PRIVACY Forum Digest Sunday, 1 September 1996 Volume 05 : Issue 16 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS NCSL ALERT: Driver's Licenses and Birth Certificates (Janeane Dubuar) Re: Credit Card Company Now Marketing "Privacy" Program (V5 #15) (John R. Levine) Credit Card Protection Plans (Charles Trew) Blood and Privacy? (Rex Black) Alternatives to Social Security Numbers (Robert Ellis Smith) Re: Department of Motor Vehicle records (Johnsrude, RISKS-18.31) (Jan Vorbrueggen) SSN problem hits a Congressman (Stanton McCandlish) FC: Helsingius shuts down anon.penet.fi server in Finland (Declan McCullagh) SSN and Welfare Legislation (Monty Solomon) Re: More on CNID (Cliff Sojourner) The answer to the cookie problem?? (pt1@grcci.com) HRW letter to Singapore government; German telecom URL (Monty Solomon) Ohio requires privacy waiver and SSN in job apps (Wm Randolph Franklin) Fingerprinting by banks (Janeane Dubuar) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 05, ISSUE 16 Quote for the day: "We once laughed at the horseless carriage, the airplane, the telephone, the electric light, vitamins, radio, and even television! And now some of us laugh at outer space..." -- Criswell "Plan 9 From Outer Space" (1959) ---------------------------------------------------------------------- Date: Fri, 30 Aug 1996 10:51:45 -0700 (PDT) From: jd@scn.org (Janeane Dubuar) Subject: NCSL ALERT: Driver's Licenses and Birth Certificates This alert came by mail from the National Conference of State Legislatures in Washington, D.C. I added an update which includes the names of House-Senate conferees. The federal immigration bill (H.R. 2202) is expected to emerge from conference committee some time during the first week of September. Now is the time to act. TOWARD A NATIONAL IDENTIFICATION CARD AND MORE RED TAPE: CONGRESS MANDATES CHANGES TO DRIVER'S LICENSES AND BIRTH CERTIFICATES On May 2, 1996, the U.S. Senate passed S. 1664 (now called H.R. 2202 - Senate version), a bill to reform illegal immigration, that proposes monumental changes to all driver's licenses and birth certificates (section 118). These changes will force most U.S. citizens to obtain and pay for new driver's licenses and birth certificates; compromise each citizen's right to privacy; violate state and local control over driver's licenses and birth certificates; and invite discrimination against minorities. The Congressional Budget Office estimates that the federal driver's license mandate alone will shift up to $20 million in costs to states and localities. The House also passed an immigration bill, H.R. 2202. The House bill does not contain the driver's license and birth certificate mandates. Both House and Senate immigration staff are currently reconciling the two bills in an informal conference committee. Phone calls to House and Senate Leadership are urgently needed to demand that the driver's license and birth certificate mandates be deleted from the final bill. What Does the Senate Version of H.R. 2202 Require? 1. Driver's Licenses - State driver's licenses and identification cards MUST CONTAIN THE APPLICANT'S SOCIAL SECURITY NUMBER. The federal government will also create new federal standards for the application process and design of all driver's licenses and ID cards. States that currently retain and verify an applicant's social security number but do not place the number on the cards are initially exempt from the social security number mandate. According to the American Association of Motor Vehicle Administrators, of the 38 states that do not require the social security number to be on their driver's licenses, only Massachusetts would qualify for this exemption; all other states would be required to place social security numbers on driver's licenses and ID cards. All states are required to conform to the other federal standards. States with cycles of renewal longer than six years must start October 1, 2006. After October 1, 2006, NO ONE may use a driver's license or ID card for identification purposes that does not meet these federal standards. 2. Birth Certificates - All birth certificates must be printed on federally-approved safety paper and be certified by the issuing agency. The federal government will also issue additional provisions requiring other security features in the future. Starting in 1999 (three years after the bill's enactment), birth certificates that do not meet these federal standards cannot be accepted by any federal agency or by any state or local agency that issues driver's licenses or ID cards. Who Needs a New Driver's License? Anyone who wants to use their driver's license as a valid form of identification after October 1, 2006. If you need to use a driver's license to vote, to apply for a passport, to qualify for a federal school loan, license, contract or public assistance program or to meet any other federal, state or local requirement you will need a new driver's license. Will I Have to Put My Social Security Number on My Driver's License? Yes. While most states currently give applicants the option of not using this number on their driver's license or prohibit its use outright, the new federal requirements will force almost every American to put their social security number on their license or ID card. Many citizens are concerned by laws that increase the circulation of their social security number. The social security number is a key which provides access to vital personal information, which could be misused if it fell into the wrong hands. Others believe that proposals making driver's licenses uniform, including social security numbers, are a significant step toward a national ID card. Finally, many minorities contend that they will be disproportionately affected by the new requirements because they will be asked to show their documents more often than other Americans. Who Needs a New Birth Certificate? Anyone who wants to use their birth certificate as a valid form of identification after October 1, 1999. If you need to use your birth certificate to establish citizenship, apply for or renew a driver's license, passport or other identification documents, obtain a marriage license, register to vote, change your name, or many other purposes you will need a new certificate. No matter how old you are, if you need to use your birth certificate it must conform to the new federal standards, otherwise it is invalid. Fees will almost certainly be charged for new birth certificates to pay for the new federal requirements. This will impose a significant hardship on elderly and low-income Americans. THE DRIVER'S LICENSE AND BIRTH CERTIFICATE MANDATES IN ILLEGAL IMMIGRATION BILL H.R. 2202 (Senate) WILL... ...INCREASE SOCIAL SECURTY NUMBER FRAUD. H.R. 2202 (Senate version) will require the vast majority of automobile drivers in the U.S. to put their social security numbers on their driver's licenses. In the future, whenever someone shows their driver's license they will also be exposing their social security number. With the social security number accessible to so many people, it will be relatively easy for someone to fraudulently use your social security number to assume your identity and gain access to your bank account, credit services, utility billing information, driving history, and other sources of personal information. This new federal law will compound and exacerbate a disturbing trend reported by banks and credit card companies that social security number-related fraud is already on the rise. ...INVADE PRIVACY AND THREATEN CIVIL LIBERTIES. According to the Privacy Rights Clearinghouse, when social security numbers were first issued in 1936, the federal government assured the public that use of the numbers would be limited to social security programs. The driver's license and ID card provisions in H.R. 2202 (Senate version) violate this promise, and will dramatically increase the circulation of the social security number and its use as a national identifier. Now more corporations, creditors, insurance companies, government officials and others will be able to get easier access to vast amounts of personal information that can be used to support marketing schemes, determine insurance and loan eligibility, gain an advantage in a lawsuit, etc. ...PREEMPT STATE LAWS AND SHIFT COSTS TO STATES AND LOCALITIES. According to the Automobile Association of America, 38 states do not require drivers to put their social security numbers on their driver's licenses. Legislation has been introduced in a number of states (including Mississippi and Hawaii) that require social security numbers on their driver's licenses to take the numbers off the card because of fraud and privacy problems. The new federal law would require all but Massachusetts to change their laws, taking this option away from the majority of the nation's drivers and limiting state authority to decide whether this policy is appropriate for their residents. The bill also gives the federal government wide latitude to develop new and more costly requirements for state driver's licenses, ID cards and birth certificates in the future. According to the Congressional Budget Office, the new unfunded federal mandates in the law will shift up to $20 million in costs to states and force states and localities to increase fees for birth certificates to pay for new federal requirements. ...LEAD TO A NATIONAL ID CARD THAT DISCRIMINATES AGAINST MINORITIES. By requiring states to tie the social security number to state-issued identification documents, the proposal marks a dramatic shift toward using the number as an identifier. Today's mandate that the states follow federal requirements in their identification documents will lead to tomorrow's mandate: that the federal government issue the identification documents itself to ensure uniformity and reliability. Make no mistake: this provision is a key building block for national identification documents, and the national ID card. If such an ID card is mandated, Latinos, Asians, and other Americans who "look foreign" or speak with an accent will be expected to produce this document far more often than other Americans, especially if they live in border areas. Increasing discrimination against our own citizens is no way to deal with the problem of illegal immigration. ...TANGLE CITIZENS IN GOVERNMENT RED TAPE. The federal bill requires any citizen that needs to use their birth certificate for official identification to get a reissued birth certificate from their place of birth by October 1999. Senior citizens that intend to apply for Medicare will need to obtain a new birth certificate. Couples engaged to be married will need new birth certificates for a marriage license and to change their names. Professionals traveling internationally for business or families going on vacation overseas will need new birth certificates to obtain passports. With millions of citizens requesting new birth certificates, lines and waits for federally-approved birth certificates will be long. All recipients will be charged a fee for their new birth certificates. ------------------------------- UPDATE: To study the full text of the Senate's version of H.R. 2202, go to http://thomas.loc.gov and look up S.1664, section 118. Write or call conferees and your own member of the House. As of Thursday, 8/29/96, 4:30 pm EDT, Senate conferees on the immigration bill were: Feinstein, Dianne - California Grassley, Chuck - Iowa Hatch, Orrin - Utah Kennedy, Edward - Massachusetts Kohl, Herb - Wisconsin Kyl, Jon - Arizona Leahy, Patrick - Vermont Simon, Paul - Illinois Simpson, Alan - Wyoming Specter, Arlen - Pennsylvania Thurmond, Strom - South Carolina Likely House conferees include: Becerra, Xavier - California (30) Berman, Howard - California (26) Bono, Sonny - California (44) Bryant, Ed - Tennessee (7) Bryant, John - Texas (5) Conyers, John, Jr. - Michigan (14) Frank, Barney - Massachusetts (4) Gallegly, Elton - California (23) Goodlatte, Bob - Virginia (6) Hyde, Henry - Illinois (6) McCollum, Bill - Florida (8) Smith, Lamar - Texas (21) Please do not wait to contact House conferees. The conference report could be issued within as little as 24 hours of their final selection. To be most effective, letters should be postmarked by Saturday, August 31st, or faxed early the following week. Members' offices also may be reached by phone through the Capitol Switchboard (202) 224-3121. Thanks for your help. ------------------------------ Date: Sun, 18 Aug 96 21:16 EDT From: johnl@iecc.com (John R Levine) Subject: re: Credit Card Company Now Marketing "Privacy" Program (V5 #15) >I would be interested in hearing what others think of this service, and if >anyone has ever heard of CUC International, Inc., the provider of Wallet >Security Plus. CUC used to be known as Comp-U-Card, and runs a variety of discount shopper's clubs, travel clubs, and the like, many but not all of which are accessed via your PC. It is a large company, listed on the NYSE, with annual revenues well over a billion dollars, mostly from membership fees. (The stuff you buy through the clubs is all provided by third parties.) They're at http://www.cuc.com. Most of the shopping services on the major on-line services as well as the rebating travel agency on Easy Sabre are owned by CUC. Their "privacy" program is in all likelihood legit, although as you point out, it doesn't actually offer very much for the money, something that I've noticed in some of CUC's other programs. I would be a teensy bit worried that an organization whose primary business is targeted direct marketing might find it irresistable to to a little data mining in the big pile of data their privacy customers' give them. -- John R. Levine, IECC, POB 640 Trumansburg NY 14886 +1 607 387 6869 ------------------------------ Date: Tue, 20 Aug 1996 11:00:10 -0400 (EDT) From: Charles Trew Subject: Credit Card Protection Plans The credit card service plan offered by CUC International to monitor credit activity and such has been around for many years. As was noted, virtually all of the "services" are already available in one form or another for free. To be fair someone with quite a busy schedule and high income might find advantages in the program. Anyone with questions concerning credit cards should look up Bank Card Holders of America, a non-profit outfit in Roanoke, Virginia. Membership fees are nominal and they alert members to these types of programs and offerings of dubious value. In fact, BHC even provides this type of service as a regular part of their membership. As for Division of Motor Vehicle records, they are fairly available in almost all states. Because of privacy concerns there are frequently some restrictions. Many states charge a nominal fee ($5.00 to $10.00) and require the requester to identify themselves and give the reason for the request. A record is kept of the request. I can tell you, however, that there are any number of private investigation services on the internet (and elsewhere) that would be willing and able to obtain this information and provide it to an anonymous client. Many states have used an individual's social security number as their driver's license as well. Some states (such as Virginia) now allow one to obtain a number other than the SSN as the license number. Concerned individuals should call their state DMV and get specific details. ------------------------------ Date: 20 Aug 96 11:27 CDT From: Rex Black Subject: Blood and Privacy? I recently received an e-mail message from the corporate fitness center inviting me to a blood drive. I have not given blood before, having had a bad reaction to a blood sample as a teenager that has left me leery of the idea. What struck me, however, was that this e-mail message asked that we show up with our company badges and knowing our social security numbers. I sent back a message saying that I would consider giving blood, but only if it was anonymous. They replied that at least I had to bring my driver's license. (I'll have to remember that this is an anonymous ID the next time I get a speeding ticket, so that I can just ignore it, right? :-) Anyway, this got me to thinking: Is this general practice to require that donors "tag" their blood with an SSN or other traceable indicia? If so, are there documented cases of abuse of this tracing ability? (As an example, someone flunks the AIDS test that blood goes through and becomes tagged as "HIV positive" in some database, accurately or inaccurately.) Regards, Rex P.S. I am not speaking in any kind of official capacity as a Dell consultant. ------------------------------ Date: Fri, 16 Aug 96 15:24 EST From: Robert Ellis Smith <0005101719@mcimail.com> Subject: Alternatives to Social Security Numbers [ From Risks-Forum Digest; Volume 18 : Issue 35 -- MODERATOR ] Last spring, I asked readers of RISKS for suggestions on alternatives to Social Security numbers in organizations with large data bases of information about individuals. Many such organizations find they do not need to use SSNs, and avoid privacy problems associated with using them. For a copy of all of the responses, send a request to us and specify whether you want hard copy or electronic edition of our August issue, and provide postal address or e-mail address. Robert Ellis Smith, Publisher, Privacy Journal newsletter, Providence, RI, 401/274-7861, e-mail 5101719@mcimail.com. Excerpts from the suggestions follow: * FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date concatenated [linked in a chain]) both for driver and vehicle registrations. * FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in Boston, discusses a number of ways in which cryptography- based health care identifiers can be used to preserve privacy while remaining manageable for typical medical purposes. This is publication #49 (in Postscript format) at http://medg.lcs.mit.edu/people/psz/publications.html. * FROM YARDLEY, PA.: One way is to use a simple scheme like three letters from last name, the first initial, and some digits; another is just to use sequential numbers. Another is an MD5 hash of the full-name string [a one-way mathematical function as a stand-in for the name that makes translation back to the original name impossible]. This is always unique for a unique string, so you might need to add some numbers. * FROM MADISON, WISC.: When I was working on the development of the Wisconsin Student Data Handbook - we tried to develop what we called an "SSN surrogate," also of nine bytes per individual. It involved an algorithm which combined year, month, and date of birth with sex and two consonants each extracted from the first and middle names. * FROM CYBERSPACE: I worked with a banking software company that set up employee records simply by exact hire date and time. Since they never hired anyone at exactly the same time, it gave each person a unique number. You could do the same for any data base in which records are added gradually one at a time - just number them based on exact date and time added. * FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago not to use SSN for identification except where required by law (payroll taxes, for example). We use a unique Stanford University ID (SUID), which is a lifetime number and applies to all students, alumni, faculty, staff, and patients. It serves all the same purposes that the SSN would do if it were used. ------------------------------ Date: Mon, 19 Aug 1996 13:12:06 +0200 From: Jan Vorbrueggen Subject: Re: Department of Motor Vehicle records (Johnsrude, RISKS-18.31) [ From Risks-Forum Digest; Volume 18 : Issue 35 -- MODERATOR ] Johnsrude writes: > This lack of protection distinguishes American law from most European > democracies. "Data protection" is an important part of European human > rights law. A very important point. In Germany, this was actually derived, in the context of a census, from the constitutional right to freedom from injury by the Bundesverfassungsgericht (sort-of-analogue of the US Supreme Court). The laws that were made in response to this decision actually strive to handle the problem at the correct point, IMO, namely when the data in question is created. And there is a distributed system of "watch dogs" whose annual reports are widely discussed (if not always read). However, I think the bulk of Johnsrude's contribution and the further discussion in this thread misses a major point. The DMV database is quite different from, say, VISA's or your favourite retailer's, in that the DMV occupies a monopoly, and a publicly mandated one at that. If you don't like the data handling procedures of whoever offers you a service, in general there will be a competitor who might have better practices regarding your objections. Or you can make a purchase explicitly contingent on data concerning it not being made available to others, and in the case of infraction sue for breach of contract (of course, this entails other barrels of worms, but that's a separate discussion). In the case of the DMV, there is no alternative, because the DMV itself, as an issuer of drivers' licenses, serves a public watchdog function, and the service it offers is not in any practical sense optional, especially in wide parts of the United States. Putting severe restrictions on the DMV's use of the data entrusted to it is sensible, for any number of reasons; the technical problems in distributing data to those that need to know (e.g., police officers) come up in other situations as well and have well known solutions. One of the root problems here is that, IMHO, the way legislative responsibility has been divided in the USA is just crazy. The (I assume) federally mandated inclusion of the SSN in state controlled DMV records, without any clauses on how to protect this data, is a case in point; I suppose this was foisted on the states in a similar way the drunk driving rules were (according to urban legend, by making federal subsidies for the interstates contingent on such legislation). Thus, responsibility is divided -- in a similar way later noted as being the result of the privatization of the British rail network. Jan ------------------------------ Date: Thu, 22 Aug 1996 11:35:54 -0700 (PDT) From: Stanton McCandlish Subject: SSN problem hits a Congressman [ From Risks-Forum Digest; Volume 18 : Issue 37 -- MODERATOR ] I received a press call this morning asking about Social Security Numbers and database privacy in general, from a journalist covering a story that should have happened years ago. A US Congressman running for Governor of New Hampshire was found to have two SSNs by local journalists, who ran a story on it. (It's illegal to obtain 2 SSNs in most circumstances, so one supposes this seemed newsworthy). After the story ran, it turned out that the other SSN belonged to a teenager, and that the legislator had been assigned the number (presumably in some marketing or DMV or other error-prone database) by mistake. Despite the situation not being the legislator's fault, his chances for election to the Governor post have been damaged by the bad reportage, possibly ruined. At this point, I don't have the name of the legislator, nor of the paper and journalist(s) who reported on this. Many obvious RISKs that have come up before plenty of times in RISKS: 1) SSNs are not a good system - they are neither truly unique identifiers, nor is the system even close to immune from errors or fraud. 2) Even "minor" data entry errors in databases of personally identifiable information can ruin careers and otherwise wreck people's lives, but there's not really any easy way to detect these errors or to fix them until they cause a personal, or sometimes far broader, catastrophe. 3) There is no real accountability, even aside from privacy issues. State laws are scattershot and disparate, affording little privacy protection and even less recourse when negligence wreaks havoc. They are so different from state to state that even an industry-generated code of conduct doesn't arise. At the federal level, it's even worse. 4) Reporting on technical topics, like information held in databases, can be rapidly screwed up if the reporters do not take care to get the facts, but simply report what seems obvious on the surface. (C.f. Time's "Cyberporn" cover story for another infamous example.) 5) Blind trust in technology - "the computer is always right" - can lead to quite harmful mistakes. It appears that the reporters who jumped on this story accepted it as a given that the legislator had obtained two SSNs for some nefarious purpose, and missed the far more likely possibility: data entry error by a third party. (This is based on what I've been told about these events and the reportage of them. I have yet to see the original articles, though I expect to get them shortly. So, some of this criticism is best considered hypothetical, until I do have the articles. I cannot, of course, be certain of the accuracy of the characterization by one journalist of another and his/her work.) As for why I say this should have happened a long time ago, this is the first time I've heard of something like this happening to a policymaker. Hopefully the nature of the problem will sink in and we'll see some action to establish accountability and privacy-protection requirements. At very least, the dismal failure of the SSN may become more apparent to Congress, who have simply not appeared to grasp the nature of the problems to date. The new crypto-awareness on the Hill could use a strong booster shot of general privacy awareness. Stanton McCandlish Electronic Frontier Foundation mech@eff.org "http://www.eff.org/~mech/" ------------------------------ Date: Fri, 30 Aug 1996 13:17:02 -0500 From: declan@well.com (Declan McCullagh) Subject: FC: Helsingius shuts down anon.penet.fi server in Finland This is a sad day in the history of the Net. Hundreds of thousands of people had accounts on Julf's pseudonmyous server and many netizens relied on it daily to preserve their privacy online. (Unlike cypherpunk remailers, it's not truly anonymous since Julf keeps records of what anon id maps to what email address.) From Azeem's report and the press release below, Julf's move seems to be in response to a Finnish court's preliminary decision that the privacy remailers could be violated by court order -- something the Scientologists have been pushing. Still, I'd be surprised if Julf's decision wasn't prompted in part by the hideous London Observer article that falsely accused him of being a middleman in the distribution of child porn -- check out a scan of the Sunday cover at: http://scallywag.com/ -Declan ---------- Forwarded message ---------- Date: Fri, 30 Aug 1996 17:11:51 +0100 From: Azeem Azhar To: azeem@ivision.co.uk Subject: [ALERT] Penet is dead Hello all, I just got off the phone with Johann Helsingius who runs the anon.penet.fi anonymous e-mail service. 1. He has decided to close the service. 2. This is not related to the article in The Observer. It is, in fact, due to a decision of a lower Finnish court on petition from the Church of Scientology. Penet went to court last week and made the decision today. The implication of the decision is that e-mail over the Internet is not protect by the usual Finnish privacy laws. 3. The server is currently down while Julf re-writes the software. Once it runs again, it will be phased out for private use, but groups such as the Samaritans and human rights agencies should be able to use it. 4. They are appealing against the decision. 5. Julf expects that revisions in Finnish law to provide a safe legal status for anonymous remailers will be in place at the earliest in Spring next year. 6. Once again: this is unrelated to The Observer's scandalous reporting. Your faithful furry friend, Azeem ---------- Forwarded message ---------- Date: Fri, 30 Aug 1996 17:15:41 +0100 From: Azeem Azhar To: azeem@ivision.co.uk Subject: [ALERT} Penet is dead (correction) Sorry . . . a slight error: > 2. This is not related to the article in The Observer. It is, in fact, > due to a decision of a lower Finnish court on petition from the Church > of Scientology. Penet went to court last week and made the decision > today. The implication of the decision is that e-mail over the Internet > is not protect by the usual Finnish privacy laws. The implication of the court's decision (rather than Penet's to shut the server) is that e-mail over the Internet is not protected by the usual Finnish privacy laws. Sorry! -- [Julf's press release. -Declan] PRESS RELEASE 30.8.1996 Johan Helsingius closes his Internet remailer Johan Helsingius from Helsinki has decided to close his Internet remailer. The so-called anonymous remailer is the most popular remailer in the world, with over half a million users. "I will close down the remailer for the time being because the legal issues governing the whole Internet in Finland are yet undefined. The legal protection of the users needs to be clarified. At the moment the privacy of Internet messages is judicially unclear." The idea of an anonymous remailer is to protect the confidentiality of its users=ED identity. The remailer itself does not store messages but serves as a channel for message transmission. The remailer forwards messages without the identity of the original sender. Finland is one of the leading countries in Internet usage. Therefore all decisions and changes made in Finland arouse wide international interest. "I have developed and maintained the remailer in my free time for over three years now. It has taken up a lot of time and energy. Internet has changed a lot in these three years - now there are dozens of remailers in the world, which offer similar services." "I have also personally been a target because of the remailer for three years. Unjustified accusations affect both my job and my private life" says Johan Helsingius. He surmises that the closing of the remailer will raise a lot of discussion among the Internet community. "These remailers have made it possible for people to discuss very sensitive matters, such as domestic violence, school bullying or human rights issues anonymously and confidentially on the Internet. To them the closing of the remailer is a serious problem", says Helsingius. Child porn claims proven false Last Sunday's issue of the English newspaper Observer claimed that the remailer has been used for transmitting child pornography pictures. The claims have been investigated by the Finnish police. Observer's claims have been found groundless. Police sergeant Kaj Malmberg from the Helsinki Police Crime Squad is specialized in investigating computer crimes. He confirms that already a year ago Johan Helsingius restricted the operations of his remailer so that it cannot transmit pictures. "The true amount of child pornography in Internet is difficult to assess, but one thing is clear: We have not found any cases where child porn pictures were transmitted from Finland", Kaj Malmberg says. Ground rules need to be clarified There are several large network projects going on in Finland at the moment, such as the TIVEKE project run by the Ministry of Communications and the Information Society Forum project run by the Ministry of Finance. Johan Helsingius is participating the work of these projects. Projects assess the political and social issues of networks and the impact of these issues in the long run. These projects also need the support of daily, practical work to help short-term decision-making. Johan Helsingius is now taking an initiative in the development of the daily network rules. He wants to set up a task force to discuss the practical problems related to ethical and civil rights issues in connection with the Internet. "I will try to set up a task force which will include Internet experts together with representatives of civic organizations and authorities. The task force could take a stand on issues such as the network's practical operation methods and the misuse of the network. I hope that the results of this task force will support the development of the network", he says. For further information, please contact Johan Helsingius Oy Penetic Ab tel. +358 0400 2605 e-mail: julf@penet.fi [ Regular readers of my various PRIVACY Forum Moderator items will already be aware of my concerns over "anonymous" abuses which are appearing with increasing frequency on the net. Libel, propaganda, hate materials, and just plain 100% lies, often designed specifically to harm individuals, are occurring with increasing frequency. The senders of such materials usually shield themselves through a variety of technical mechanisms, only one of which is anonymous remailers. The problem is that while there are most definitely situations where anonymity is important, there are others where it can be seriously abused. Most newspapers and other mainstream media outlets would avoid printing random, unsubstantiated rumors (e.g. "John Rudolph Smith of 1313 Randolph Street is a child molester"), without knowing where the accusation came from and without some form of substantiation. Even in cases of "name withheld" items, it's normally necessary for the party making the accusation to identify themselves to the publisher so that appropriate responsibilities can be ascertained. Once false information goes out, the damage can be immediate and impossible to undo later. But in the case of anonymous items mass distributed on the net, there is no requirement for source checking, substantiation, author identity, or responsibility. For the vast majority of users who *do* act in responsible manners this isn't a problem. But with the net's entering the mainstream, the small percentage of folks with their own agendas and no compunction against outright lies and similar actions can abuse anonymity and unfiltered mass distributions in manners that are exceedingly damaging. The actions of these relative few could easily wipe out the real benefits and good will of the network in a mass of outraged reactions. The solutions? Discussion of possible solutions might be a suitable topic for here in the PRIVACY Forum. Such solutions are unlikely to be purely technical in nature. For example, in the item above, it's stated that the anon server under discussion was configured to not send pictures. Other info on this case suggests that what actually happened is that the system was configured to not send individual items larger than some arbitrary size--a limit that could presumably be circumvented via various programs to split large items into smaller chunks. No, the solutions to balancing privacy and responsibility must be based on technical, legislative, and societal grounds. If we don't start working towards reasonable compromises in these areas, our ability to have any input at all on these problems is likely to be severely curtailed in a rush to "quick fixes" down the line. Some countries are already moving rapidly into the quick fix arena--see the item regarding Singapore below... -- MODERATOR ] ------------------------------ Date: Sat, 24 Aug 1996 00:25:15 -0400 From: Monty Solomon Subject: SSN and Welfare Legislation Excerpt from EPIC Alert 3.15 ======================================================================= [3] Welfare Legislation Signed by Clinton ======================================================================= On August 22, President Clinton signed the Personal Responsibility and Work Opportunity Reconciliation Act of 1996. The bill includes a number of sections that expand the use of the Social Security Number and create new databases of personal information. The bill requires that states obtain individuals' Social Security Numbers for many state documents. It provides that on "any application for a professional license, commercial driver's license, occupational license, or marriage license [the SSN] be recorded on the application." The new bill also creates a national database of every employee in the United States. States are also required to create databases of "new hires." The state databases would be uploaded to a federal registry and the Social Security Administration would verify the SSNs. The Commissioner of Social Security is required to develop "a prototype of a counterfeit-resistant social security card" made of tamper proof materials for proving citizenship, and to issue a report on the cost of issuing a new card to all citizens over a three, five or ten year period. More information on the welfare bill, the Social Security Number, and efforts to expand its use is available at: http://www.epic.org/privacy/ssn/ ------------------------------ Date: 27 Aug 96 11:58:00 -0700 From: SOJOURNER_CLIFF@Tandem.COM Subject: Re: More on CNID In Privacy Digest v05 #14, Beth Givens wrote: > The introduction of Caller ID to California has been an enlightening study > in what happens when consumers are given adequate information to make > meaningful decisions about safeguarding their privacy. It certainly has been enlightening to discover that the ernest, well-intentioned efforts have mostly failed! We bought a telephone that answers "PRIVACY" labelled calls on the second ring with a short message, something like "the number you have dialed does not accept anonymous calls. Please disable your call blocking feature and call again." A large number of the calls we get are blocked. Very few of the callers are able to figure out what the message means and call back with the blocking disabled. Frequently we get complaints "I couldn't get through to you, some message on your phone number". My response to that is "you mean after a three month education campaign with bill inserts, radio, TV, and newspaper advertising, you can't figure out how to operate your telephone?" Smartass answers aside, I believe that CNID in California is a dismal failure. The "public education" didn't work: people don't know how to enable or disable call blocking, even when they know it exists. The "public education" only served to frighten people enough that they ordered complete blocking, even for their business lines! Further, the CNID information delivered by Pac Bell does not include the name, and calls from pay phones, PBXs, and centrexes (like we have at work) are labeled "OUT OF AREA". The reason we ordered CNID delivery was to screen out telemarketer calls and get a special ring sound on calls from well known phone numbers (like our work numbers, mothers-in-law, friends, etc.). CNID is useless for this. (Pac Bell must not have educated its people on CNID, selective vs. complete blocking, etc., because people who asked Pac Bell about our message could not get a correct answer.) Cliff Sojourner ------------------------------ Date: Sun, 18 Aug 1996 20:54:22 -0400 From: pt1 Subject: The answer to the cookie problem?? I may have the solution to the cookie problem. I have tried this for three weeks now, and it seems to work! I used 'edit.com' under DOS to read my cookies.txt file in netscape. It was full of information. I deleted everything in the file and replaced it with "STAY OUT OF MY BUSINESS- WHO ARE YOU TO READ MY FILES?". I then used windows to protect the file to 'Read Only'. Now when a site tries to send a file and it arrives in my netscape program and it tries to alter the file, it can not, because the file is write protected to be read only! If the site reads my cookies.txt file, the just get my message above to get out of my life! Does anyone know why this won't work? It seems to work for me. BTW, I really enjoy the great posts in privacy forum. [ While there definitely *are* privacy abuses involving cookies, there are also a number of completely innocent reasons for sites to send cookies for their own use (web page info sequencing, for example), and there are various useful services that might even appear to be cookies but really aren't. A complete blocking of *all* cookies through such techniques may be likely in the long run to have a variety of unintended and undesirable consequences. The most serious privacy issues with cookies tend to involve cookies passed *between* different sites, where one site collects the information "dropped off" by another site during a previous web page visit by the particular user. -- MODERATOR ] ------------------------------ Date: Tue, 20 Aug 1996 00:46:38 -0400 From: Monty Solomon Subject: HRW letter to Singapore government; German telecom URL Begin forwarded message: From: IN%"declan@well.com" 14-AUG-1996 22:53:36.15 To: IN%"cypherpunks@toad.com" Subj: HRW letter to Singapore government; German telecom URL Attached is the letter Human Rights Watch/Asia sent to Singapore yesterday. Kudos to HRW for taking the lead in calling attention to the actions of the censorhappy Singaporeans. More background is at: http://www.eff.org/~declan/global/ Also, you can find an English version of the German telecommunications act at: http://www.government.de/inland/ministerien/post/tkge00.html -Declan --- August 13, 1996 BY FAX: +65-375-7765 Mr. George Yeo Minister for Information and the Arts 460 Alexandra Road, 37th Story PSA Building Singapore 119963 Dear Mr. Yeo, I am writing on behalf of Human Rights Watch/Asia to protest the recent decision by the Singapore government to establish strict controls on Internet use. The implementation of the Class License Scheme, which, according to a July 11 government news release, "will focus on content which may undermine public morals, political stability and religious harmony,"ensures a leading role for Singapore among international promoters of online censorship. This is a particularly unfortunate role for Singapore, which has been a leader in the development and promotion of Internet use in Asia. It places Singapore in the same category as countries like China, where Internet users must endure onerous restrictions. One of the most unique and valuable characteristics of the Internet is its ability to establish easy, inexpensive and practically instantaneous communication between the farthest points of the earth. By prohibiting connections between its citizens and various Web sites outside its borders, Singapore is in essence removing itself from the global Internet. If, as will surely happen, its example is followed in other countries, the Internet, which held such promise as the world's first truly global medium, will be nothing more than a set of country-specific networks where local prejudices and fears are reinforced by technology. Our specific objections concern Singapore's decision to regulate the Internet as if it were a broadcast medium. Unlike broadcast media, the Internet is the first truly mass medium. Through e-mail, it allows individuals with nothing more than a computer and a modem to express their views to an international audience. Even the World Wide Web differs significantly from a broadcast medium in that individuals are not confronted with a particular site upon connecting to the Web--they may choose whichever sites they choose to visit. As with other forms of Internet communication, anyone may put up his or her own site on the Web. The Singapore government's own use of Web pages demonstrates how the Internet can be used to propound a particular point of view. Its citizens, so long as they are not using their site to incite to violence, should have the same opportunity to express views as their government. As stated in Article 19 of the Universal Declaration of Human Rights: Everyone has the right to freedom of opinion and expression: this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers. We are particularly concerned that restrictions have been placed on Singaporeans who wish to discuss religious and political ideas online. It is only through unrestricted discussions of such serious topics by all members of society, no matter how unpopular their views, that these subjects become less explosive. Forbidding discussion--in effect, treating its citizens like children--will, on the other hand, ensure that dangerous topics remain just that. We are also concerned that the extraordinarily broad categories of forbidden content, as outlined by the SBA, will encourage arbitrary restrictions on communication. According to the Internet Content Guidelines, the following topics are banned. Public Security and National Defense a. Contents which jeopardize public security or national defense. b. Contents which undermine the public confidence in the administration of justice. c. Contents which present information or events in such a way that alarms or misleads all or any of the public. d. Contents which tend to bring the Government into hatred or contempt, or which excite disaffection against the Government. Racial and Religious Harmony a. Contents which denigrate or satirize any racial or religious group. b. Contents which bring any race or religion into hatred or resentment. c. Contents which promote religious deviations or occult practices such as Satanism. Public Morals a. Contents which are pornographic or otherwise obscene. b. Contents which propagate permissiveness or promiscuity. c. Contents which depict or propagate gross exploitation of violence, nudity, sex or horror. d. Contents which depict or propagate sexual perversions such as homosexuality, lesbianism, and pedophilia. By banning such subjects a chill will be sent through the online community in Singapore, and will render the Internet essentially useless in allowing any kind of serious discussion. In addition to forbidding particular content, the government has also announced that some sites will be banned. Internet service providers were given the deadline of September 14, 1996, to begin using proxy servers--devices that can prohibit connections to specified sites--to connect all their subscribers. Although the government has promised to use a light hand in regulating the Internet, its activities even at this early stage indicate otherwise. A July 12 posting in the Usenet newsgroup "soc.culture.singapore" was reportedly removed at the request of the SBA, who asked local Internet service providers for its removal because it alleged that lawyers at a local law firm were incompetent. The request came, according to the Straits Times, after the law firm complained to the government. Despite the removal from the newsgroup, the message is still widely available to Singaporeans through other Internet sources, indicating that content control will be difficult unless Internet access is restricted even further. We hope that the Singapore government will retract these repressive new regulations, and support the development of an unfettered Internet. Instead of using its power to restrict Internet use, the government could play a truly useful role by devising ways to expand its use to even the most disaffected members of its population. Sincerely, Sidney Jones Executive Director cc: Mr. Goh Liang Kwang, Chief Executive Officer, Singapore Broadcasting Authority Ambassador Bilahari Kausikan, Permanent Mission of Singapore to the United Nations ------------------------------ Date: Tue, 27 Aug 1996 17:14:38 -0400 From: Wm Randolph Franklin Subject: Ohio requires privacy waiver and SSN in job apps The State of Ohio requires job applicants to sign a notarized waiver of privacy rights: "I hereby waive all provisions of law forbidding my physician... colleges... past employers... from disclosing any information... relevant to my employment..." What's the point of legal protections if governments can require you to waive them? Saying that working for the government is voluntary doesn't seem entirely satisfactory; the government is not the same as a private employer. Ohio also requires applicants to give their SSNs, but doesn't give a privacy act notice. This seems illegal. The application form is accessible from http://www.state.oh.us/hr/emprec.html ------------------------------ Date: Fri, 30 Aug 1996 10:34:03 -0700 (PDT) From: jd@scn.org (Janeane Dubuar) Subject: fingerprinting by banks SEATTLE WEEKLY Copyright 1996 - used with permission July 24,1996 - "Quick and Dirty" column by Eric Scigliano Thumbprint, retinal or body-odor scan, sir? If you think those "Go to Jail" charity slumber parties are a scream, you may get a kick out of cashing checks after September 11. That's when US Bank will start requiring that non-customers cashing its checks consent to be finger--or, rather, thumb--printed. Other local banks are expected to join US Bank on the new security frontier in September, and at least one, Seafirst, plans to start taking thumbprints next year in step with its California parent, Bank America. The thumbprinting scheme is being pushed by the Washington Bankers Association, which wants all its members to take the plunge together. As Dan Doyle, regional manager over US Bank's Western Washington branches, notes, "I'm not sure any one bank wants to be the one to step out and do it--it probably sounds cold, hard, and not very customer-friendly." Indeed. "But it's really to protect customers." That protection is supposed to come from deterrence. Very few, if any, check forgers actually get caught via thumbprints in those states (most notably Texas, Nevada, and Arizona) whose banks already take them. Tellers can't (yet, anyway) check the prints for known forgers; the prints will merely be saved (on the checks themselves) for investigation in the event of a bounce. But Bruce Koppe, the Bankers Association's executive director, reports that bogus-check losses have declined by 40 percent in those states. Doyle says US Bank has charted 45 percent reductions in states where it's tried the system, and fewer than 1 percent of those asked decline to give prints. Some retailers, and reportedly at least one local credit union, are already taking prints on checks. Customers can at least be reassured that they won't have to bear the telltale black stains of traditional fingerprinting; the new "inkless" printing leaves no visible mark on the skin. Still, fingerprinting is, in the words of American Civil Liberties Union lobbyist Jerry Sheehan, "the archetypal metaphor of criminality, along with the mug shot and lineup." Some tellers are already grumbling at the prospect of having to do it. The banks take heart that they won't be demanding prints of their current customers. But the ill will may still come around to bite them; those are all potential customers they stand to infuriate, and account-holders may not like the idea of their checks being valid only when backed by thumbprints. And thumbprinting may be just the nose under the tent. That mixed bodily metaphor suits the brave new world of "biometric" identification in which we will, very soon, find ourselves. Down in Olympia, a working group of the joint Legislative Transportation Committee is considering what kind of biometric and/or computer technology to adopt in upcoming "smart" driver's licenses; its findings are due in December, preparatory to the next legislative session. Possibilities include a bar code or magnetic strip; a store scrutinizing your check or a cop writing a ticket could scan your full digitalized profile. All the drivers' license data that now fills a state warehouse could be consolidated in a single data base. And all those sci-fi and privacy-protectionist warnings about personal bar codes and instant snooping will come true. Transportation Committee staffer Jennifer Joly says that fingerprinting is still the most common form of biometric ID. But more exotic techniques are coming in: hand geometry scans, retinal scans, iris scans, computerized facial recognition, and (I am not making this up) body odor measurement. It seems unlikely that those who take IDs will stop at thumbprinting checks. Joly reports that bankers, retailers, and law-enforcement groups have joined in a coalition to weigh in on the new drivers' licenses. "We'll be pushing for legislation imposing severe restrictions" on fingerprinting, the ACLU's Sheehan vows. And they'll "continue to resist these pressures to create uniform identification papers from a document intended for driver's certification." [...] July 31, 1996 - "Quick and Dirty" column by Eric Scigliano [...] They want to know it all If you feel queasy about being fingerprinted by a bank, imagine how tellers feel about all the information they're supposed to disclose. US Bank asks employees to fill out an "extortion readiness card" listing all their cars (by number and "markings") and neighbors, the names, schools, and daily routes and schedules of their children, and any meetings they themselves regularly attend. US Bancorp spokeswoman Mary Ruble says taking such data is a longtime standard banking practice done for the employees' "own safety," to protect them in "hostage situations" and to help authorities "follow up if a claim of kidnapping is made." She adds that US Bank has never encountered such a situation, but believes other banks have. The cards are kept confidential in a central office, and filling them out is "voluntary for employees." But one bank worker who objected recalls being told to fill out the card anyway, and got the feeling, despite the explanation, that the intent was really to guard against crimes by, rather than against, employees. "The extortion readiness card has nothing to do with embezzlement," says Ruble. ------------------------------ End of PRIVACY Forum Digest 05.16 ************************