PRIVACY Forum Digest     Friday, 12 March 1993     Volume 02 :
Issue 08

        Moderated by Lauren Weinstein ([email protected])
               Vortex Technology, Topanga, CA, U.S.A.

                    ===== PRIVACY FORUM =====

      The PRIVACY Forum digest is supported in part by the
          ACM Committee on Computers and Public Policy.


CONTENTS
    Re: Should the information industry be consentual? (Tommy
O'Lin)
    Re: Should the information industry be consentual?
           ([email protected])
    B.C. Will Choose New Privacy Commissioner (Leslie Regan Shade)
    Quebec examines personal data law (Leslie Regan Shade)
    Reverse directories (Joseph Pearl)


*** Please include a RELEVANT "Subject:" line on all submissions!
***
           *** Submissions without them may be ignored! ***

-----------------------------------------------------------------
------------
The PRIVACY Forum is a moderated digest for the discussion and
analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their
relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "[email protected]" and
must have
RELEVANT "Subject:" lines.  Submissions without appropriate and
relevant
"Subject:" lines may be ignored.  Subscriptions are by an automatic
"listserv" system; for subscription information, please send a
message
consisting of the word "help" (quotes not included) in the BODY of
a message
to: "[email protected]".  Mailing list problems should
be
reported to "[email protected]".  All submissions included
in this
digest represent the views of the individual authors and all
submissions
will be considered to be distributable without limitations.

The PRIVACY Forum archive, including all issues of the digest and
all
related materials, is available via anonymous FTP from site
"cv.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or
"anonymous", and
enter your e-mail address as the password.  The typical "README"
and "INDEX"
files are available to guide you through the files available for
FTP
access.  PRIVACY Forum materials may also be obtained automatically
via
e-mail through the listserv system.  Please follow the instructions
above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used
to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are also
available through the Internet Gopher system via a gopher server on
site "cv.vortex.com".

For information regarding the availability of this digest via FAX,
please
send an inquiry to [email protected], call (310) 455-9300,
or FAX
to (310) 455-2364.
-----------------------------------------------------------------
------------

VOLUME 02, ISSUE 08

  Quote for the day:

    "I would like to be on some cutting-edge Bell Labs thing.
     But I'm just not smart enough, so I'd probably be backing
     up stuff and getting coffee."

                -- Illusionist Penn Jillett (of Penn & Teller),
when
                asked what he'd like to be doing if he were
working
                in high-tech.

-----------------------------------------------------------------
-----

Date:    Tue, 9 Mar 93 14:05:50 EST
From:    [email protected] (Tommy O'Lin)
Subject: Re: Should the information industry be consentual?

  From:    John Pettitt <[email protected]>

  Continuing the public discussion with Larry

  .... I submit that he has yet to prove a case where free flow of
_accurate_
  information has caused a problem.

  [paragraphs omitted]

  Data collection and trading is going to happen no matter what -
even if it
  moves off shore (a silly concept in the digital age).  The
sooner we face
  the reality and establish norms, conventions and taboos
regarding data
  the better.  A start would be to:

  1) don't restrict the free flow of _accurate_ data

Well, then, how about if John posts to the rest of us:

- a full (and accurate, of course) financial disclosure, including
a list of
all bank accounts (with balances), all credit accounts (with
balances), all
investment holdings, all real property holdings, etc.  Be sure to
include
accurate income information.

- a list of all publications to which he subscribes or has
subscribed in the
past 5 years.

- a list of all organizations to which he has donated money or
other property
over the past 5 years.

- a list of all books and audio/video recordings he has bought,
rented, or
borrowed over the past 5 years.

- anybody want to know anything else?  Send in your queries today!

As long as he's at it, he might as well post the information on the
front of
his home and business - and it would be convenient for some people
if he posted
it on the bulletin board at the grocery store, too.  Of course, no
harm would
come from any of this, as long as the information is _accurate_.

  2) establish clear, enforced methods of trcking data
  3) make provision for reaonable penalties for selling inaccurate
data

  The problem with all this it is completly impossible to enforce.

If not impossible, perhaps difficult.  Laws against homicide cannot
prevent
murders, but society still tries.

  If you can find a real case of harm by accurate information used
lawfully
  and a way of enforcing privacy I would be happy to look at it.

You might be right.  Let's give it a try.  Post your accurate
information and
see if anything happens.

  Tom Olin    [email protected]    uunet!adiron!tro    (315)
738-0600 Ext 638
PAR Technology Corporation * 220 Seneca Turnpike * New Hartford NY
13413-1191

------------------------------

Date:    Wed, 10 Mar 93 11:22:18 +0100
From:    [email protected] (European Technology &
Architecture)
Subject: Re: Should the information industry be consentual?

John Pettitt writes:

    I submit that [Larry Seiler] has yet to prove a case where
free
    flow of _accurate_ information has caused a problem.

Problems for whom?

Experience shows that in the business of accumulating and
exchanging
databases about personal information there is a high rate of
corruption, of
both data [1] and individuals [2].  Moreover, there are plenty of
obvious
cases where the free flow of accurate information is unwise,
inhumane, or
illegal [3].

    [1] As a consultant I've worked with businesses on their
billing
    and marketing databases, and my professional experience is
that the
    best of these has a high error rate.  I've also worked with
    governmental agencies on similar databases, and once had the
dismal
    pleasure of seeing two years' work -- on a project funded by
a UN
    agency, not done by me -- having to be abandoned when I
    demonstrated the internal inconsistency of personal data in
the
    database.  Read "Consumer Reports" (Consumers Union) about the
    problems with credit-reporting companies.  Good rule of thumb:
all
    data are dirty until proven otherwise.  Many of us can provide
    anecdotal evidence from my own credit life.  I can.

    [2] Anecdotal evidence from many recent cases, for instance
those
    involving the sale of police data by trusted insiders, or the
sale
    of banking and credit information by trusted insiders.
Several of
    these in the news recently.

    [3] Medical information?  Sexual information?  Arrest records?
The
    information may be accurate, but should it flow freely?  What
about
    a complete and accurate transcription of all your
conversations and
    activities with the last three boyfriends/girlfriends you
haven't
    married?

These aren't only civil liberties problems; there are business
costs for
using inaccurate data, or using even accurate data inappropriately;
but
businesses -- at least in America -- can, so far, force society and
individuals to shoulder much of those costs.  We shouldn't have to.

___Pete

------------------------------

Date:    Wed, 10 Mar 1993 19:46:43 -0500 (EST)
From:    Leslie Regan Shade <[email protected]>
Subject: B.C. Will Choose New Privacy Commissioner

The March 9, 1993 issue of The Globe and Mail (Canada's national
newspaper) had an article on p. A9 entitled "How B.C. is forming
open
society" by Robert Matas.

Paraphrasing from the article:

Matas mentions that the province of British Columbia has just
closed their
job competition for the province's first information and privacy
commissioner.  The recommendation for hiring should happen next
month when
the all-party legislation decides who is the lucky person--out of
170
applicants.

B.C.'s first freedom of information law  passed last year.
This law assumes that "Canadians no longer trust politicians and
bureaucrats to handle public policy" B.C., although the 8th
province to introduce such legislation, promises to be more
advanced than
other laws.

Beginning in the fall, information and privacy provisions are to be
phased
in over 18 months, with public access to the files of about 200
provincial
boards, agencies, commissions, and corporations.

The "leading edge" provision will require senior government
officials to
disclose information (with or without a request) that reveals a
serious
health, safety, or environmental hazard.

As well, the provisions will be extended to cover school boards,
municipalities, hospital boards, police boards, postsecondary
institutions, and local government agencies.  By 1995,
self-governing
professional bodies (doctors, lawyers, architects, engineers, etc)
will be
required to comply by 1995.

------------------------------

Date:    Wed, 10 Mar 1993 19:58:56 -0500 (EST)
From:    Leslie Regan Shade <[email protected]>
Subject: Quebec examines personal data law

>From the Globe and Mail (Canada's national newspaper), February
24, 1993,
"Quebec examines proposal on guarding personal data", by Rheal
Seguin.

Paraphrase:  the article mentions that a bill for the Province of
Quebec
which aims to protect personal information (credit card records,
medical
files) is being scrutinized by a Quebec National Assembly
committee.

The bill would require that personal information obtained by credit
bureaus or other private companies not be available to third
parties
without the individual's consent.

Several instances have alarmed privacy advocates, and these have
been
raised by the Parti-Quebecois communications critic, Michel
Bourdon.  For
instance, it is alleged that employees of Equifax Canada have
passed
themselves off as Revenue Ministry employees in order to obtain the
addresses of individuals who have defaulted on their Hydro-Quebec
(electricity) payments.  Equifax Canada is the largest credit
bureau in
Quebec. Their biggest client is the Quebec Ministry of Manpower,
Income
Security and Skills Dept., which frequently requests credit checks
on
welfare recipients.

As well, a Montreal woman, after receiving treatment in a hospital
for
heart problems, received information about a pre-arranged funeral
package.

Critics of the legislation, such as Rebe Laperriere of the
University of
Quebec's Groupe de recherche informatique et droit, believe that
the law
should state clearly under what circumstances a company could have
access
to personal information, as well as imposing tighter restrictions
on how
it is used.

------------------------------

Date:    Thu, 11 Mar 93 09:28:03 EST
From:    [email protected] (Joseph Pearl)
Subject: reverse directories

Just a little more into the fray...

I was at Sears with my wife, returning something, when the cashier
asked what our phone number was.  Without thinking, my wife told
the
cashier (one of those rough days where the brain shuts down after
6pm).  The cashier then recited our name and address and asked if
it
was correct.

Well, this had me thinking the rest of the night -- what are they
doing with such information readily available at the cashier level?
Also, of what importance is that information when returning a $3
item?
I think that, next time, we're going to either use a fictitious
phone
number or simply refuse.  I wonder what will happen...

It's not that I'm keeping that information private - I'm listed in
the
phone book.  I just can't understand why it's necessary.

-> From: [email protected] (A. Padgett Peterson)
->
-> A final suggestion is the use of "canary traps" - creative
mispellings
-> of your name for different uses - to pinpoint what list
information
-> was garnered from.

I, too, use creative mispellings of my name.  It's *really*
interesting to see from where the lists come from.

joe.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+
Joe Pearl                Tel:  212-753-3920
Informix Software, Inc.            Fax:  212-753-4210
757 Third Avenue              Email:    [email protected]
New York, NY  10017

    [ I have removed somewhat extensive quoted text (from previous
      digest messages) that was originally included in the
      above message.

      A comment: I would suggest that it is never a good idea
      to use a fictitious phone number in response to a clerk's
      query.  Doing so simply risks dragging some other person,
      who might have that number, into the situation.  If the
clerk
      insists on a number, and you don't want to give it, ask
      for the manager, or consider doing business elsewhere.

      Keep in mind that in most cases you're simply dealing with
      a clerk who has a specific set of information he has
      been instructed to get and may not realize that not everyone
      is willing to provide a number.  However, in almost all
cases,
      when faced with a choice of not getting the number or losing
      the sale, the clerk will opt for the former. -- MODERATOR ]

------------------------------

End of PRIVACY Forum Digest 02.08

Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.