PRIVACY Forum Digest Thursday, 15 May 1997 Volume 06 : Issue 06 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Fingerprints required when cashing checks (Jeremy Grodberg) Video-Surveillance (Roger Clarke) DIAC '97 (Susan Evoy) National ID Card Measure Comes Before Congress (Monty Solomon) Lexis-Nexis Comments to Federal Trade Commission (Lauren Weinstein; PRIVACY Forum Moderator) MC/VISA Comments to Federal Trade Commission (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 06, ISSUE 06 Quote for the day: "I *am* the law." -- Judge Dredd (Sylvester Stallone) "Judge Dredd" (Cinergi; 1995) ---------------------------------------------------------------------- Date: Sat, 19 Apr 1997 21:54:30 -0700 (PDT) From: jgro@netcom.com (Jeremy Grodberg) Subject: Fingerprints required when cashing checks While visiting my bank (Bank of America) I picked up a flyer titled "A New Program Designed to Fight Check Fraud." The new program? If you don't have an account with BofA, when you cash a check at BofA, you have to put your fingerprint on the check. The flyer claims this program has been endorsed by the "California Bankers Association" and says "Similar programs at several banks in other states have proved effective (at preventing check fraud)." They minimize privacy concerns by saying that "the bank will not maintain files of the prints nor will the prints be accessible to any other company or agency unless the check proves to be fraudulent." Of course that is not true, the prints will be accessible to whoever wrote the check, presuming that they receive their canceled checks. Their ultimate recommendation to solve the privacy problem is to open an account with the BofA, then "this new check cashing procedure would not apply to you." That's what they said when people complained about ATM access fees for non-depositors. I'm not happy with this further encroachment on our privacy, but I doubt there is anything I can do about it. Anyone know the law regarding banks cashing checks drawn on their accounts? I'd think requiring fingerprints could be deemed an excessive burden, but what do I know? -- Jeremy Grodberg jgro@netcom.com [ I get quite a few queries on this topic. People tend to have a gut feeling that there is something "special" about fingerprints--probably because of their common usage in criminal investigations and identifications. But in reality, except in the few cases where specific laws say otherwise, they are basically just another of the many "biometric" identifiers that we will be seeing used in great numbers. There's nothing in most cases that I know of preventing their storage, exchange, and sale through private databases and their use in a wide variety of commercial applications, including banking. They are just another of the many "information commodities" that are largely unregulated. -- MODERATOR ] ------------------------------ Date: Thu, 10 Apr 1997 11:19:14 +1000 From: Roger Clarke Subject: Video-Surveillance There are a few studies of the privacy aspects of video-surveillance around. Tim Dixon's document on workplace surveillance for the N.S.W. Privacy Committee a couple of years ago is the most valuable one that I know ('Invisible Eyes', Report No. 76 of September 1995), C'tee page at: http://www.attgendept.nsw.gov.au/privacy.html and Simon Davies has done several papers and chapters too. Unfortunately, I don't think that any of those sources are up on the web. David Brin (of sci-fi fame, especially 'Earth'), has the theory that ubiquitous video-surveillance is inevitable. He argues that the best strategy is to subvert it, in particular by making the feeds from all cameras publicly available in real time, and making sure that police headquarters (and suchlike locations) have cameras as well as display-screens. Here's a news story from down under that tests David's theory. On 7-8 April 1997, videos were shown on Australian TV News of action outside a nightclub in Ipswich (west of Brisbane, Queensland), on 22 March. Policemen are seen forcibly arresting several aboriginals. This was definitely not of Rodney King proportions, but (even allowing for the mediocre quality of video-surveillance images), it's pretty clear that undue force was used. One, quite small woman (who didn't appear to be resisting arrest) was gripped in a reverse headlock, and flung violently backwards to the ground; and a male is reported to have suffered what appeared to have been a fit, and required ambulance attention. The aboriginals were stated to have undertaken "a series of attacks" (unquote the Queensland Police Commissioner) on USAF personnel who were located in the area as part of a joint military exercise. The persons involved in the action were four policemen and a private security guard, plus two US servicemen in uniform who appeared (to my no-longer-trained eye) as if they may have been military police. Ipswich is the home town of a particularly high-profile and rather racist member of parliament, and this was already enough to guarantee that the clips would be newsworthy (her seat is called Oxley, and a local paper has dubbed her 'the Oxley moron'). The involvement of (a) persons in military uniform, (b) persons in a *foreign* military uniform, and (c) of all things *American* military uniform, on Australian soil, made it a verrrrry newsworthy event. Anyway, the poignant thing was that "the tape was recorded under an anti-crime program operated by the local council [lowest tier of government, cf. a U.S. County] and was handed to police" (Sydney Morning Herald, 8 April). Not quite real-time; but not ancient history either ... [I haven't yet seen reported how the tape came into the hands of the media - - but I'll bet that even the Queensland Police weren't stupid enough to 'feed the chooks', which is how a past-Premier of that State used to depict the provision of information to the media]. Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ http://www.etc.com.au/Xamax/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 6 288 1472, and 288 6916 mailto:Roger.Clarke@anu.edu.au Visiting Fellow, Faculty of Engineering and Information Technology The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 6 249 3666 ------------------------------ Date: Fri, 2 May 1997 23:28:10 -0700 From: Susan Evoy Subject: DIAC '97 Community Needs and Cyber Challenges: Activists Explore Connection in Seattle Proceedings available NOW from CPSR!! Add to the Resource Bank at http://www.scn.org/tech/diac-97/resources.html Earlier this year -- while a typical Seattle rainstorm raged -- nearly 400 computer professionals, librarians, journalists, government officials, business people, and community activists gathered face-to- face to consider an increasingly tempestuous issue: How do cyberspace events, policies, and use affect what happens in the communities in which people live? Cyberspace with its vast physical, financial, as well as emotional investment, represents a techno-social tidal wave of historic momentum. How much of what we hear is realistic? How much is hype? What opportunities -- and what challenges -- does the medium offer? And, most especially, how does it affect community, what Matthew Dumont has called the "gossamer network of mutual responsibilities." The Computer Professionals for Social Responsibility "Community Space and Cyberspace: What's the Connection" conference asked a multitude of pointed questions like "What is *work* in cyberspace? How can we build up -- or tear down -- our existing non-electronic civic networks? Is cyberspace an agora for rich and informed dialogue or is it an infinite echo chamber for monologists? CPSR has gathered papers from the panelists and workshop conveners into a trenchant collection of critical ideas as well as pragmatic projects to help carry on the important work of inventing an informed and humanistic future. Please check out web site to add your information as well as search the conference's on-line resource bank. We encourage everybody -- whether you attended the conference or not -- to read the proceedings, contribute to the resource bank, and follow up on any of these ideas in your communities. Conference web pages: http://www.scn.org/tech/diac-97 Add information to resource bank: http://www.scn.org/tech/diac-97/resources.html Search the resource bank: Available SOON! Watch for this! To order the DIAC '97 Proceedings for $18 (including postage), send check, VISA, or Mastercard information to: CPSR, PO Box 717, Palo Alto, CA 94302 USA 415-322-3778 415-322-4748 (fax) > -- > Susan Evoy * Deputy Director > http://www.cpsr.org/home.html > Computer Professionals for Social Responsibility > P.O. Box 717 * Palo Alto * CA * 94302 > Phone: (415) 322-3778 * Fax: (415) 322-4748 * Email: evoy@cpsr.org ------------------------------ Date: Wed, 14 May 1997 22:15:42 -0400 From: Monty Solomon Subject: National ID Card Measure Comes Before Congress Excerpt from ACLU News 05-13-97 National ID Card Measure Comes Before Congress; ACLU Urges Committee to Stop Big Brother FOR IMMEDIATE RELEASE Tuesday, May 13, 1997 WASHINGTON -- The American Civil Liberties Union said today that a bill introduced by Rep. Bill McCollum, Republican of Florida, would turn social security cards into defacto national identification cards. The House Subcommittee on Immigration is scheduled to hold hearings today on McCollum's H.R. 231, which would require the Social Security Administration to "harden" social security cards to make them "as secure against fraudulent use as a U.S. passport." "Other than turning the card into an identification document, there is no reason to make the card like a U.S. passport," said ACLU Legislative Counsel Gregory T. Nojeim. "This bill means that Big Brother is knocking on our nation's door," Nojeim added. "Our only hope is that Congress won't let him in." A similar proposal was rejected when offered as an amendment to the immigration bill Congress enacted last year. That amendment failed on a vote of 191-221 when the then-Commissioner of Social Security, Shirley S. Chater pointed out that the SSA would have to put photographs on Social Security cards to comply with the amendment. Doing so would effectively turn the Social Security Card into a photo-identification document similar to the U.S. passport, Chater said in a March 19, 1996 letter to Congress. The ACLU said that once "hardened," there would be no limit to the purposes for which the government and businesses would demand to see the ID card. "The card would be demanded when you apply for a job, seek federal or state benefits, board an airplane, check into a hotel, cash a check, purchase a gun or ammunition, or open a bank account, and it would facilitate governmental monitoring and control of these and dozens of other every-day transactions," Nojeim said. The proposal is based on the hope that a Social Security Card that identifies the holder could not be used for employment purposes by aliens who do not have work authorization. "The National ID Card will not solve the problem of undocumented workers," Nojeim added. "The same employers who ignore the law today and illegally hire undocumented workers at substandard wages without checking their immigration status will continue to do so regardless of whether the government imposes a National I.D. Card," he said. "And the same people who produce fraudulent I.D.'s today would produce fraudulent National I.D.'s tomorrow." "Worse still," Nojeim said, "The National I.D. proposal further entrenches employer sanctions the cause of immigration-related employment discrimination," Nojeim said, referring to a 1990 report by the General Accounting Office that documented a "serious pattern of discrimination" resulting from employer sanctions. ------------------------------ Date: Thu, 15 May 97 15:08 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Lexis-Nexis Comments to Federal Trade Commission Greetings. Though it is a bit lengthy, I've included below the text of comments that Steven Emmert of Lexis-Nexis filed in the ongoing FTC review of databases and privacy issues. It makes for interesting reading. It's also illuminating in this context to review earlier PRIVACY Forum materials on this subject, including my "PRIVACY Forum Radio" interview with Mr. Emmert from last year, which remains available via http://www.vortex.com (along with all other PRIVACY Forum materials). --Lauren-- ------------------------------------------- Before the Federal Trade Commission Washington, D.C. 20580 COMMENTS OF LEXIS-NEXIS PUBLIC WORKSHOP ON CONSUMER INFORMATION PRIVACY: DATA BASE STUDY--COMMENT, P974806 & CONSUMER PRIVACY 1997--COMMENT, P954807 Steven Emmert, Corporate Counsel LEXIS-NEXIS 9443 Springboro Pike Miamisburg, OH 45342 (937) 865-1472 Ronald L. Plesser Emilio W. Cividanes James J. Halpert Piper & Marbury L.L.P. 1200 Nineteenth, St. N.W. Washington, D.C. 20036 (202) 861-3900 Of Counsel Date: April 15, 1997 Introduction LEXIS-NEXIS is pleased to respond to the Commission's Notice Requesting Public Comment and Announcing Public Workshop, 62 Fed. Reg. 10271 (released March 6, 1997). LEXIS-NEXIS is a world leader in providing enhanced information services, online services, and management tools. We are the leading data base company for professionals, with a wide variety of products and services that help legal, business and government professionals collect, manage and use information more productively. Among LEXIS-NEXIS' many data bases are a wide variety of news article files, public record files, and two person locator files that contain identifying information about individuals. As discussed in our response to Question 1.9, these data bases are used for a wide range of productive and socially beneficial uses. The Commission's questions fail to differentiate between these very different types of data bases. As a preliminary matter, we emphasize that there are fundamental legal distinctions between these data base libraries, even though some files in each of these libraries afford the ability to find identifying information about individuals. LEXIS-NEXIS news libraries contain press articles. The public records data bases contain reproductions of federal, state and local government records. Content-based restrictions on access to or use of this information are subject to First Amendment protection. One of LEXIS-NEXIS' two person locator services, P-FIND, is based upon a combination of public records and telephone white pages information, which as such individuals have consented to place in the public domain. Finally, LEXIS-NEXIS' other person locator data base, P-TRAK, contains a truncated version of credit header information, which the Commission agreed to permit credit reporting agencies to sell pursuant to a 1993 amendment to the consent decree in FTC v. TRW, 784 F. Supp. 361 (N.D. Tex. 1991). With the exception of our news files, this is the only LEXIS-NEXIS data base containing individual identifying information that is not based in whole or in part on public records or press reports. Furthermore, none of the data displayed in LEXIS-NEXIS data bases in the context of our services should be considered "sensitive" within the meaning of the introduction in the Commission's Notice regarding the Workshop. See 62 Fed. Reg. 10271, 10272. Most of the information originates from public records that may be freely obtained in government offices. Other information is substantially similar to information contained in current and former telephone white pages directories on file in many public libraries. The additional information in the P-TRAK data base, which comes from credit header information, is restricted so as not to display social security number or the individual's actual date of birth. Moreover, to the best of our knowledge the P-TRAK and P-FIND data bases do not contain information regarding persons identified as being under age 18. WORKSHOP I Information Collection and Use 1.2 What information is contained in the data bases? Please provide specific examples. 1.3 What is the source of the information in the data bases? LEXIS-NEXIS has two person locator data bases, P-TRAK and P-FIND, as well as a variety of public records data bases and news article data bases, some of which contain identifying information that relates to individuals. P-TRAK and P-FIND are enhanced electronic white page-type directories. P-TRAK files contain an individual's name and address, and may contain up to two prior addresses, year and month of birth, a local phone number (without area code), and other names used by the individual, such as a maiden name. In addition, for a substantial majority of records, searches may be conducted using a social security number, although social security numbers are never displayed. Even if a search is conducted using the individual's social security number, that number is not displayed. The source of the information in P-TRAK is credit header information. P-FIND files contain an individual's name, address, telephone number, the year the individual was first listed in the telephone book at the present address, census data on the median home value of the census tract in which the individual lives, an evaluation of the probability that the individual is a homeowner, and the names of other adults believed to reside at the listed address. The month and year of birth of the individual and other adults living at the same address may also be included in the files. P-FIND files are provided to LEXIS-NEXIS by a third party, and are compiled from telephone white pages information, aggregate census tract data, and public record sources. In addition, LEXIS-NEXIS' public records data bases, available separately on our system, include a variety of information made available to the public by federal, state and local governments, such as professional license records, civil and criminal court records, real property records, bankruptcy and lien records, records of incorporation, vehicle and boat registration records, and Federal Election Commission filings. Most public record information is obtained by LEXIS-NEXIS directly from the government custodian of the records. LEXIS-NEXIS news data bases also contain articles with a variety of identifying information about individuals. 1.7 Who has access to the information in the data bases? Only LEXIS-NEXIS subscribers with a valid contract with LEXIS-NEXIS, proprietary software from our company, and a confidential subscriber identification number have access to the information in P-TRAK. Subscribers under deeply discounted pricing plans, such as law schools, do not receive access to the information in P-TRAK, P-FIND and the ASSETS real estate public records data base. 1.9 What are the uses of the information in the data bases? Are there beneficial uses of the information in these data bases? If so, please describe. Are there risks associated with the compilation, sale, and use of this information? If so, please describe. A. Benefits LEXIS-NEXIS' person locator and public records data bases serve a variety of important, socially productive functions, a few of which are discussed as part of this answer. We emphasize that the public records data bases in many cases advance the important First Amendment function of permitting citizens to obtain information about the operations of their government. In addition, the public records data bases typically advance the purpose for which the government in question has placed them in the public domain. For example, online availability of land records and lien records makes it easier and faster to verify title as part of the purchase of a new home. A few beneficial uses are discussed below in greater detail. LEXIS-NEXIS would be happy to assist the Commission in locating users of our services who would testify as witnesses at the Workshop addressing the beneficial uses of the person locator and public record data bases. 1. Child Support Enforcement LEXIS-NEXIS' person locator and public records data bases are very helpful in tracking down the hardest-to-find "deadbeat parents" who have refused to pay child support. In this way, these services can advance personal responsibility, give much-needed income to divorced parents and their children, help to free families from welfare dependency, and provide a source of additional revenue and a reduction in expenses for state welfare programs. For example, when a non-custodial parent leaves a state's jurisdiction, the custodial parent usually bears sole responsibility for collecting court-ordered child support. By using P-TRAK to search on the ex-spouse's social security number, a lawyer for the custodial parent or a government employee charged with child support enforcement can locate the non-custodial parent quickly, even though he or she may be actively disguising his or her identity. For governments, locator services are likely to play an important role in making welfare reform a success at a time of tightening state budgets. Congress recognized the importance of locator data bases in enacting the 1996 Welfare Reform Act, which expands use of the Federal Parent Locator Service to enforce child support orders and directs the states to establish state data bases. Commercial locator services can play an important role in supplementing and filling gaps in this important federal data base, as well as in furnishing information for the state locator data bases. 2. Uniting Separated Families P-TRAK, P-FIND and similar commercial locator data bases permit law enforcement personnel, lawyers for parents or children, and advocates for children to reunite family members. For example, customers have informed us of cases where they have used P-TRAK to reunite brothers who were separated for 17 years, and public records data bases to help a state agency locate a 10-year-old child's aunt who at his request adopted him, avoiding the need to place him in foster care. 3. Locating Heirs To Estates Social security numbers are often included in wills to offer assistance in locating beneficiaries. Commercial locator services offer a cost-effective means for the estate's attorney/executor to locate the heirs even if decades have transpired since the will's execution, heirs and witnesses have relocated or married and changed their names, etc. In one case, P-TRAK was used to help locate a destitute Montana farmer who received a $4 million inheritance. 4. Pension Fund Beneficiaries Pensions provide important supplemental income that permits millions of elderly Americans to continue to live a comfortable existence after retirement. Yet every year, thousands of pension fund beneficiaries are unable to receive pensions owed to them because the trustee or administrator of the fund is unable to locate them. Commercial locator data bases, such as P-TRAK and P-FIND, are used to help solve this problem by providing an effective and simple way for the trustee or administrator -- who has the Social Security Number of the former employee on tax records, even though decades may have passed since the beneficiary left the company -- to make sure that beneficiaries receive pension money owed to them. Indeed, federal law requires the administrators of certain plans to use commercial locator services to search for missing plan participants. See 29 C.F.R. ' 4050.4(B)(3) (July 1, 1996). 5. Locating Trial Witnesses, and Aiding Investigations and Criminal Prosecutions Another significant use of P-TRAK and P-FIND is to help locate uninsured motorists, eyewitnesses to accidents, and other witnesses for civil litigation. For example, personal injury cases often take years to go to trial because they are usually filed one or more years after the accident, delayed in the judicial process, and compete for time on crowded judicial dockets. This means that in many cases attorneys have an "old" address for a witness. By using P-TRAK to search by name and prior address, these witnesses can be found years after the accident. P-TRAK and P-FIND provide important tools to law enforcement officials for criminal investigations and prosecutions because they are ideally suited for tracking witnesses and investigative targets efficiently. Up-to-date information from these services has permitted law enforcement officials to locate and arrest significant numbers of hard-to-find criminals who often move and assume different names in efforts to evade capture. The services have likewise assisted law enforcement in locating witnesses to crimes, in advancing criminal investigations and in trial preparation. In addition, LEXIS-NEXIS' public records products are used by law enforcement to track criminals' commercial activities, such as land purchases, incorporation of corporate "front companies," and to learn of criminals' assets in preparation for criminal prosecutions or civil forfeiture actions. LEXIS-NEXIS' public record products have a variety of uses in civil litigation, including negotiating more equitable settlements (in light of prior verdicts in a jurisdiction), identifying real parties in interest in a dispute, ascertaining bias of witnesses who have a financial interest in a litigation, assessing business assets and liabilities, and assisting in service of process on corporations. 6. Tracing the Influence of Money in Politics Public record products perform an important function in advancing the transparency of government operations. A leading example is LEXIS-NEXIS' data base of FEC filings, which affords the press and government watchdog groups, including Common Cause, as well as political parties themselves, easy access and flexible search capacity to review records of federal political campaign contributions. The data base has also been used in political corruption investigations. Moreover, both the Democratic National Committee and Republic National Committee use LEXIS-NEXIS press articles and our public records data bases as a cost-effective way to run checks on political contributors. Indeed, the DNC recently resumed use of these data bases for this purpose. B. Risks While LEXIS-NEXIS knows of many beneficial uses of its data bases containing individual identifying information, it is not aware of any instance of improper use of its data bases containing personal identifying information that raises privacy concerns. For reasons explained in the answers to Questions 1.10, 1.11 and 1.12 below, LEXIS-NEXIS does not believe that there are any appreciable risks associated with use of these data bases in light of the information contained in the data bases and LEXIS-NEXIS' policies governing the data bases. 1.10 Do these data bases create an undue potential for theft of consumers' credit identities? How is such potential for theft created? Please provide specific examples. What is the extent to which these data bases (as opposed to other means) contribute to consumer identity theft? Is this likely to change in the future? If so, please describe. While LEXIS-NEXIS cannot speak to all data bases containing personal identifying information, we believe that our own data bases do not pose an appreciable risk of identity fraud. LEXIS-NEXIS is aware of no instance in which any of these data bases has been used to commit identity theft. Conversely, we are aware of a number of instances in which our data bases have been used in uncovering identity fraud and tracking white collar criminals. Indeed, to date no evidence has been presented of actual use of an online data base in perpetration of identity fraud. Significantly, the Federal Reserve Board ("the Fed") recently examined whether data bases containing sensitive personal identifying information pose a risk of fraud to federally insured banking institutions. In the course of this study, the Fed examined the relationship between data bases containing sensitive information and the problem of identity fraud. It actively solicited evidence of identity fraud stemming from use of these data bases, and received comments from over one hundred commenters, among them consumer advocates, state consumer protection agencies, credit card companies, and banks and credit unions. Not one commenter offered any specific evidence of use of such a data base for identity fraud. Accordingly, the Fed, while expressing concern about identity fraud, found that "There is little 'hard' evidence on how fraud due to the usage of sensitive information occurs, the frequency with which it occurs, or the amount of associated losses." Board of Governors of the Federal Reserve System, Report to the Congress Concerning the Availability of Consumer Identifying Information and Financial Fraud, at 21 (March, 1997). In contrast, the Fed Report strongly suggested that illegal means of acquiring information to commit identity fraud are the real problem. The Report noted that "unlawful access to sensitive information may often be the precursor to this type of fraud." It also added that "The number of ways in which a person can illegally obtain information that will enable fraud to be committed is virtually limitless." Id. at 18 & n.14. Based upon our knowledge of the subject to date, most credit fraud is perpetrated by obtaining unauthorized access to below-the-line credit report information, by stealing credit card numbers, or by intercepting a credit card application, then filling out the application in the name of the person to whom the application was addressed.(1) P-TRAK is of virtually no use for any of these approaches because it contains no financial information, does not reveal a social security number to someone who searches on an individual's name, address, etc., and does not reveal an individual's date of birth. LEXIS-NEXIS has decided not to display individuals' social security numbers ("SSNs"), while permitting searches by social security number by users who already know the SSN of the individual they are looking for.(2) Moreover, P-TRAK does not contain individuals' actual birth dates -- only their month and year of birth. The policy of not displaying SSNs, the limited content in the data base, the product's per-search cost, and its limited availability make such abuse highly unlikely. P-FIND simply furnishes telephone white pages information, plus some aggregate data on the individual's neighborhood and the likelihood that the individual is a homeowner, and possibly the individual's month and year of birth. This limited information can be obtained through other means -- for example, by examining a telephone directory and one or two public records on file with government agencies or posted on the Internet. Far more detailed, highly sensitive information can be obtained through either authorized or unauthorized access to the same individual's credit report. Far from presenting a risk of crime, P-TRAK, P-FIND and LEXIS-NEXIS' public records data bases are used to prevent and to track crime by law enforcement agencies. In fact, P-TRAK has been used to prevent fraud -- both in finding white collar criminals and in revealing that someone else is using an individual's social security number or other identifying information. For example, by searching on their social security number using P-TRAK, identity fraud victims have discovered that another person has obtained credit at a different address using their name and social security number. P-TRAK has been the subject of distorted rumors that emerged on the Internet in September 1996 alleging that it displays information -- including mother's maiden name, social security number, credit card and bank account numbers -- useful for perpetrating identity fraud. In reality, P-TRAK displays none of this information. LEXIS-NEXIS would be happy to assist the Commission in locating a witness with law enforcement expertise who is familiar with problem of identity fraud and with the sorts of data bases that are the subject of this Notice and Workshop I. 1.11 How do the risks of the collection, compilation, sale, and use of this information compare with the benefits? The concrete, demonstrable benefits of the sale and use of the information in LEXIS-NEXIS data bases discussed in response to Question 1.9 far outweigh the largely theoretical risks associated with the sale and use of this information discussed in response to Question 1.10. Indeed, eliminating availability of information such as prior addresses or social security number search functions from these data bases would likely leave consumers more, rather than less exposed, to white collar criminal activity. It would deprive law enforcement of a significant tool to fight such fraud, and would make it more difficult to uncover such fraud and to prosecute civil enforcement actions against such criminals because of difficulty finding the defendants, their assets, and witnesses to their crimes. 1.12 Are there means that are currently available to address the risks, if any, posed by these data bases? If so, please describe. On its own initiative -- months before P-TRAK became the subject of false Internet rumors -- LEXIS-NEXIS worked with its data supplier to adopt several measures which further reduce the remote risk that the product would be used for an improper purpose. As noted in response to Question 1.10, the product does not display individuals' dates of birth or social security numbers. In addition, upon written or electronic request of an individual, LEXIS-NEXIS will remove from P-TRAK any record of the individual that matches or corresponds to the request. Finally, LEXIS-NEXIS works with its data suppliers to remove the records of all individuals identifiable as minors from the P-TRAK and P-FIND data bases.(3) 1.17 How should the benefits of the collection, compilation, sale, and use of information from these data bases be balanced against privacy or other legal interests implicated by such practices? Are there other ways to obtain these benefits without implicating privacy or other legal interests? If so, please describe. The benefits of sale and use of information from these data bases can be balanced against corresponding privacy interests through responsible industry action. LEXIS-NEXIS actively embraces policies that it believes strike the proper balance between these interests: Delivering the vast majority of its services via a proprietary online data base with safeguards to protect against unauthorized access No display of social security numbers or dates of birth in its P-TRAK data base No display of information about persons identified as minors in locator service documents No display of personal medical information(4) or "below-the-line" credit report information In response to an individual's request, LEXIS-NEXIS will remove from the P-TRAK data base any record that matches or corresponds to the individual's request. Strict security measures to maintain the integrity of the data bases A good example of such balance is LEXIS-NEXIS' policy of offering users who already know a social security number the ability to search by that number, but never displaying a social security number on the P-TRAK data base. This search capability is of enormous importance to the effectiveness of P-TRAK, as well as to the social benefits that flow from use of the product. Social security number searches play an invaluable role in helping to locate individuals such as child support obligors, heirs to wills, pension fund beneficiaries, and missing children -- whose social security numbers are often known by the person seeking them. By affording SSN search capability, but not SSN display, P-TRAK offers substantial protection of individual privacy interests without sacrificing the important benefits that flow from the product. LEXIS-NEXIS has taken a leadership role in the data base industry in developing such a balance. Our industry is working presently to achieve broader industry consensus on responsible industry action. Self-Regulation 1.27 Have data base operators undertaken self-regulatory efforts to address concerns raised by the collection, compilation, sale, and use of sensitive consumer identifying information? LEXIS-NEXIS has adopted internal privacy policies discussed in response to Question 1.17, and is in the final stages of codifying these policies in information guidelines. Furthermore, LEXIS-NEXIS is working with other data base companies and with industry associations to explore ideas for self-regulation. LEXIS-NEXIS hopes that these discussions will prove fruitful. WORKSHOP III 3.12 What steps have children's commercial Web site operators taken since June 1996 to address children's online privacy issues? To what extent have they adopted the principles outlined in the following documents submitted at the June 1996 Workshop: (1) the Joint Statement on Children's Marketing Issues presented by the Direct Marketing Association and Interactive Services Association; (2) Self-Regulation Proposal for the Children's Internet Industry presented by Ingenius, Yahoo and Internet Profiles Corporation; and (3) Proposed Guidelines presented by the Center for Media Education and Consumer Federation of America? LEXIS-NEXIS has voluntarily worked with its data supplier to remove records of all persons identified as minors from the P-TRAK data base. 1. See, e.g., In the Matter of Consumer Identity Fraud Meeting at 12, 20-21, 21-22, 47-48 (August 20, 1996) (testimony before the Commission discussing the ease with which identity fraud may be committed through obtaining an individual's credit report through an auto dealership, stealing a credit card and filing a fraudulent credit card change of address request, and through intercepting pre-approved credit card applications). 2. P-TRAK displayed SSNs for the first ten days the product was available, from June 1 until June 10, 1996. Thereafter, P-TRAK has not displayed SSNs. 3. A small number of older minors may have credit accounts, and would therefore otherwise have identifying information entered in the P-TRAK data base but for these measures. 4. Personal medical information is on occasion published in press reports and judicial decisions. However, LEXIS-NEXIS does not distribute any confidential medical information. ------------------------------ Date: Thu, 15 May 97 15:08 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: MC/VISA Comments to Federal Trade Commission Included below is another comment text from the FTC database/privacy proceedings, this one from MasterCard International Inc. and VISA U.S.A. Inc. --Lauren-- ------------------------------------------- April 15, 1997 Writer's Direct Dial Number (202) 887-1566 By Hand Delivery Secretary Federal Trade Commission Room H-159 Sixth Street & Pennsylvania Avenue, N.W. Washington, D.C. 20580 Re: Data Base Study -- Comment, P974806 Dear Mr. Secretary: This comment letter is submitted on behalf of MasterCard International Incorporated ("MasterCard")(1) and VISA U.S.A. Inc. ("VISA")(2) in response to the proposed Federal Trade Commission ("FTC") study of computerized data bases containing sensitive consumer identifying information ("FTC Study"). VISA and MasterCard thank the FTC for the opportunity to comment on the FTC Study. Genesis of the FTC Study The genesis of the FTC Study was a letter to the FTC from Senator Bryan, Senator Hollings, and then-Senator Pressler, which requested the FTC to conduct a study of "possible violations of consumer privacy rights by companies that operate computer data bases."(3) More specifically, the letter requested that the FTC investigate the "compilation, sale, and usage of electronically transmitted data bases that include identifiable personal information of private citizens without their knowledge."(4) The Senators' request arose in the context of the public focus on the LEXIS "P-Trak" "look-up" service, which was spawned by a spate of Internet messages and national news media stories about the types of consumer information that were then available on the P-Trak service. In addition to giving rise to the request for the FTC Study, the public focus also caused LEXIS to limit the types of consumer information available through P-Trak. Congress, as a whole, responded to the P-Trak issue by including a provision in the Economic Growth and Regulatory Paperwork Reduction Act of 1996 that directed the Federal Reserve Board ("FRB"), in consultation with the FTC and other federal banking agencies, to conduct a study assessing the undue potential for fraud and risk of loss to insured depository institutions from the activities of companies engaged in the business of making "sensitive consumer identification information" available to the general public ("FRB Study").(5) Under this provision, "sensitive consumer identification information" included social security numbers, mothers' maiden names, prior addresses, and dates of birth. Importantly, in enacting this provision, Congress exempted from the FRB Study entities that are subject to the Fair Credit Reporting Act ("FCRA")(6) as consumer reporting agencies. Scope and Purpose of the FTC Study The Supplementary Information to the FTC Study states that the FTC Study will include consideration of the collection, compilation, sale and use of computerized data bases that contain what consumers may perceive to be sensitive identifying information.(7) Given the context in which the Senators' request for the FTC Study arose -- as well as the clear statement of Congressional intent embodied in the limitation of the scope and purpose of the FRB Study -- it is appropriate that the FTC has limited the study to so-called "look-up services." In order to maximize public benefit and efficiency, we urge that the focus of the FTC Study be further narrowed to specifically assess whether there are companies that disseminate sensitive consumer identifying information in a manner that could create opportunities for fraud. It is the use of such information for fraud purposes that raises the greatest concern and, as a result, was the focus of Congressional legislative action. Activities that may involve consumer information but do not give rise to fraud risks should be excluded from the scope of the FTC Study. For example, the FTC Study should explicitly exclude companies using consumer identifying information to communicate data between one another, such as those in which entities within a corporate family use consumer identifying information to share information on their customers. This approach is consistent with the Supplementary Information which indicates that the FTC Study will not address data bases used primarily for direct marketing purposes, medical and student records, or the use of consumer credit reports for employment purposes.(8) It is also appropriate because Congress recently addressed affiliate sharing of information in the same legislation that requested the FRB Study. Definition of Sensitive Consumer Identifying Information The Supplementary Information to the FTC Study states that sensitive consumer identifying information may include some or all of the following: social security numbers, mothers' maiden names, prior addresses, and dates of birth.(9) For purposes of the FTC Study, VISA and MasterCard believe that this definition of sensitive consumer identifying information is appropriate and need not be expanded. In this regard, it is our understanding that financial institutions principally rely on social security numbers, dates of birth, mothers' maiden names and prior addresses when ascertaining and verifying the identity of consumers or providing consumers with access to their records. The FTC also requested comment on information that might be used in the future to identify consumers. MasterCard and VISA urge the FTC to adopt a definition of sensitive consumer identifying information that is based on current practices and not on predictions of future practices. New consumer identification methods such as those utilizing finger minutiae, voice analysis, iris scan and other biometric systems are in various stages of development, testing and evaluation by financial institutions and other private and public organizations. While it is expected that one or more of these new technologies may be used in the future to further refine consumer identification procedures, these technologies are not yet commonly used. VISA and MasterCard caution that if the FTC Study or its related recommendations are overly broad, they could have a counterproductive, chilling effect on the development of these or other consumer identification technologies that might otherwise enhance risk management and financial privacy in the future. Dissemination of Sensitive Consumer Identifying Information MasterCard and VISA have long been concerned about, and have worked diligently to address, the risks presented by credit card fraud and similar types of financial fraud. In our experience, where consumer information has been used to commit financial fraud, the information is generally obtained illegally -- by stealing U.S. Mail or a wallet or purse, improperly removing information from consumer files and, more recently, through illegal access to computer files. Additional restrictions on the flow of information would be unlikely to address these issues. Much greater benefits would be derived from increased resources for law enforcement in this area. Structure of the Public Workshop Finally, MasterCard and VISA commend the FTC for separately addressing issues associated with computerized data bases containing sensitive consumer identifying information from issues associated with consumer online privacy and the Bureau of Consumer Protection's June 1996 Public Workshop on Consumer Privacy on the Global Information Infrastructure. In particular, we support the FTC's proposed structure for the Public Workshop, in which Session One addresses computerized data bases and Sessions Two and Three address consumer online privacy issues. Such a structure more efficiently facilitates substantive discussion of these important topics. We urge the FTC to continue addressing these issues separately. * * * * * Once again, VISA and MasterCard appreciate the opportunity to comment on the FTC Study, and we hope that these comments are helpful. If you have any questions concerning these comments, or if we can otherwise be of assistance in connection with this matter, please do not hesitate to contact me at the number indicated above, Michael F. McEneney, at (202) 887-1568, or Clarke D. Camper, at (202) 887-8793. Sincerely yours, L. Richard Fischer Enclosure: Comment Letter in the Microsoft Word 6.0 format on 3 1/2 inch diskette cc: Russell W. Schrader, VISA U.S.A. Inc. Miriam L. Wahrman, MasterCard International Incorporated Michael F. McEneney Clarke D. Camper _________________________________________________________________ 1. MasterCard is a membership organization comprised of financial institutions which are licensed to use the MasterCard service marks in connection with payment systems, including credit, debit and stored-value cards. 2. VISA is a membership association comprised of financial institutions in the United States which are licensed to use the VISA service marks in connection with payments systems, including credit, debit and stored-value cards. 3. Letter from Senator Bryan, Senator Hollings, and Senator Pressler to the FTC (Oct. 8, 1996). 4. Id. 5. Pub. Law No. 104-208, ' 2422 (1996). 6. 15 U.S.C. ' 1681 et seq. 7. 62 Fed. Reg. 10,272 (1997). 8. Id. 9. Id. ------------------------------ End of PRIVACY Forum Digest 06.06 ************************