacy and Marketing on the World Wide Web (Denman F. Maroney) Drug-testing 85% of all students proposed (Wm Randolph Franklin) 4th Amend. & Encryption (Daniel L. Hawes) Virginia Changes Driver's License Numbering Practice (Frank B. Hudgins) Highway surveillance (Daniel L. Hawes) Telcos and Privacy [fwd] (Peter Marshall) Court privacy hearings (Beth Givens) New Privacy Book (Robert Gellman) Privacy Files: a new publication (Pierrot Peladeau) Surveillance Conference (Graham Sewell) Re: Legality of Unsolicited Advertising Faxes? (Larry Kizziah) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 20 Quote for the day: "Are you here for an affair?" -- Hotel desk clerk (Buck Henry) "The Graduate" (1967) ---------------------------------------------------------------------- Date: Mon, 28 Aug 1995 21:48:54 -0400 From: simsong@vineyard.net (Simson L. Garfinkel) Subject: Deadbeat Dads [ Used with permission of the author -- MODERATOR ] SOCIAL INSECURITY PLAN TO MAKE IT EASIER TO TRACK DOWN 'DEADBEAT DADS' WORRIES PRIVACY ADVOCATES ELEVEN years late, the 1984 as envisioned by George Orwell finally may arrive. Welfare reform legislation moving through Congress could dramatically increase the use of Social Security numbers by state governments as a way to track people from cradle to grave. The proposal, which would create or expand a series of national data banks, is designed to track people who don't want to be found. With support among both Democrats and Republicans, the proposal is striking fear among the guardians of privacy, who believe the legislation would increase the government's surveillance of the American public. ''What we are facing is the single greatest step toward big brother government since Watergate,'' said Donald L. Haines, a legislative counsel with the American Civil Liberties Union in Washington. Nevertheless, the proposal has received relatively little attention because the expanded use of Social Security numbers is one of the few areas of agreement between the Republican-controlled Congress and the Clinton administration. Welfare reform was one of President Clinton's campaign promises, and it also was one of the 10 tenets of the Republican Party's ''Contract with America.'' Called the ''Personal Responsibility Act,'' the U.S. House of Representatives passed its version of the bill March 24. The Senate version, retitled the ''Family Self-Sufficiency Act of 1995,'' passed a committee vote June 9. Although the committee, chaired by Sen. Bob Packwood, R-Ore., made substantial changes to the House bill, the sections dealing with the expanded use of Social Security numbers remained essentially intact. At the heart of the legislation is the desire to do something about so-called ''deadbeat dads'' - and moms - who refuse to pay court-ordered child support payments. Both Congress and the Clinton administration believe that a large amount of the money spent on the government's Aid to Families with Dependent Children program could be saved if more single parents obtained child support orders, and if those orders were better enforced. ''People normally say that there is a $34 billion gap'' between the $14 billion that is annually paid in child support and the $48 billion that theoretically could be collected, says Jane Checkan of the Health and Human Service's Administration on Children and Families in Washington. Checkan's figures are for the year 1993, the last year available. In an attempt to close this gap, the welfare reform legislation mandates increased surveillance of all American citizens. By tracking Americans when they change jobs or receive state driver's or professional licenses, the legislation's backers hope to give deadbeat dads nowhere to hide. The legislation also calls for mandatory reporting of Social Security numbers by people getting marriage licenses or divorced, and in paternity proceedings. These reports are designed to make it easier for single parents to obtain support orders, and to make it easier for state welfare agencies to figure out the identity of a spouse when a single parent applies for benefits. ''Ten million women are potentially eligible to child support for their kids,'' Checkan said. But many people do not take advantage of their legal rights. ''Forty-two percent do not have an award in place.'' Welfare reform pushed Checkan said that it is estimated that as much as 8 percent of the government's Aid to Families with Dependent Children payments could be eliminated if child support orders were obtained and enforced. ''That's why, in the Clinton proposal, that child support is such a major part of welfare reform,'' she said. Currently, many government agencies maintain databases that are indexed by Social Security numbers. Nevertheless, the databases are of limited use for welfare enforcement. Some of the databases are restricted by statute so that their information may not be used for purposes other than that which they were collected. A move to unify standards Others are not cross-indexed with databases of current address, employment and child support orders. Still other databases cannot easily be searched against, because the information is not in a uniform format. One of the intents of the legislation, sponsors say, is to bring order to this computational chaos by mandating standard data representation and indexing strategies. Basing the databanks on Social Security numbers is key to its success, said Bill Walsh, chief of California's Child Support Management Bureau, part of the Department of Social Services. ''I'll tell you, the Social Security number is probably the most important piece of data that there is in trying to locate parents that we can't find in order to establish child-support orders, or in cases where we have already established an order, to get payment on those orders,'' he said. A national database also could make it easier to track down the 30 percent of dads who live outside the state, said Walsh. Although such a database currently exists, the proposed legislation would greatly expand its reach, by creating a virtual dragnet that could not be escaped. Civil libertarians worry Walsh said his department is in favor of creation and expansion of the national databanks, because they ''allow us to have access to more and better data in order to locate parents who owe child support.'' Nevertheless, a growing number of civil libertarians are questioning the creation of large-scale national databanks, and the expanded use of Social Security numbers, for tracking down deadbeat dads. ''It's a databank that could be used to allow people to track people down for purposes having nothing to do with (child support),'' said Haines of the ACLU. Haines is especially worried that the system could be used to find victims of domestic violence who are attempting to hide from their assailants. ''An unfortunate truth is that in our justice system today, for many victims of domestic violence, their only hope for relief is to escape into some level of anonymity,'' he said. ''Protective orders don't work or aren't enforced.'' Although the legislation would prohibit the unauthorized use of the system, Haines characterized such use as ''inevitable.'' As an example, he noted how some abusive men find runaway spouses using surreptitious means, such as privileged data reserved for law enforcement. Potential for fraud Other privacy advocates are concerned that the databanks could be used as the basis for financial fraud. ''I think that there is a real danger using (information) provided for one purpose for another purpose,'' said Claudia Terraza, an attorney with the Privacy Rights Clearinghouse at the University of San Diego. ''I see a real problem with people getting access to your Social Security number and from there, being able to find out your credit report, or for finding out other information that they could use for fraudulent purposes.'' Privacy advocates are most upset about the expansion of the Federal Parent Locator Service. As written, the legislation would create a national database of virtually all U.S. citizens - parents or not - with the stated purpose of tracking them so that any individual's most recent address and employer can be easily determined at any time. The legislation also would help enforce court- ordered parental visitation rights. Staff members working on both the House and Senate versions of the legislation said that lawmakers were aware of the privacy issues, and had tried to put ''privacy protection'' measures into the legislation without compromising the central goal of creating a national location registry. ''We had a long discussion about (privacy issues) - and the (lawmakers) were the main people doing the talking,'' said a staffer. ''There were some members who were real sensitive, and they were absolutely adamant that (the Social Security number) could not be required to be on the license itself.'' Nevertheless, the legislation does require states to ask drivers for their Social Security numbers when they are issued driver's licenses or professional licenses, and for those numbers to be reported to the central registry. ''What all of that means is that we will have a de facto national ID system in this country, which is going to be this database, and with a de facto national ID card, which will be your Social Security card/driver's license, all without a debate on whether or not Americans deserve to be subjected to a Soviet- or Nazi-style national ID system,'' Haines said. Effort failed in '60s This is not the first time that the federal government has proposed creating a national databank. A proposal in the late 1960s called for the creation of a national data center that would ''pull together the scattered statistics in government files on citizens and to provide instant, total recall of significant education, health, citizenship, employment records and in some cases personal habits of individuals,'' reported an article in the Feb. 25, 1968 issue of The New York Times. Fears of surveillance At the time, the proposal was opposed by privacy advocates like Columbia University Professor Alan F. Westin and University of Michigan Law School Professor Arthur R. Miller. Information centers ''may become the heart of the surveillance system that will turn society into a transparent world in which our home, our finances, our associates, our mental and physical conditions are bared to the most casual observer,'' Miller told the Times. The national data center was never built, and today the controversy has been largely forgotten. Nevertheless, says Marc Rotenberg, director of the Electronic Privacy Information Center, one of the important issues raised at the time was the danger of entrusting a single federal agency with so many different files. ''These proposals invariably reach further than originally intended,'' said Rotenberg. ''If the Social Security number is used today to catch welfare cheats, it can be used tomorrow to identify political dissidents. ''It is of course ironic that such a proposal would go through the Congress at the very same time that the Republican majority is urging greater relaxation of government regulation.'' INFOBOX: THEY'VE GOT YOUR NUMBER Legislation currently before the Senate would mandate the creation or expansion of three national databanks. Each databank would be indexed by Social Security number. Together, they would track every American. (box) Federal Parent Locator Service: Would contain a record of every driver's license and professional license issued in individual states. (box) Federal Case Registry of Child Support Orders: Besides tracking every child support order issued by the states, this database also would contain records of every marriage, every divorce and every paternity determination case in the United States. (box) State Directory of New Hires: This federal database would be updated every time an American started working for a new employer. It would contain the employee's name, address, job description, and the name of their employer. @2 DRAWING: PHOTO ILLUSTRATION BY JENNY ANDERSON [950717 BM 1F 1; COLOR] CAPTION: PHOTO: Packwood [950717 BM 4F KEYWORDS: SOCIAL-SECURITY US CONGRESS LEGISLATION TAG: 9507200059 END OF DOCUMENT. ------------------------------ Date: Tue, 12 Sep 1995 12:13:24 -0400 From: Denman F. Maroney Subject: Security, Privacy and Marketing on the World Wide Web The World Wide Web was conceived and created as a distributed hypermedia environment, a means for people to ride trains of thought across paragraphs, documents and computers around the world. It has evolved as a hub of commercial activity on the Internet. This is indicated by the proliferation of web sites that sell advertising. The currency of advertising is audience ratings (and related measures). The price of commercial time in a TV show, for example, is set based on the show's projected ratings. Similarly, the price of a page ad in a magazine is set based on the publication's projected readership. The web does not have ratings. Web clients browse web servers with ease, but web servers identify web clients with difficulty. The closest thing to ratings on the web is server logs, which log the IP addresses of clients that access server files. Server logs do not produce ratings because, among other difficulties, (1) web clients are not people, (2) web files are not documents but multiples thereof, and (3) cached web file accesses are not logged. Elaborating briefly on each of these points, (1) the number of clients associated with a given IP address may range from one for an individual with a SLIP or PPP account to 2,000,000 or more for a proxy server like AOL or Prodigy; (2) when a client accesses a document comprised of (say) an HTML file and 12 in-line images, the server logs 13 hits; and, (3) cached file accesses are not logged because they are accessed indirectly from the client's computer or proxy server rather than directly from the web site. Several companies including A.C. Nielsen, I/PRO, NetCount and WebTrack have launched web site audience measurement services. But, in reality these are log processing not audience measurement services, because none of them has solved these problems. Some sites try to skirt these problems by asking or requiring their visitors to register. This solution is unsatisfactory because some people do not register, and others register more than once because they forget their passwords. A central registry launched by a joint venture of Nielsen and I/PRO alleviates the problems of registrants forgetting or using multiple passwords but still does not oblige people to register. Suppose HTTP were modified in such a way as to enable web servers to identify and track the behavior of individual users. This would make the Web the best measured of all commercial media. Other commercial media are measured by means of periodic survey sampling. National television audiences for example are measured by means of a nationally projectable sample of some 5,000 people who consent to have "people meters" installed in their homes for a period of years. Magazine audiences are measured by means of a national sample of some 20,000 people who consent on one occasion to be interviewed personally and fill out a questionnaire. If web servers could measure all users individually and continuously, the web would be measured by means of continuous census taking instead of periodic survey sampling. From marketers' perspective, this would be the best of all possible worlds. No more sampling error. No more non-sampling error. No more discontinuous measurement. The ultimate in database marketing. Web users might be less enthusiastic. In fact they might be very put off by the prospect of web behavior monitoring. Would playboy.com continue to be among the most heavily visited web sites if all its visitors knew they were being watched? Not likely. Would people hesitate to visit web sites that espoused particular political ideologies if they thought they might be spied on by federal agents? Very likely. Would people hesitate to visit sites that sell products and services if they thought the behavioral data so generated would trigger email solicitations from those sites or be sold to other sites to similar ends? They might very well. Accurate web measurement offers many potential benefits as well. Web marketers could use audience data to tailor sites to fit users' interests. For example, they might find some areas are visited less often than others and edit those areas accordingly. They might find some areas are favored by some users and program those areas to greet those users on arrival (dynamic page generation already does this to an extent). Consumers who let marketers know what kinds of products and services they are interested in might be glad to receive highly targeted information about those things. If you're shopping for a car, for example, you might welcome a message from a car maker offering you a special deal on exactly the sort of car you want. Very soon the information exchanged through the web will include currency. The financial service and network industries are hard at work on making the Internet secure for financial transactions. It strikes me that there is a conjunction between the efforts at Internet security by these industries and the efforts at audience measurement by web marketers and research suppliers. The question is how to make the Internet secure and transparent and protect people's privacy at the same time. In principle, behavior should not be monitored, and behavioral data should not be exchanged, without users' knowledge and consent. The question is how to implement this principle. One solution might be to create a commercial version of HTTP, a place where web users could go to engage in commercial activity. This would be analogous to a central registry but would apply to a designated area of the Web instead of just selected sites. When users entered this area, they could know or be told that their behavior could be monitored for commercial purposes. To be admitted, they would have to show their license or password. A potential problem wilth this from marketers' perspective is that the area could become a commercial dumping ground, the Web equivalent of a home shopping channel or ad well, and as such repel a sizable segment of consumers and prospects. Marketers are also concerned that users would be put off by repeated warnings or labels about behavior monitoring. Whose responsibility is it to post such warnings or labels? Internet access providers? Online service providers? Information providers? An independent entity? Some combination of these? What should the warnings or labels say? Where and how often should they appear? Another solution might be to let web users relinquish or recover their anonymity at any time by entering or revoking a PIN. In this way users could go wherever they wanted on the web and disclose their identity to exchange certain kinds of information. Of course, this is exactly what is contemplated to effect secure financial transactions on the web. The point is that it might be fruitful to design the process from an audience measurement as well as transaction security perspective. Bottom line, web servers and clients ? marketers and consumers in the context of this post ? ought to be able to exchange information to their mutual benefit. Is this possible? How? I would like to hear directly from anyone with suggestions. Thank you. Denman Maroney Asso. Media Director, New Technologies DMB&B Inc. 1675 Broadway New York NY 10019 email maroney@dmbb.com tel. 212.468.3918 fax 212.468.3770 P.S. I will be out of the country from Sept. 20 until Oct. 16 and so will be unable to respond to any mail I get during that period. [ This article should help to focus the wide range of privacy issues relating to the use of Web (and other Internet) resources. Many persons have had concerns about this area for quite sometime. When I heard that the most popular Web search engine, "Lycos", was now partially owned by a major direct marketing firm (as part of the creation of "Lycos, Inc."), I made a query regarding their policies in this area. I received a response back from their CEO stating that they did not keep records concerning individual users accessing information (i.e. they do not require registration, though presumably site access info is collected as is standard for virtually all servers), and any audit data collected is used only in aggregrate form for marketing and product development purposes. On the other hand, there are firms involved in providing Web statistical information and log analysis who are apparently claiming that they can turn server logs into direct marketing databases--right now. One can easily imagine the potential problems and pitfalls that could result--technical, legal, political, and so on. Will it get to the point where the simple random or errant click of a "netsurfer", or incorrect search engine query response, results in users being added to new marketing lists--perhaps for items in which they have no interest or might even find objectionable? Will user access log data become simply another commodity to buy, sell, trade, use and abuse? Will users find themselves the victims of unscrupulous operations which might embarrass, blackmail, or otherwise threaten them with disclosure of which Web pages they've browsed? Should logs of Web usage be accorded at least as much privacy under the law as videotape rental records? The Web could become a truly fantastic tool for "consensual" marketing of all sorts. The combination of text, audio, graphics, and video is perfect for providing all sorts of useful services, many of which people will be more than happy to pay for. But the key word is "consensual". If we don't act *now* to deal with the privacy issues of these systems during this dawn of the true "information age", and put appropriate legislative safeguards into place, we could end up creating an infrastructure for privacy abuses of which George Orwell would never have dreamed in his deepest nightmares. Comments? -- MODERATOR ] ------------------------------ Date: Fri, 01 Sep 1995 23:28:32 -0400 From: Wm Randolph Franklin Subject: drug-testing 85% of all students proposed A school district in the Albany NY area is considering subjecting any student who engages in extra-curricular activities to random drug testing. One example given was the drama club. It was also stated that 85% of all students take part in extra-currular activities. -------- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------------------------------ Date: 2 Sep 1995 12:59:58 EDT From: dlh@marsmedia.com (Dlh) Subject: 4th Amend. & Encryption The fourth amendment to the U.S. constitution forbids unreasonable searches and seizures and guarantees citizens security in their persons, papers, and effects. Relying on commonsense ideas about what's "reasonable", courts have interpreted this language to mean that one is entitled to privacy where he has sought privacy and taken steps to secure his privacy. Katz v. U.S., 389 U.S. 347, 88 S.Ct. 507 (1967); Berger v. New York, 388 U.S. 41, 87 S.Ct. 1873 (1967); U.S. v. Gerena, 662 F.Supp. 1218 (D.Conn. 1987); Smith v. State of Maryland, 283 Md. 156, 389 A.2d 858 (1977); Smith v. Maryland, 99 S.Ct. 2577, 442 U.S. 735, 61 L.Ed.2d 220 (1979); Kemp v. Block, 607 F.Supp. 1262 (D.C.Nev. 1985). In order to protect oneself from government intrusion, it is necessary that one express himself in a manner that exhibits a clear intention and expectation that the expression is made in private. The definition of "private conversation" under the Federal statute prohibiting eavesdropping and interception in electronic communications at 18 U.S.C. section 2510 (2). If the communication can be accessed by third parties, it is not a private communication, and is thus available for anyone who wishes to do so, to intercept it. It is irrelevant to the analysis of whether a communication is private, whether or not such third party actually did perceive the communication - privacy is destroyed if they could have done so. Under federal law and the laws of all of the states as required by the federal statute, interception of the private electronic communication of another is a felony and subjects the offender to civil penalties as well. 18 U.S.C. sections 2511, 2520. The statutes require the interception to have been made intentionally (that is, not inadvertently or accidentally) without the consent of any party to the communication. State laws can be more restrictive, and in Maryland, Ill., Mich., and half a dozen other states, the consent of each and every party to the communication is required. It is axiomatic that the Internet and its various manifestations and incarnations are not secure communications media. Anyone having access to any intermediate node on the virtual connection path can intercept a packet (although the entire communication may not be routed along the same virtual circuit in the packet-switching network) and read it IF IT IS IN CLEAR TEXT. There is no way to assert privacy in the electronic communication that travels over the 'net except by encryption. The Federal Government wants to restrict the ability to encrypt information because it wants law enforcement agents to be able to intercept electronic communications without having to get warrants to do so, as they now can. By restricting the ability of citizens to extend the scope of their privacy rights over the communications on the net, law enforcement's ability to conduct unrestricted surveillance is enhanced, and to be able to use the evidence so obtained without warrants against persons accused of offenses in court. A warrantless search on the net, or any computer connected to the net is acceptable under current law, for the purposes of motions to suppress evidence in criminal proceedings; that is, the evidence cannot be suppressed because of assertions of violations of due process by reason of violation of the fourth amendment search and seizure clause by law enforcement. I believe that the only way to assert a right to privacy on a public data network is by encryption. Encryption and concomitant security of the password/key (e.g., non-escrowed) is the only way to assert that one had a constitutionally-protected right to privacy in the electronic communication so protected. For the purposes of suppression motion, it does not matter whether the communication can be unencrypted, only that the parties to the communication took steps reasonably designed to ensure privacy and to clearly indicate their expectation that the communication be a private communication. === === === === === === === Daniel L. Hawes, Attorney at Law -- Practice Limited to Civil Litigation. Matters relating to Computer and Telecommunications Technology and Domestication and Execution of Foreign Judgments (internet) dlh@marsmedia.com; (voice)703-352-8684; (fax)703-352-5930; (mail) 10312 Cleveland Street, P.O. Box 846, Fairfax, Va. 22030-0846 ------------------------------ Date: Sat, 2 Sep 1995 14:03:16 -400 (EDT) From: Frank B Hudgins Subject: Virginia Changes Driver's License Numbering Practice It was announced this week that the State of Virginia will no longer require that a person use his/her Social Security number as their driver's license number. This change will go into effect in October 1995. It must be noted however that a computer generated 10-digit (1 letter and 9 numerals) identification number will be used on the driver's license ONLY upon request. There is no charge for this when re-newing a license or when obtaining a first license but there is a $5 charge at other times. Many merchants are apparently upset at the change. There are reports that merchants may refuse to take a person's checks if the social security number is not on the driver's license used as an ID. Frank Hudgins ------------------------------ Date: 2 Sep 1995 13:09:06 EDT From: dlh@marsmedia.com (Dlh) Subject: highway surveillance Response to Phil Agre: A sovereign, such as the State of California, has every right and power to conduct monitoring and surveillance over its highways. This is fundamentally different from monitoring and surveillance of a person, as in your cellular-telephone usage monitoring example. If the state were watching your house to see when you left, and followed your car on the highway, etc., that could be construed as unlawful surveillance. And I would argue that the Feds cannot do so without a warrant. A state has inherent police power, however, and its agents can watch anything they want to anywhere they want to, as long as the individual's right to privacy under the fourth amendment, as construed under the fourteenth amendment's due process clause, is not violated, under the U.S. Constitution. State law enforcement officers are, of course limited by the state constitution and general laws enacted thereunder, but there is no requirement that the states have such restrictions. The Mother of the Bill of Rights, Virginia, is more protective of her citizens' liberties than most states, having a constitution more rigorous than the Federal derivation, but even in Virginia we have television cameras set up full time watching certain highways, and certain other devices that automatically generate a summons for those whom the equipment has detected as having violated certain traffic laws. === === === === === === === Daniel L. Hawes, Attorney at Law -- Practice Limited to Civil Litigation. Matters relating to Computer and Telecommunications Technology and Domestication and Execution of Foreign Judgments (internet) dlh@marsmedia.com; (voice)703-352-8684; (fax)703-352-5930; (mail) 10312 Cleveland Street, P.O. Box 846, Fairfax, Va. 22030-0846 ------------------------------ Date: Mon, 4 Sep 1995 14:17:44 -0700 (PDT) From: Peter Marshall Subject: Re: Telcos and Privacy (fwd) ---------- Forwarded message ---------- Date: Mon, 4 Sep 1995 16:09:19 -0500 From: Barry Orton To: Multiple recipients of list Subject: Re: Telcos and Privacy reposted for CYBEROID@U.WASHINGTON.EDU ------------------------------- I'm not a regular member of this list, but via the WA Information Activists list, I read Jack Bryar's comments regarding the collec- tion of local calling information by the RBOCs. I have an uncomfortable admission to make: in 1985, I helped to draft and manage to passage CA's Telephone Privacy Act. This law made it a crime to pass information out of the local tele- phone company to any third party, for any purpose. This law, at the time, seemed well-advised, as it prohibited third party's from gaining access to calling information accumulated by our state's telephone companies (primarily, Pacific Bell and GTE-CA). Now I have second thoughts about this. It puts the telcos in a position of power that is quite exceptional relative to the capacities of other information-service providers, IXCs included. There is nothing to compel the telcos to share their information, if it becomes necessary to craft an egalitarian competitive en- vironment. At the same time, the telcos are uninhibited in the ways that they can employ this information -- a potent tool. It may be that the law has accomplished its principal purpose well and prevented a flood of personal information out of the telcos and to third parties. But times change, and perhaps it's time to revisit CA's Telephone Privacy Act. Perhaps it should apply to the telcos' new info subsidiaries just as it does to other third parties. I'm not with the CA legislature any longer; it's a much wilder, more pro-utility enterprise these days. I wonder what can and should be done. Bob Jacobson Former Principal Consultant Assembly Utilities and Commerce Committee, CA Legislature, 1981-9 ------------------------------ Date: Sat, 9 Sep 1995 14:03:03 -0700 (PDT) From: Beth Givens Subject: court privacy hearings September 8, 1995 IMPORTANT NOTICE REGARDING PRIVACY OF AND ACCESS TO CALIFORNIA COURT RECORDS From: Beth Givens Privacy Rights Clearinghouse, Univ. of San Diego voice: 619-260-4160 fax: 619-298-5681 e-mail: bgivens@acusd.edu The Judicial Council of California's Subcommittee on Privacy and Access, of which I am a member, is holding two important hearings in California during September and October. These hearings allow people to express their concerns and opinions on the development of computerized court records vis-a-vis privacy and access. The hearings are open to all -- Californians as well as those from other states who wish to be heard on these issues. (Non- Californians might include representatives of privacy advocacy groups, civil libertarians, trade associations, and industry). If you are not able to attend the hearings, you may provide written testimony, as explained in the notice below. *DEADLINE is October 18th.* Why are these hearings important? And why is it important for privacy advocates to express their opinions on the issue of computerization and electronic dissemination of court records? There is little to argue about regarding the value to our democratic society of *public access* to government records. Public records provide notice to all members of society of the official actions taken by government, giving the citizens the opportunity to see what their government is doing. Public records also provide notice of the "official" status of individuals and property. In short, public records promote government accountability. But the tradition of public access to court records may need to be re-examined vis-a-vis *privacy* in this era of computerization and telecommunications networks, particularly access to computerized public records in the aggregate. A recent California appellate court decision had this to say: "There is a qualitative difference between obtaining information from a *specific* docket or on a *specified* individual, [and] from obtaining docket information on *every* person against whom criminal charges are pending in the municipal court. ... It is the *aggregate nature* of the information which makes it valuable to respondent; it is that same quality which makes its dissemination constitutionally dangerous." [emphasis added] (Westbrook v. Los Angeles Co. et al., 27 Cal. App. 4th 157 (1994)) The plaintiff, Robert Westbrook, a vendor of criminal background information doing business as Crimeline, wanted to purchase a computer tape from the LA Municipal Court System in order to process it and resell it to interested parties. Typically, purchasers of such information are commercial information brokers, private investigators and employment background check firms. The court ruled against Westbrook in the case, citing privacy considerations. In addition, the court said that Westbrook's use of the data over time could amount to the creation of virtual "rap sheets" on individuals (criminal histories), compilations which are considered confidential under California law (Penal Code 13300). Contrary to the Westbrook case, however, other courts have *not prevented* the unfettered access to and use of computerized public records in the aggregate. These hearings are important because they will shape the access to and use of electronic court records in California, and perhaps other jurisdictions who study California's court policies, for years to come. I hope you will take the time to attend one of these hearings and present your testimony, or provide written testimony. Please contact me if you want any additional background information. -- Beth Givens, Privacy Rights Clearinghouse (bgivens@acusd.edu). ********* OFFICIAL COURT ANNOUNCEMENT FOLLOWS *********** TO Court Administrators Executive Officers of the California Trial Courts Persons and Organizations Interested in Access to Court Data FROM Subcommittee on Privacy and Access of the Judicial Council Standing Advisory Committee on Court Technology Hon. Judith D. Ford, Chair DATE August 22, 1995 SUBJECT Invitation to Comment: Policies on Privacy and Access Rights In January 1995 the Judicial Council of California established a Standing Advisory Committee on Court Technology to "promote, coordinate, and facilitate acquisition and implementation of information and communication technologies useful and appropriate to the courts" (Rule of Court 1033(a)). The Court Technology Committee subsequently established a Subcommittee on Privacy and Access to draft policies that the Court Technology Committee will consider for recommendation to the Judicial Council. If approved and promulgated by the council, the policies would establish norms governing privacy rights in and access rights to data that is maintained electronically by the California courts. To assist it in its drafting effort, the Subcommittee on Privacy and Access is inviting comment on the following and any other related issues: - Given the requirements of California and federal law, how should the California courts protect privacy rights in their electronic data? - Given the requirements of California and federal law, how should the California courts assure access rights to their electronic data? - How should any new costs of providing access to electronic data be funded? - When privacy and access rights are in apparent conflict, how should the conflict be resolved? *How to comment:* Send your comments before October 18, 1995 to: Administrative Office of the Courts Attention: Victor Rowley 303 Second Street, South Tower San Francisco CA 94107-1366 Fax 415/396-9323 You are also invited to attend one of two public hearings that will be hosted by Judge Judith D. Ford, the chair of the subcommittee. On Friday, September 29, a hearing will be held in San Francisco at the Commonwealth Club at 595 Market Street from 9 a.m. until 2 p.m. On Thursday, October 19, 1995, a hearing will be held in Torrance in the City Council chambers of Torrance City Hall at 3031 Torrance Blvd. from 11:30 a.m. until 4:30 p.m. If you are interested in testifying before the subcommittee, you must request a place on the hearing agenda in advance. To request a place on the agenda, please contact Victor Rowley at the above address, or you may also reach him by telephone at 415/396-9271 or via Internet email at Victor_Rowley@aoc.jud.state.ca.us. Each speaker will be allotted ten minutes to address the subcommittee and will be placed on the agenda on a first-come, first-served basis. The last hour of the hearing will be available for the testimony of those who have not contacted Mr. Rowley prior to the meeting. Speakers who want to testify during this hour should sign up upon arrival at the meeting site and provide their comments in writing. Each speaker will be permitted ten minutes to testify. At the hearing, you must provide a written summary of your comments for the record. We encourage you to circulate this invitation to comment to others. ------------------------------ Date: Tue, 5 Sep 1995 16:38:23 -0400 (EDT) From: Robert Gellman Subject: New Privacy Book Subscribers to this forum may be interested in a new book on privacy issues. The title is "Legislating Privacy: Technology, Social Values, and Public Policy." The author is Priscilla Regan, an assistant professor of public affairs at George Mason University. This is a very readable account of how some important federal privacy statutes were passed. Regan identifies the policy, the politics, and the players. She also offers some original observations about why privacy advocates have not been successful in getting more legislation passed. I recommend the book highly. The publisher is the University of North Carolina Press. Robert Gellman rgellman@cais.com Privacy and Information Policy Consultant 431 Fifth Street S.E. Washington, DC 20003 202-543-7923 (phone) 202-547-8287 (fax) ------------------------------ Date: Tue, 12 Sep 1995 16:04:19 -0400 (EDT) From: Pierrot Peladeau Subject: Privacy Files: a new publication More Than Just Another Newsletter October 1995 will be the lauching date for Privacy Files, which aims to fill the order for a Canadian newsletter but will also be a professional magazine, as well as a reference service for the international privacy community. Privacy Files promises to be a timely news source, of interest to those dealing with personal-information and privacy-protection issues or with the social assessment of personal-information systems operating within, or in connection with, the Canadian informational space. Privacy Files also purports to be a professional magazine: a knowledgeable source of pertinent information and analysis about the social, legal, ethical, technical, administrative and commercial issues relating to personal-information processing as well as to privacy and data protection. Leading professionals and academics, as well as experienced journalists, will discuss the facts, put forward learned opinions and share useful tips. This mix of disciplinary standpoints should result in a comprehensive, multidimensional overview of events and issues. Much has been written about privacy protection from both the legal and policy standpoints. But which publication have you read recently deals with the real-life requirements of privacy and personal-information protection? In Privacy Files down-to- earth concerns will be given front and center attention. We will take an unflinching look at the long, often perilous, but necessary process of adapting an organization's or a profession's culture to the requirements of good personal-information protection; at how to cope with the power struggles new information management practices sometimes trigger, at how to assess the risks and costs - human costs as well as dollar costs - of personal-information processing. For instance, did you know that maintaining client confidentiality could be a major source of stress, and even distress, for social and health services workers left to cope without the appropriate psychological support? In Privacy Files you will learn about the solutions as well as the problems. Inside The October Issue: Introducing "Data Protection as an Art" The first of a regular column with that down-to-earth focus we were just talking about. Citizens Take Their Information "Personal" The largest privacy opinion survey ever conducted (in terms of the numbers of questions) sponsored by two citizens'/ consumers organizations. As you can imagine, this survey arrives at significatly different conclusions from those in studies sponsored by private businesses ... North America Under the Gaze of the European Sphinx Many thought that the change in the EU Directive wording about an appropriate protection level for transborder data flows (from a supposely stricter "equivalent" to a vaguer "adequate") would make it less threatening to countries without comprehensive legislation. But Colin Bennett demonstrates that implementation is likely to be more unpredictable and politicized. North American data importers should be more concerned, not less. Rules for the Info-Highway? Final recommendations of the Canadian Information Highway Advisory Council call for a framework data-protection legislation and for a public key infrastructure which differs significantly from the Clipper Chip approach. Plus book reviews, an events calendar and news briefs. And soon, we will launch a prestigious guest column, Private Thoughts, in which renowned experts in the privacy and data-protection field, as well as personalities from other spheres such as science fiction, genetics, religion, advertising or politics, will be invited to put forward their provocative, opinionated, unorthodox or prospective views. This is yet another way of bringing a multidimensional approach to bear on the issues. Privacy Files will first be published in hard copy, ten times a year. But soon a free abridged version will also be available in English and in French through a listserver. Later, full edition will be available in electronic format. Get Your FREE Sample Copy! Just send an Email to beginning with "Free sample copy". [Personal information will be kept confidential, not circulated to third parties and protected under the Act respecting the protection of personal information in the private sector (L.Q. 1993 c. 17)]. Become a Contributor. Our pages are open to your thoughts, your expertise and, of course, for any practical experiences you would like to share with our readers. Contact Ms Lise Moisan, Executive Editor, at ______________________________________________________ Pierrot Peladeau Vice President, Research and Development, PROGESTA Inc. Editor of PRIVACY FILES P.O.Box 42029 Station Jeanne Mance voice: +1 (514) 990 2786 Montreal (Quebec) CANADA H2W 2Y0 fax : +1 (514) 990 3085 ------------------------------ Date: 14 Sep 1995 09:39:46 +1000 From: "Graham Sewell" Subject: Surveillance Conference I represent a group of concerned academics based here at the University of Wollongong, Australia who are researching and writing about a wide range of issues related to surveillance and privacy. We are convening a conference here in November 1995 (registration form attached) where we hope to be addressing some issues that are congruent with Privacy's interests. Although the conference is expected primarily to attract an Australian audience we thought Privacy may be interested in the forthcoming event and may be able to help us publicise it through its forum. Yours faithfully, Dr. Graham Sewell Dept. of Management University of Wollongong NSW 2522 Australia tel. 0011-61-42-213642 fax. 0011-61-42-272785 _______________________________ Open conference on Surveillance Experiences o Analysis o Responses Wollongong, 26 November 1995 The aim of this informal conference is to bring together people from all walks of life who would like to share their experiences, ideas and concerns about surveillance. The conference is organised around small group discussions to help people meet each other and exchange ideas. Topics Database matching, hidden cameras, spy agencies, private investigators, telephone tapping, identification numbers, vehicle tracking, workplace monitoring, electronic mail security, dossiers, voice recognition, investigating agencies, direct marketing, credit referencing ... and others. Experiences People who have experiences of surveillance are especially invited to attend and tell others. Analysis Why does surveillance occur? Who benefits and who loses? Who has the power to implement it? Who can say no? What are the alternatives? Who should be watching whom-and how? Responses What can and should be done about surveillance? The conference The conference will be held on Sunday 26 November 1995 at the University of Wollongong, 10am-5pm. Those attending will be asked in advance about their special interests. Each person will be able to attend several small group meetings on specific topics, each chaired by an experienced facilitator. There will also be special demonstrations. Ample time will be provided between sessions for informal get-togethers. Conference papers Participants are welcome to-but certainly not obliged to-submit a short article or comment to be included in the conference papers, which are circulated beforehand to those attending. The maximum length is 1500 words or 2 A4 pages. The conference papers will also be posted electronically on a Web page. If possible, please submit contributions by electronic mail or computer disc or good-quality large-print typing. Those who want to distribute longer papers should bring multiple copies to the conference. Send all submissions to Brian Martin. Conference organisers (All phone numbers are area code 042.) Ann Aungles, Sociology Department, phone 213745 work, 297393 home, email a.aungles@uow.edu.au Stan Aungles, Science and Technology Studies Department, phone 297393, email s.aungles@uow.edu.au Richard Joseph, Information and Communication Technology Department, phone 214143 work, 213606 messages, email r.joseph@uow.edu.au Brian Martin, Science and Technology Studies Department, phone 213763 work, 287860 home, email b.martin@uow.edu.au Graham Sewell, Management Department, phone 213642 work, 281825 home, email g.sewell@uow.edu.au All addresses are University of Wollongong, NSW 2522. Fax: 213452 Open conference on surveillance Wollongong, 26 November 1995 Registration form Please register to help the organisers make the conference run smoothly. Conference fee: $20. This includes lunch and morning & afternoon teas. Name___________________________________________________ Address___________________________________________________ ___________________________________________________ Other contact information___________________________________________________ O I plan to attend the conference. O The conference fee of $20 is enclosed. (Make cheques to "University of Wollongong Union") O Please send me a copy of the conference papers. O Please schedule me to attend discussion groups. My special interests are ___________________________________________________ ___________________________________________________ O Please arrange for care for the following children ___________________________________________________ O I would like to join others for dinner after the conference at a local restaurant O I have the following special dietary requirements____________________________________ O Please destroy this sheet after conclusion of the conference. Send to Brian Martin, STS, University of Wollongong, NSW 2522, Australia. About a week before the conference you will receive a conference programme, maps indicating the conference venue, and the conference papers. ------------------------------ Date: 18 Aug 1995 05:44:30 GMT From: TJRB52A@prodigy.com (Larry Kizziah) Subject: Re: Legality of Unsolicited Advertising Faxes? Newsgroups: alt.fax This just released from FTC. List of Subjects of 16 CFR Part 310 Telemarketing, Trade practices. Accordingly, the Commission amends Chapter I, Subchapter C of 16 CFR by adding a new part 310 to read as follows: PART 310: TELEMARKETING SALES RULE Sec. 310.1 Scope of regulations in this part. 310.2 Definitions. 310.3 Deceptive telemarketing acts or practices. 310.4 Abusive telemarketing acts or practices. 310.5 Recordkeeping requirements. 310.6 Exemptions. 310.7 Actions by states and private persons. 310.8 Severability. Authority: 15 U.S.C. 6101-6108. ' 310.1 Scope of regulations in this part. This part implements the Telemarketing and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. 6101-6108. ' 310.2 Definitions. (a) Acquirer means a business organization, financial institution, or an agent of a business organization or financial institution that has authority from an organization that operates or licenses a credit card system to authorize merchants to accept, transmit, or process payment by credit card through the credit card system for money, goods or services, or anything else of value. (b) Attorney general means the chief legal officer of a State. (c) Cardholder means a person to whom a credit card is issued or who is authorized to use a credit card on behalf of or in addition to the person to whom the credit card is issued. (d) Commission means the Federal Trade Commission. (e) Credit means the right granted by a creditor to a debtor to defer payment of debt or to incur debt and defer its payment. (f) Credit card means any card, plate, coupon book, or other credit device existing for the purpose of obtaining money, property, labor, or services on credit. (g) Credit card sales draft means any record or evidence of a credit card transaction. (h) Credit card system means any method or procedure used to process credit card transactions involving credit cards issued or licensed by the operator of that system. (i) Customer means any person who is or may be required to pay for goods or services offered through telemarketing. (j) Investment opportunity means anything, tangible or intangible, that is offered, offered for sale, sold, or traded based wholly or in part on representations, either express or implied, about past, present, or future income, profit, or appreciation. (k) Material means likely to affect a person's choice of, or conduct regarding, goods or services. (l) Merchant means a person who is authorized under a written contract with an acquirer to honor or accept credit cards, or to transmit or process for payment credit card payments, for the purchase of goods or services. (m) Merchant agreement means a written contract between a merchant and an acquirer to honor or accept credit cards, or to transmit or process for payment credit card payments, for the purchase of goods or services. (n) Outbound telephone call means a telephone call initiated by a telemarketer to induce the purchase of goods or services. (o) Person means any individual, group, unincorporated association, limited or general partnership, corporation, or other business entity. (p) Prize means anything offered, or purportedly offered, and given, or purportedly given, to a person by chance. For purposes of this definition, chance exists if a person is guaranteed to receive an item and, at the time of the offer or purported offer, the telemarketer does not identify the specific item that the person will receive. (q) Prize promotion means: (1) A sweepstakes or other game of chance; or (2) An oral or written express or implied representation that a person has won, has been selected to receive, or may be eligible to receive a prize or purported prize. (r) Seller means any person who, in connection with a telemarketing transaction, provides, offers to provide, or arranges for others to provide goods or services to the customer in exchange for consideration. (s) State means any State of the United States, the District of Columbia, Puerto Rico, the Northern Mariana Islands, and any territory or possession of the United States. (t) Telemarketer means any person who, in connection with telemarketing, initiates or receives telephone calls to or from a customer. (u) Telemarketing means a plan, program, or campaign which is conducted to induce the purchase of goods or services by use of one or more telephones and which involves more than one interstate telephone call. The term does not include the solicitation of sales through the mailing of a catalog which: contains a written description or illustration of the goods or services offered for sale; includes the business address of the seller; includes multiple pages of written material or illustrations; and has been issued not less frequently than once a year, when the person making the solicitation does not solicit customers by telephone but only receives calls initiated by customers in response to the catalog and during those calls takes orders only without further solicitation. For purposes of the previous sentence, the term "further solicitation" does not include providing the customer with information about, or attempting to sell, any other item included in the same catalog which prompted the customer's call or in a substantially similar catalog. ' 310.3 Deceptive telemarketing acts or practices. (a) Prohibited deceptive telemarketing acts or practices. It is a deceptive telemarketing act or practice and a violation of this Rule for any seller or telemarketer to engage in the following conduct: (1) Before a customer pays[1] for goods or services offered, failing to disclose, in a clear and conspicuous manner, the following material information: (i) The total costs to purchase, receive, or use, and the quantity of, any goods or services that are the subject of the sales offer;[2] (ii) All material restrictions, limitations, or conditions to purchase, receive, or use the goods or services that are the subject of the sales offer; (iii) If the seller has a policy of not making refunds, cancellations, exchanges, or repurchases, a statement informing the customer that this is the seller's policy; or, if the seller or telemarketer makes a representation about a refund, cancellation, exchange, or repurchase policy, a statement of all material terms and conditions of such policy; (iv) In any prize promotion, the odds of being able to receive the prize, and if the odds are not calculable in advance, the factors used in calculating the odds; that no purchase or payment is required to win a prize or to participate in a prize promotion; and the no purchase/no payment method of participating in the prize promotion with either instructions on how to participate or an address or local or toll-free telephone number to which customers may write or call for information on how to participate; and (v) All material costs or conditions to receive or redeem a prize that is the subject of the prize promotion; (2) Misrepresenting, directly or by implication, any of the following material information: (i) The total costs to purchase, receive, or use, and the quantity of, any goods or services that are the subject of a sales offer; (ii) Any material restriction, limitation, or condition to purchase, receive, or use goods or services that are the subject of a sales offer; (iii) Any material aspect of the performance, efficacy, nature, or central characteristics of goods or services that are the subject of a sales offer; (iv) Any material aspect of the nature or terms of the seller's refund, cancellation, exchange, or repurchase policies; (v) Any material aspect of a prize promotion including, but not limited to, the odds of being able to receive a prize, the nature or value of a prize, or that a purchase or payment is required to win a prize or to participate in a prize promotion; (vi) Any material aspect of an investment opportunity including, but not limited to, risk, liquidity, earnings potential, or profitability; or (vii) A seller's or telemarketer's affiliation with, or endorsement by, any government or third-party organization; (3) Obtaining or submitting for payment a check, draft, or other form of negotiable paper drawn on a person's checking, savings, share, or similar account, without that person's express verifiable authorization. Such authorization shall be deemed verifiable if any of the following means are employed: (i) Express written authorization by the customer, which may include the customer's signature on the negotiable instrument; or (ii) Express oral authorization which is tape recorded and made available upon request to the customer's bank and which evidences clearly both the customer's authorization of payment for the goods and services that are the subject of the sales offer and the customer's receipt of all of the following information: (A) The date of the draft(s); (B) The amount of the draft(s); (C) The payor's name; (D) The number of draft payments (if more than one); (E) A telephone number for customer inquiry that is answered during normal business hours; and (F) The date of the customer's oral authorization; or (iii) Written confirmation of the transaction, sent to the customer prior to submission for payment of the customer's check, draft, or other form of negotiable paper, that includes: (A) All of the information contained in ' 310.3(a)(3)(ii)(A)-(F); and (B) The procedures by which the customer can obtain a refund from the seller or telemarketer in the event the confirmation is inaccurate; and (4) Making a false or misleading statement to induce any person to pay for goods or services. (b) Assisting and facilitating. It is a deceptive telemarketing act or practice and a violation of this Rule for a person to provide substantial assistance or support to any seller or telemarketer when that person knows or consciously avoids knowing that the seller or telemarketer is engaged in any act or practice that violates ' 310.3(a) or (c), or ' 310. 4 of this Rule. (c) Credit card laundering. Except as expressly permitted by the applicable credit card system, it is a deceptive telemarketing act or practice and a violation of this Rule for: (1) A merchant to present to or deposit into, or cause another to present to or deposit into, the credit card system for payment, a credit card sales draft generated by a telemarketing transaction that is not the result of a telemarketing credit card transaction between the cardholder and the merchant; (2) Any person to employ, solicit, or otherwise cause a merchant or an employee, representative, or agent of the merchant, to present to or deposit into the credit card system for payment, a credit card sales draft generated by a telemarketing transaction that is not the result of a telemarketing credit card transaction between the cardholder and the merchant; or (3) Any person to obtain access to the credit card system through the use of a business relationship or an affiliation with a merchant, when such access is not authorized by the merchant agreement or the applicable credit card system. ' 310.4 Abusive telemarketing acts or practices. (a) Abusive conduct generally. It is an abusive telemarketing act or practice and a violation of this Rule for any seller or telemarketer to engage in the following conduct: (1) Threats, intimidation, or the use of profane or obscene language; (2) Requesting or receiving payment of any fee or consideration for goods or services represented to remove derogatory information from, or improve, a person's credit history, credit record, or credit rating until: (i) The time frame in which the seller has represented all of the goods or services will be provided to that person has expired; and (ii) The seller has provided the person with documentation in the form of a consumer report from a consumer reporting agency demonstrating that the promised results have been achieved, such report having been issued more than six months after the results were achieved. Nothing in this Rule should be construed to affect the requirement in the Fair Credit Reporting Act, 15 U.S.C. 1681, that a consumer report may only be obtained for a specified permissible purpose; (3) Requesting or receiving payment of any fee or consideration from a person, for goods or services represented to recover or otherwise assist in the return of money or any other item of value paid for by, or promised to, that person in a previous telemarketing transaction, until seven (7) business days after such money or other item is delivered to that person. This provision shall not apply to goods or services provided to a person by a licensed attorney; or (4) Requesting or receiving payment of any fee or consideration in advance of obtaining a loan or other extension of credit when the seller or telemarketer has guaranteed or represented a high likelihood of success in obtaining or arranging a loan or other extension of credit for a person. (b) Pattern of calls. (1) It is an abusive telemarketing act or practice and a violation of this Rule for a telemarketer to engage in, or for a seller to cause a telemarketer to engage in, the following conduct: (i) Causing any telephone to ring, or engaging any person in telephone conversation, repeatedly or continuously with intent to annoy, abuse, or harass any person at the called number; or (ii) Initiating an outbound telephone call to a person when that person previously has stated that he or she does not wish to receive an outbound telephone call made by or on behalf of the seller whose goods or services are being offered. (2) A seller or telemarketer will not be liable for violating ' 310. 4(b)(1)(ii) if: (i) It has established and implemented written procedures to comply with ' 310.4(b)(1)(ii); (ii) It has trained its personnel in the procedures established pursuant to ' 310.4(b)(2)(i); (iii) The seller, or the telemarketer acting on behalf of the seller, has maintained and recorded lists of persons who may not be contacted, in compliance with ' 310.4(b)(1)(ii); and (iv) Any subsequent call is the result of error. (c) Calling time restrictions. Without the prior consent of a person, it is an abusive telemarketing act or practice and a violation of this Rule for a telemarketer to engage in outbound telephone calls to a person's residence at any time other than between 8:00 a.m. and 9:00 p.m. local time at the called person's location. (d) Required oral disclosures. It is an abusive telemarketing act or practice and a violation of this Rule for a telemarketer in an outbound telephone call to fail to disclose promptly and in a clear and conspicuous manner to the person receiving the call, the following information: (1) The identity of the seller; (2) That the purpose of the call is to sell goods or services; (3) The nature of the goods or services; and (4) That no purchase or payment is necessary to be able to win a prize or participate in a prize promotion if a prize promotion is offered. This disclosure must be made before or in conjunction with the description of the prize to the person called. If requested by that person, the telemarketer must disclose the no-purchase/no-payment entry method for the prize promotion. ' 310.5 Recordkeeping requirements. (a) Any seller or telemarketer shall keep, for a period of 24 months from the date the record is produced, the following records relating to its telemarketing activities: (1) All substantially different advertising, brochures, telemarketing scripts, and promotional materials; (2) The name and last known address of each prize recipient and the prize awarded for prizes that are represented, directly or by implication, to have a value of $25.00 or more; (3) The name and last known address of each customer, the goods or services purchased, the date such goods or services were shipped or provided, and the amount paid by the customer for the goods or services; [3] (4) The name, any fictitious name used, the last known home address and telephone number, and the job title(s) for all current and former employees directly involved in telephone sales; provided, however, that if the seller or telemarketer permits fictitious names to be used by employees, each fictitious name must be traceable to only one specific employee; and (5) All verifiable authorizations required to be provided or received under this Rule. (b) A seller or telemarketer may keep the records required by ' 310.5(a) in any form, and in the manner, format, or place as they keep such records in the ordinary course of business. Failure to keep all records required by ' 310.5(a) shall be a violation of this Rule. (c) The seller and the telemarketer calling on behalf of the seller may, by written agreement, allocate responsibility between themselves for the recordkeeping required by this Section. When a seller and telemarketer have entered into such an agreement, the terms of that agreement shall govern, and the seller or telemarketer, as the case may be, need not keep records that duplicate those of the other. If the agreement is unclear as to who must maintain any required record(s), or if no such agreement exists, the seller shall be responsible for complying with ' 310.5(a)(1)- (3) and (5); the telemarketer shall be responsible for complying with ' 310.5(a)(4). (d) In the event of any dissolution or termination of the seller's or telemarketer's business, the principal of that seller or telemarketer shall maintain all records as required under this Section. In the event of any sale, assignment, or other change in ownership of the seller's or telemarketer's business, the successor business shall maintain all records required under this Section. ' 310.6 Exemptions. The following acts or practices are exempt from this Rule: (a) The sale of pay-per-call services subject to the Commission's "Trade Regulation Rule Pursuant to the Telephone Disclosure and Dispute Resolution Act of 1992," 16 CFR Part 308; (b) The sale of franchises subject to the Commission's Rule entitled "Disclosure Requirements and Prohibitions Concerning Franchising and Business Opportunity Ventures," 16 CFR Part 436; (c) Telephone calls in which the sale of goods or services is not completed, and payment or authorization of payment is not required, until after a face-to-face sales presentation by the seller; (d) Telephone calls initiated by a customer that are not the result of any solicitation by a seller or telemarketer; (e) Telephone calls initiated by a customer in response to an advertisement through any media, other than direct mail solicitations; provided, however, that this exemption does not apply to calls initiated by a customer in response to an advertisement relating to investment opportunities, goods or services described in ' 310.4(a)(2) or (3), or advertisements that guarantee or represent a high likelihood of success in obtaining or arranging for extensions of credit, if payment of a fee is required in advance of obtaining the extension of credit; (f) Telephone calls initiated by a customer in response to a direct mail solicitation that clearly, conspicuously, and truthfully discloses all material information listed in ' 310.3(a)(1) of this Rule for any item offered in the direct mail solicitation; provided, however, that this exemption does not apply to calls initiated by a customer in response to a direct mail solicitation relating to prize promotions, investment opportunities, goods or services described in ' 310.4(a)(2) or (3), or direct mail solicitations that guarantee or represent a high likelihood of success in obtaining or arranging for extensions of credit, if payment of a fee is required in advance of obtaining the extension of credit; and (g) Telephone calls between a telemarketer and any business, except calls involving the retail sale of nondurable office or cleaning supplies; provided, however, that ' 310.5 of this Rule shall not apply to sellers or telemarketers of nondurable office or cleaning supplies. ' 310.7 Actions by States and private persons. (a) Any attorney general or other officer of a State authorized by the State to bring an action under the Telemarketing and Consumer Fraud and Abuse Prevention Act, and any private person who brings an action under that Act, shall serve written notice of its action on the Commission, if feasible, prior to its initiating an action under this Rule. The notice shall be sent to the Office of the Director, Bureau of Consumer Protection, Federal Trade Commission, Washington, D.C. 20580, and shall include a copy of the State's or private person's complaint and any other pleadings to be filed with the court. If prior notice is not feasible, the State or private person shall serve the Commission with the required notice immediately upon instituting its action. (b) Nothing contained in this Section shall prohibit any attorney general or other authorized State official from proceeding in State court on the basis of an alleged violation of any civil or criminal statute of such State. ' 310.8 Severability. The provisions of this Rule are separate and severable from one another. If any provision is stayed or determined to be invalid, it is the Commission's intention that the remaining provisions shall continue in effect. By direction of the Commission. Donald S. Clark Secretary Footnotes: 1. When a seller or telemarketer uses, or directs a customer to use, a courier to transport payment, the seller or telemarketer must make the disclosures required by ' 310.3(a)(1) before sending a courier to pick up payment or authorization for payment, or directing a customer to have a courier pick up payment or authorizaiton for payment. 2. For offers of consumer credit products subject to the Truth in Lending Act, 15 U.S.C. 1601 et seq., and Regulation Z, 12 CFR 226, compliance with the disclosure requirements under the Truth in Lending Act, and Regulation Z, shall constitute compliance with ' 310.3(a)(1)(i) of this Rule. 3. For offers of consumer credit products subject to the Truth in Lending Act, 15 U.S.C. 1601 et seq., and Regulation Z, 12 CFR 226, compliance with the recordkeeping requirements under the Truth in Lending Act, and Regulation Z, shall consitute compliance with ' 310.5(a)(3) of this Rule. Please send comments to: webmaster@ftc.gov Rev. August 17, 1995 geh ------------------------------ End of PRIVACY Forum Digest 04.20 ************************