Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Privacy :: priv_702.txt

Privacy Digest 7.02 1/14/98




The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:

    http://www.vortex.com

-----------------------------------------------------------------------

PRIVACY Forum Digest      Wednesday, 14 January 1998      Volume 07 : Issue 02

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
	                 http://www.vortex.com 
	
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
                  of MCI Telecommunications Corporation), 
	  	  Cisco Systems, Inc., and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
	AT&T Database Reveals Unlisted Names From Numbers
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Intuit Canada policy of forced disclosure (John Tillquist)
	Data Creep [PRIVACY Forum Digest V06 #18] (Stanley F. Quayle)
        Privacy problems with patient data in hospitals, by Simson Garfinkel
	   (Fr. Stevan Bauman)
	Re: ATM card problems (David C. Kulp)
	Airlines Debut Profiling System (Monty Solomon)
	A spy satellite of one's own [TBTF for 1/12/98] (Keith Dawson)
	Self regulation (Marianne Kim)
	ACM Policy98 Preliminary announcement (Jim Horning)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 07, ISSUE 02

   Quote for the day:
	
      "... I expected to be frightened on my wedding night,
	   but nothing like this!"

	    -- Joan Hayden (Gloria Castillo)
	       "Invasion of the Saucer Men" (American International; 1957)

----------------------------------------------------------------------

Date:    Tue, 13 Jan 98 10:05 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: AT&T Database Reveals Unlisted Names From Numbers

Greetings.  In a memorable scene from the 1975 film "Three Days of the
Condor," CIA agent-on-the-run Joe Turner, played by Robert Redford, monitors
a phone line with a telephone test set (known in telco parlance as a "butt
set" or more popularly a "butt-in").  After taping and determining the touch-
tone digits being dialed, he makes a call to an "operator" who provides the
name and address of the party associated with that dialed number.  

His exchange with that operator was completely authentic.  For decades
telephone companies have operated "Customer Name and Address" bureaus, known
colloquially as "CNA" bureaus.  Presented with a phone number, the CNA
operators provide name and address data, even for unlisted or non-published
numbers.  This service was and is ostensibly only for telephone company
use.  The telcos rightly considered this information sensitive, and CNA
access numbers were always subject to frequent changing, but still leaked
out.  They were highly coveted by private detectives, phone phreaks, and
others, for various investigative or even harassing purposes (few things can
upset a person who thinks they have an unlisted number more than a bizarre
call from an unknown person in the dead of night who knows their name...)

Over the years, telephone subscribers have become more aware of the various
commercial and other purposes to which their telephone listings have been
subjected, and increasing percentages of folks have unlisted
("non-published" or "non-pub") numbers.  In states like California, the
majority of numbers are non-pub.  Telephone company literature usually
states that a non-pub status (for which subscribers now typically have to
pay an extra monthly fee) also protects them from so-called "upside-down"
listings and services--essentially published versions of CNA that provide
listings in telephone number and/or house address order.  Clearly the telcos
realize that people are still very sensitive about their names and/or
addresses being looked up by number.

So it was with considerable concern late last year when I learned of an
easily accessible AT&T database that provides a major portion of CNA--the
provision of names from numbers, even for unlisted or non-published numbers.
I have been engaged in a dialogue with various AT&T officials concerning this
database since then.  Getting an official response has taken some time (the
holidays didn't help of course), and I've been told that I'm the first
person to ever bring this issue to their attention (a familiar enough
refrain when it comes to privacy issues...)

The database in question is a "service" (which AT&T says is greatly
appreciated by their customers) which ostensibly exists to allow automated
access to number information by business customers.  AT&T long distance
business customers, upon calling their designated customer service number
from their bills, enter a typical complex voice mail maze.  After entering
their main AT&T account number into the system, one of the choices available
relates to "if you do not recognize a number on your bill."  Choosing this
option drops the user into an automated system which allows the direct
entering of phone numbers. 

For each number entered, the system then attempts to read out (using a voice
synthesizer) the name associated with that number.  An option is also
available to spell out the name, since text-to-speech handling of proper
names can be less than optimal (remind me to tell the story of my
"Touch-Tone Unix" synthesizer system from the '70's someday).  The number
entry/readout sequence can be repeated (apparently) as many times as desired.

The need for a customer to find out who is associated with a truly unknown
number on their bill can be a real one.  Unfortunately, this database has a
variety of negative characteristics:

-- The database does not limit lookups to numbers actually on the customer's
   bill!  Any numbers can be entered, and the system will usually provide the
   associated name, even if they are not on the current (or any) bill.
   Presence or absence from the bill is totally irrelevant.

-- The database provides data for unlisted or non-published numbers
   just as happily as for listed numbers.  This includes corporate
   internal numbers, modem and fax lines, residential second lines,
   and so on.

-- For listed numbers, the database sometimes provides not the name
   associated with the listing, but rather the name of the *person* who is
   apparently the "billing contact" for the listed entity and usually has
   nothing whatever to do with the listing itself!

To quote from the official response I received from the AT&T media relations
representative with whom I have been in contact about these concerns:

      "As a matter of policy, AT&T safeguards customer information from
       unauthorized access.  It is also our policy to allow business
       customers to access their account-billing records to check the
       accuracy of their records and to request changes, as necessary, by
       using an automated system.  Until now, questions such as yours have
       never come up, so we want to thank you very much for bringing your
       concerns to our attention.

       ...

       The system has been in use for several years and, in our
       search for ways to improve the accuracy, timeliness and cost-
       effectiveness of the services we offer customers, we had
       already begun evaluating a number of options.

       Your inquiry has hastened our considerations of new ways
       to offer capabilities that our business customers value while
       safeguarding private customer information from unauthorized
       access. So, again, we thank you for bringing this issue to our
       attention."

What this really means in terms of actual changes is decidedly unclear.  No
date is specified for any alterations, nor have they explained in any manner
what sorts of customer privacy changes (if any) will be made, nor how any
new system might differ from the current one.

In the meantime, I have been told that they do not intend to alter the
operations of the current database in any manner.  I have suggested
suspending or limiting the current system as a clear move to help protect
telephone subscribers' privacy.  AT&T has chosen not to do so.  They point
out that the database is not "intended" for other than the lookup of unknown
numbers on the bills, and that they consider any other use to be improper.
However, such improper uses will continue to be completely possible under
the current system.

My overall impression is that AT&T feels people aren't concerned about number
to name lookups, and that AT&T doesn't see what harm such information could
do in any case.  This sort of "What harm could it do?" attitude is one that
PRIVACY Forum readers have seen repeatedly with commercial databases of
various sorts.  It of course is important that persons make their feelings
about such issues known once they come to light.  If people don't bother
to complain, faulting the commercial database policies themselves becomes
considerably more problematical.

Others may agree, or perhaps disagree, with AT&T's apparent attitudes about
this matter.  It seems likely that more persons expressing their opinion,
either positive or negative about the system, would be useful to AT&T in
helping to gauge public feelings about such matters.  AT&T has told me
specifically that the appropriate venue for such opinions would be AT&T
Executive Resolution, at (908) 221-4191 (8-5 PM Eastern--I'm told that
collect calls are accepted during those business hours).

All too often, we see that the implementation of potentially useful services
is done in a manner that produces undesirable (and often unintended)
negative privacy side-effects.  A key issue is to what extent an entity
responds to privacy concerns, even when they might not agree with them,
after they've been made aware of the issues.  So far, I'm afraid that AT&T's
response to this situation has not been stellar.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Fri, 02 Jan 1998 09:30:43 -0800
From:    John Tillquist <john.tillquist@commerce.ubc.ca>
Subject: Intuit Canada policy of forced disclosure

Intuit Canada wants your personal information.  

Intuit, producer of popular home and small business financial software,
requires purchasers of their 'QuickBooks' package (retail Can$129) to
provide their name, address, and telephone number for continued use of the
software.  Customers must dial an 1-888 number and provide this personal
information before Intuit will release the registration code necessary to
run QuickBooks.

Rolo Lacroix, Intuit Canada's Head of Customer Service, said in a telephone
interview that the policy was to track customers for software update
notification and to stem computer piracy.  "We need your contact information
to bind your name with the registration number," he said.  Asked if a
pseudonym could be used instead, Lacroix stated, "that would be illegal."

The Risk.

Forced disclosure of personal information to activate software is a
compelling means for organizations to build an inventory of customer data.
Aside from notification of release updates and protection against software
piracy, the company also could potentially save tremendous amounts of
advertising dollars by targeting sales campaigns, tailoring sales pitches to
individuals on their database, and selling their database to direct
marketing operations.

Forfeiting privacy of personal information as condition of use has
significant implications.  Conceivably, any software or product retailer
could do the same if they could build-in controls to restrict post-sale
customer use.  Cash no longer would protect the confidentiality of the
buyer.  Electronic profiles of individual's buying habits and preferences
are matched with direct contact information, leaving anonymity and personal
privacy a thing of the past.

Imagine being required to provide personal information for using
MS-Windows...

John Tillquist, PhD             |
Faculty of Commerce             |       604-822-8392 (o)
University of British Columbia  |           822-9574 (f)
Vancouver, BC  V6T 1Z2          |  john.tillquist@ubc.ca

------------------------------

Date: Thu, 1 Jan 1998 03:48:40 -0500
From: "Stanley F. Quayle" <quayle@pobox.com>
Subject: Re: Data Creep [PRIVACY Forum Digest V06 #18]

>     This form of "data creep," where information is collected 
>     ostensibly for one purpose but then made available for other 
>     applications, is an increasingly serious one.

A recent article in an aviation magazine (Flying, perhaps; sorry, I 
don't have the reference) mentioned that recordings of airline 
pilots' in-flight conversations were only to be used in investigating 
an accident.  They're now reviewed by the FAA for other purposes.

--Stan

Stanley F. Quayle, P.E.   N8SQ   +1 888 527-5127   Fax: +1 614 868-1671
8572 North Spring Ct. NW, Pickerington, OH  43147
Preferred address:  quayle@pobox.com       http://www.pobox.com/~quayle

------------------------------

Date: Wed, 17 Dec 1997 01:16:39 -0500 (EST)
From: csb@indy.net (Fr. Stevan Bauman)
Subject: Privacy problems with patient data in hospitals, by Simson Garfinkel 

      [ Excerpted from Risks-Forum Digest; Volume 19 : Issue 51 by 
        PRIVACY Forum Moderator ]

[This item originally appeared in *The Boston Globe*, 5 Jun 1997.  It was
 later reprinted in American Reporter, a daily electronic newspaper,
    http://www.american-reporter.com  for initial free access.
 Contact Joe Shea at joeshea@netcom.com for comments and subscriptions.
 This article is reproduced here with permission of the author.  PGN]

Simson Garfinkel
American Reporter Correspondent
Martha's Vineyard, Mass.
October 2, 1997

COMPUTERS COMPROMISE PRIVACY, CUT COST OF CARE
by Simson Garfinkel
American Reporter Correspondent

MARTHA'S VINEYARD, Mass. -- A few months ago, a patient at the University of
Washington Medical Center made what sounded like a reasonable request.
Worried about his medical privacy, the patient asked that the hospital's
computers be set up so that his medical record could not be displayed on a
computer terminal.

Today the UW Medical Center is still considering the request, but the
doctors involved aren't quite sure how to proceed. University of Washington
has been a leader in bringing computers to medicine, and there are few parts
of the hospital that still rely on paper.

Various computer systems at the hospital keep track of each patient's
appointments, record the procedures done by a physician, record the
laboratory work requested and performed, send the results electronically
back to the physician, remind the patient when it is necessary to schedule a
follow-up, and most importantly, send out bills to insurance companies and
the patients themselves.

Precisely which computer does the patient not wish his information to be
displayed upon?

"We're trying to figure that out right now," says one of the physicians on
the hospital's medical informatics review panel. So far, there is no good
answer.

For thousands of years, it's been the obligation of physicians to protect
the privacy of their patients. But many physicians are increasingly worried
that this age-old commitment is being jeopardized as hospitals adopt
increasingly-advanced medical information systems.

Earlier this year, the National Research Council issued a report on the
issues surrounding electronic health information. Called "For the Record,"
the report identified five "threat levels" for information stored in health
care computers:

 * Threat 1: Insiders who make "innocent" mistakes and cause accidental
disclosures of confidential information. This could be as simply as a lab
sending a fax sent to a wrong phone number, or a nurse pulling up one
patient's medical records instead of another's.

 * Threat 2: Insiders who abuse their record-access privileges.
Browsing seems to be a problem with many electronic record systems. The
Internal Revenue Service, for example, has had persistent problems with
curious employees looking through the tax records to which they have access.
It's unreasonable to think that hospitals will somehow avoid this scourge.

 * Threat 3: Insiders who knowingly access information for spite or for
profit.  During the 1992 Democratic primaries, a pathologist at Beth Israel
Hospital here in Boston was contacted by a member of the press who wanted
access to former U.S. Sen. Paul Tsongas' medical records. The reporter
offered good money, and a less ethical pathologist could easily have
retrieved the file -- probably without having that information traced back
to him.

 * Threat 4: An unauthorized physical intruder gains access to information.
Many hospitals rely on physical security to protect information stored
inside a computer: the terminals are put in a special room or behind a desk
to which only authorized personnel are supposed to have access.
Unfortunately, hospitals are not as secure as hospital administrators would
like to believe. If that journalist had simply put on a white lab coat and
gotten a fake badge, that person might have been able to retrieve Tsongas'
medical records unassisted.

 * Threat 5: Vengeful employees and outsiders, such as vindictive patients
or intruders, who mount attacks to access unauthorized information, damage
systems, and disrupt operations. A doctor who practices at an HMO recently
told me of a problem that her group has been having: an employee -- they
think they know who -- has been accessing the HMO's scheduling computer and
deleting patient appointments. The scheduling desk then thinks the
appointment slot is free, and two or three patients show up at the same
time.

The increased reliance on Social Security numbers is further compromising
patient confidentiality. These days it is relatively easy to find out
somebody's Social Security number, and if you have that magic number, you
can call up a hospital or doctor's office and impersonate that person,
hunting out embarrassing or valuable pieces of information.

What makes this scam possible is the fact that many hospitals use Social
Security numbers as a kind of secret patient password for patients to prove
their identity. Hospitals don't seem to realize that even if Social Security
numbers were once relatively secret, that day is long past.

Disturbingly, use of Social Security numbers by health care organizations is
about to expand dramatically. Section 1173 of the Kennedy Kassenbaum health
care portability legislation passed last year defines a set of
"administrative simplification procedures" which require the establishment
of universal health identification numbers.

The identifier will make it easier for different organizations to combine
data, both to improve patient care and to make it easier to perform
large-scale epidemiological studies. Right now, it looks as if Congress or
Health and Human Services will adopt the Social Security number as that
universal identifier.

Some computer professionals have suggested that the way to solve the health
care privacy issue is to encrypt all of a patient's files with a secret key,
so that a patient's files can't be decrypted without their permission. The
problem with this sort approach is that it makes it difficult for doctors to
access critical information in times of urgent need.  Hospitals, and other
institutions, are loathe to deploy systems that restrict anybody's access to
information.

Instead, many hospitals seem to prefer systems that allow relatively open
access, but record every file that's viewed or modified by every health care
worker. That record is called an audit trail. The information can be used to
find and punish employees who violate patient confidentiality, and having it
works as a deterrent for others.  But even audit trails breaks down in an
emergency room, where forcing people to type a username and password before
ordering a test could mean the difference between life and death. Are you
willing to die for your right to privacy?

With all of these problems, sometimes it is easy to forget that the reasons
that hospitals are turning to computers is to lower costs and improve
patient care. Unfortunately, ensuring patient privacy can be expensive and
can prevent doctors and public health officials from considering all of the
pertinent data for a given problem.  It's doubtful that we will be able to
resolve the fundamental tension between the need to know and the need not to
know.

------------------------------

Date:    Sun, 4 Jan 1998 17:01:22 -0800
From:    "David C. Kulp" <dkulp@cse.ucsc.edu>
Subject: RE: ATM card problems

Following up on Joe Bates' recent email (V06 #18) and others involving
Wells Fargo's infamous banking schemes, I called Wells to discontinue
the Master Card / debit "feature" on the cards for me and my wife.
Like Joe, I had destroyed our old cards under the assumption that they
were going to expire.

The Wells customer service representative was very kind and willing to
re-replace my card.  What I found ironic were the "security" steps
which the representative had to take to process my request.  The
representative had to ask me my mother's maiden name, my PIN number
for my checking account, when I made my last deposit, and how much
that deposit was.  To re-replace my wife's card (although we share the
same account), my wife had to personally speak with the
representative, too.  Of course, for all the representative knows, my
wife could have been anyone and my mother's maiden name is easily
discovered.  Still, I don't object to these checks, but it is truly
ironic when an individual can use the same card number without any
additional security measures to make purchases for thousands of
dollars, immediately withdrawn from your account.

David Kulp

------------------------------

Date:    Fri, 2 Jan 1998 23:39:52 -0500
From:    Monty Solomon <monty@roscom.COM>
Subject: Airlines Debut Profiling System

Excerpt from ACLU News 12-31-97

	      ---

     As Airlines Debut Profiling System,
     ACLU Launches Web Complaint Form

FOR IMMEDIATE RELEASE
Wednesday, December 31, 1997

WASHINGTON -- Anticipating complaints resulting from the national debut
of a computerized airline passenger profiling system, the American Civil
Liberties Union today launched a special web complaint form to collect
information on incidents of discrimination and mistreatment by airport
security personnel.

The ACLU said that it was establishing its own complaint collection
process in part because the Department of Transportation has so far
failed to establish its own means of adequately collecting and tracking
passenger complaints, and has refused to set up an independent
monitoring panel to review complaints about the new system.

The Computer Assisted Passenger Screening System (CAPS) was developed
and mandated by the Federal Aviation Administration based on a
recommendation from the White House Commission on Aviation Safety and
Security headed by Vice President Gore. It is scheduled to be phased in
nationwide beginning on January 1.

"The ACLU is concerned that the CAPS system will have a unequal impact
on some passengers, resulting in their being selected for treatment as
potential terrorists based on their race, religion or national origin,"
said Gregory T. Nojeim, a Legislative Counsel for the ACLU's Washington
National Office.

"Fasten your seat belts, ladies and gentlemen," Nojeim cautioned,
"because the government is about to take you on a very bumpy ride."

The ACLU's complaint form, linked online at
http://www.aclu.org/forms/complaint_aviation.html, offers airline
passengers to provide details of discriminatory or abusive security
screening incidents, and asks passengers to report information about
their flight, themselves, and who mistreated them.

Nojeim said the ACLU would use the data collected on its web site to
look for patterns of abusive or discriminatory security screening. All
personal data, he said, will be kept confidential on request.

The ACLU has long criticized passenger profiling, calling it a
speculative means of predicting criminal conduct that does nothing to
insure safety. Profiling is based on characteristics that do not
individually suggest evidence of criminality, the ACLU added, and can
involve the troublesome maintenance and evaluation of personal
information about passengers and their travel, using criteria that are
kept secret for "security reasons."

Under this system, passengers who "fit the profile" are selected for
heightened security measures, which can include a thorough search of
their luggage in front of other passengers, intrusive personal
questioning, tagging of luggage with orange tape, and a physical escort
from the check-in counter to the airport gate by security personnel, in
full view of other passengers.

Earlier this year, a newspaper reporter who obtained confidential
airline security manuals found that they explicitly listed some ethnic
associations, like a name of Middle Eastern origin, as grounds for
suspicion. The CAPS system will replace, for most domestic flights, the
manual profiling system now being used.

Northwest Airlines has been testing the CAPS system in select airports
since earlier this year, and, according to Nojeim, the ACLU has received
more complaints of discriminatory security screening from Northwest
passengers than from passengers on any other airline. However, it is not
yet clear whether and how those complaints are linked to use of CAPS.

Nojeim said that the ACLU continues to call for the establishment of an
independent Civil Liberties Panel to insure that security measures are
not implemented in a discriminatory way, that passengers' data is kept
confidential, and that privacy standards are created for new security
scanning devices.

Criminals -- including those who "fit the profile" -- may find the
profiling system easy to evade: all they have to do is dupe a passenger
who does not fit the profile into carrying a bomb.

The ACLU is reiterating its call for full "luggage match" as an
alternative to passenger profiling. Bag matching assures that no one can
check a bag without boarding the flight.

"The ACLU has never challenged the use of the x-ray machine on
everyone's checked luggage," Nojeim said. "What we have challenged are
discriminatory methods of choosing which passengers will be subjected to
heightened security measures."

Note: The form can be found online at
http://www.aclu.org/forms/complain_aviation.html. Individuals who do not
have Internet access can call the ACLU's Washington Office at
202-544-1681.

------------------------------

Date: Mon, 12 Jan 1998 22:58:25 -0600
From: dawson@world.std.com (Keith Dawson)
Subject: A spy satellite of one's own [TBTF for 1/12/98]

[ Excerpted from TBTF for 1/12/98 by PRIVACY Forum Moderator ]

Soon you'll be able to buy images from space that show the car
in your driveway.

Spying on the earth from space was a monopoly of governments for its
first two decades. In 1986 the French company SPOT IMAGE [19] began
selling images from its SPOT satellite to all comers. At 10 meters
minimum resolution, the images were sufficient to resolve objects
the size of houses.Now a US company -- EarthWatch, of Longmont, Colo-
rado -- has launched EarlyBird [20] atop a Russian booster [21]. For
a few hundred dollars charged to your credit card you'll be able to
order a 3-meter resolution photo of any place on earth. Visit this
simulation to appreciate the difference between 3-meter and 10-meter
resolution [22]. In 1999 EarthWatch plans to launch the first of two
next-generation QuickBird satellites with a minimum resolution below
1 meter. That's just about sharp enough to resolve people from space
[23]. Here are specs for the EarlyBird and QuickBird satellites [24].
Eyes in the sky with such acuity must begin to raise privacy concerns.
Visit the Freedom Forum [25], [26] for some cautionary thoughts from
technology director Adam Clayton Powell Jr.

[19] http://www.spot.com/
[20] http://www.digitalglobe.com/news/pr_eb1launch.html
[21] http://www.sjmercury.com/breaking/headline2/080192.htm
[22] http://www.hitachi.co.jp/Prod/remosen/eng/3mimage.htm
[23] http://www.hitachi.co.jp/Prod/remosen/eng/1mimage.htm
[24] http://www.digitalglobe.com/company/ewconstell.html
[25] http://www.freedomforum.org/technology/1997/12/31satell.asp
[26] http://www.freedomforum.org/technology/1997/12/05sputnik.asp

------------------------------

Date:    Mon, 12 Jan 1998 21:18:18 -0600
From:    Marianne Kim <lpas260@uts.cc.utexas.edu>
Subject: self regulation

Hi everyone:

I'm looking for information related to how self regulating governing
bodies (such as trade associations) can protect the transfer of customer
profile data from abuse and simultaneously bring forward antitrust
issues. The basic idea is that data collecters will have little
incentive to sell information to marketing groups that represent their
competitors, thus restricting the use of competitive tools. 

I'm new to this topic and it's been difficult for me to find literature
on antitrust issues related to regulation. Does anyone have suggestions?

Thanks.

------------------------------

Date:    Fri, 09 Jan 98 18:11:00 P
From:    Jim Horning <horning@intertrust.com>
Subject: ACM Policy98 Preliminary announcement

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
       ASSOCIATION FOR COMPUTING ANNUAL MEETING
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

                       POLICY98
         "Shaping Policy in the Information Age"

            Washington, DC, Renaissance Hotel
                    May 10-12, 1998

                  Preliminary Notice

      For Conference and Registration information see:
         http://www.acm.org/usacm/events/policy98/

On May 10-12 1998, the Association for Computing will hold its
annual meeting in Washington DC.  This national conference will
focus on critical public policy issues affecting the future of
applications of computing.  The purpose of the conference is to
forge stronger links between computer professionals and policy
makers.  You will interact with leaders from academia, industry,
Congress, and Executive agencies, and participate in debates on
policy issues including Universal Access, Electronic Commerce,
Intellectual Property, and Education Online.

You can influence decisions about making productive use of
computing and information processing innovations, while coping
with the inherent dangers of any transformational technology.
Your continuing collaborations with policy makers will be
beneficial to citizens, consumers, entrepreneurs, students, and
computing professionals.  You can make a difference!

All attendees are invited to the Annual ACM Awards Banquet on
Sunday evening May 10th, and a conference reception on Monday
night May 11th.

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
PANEL TOPICS AND COORDINATORS
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Universal Service: Ollie Smoot
What can be done to promote widespread access to the benefits of
the Internet? What is the role of government and the role of the
private sector in wiring schools, libraries, and medical facilities?

Electronic Commerce: Jim Horning
How much public policy does EComm need?  What problems would
inadequate, excessive, or misguided policies cause?  Can compromises
in areas like fair trade practices, fraud prevention, security, privacy,
and taxation advance the interests of all stakeholders?

Intellectual Property in Cyberspace: Pam Samuelson
What will be the impact of the WIPO agreements on copyright in
cyberspace? How should intellectual property be protected  and what
safeguards are necessary to protect libraries and academic institutions?

Education Online: Charles N. Brownstein
The Internet offers unparalleled opportunities for learning and teaching.
What public policy and technical challenges must be met to realize
these prospects?


+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
CONFERENCE CO-CHAIRS
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Ben Shneiderman, USACM (U.S. Public Policy Committee)
C. Dianne Martin, SIGCAS (ACM Special Interest Group
                       on Computers & Society)

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
PROGRAM COMMITTEE CHAIRS
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Marc Rotenberg, Public Policy
Keith Miller, Ethics and Social Impacts

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
REGISTRATION INFORMATION
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
For more information or to register electronically, see
http://www.acm.org/usacm/events/policy98/reginfo.html

------------------------------

End of PRIVACY Forum Digest 07.02
************************


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH