PRIVACY Forum Digest Sunday, 14 January 1996 Volume 05 : Issue 02
Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM =====
------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. -------------------------------------------------------------------
CONTENTS "Privacy: 1996" (Lauren Weinstein; PRIVACY Forum Moderator) Caller ID leakage? (Beth Givens) Videotaping homes for tax purposes (Steve Holzworth) Mutual of Omaha and s.s.n's (nrota@cris.com) Computers, Freedom, and Privacy -- Call for Demos (Hal Abelson) Data Mining and Knowledge Discovery (Phil Agre) InfoWarCon (Winn Schwartau)
*** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! ***
----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com".
All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". -----------------------------------------------------------------------------
VOLUME 05, ISSUE 02
Quote for the day:
"How do you think some of the politicians around town got started, and parking lot owners?"
-- Mr. Applegate (Ray Walston) "Damn Yankees" (1958)
Date: Sun, 14 Jan 96 17:43 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: "Privacy: 1996"
Greetings. As we go strolling down the aisle of 1996 (with the 21st century looming ever larger before us), there's certainly no lack of privacy-related concerns and problems to analyze, discuss, and hopefully solve in reasonable ways.
The overall situation isn't terribly encouraging, however. As Alice was told long ago, it seems you have to run as fast as you can just to stay in the same place--and to move forward you need to run even faster than that.
There are many conflicting events and signals to confuse the picture. While the U.S. government has chosen to drop the charges against Phil Zimmermann for the original Usenet distribution of PGP, and there are signs of some loosening of U.S. encryption product export restrictions, a vast array of issues surrounding encryption policy remain. It still seems quite possible, even likely, that new legislative efforts to restrict powerful encryption systems, and/or to criminalize their use in certain situations, will be forthcoming. Are all such restrictions unreasonable? Or are there circumstances, given the real-world problems of crime, terrorism, and related activities, where some form of restrictions might be a good idea? Let's discuss these issues.
Compuserve was widely condemned for an apparently arbitrary cutoff of 200-plus Usenet newsgroups in reaction to a German child-pornography investigation. It seems likely that when the U.S. telecommunications law rewrite (eventually) passes, it *will* include both the so-called television "V-chip" language and a broad ban on the distribution of "indecent" materials to minors via the Internet. Don't be too sure about the courts striking down such provisions--the U.S. Supreme Court recently upheld the FCC's right to ban "indecent" materials from radio airwaves during most of the broadcast day.
Outside of the philosophical and political issues relating to this area, the logistical issues are also awesome when dealing with a global network. Can countries impose practical restrictions on what their citizens can access, both domestically and internationally, without creating draconian monitoring and control mechanisms? And who will make these decisions? While most everyone agrees that child pornography has no place on the net (or anywhere else), there are those who would use this single topic as a lever to spread content restrictions throughout a broad range of discussion topics (and in some countries, political opinions). And yet, we can assume there are people using the net in illegal ways, and there clearly are some items on the Internet that the vast majority of persons would not want their children to access. How can the goals of free flow of information, protection of minors, and prevention of illicit activities be simultaneously achieved? Can they be achieved together?
Finally, we must face the fact that the tremendous tool that is the Internet, that many of us have spent more than the last quarter century building, might itself become one of the most powerful instruments for the invasion of individuals' privacy yet devised. It's already causing an explosion in commercial database sharing, and exasperating the problem of incorrect or "stale" information that propagates through such databases.
While technological developments are moving toward making it relatively safer to, for example, send credit card information around the net, it's going to take a long period of education before the average casual user of the Internet is going to be able to reliably detect the more privacy invasive situations that the net could foster. The Internet can be a wonderful and useful marketing tool, but if this is done in manners that are seen as invading privacy, the results will be quite counterproductive. One promising note is that the U.S. Federal Trade Commission has opened studies on the use (and possible misuse) of information that can be collected by Internet (e.g. World Wide Web) sites during the course of user browsing, an area about which the PRIVACY Forum will have more to say in the future.
It looks like we've got plenty to discuss!
--Lauren--
------------------------------
Date: Wed, 6 Dec 1995 13:20:09 -0800 (PST) From: Beth Givens <bgivens@pwa.acusd.edu> Subject: Caller ID leakage?
Starting December 1, Calling Number ID is supposedly transmitted on ALL calls, local as well as long distance, as per a FCC ruling. The one exception is for calls originating in California. (The California Public Utilities Commission has requested a 6-month waiver, until it has had the opportunity to accept or reject the local phone companies' education plans for alerting California consumers to the privacy effects of Caller ID.)
Rumor has it that some Caller ID data for California calls has somehow "leaked" out -- both in the past and since December 1st. But we have not been able to verify that. If you have indeed seen California numbers on your Caller ID display devices, I'd appreciate hearing from you -- either via this forum or directly to my email address (bgivens@acusd.edu). If you don't mind divulging the first 6 digits of those numbers, that data would help track down the errant phone company switches. Thanks.
Beth Givens Voice: 619-260-4160 Project Director Fax: 619-298-5681 Privacy Rights Clearinghouse Hotline (Calif. only): Center for Public Interest Law 800-773-7748 University of San Diego 619-298-3396 (elsewhere) 5998 Alcala Park e-mail: bgivens@acusd.edu San Diego, CA 92110
------------------------------
Date: Wed, 6 Dec 1995 16:32:19 -0500 (EST) From: Steve Holzworth <sch@unx.sas.com> Subject: Videotaping homes for tax purposes
Wake County, N.C., where the state capital is located, has recently started videotaping all homes and businesses in the county for tax revaluation purposes. The taped images will then be digitized and coupled with property tax records to simplify the tax assessors' job of setting property tax valuations.
Several things come to mind:
1) Property tax records are public records. You can walk into the county tax office and use their computer system to look up anyone's tax records. One can assume you will now be able to look at their home/business also.
2) Given (1), how long until siding salespeople, real estate agents, cat burglars, etc. use the picture database to determine likely subjects of financial interest?
3) The day my house was videoed, I was in the midst of a renovation. My paint was scraped, some items were primed only, my deck and stair rails were torn down, and my driveway was partially dug up. Does this mean I'll have a low tax valuation? :-)
Given the prevalence for other computer data to propagate to unlikely agents, I'm not particularly thrilled with having pictures of my house online as a public record. The local newspaper hasn't even discussed the ramifications of this taping, beyond commenting that it was occurring.
-- Steve Holzworth sch@unx.sas.com "Do not attribute to poor spelling SAS Institute x6872 That which is actually poor typing..." SAS/Macintosh Development Team - me Cary, N.C.
[ This may not be terribly different from the long-existing practice of taking photos of houses and putting them in big books (which themselves have been or are being digitized in many areas), or sending assessors around to re-evaluate at regular intervals. Real estate companies and their supporting data firms have long collected this sort of information--the details they have on virtually every house in their areas is *very* detailed. As far as crooks are concerned, I suspect they're more likely to use "in-person" inspections for their "evaluation" purposes--they probably prefer the most up-to-date information. -- MODERATOR ]
------------------------------
Date: Sun, 7 Jan 1996 22:44:10 -0500 From: nrota@cris.com Subject: Mutual of Omaha and s.s.n's
I recently received a mailing from Mutual of Omaha (my health insurance provider) informing me that I have been enrolled in a Rx discount program with Diversified Pharmaceutical Services. I was issued a card and told that each time I use my card "a Diversified AlertCare Prescription Review is run, alerting the pharmacist to potential interactions with other medications you have purchased using the card."
I called up Mutual of Omaha to have my name removed from Diversified's database. The customer service representative asked me to verify my social security number. I did not provide my s.s.n. on the application to Mutual of Omaha. Evidently they get it from a medical database.
A customer service representative called me back two days later. She said they have removed my s.s.n. from their database and my name from the Diversified database. She was unable to comment on the practice of getting the s.s.n. from some other source than an individual's application.
------------------------------
Date: Tue, 26 Dec 1995 23:43:26 -0800 From: hal@murren.ai.mit.edu (Hal Abelson) Subject: Computers, Freedom, and Privacy -- Call for Demos
Since its inception in 1991, the Conference on Computers, Freedom, and Privacy has brought together experts and advocates from the fields of computer science, law, business, public policy, law enforcement, government, and many other areas to explore how computer and telecommunications technologies are affecting freedom and privacy.
CFP96 -- the Sixth Conference on Computers, Freedom, and Privacy -- will be held on March 27-30, 1996, in Cambridge, Massachusetts. CFP96 is hosted by The Massachusetts Institute of Technology and The World Wide Web Consortium.
CFP96 is soliciting demonstrations of technology that will be of interest to conference attendees. Examples are technologies for
-systems for voice and data encryption -smart cards -electronic money and secure funds transfer -bugging devices -crime tracking -assembling personal dossiers -public access to the network -on-line activism and political organizing -access to government information -content-based network access control
If you are interested in demonstrating something at CFP96, please send a proposal to cfp96@mit.edu. Demonstrations may be either commercial or non-commercial. Proposals are due by February 1, 1996.
For more information, consult the conference we page http://web.mit.edu/cfp96
**************************************************************** New Journal Announcement:
Data Mining and Knowledge Discovery
C a l l f o r P a p e r s ****************************************************************
Advances in data gathering, storage, and distribution technologies have far outpaced computational advances in techniques for analyzing and understanding data. This created an urgent need for a new generation of tools and techniques for automated Data Mining and Knowledge Discovery in Databases (KDD). KDD is a broad area that integrates methods from several fields including machine learning, machine discovery, uncertainty modeling, statistics, databases, data visualization, high performance computing, management information systems (MIS), and knowledge-based systems.
KDD refers to a multi-step process that can be highly interactive and iterative and which includes data selection, preprocessing, transformation, application of data mining algorithms to extract patterns/models from data, evaluating the extracted patterns, and converting them to an operational form or human-oriented knowledge. Hence "data mining" refers to a step in the overall KDD process. However, a significant portion of the published work has focused on the development and application of data mining methods for pattern/model esxtraction from data using automated or semi-automated techniques. Hence, by including it explicitly in the name of the journal, we hope to emphasize its role, and build bridges to communities working solely on data mining methods.
Our goal is to make the journal of Data Mining and Knowledge Discovery a flagship publication in the KDD area, providing a unified forum for the KDD research community, whose publications are currently scattered among many different journals. The journal will publish state-of-the-art papers in both the research and practice of KDD, surveys of important techniques from related fields, and application papers of general interest. In addition, there will be a section for publishing useful information such as short application reports (1-3 pages), book and system reviews, and relevant product announcements.
The topics of interest include:
Theory and Foundational Issues in KDD: Data and knowledge representation for KDD Modeling of structured, textual, and multimedia data Uncertainty management in KDD Metrics for evaluating interestingness and utility of knowledge Algorithmic complexity, efficiency, and scalability issues in data mining Limitations of data mining methods
Data Mining Methods and Algorithms: Discovery methods based on belief networks, decision trees, genetic programming, neural networks, rough sets, and other approaches Algorithms for mining spatial, textual, and other complex data Incremental discovery methods and re-use of discovered knowledge Integration of discovery methods Data structures and query evaluation methods for data mining Parallel and distributed data mining techniques Issues and challenges for dealing with massive or small data sets Knowledge Discovery Process Data pre-processing for data mining Evaluating, consolidating, and explaining discovered knowledge Data and knowledge visualization Interactive data exploration and discovery
Application Issues: Application case studies Data mining systems and tools Details of successes and failures of KDD Resource and knowledge discovery on the Internet and WWW Privacy and security issues
This list of topics is not intended to be exhaustive but an indication of typical topics of interest. Prospective authors are encouraged to submit papers on any topics of relevance to knowledge discovery and data mining.
SUBMISSION AND REVIEW CRITERIA: We solicit papers on both research and applications. All submitted papers should be relevant to KDD, clearly written, and be accessible to readers from other disciplines by including a carefully written introduction. Submissions will be thouroughly reviewed to ensure they make a substantial advance either in increasing our understanding of a fundamental theoretical problem, or provide a strong technological advance enabling the algorithmic extraction of knowledge from data. Papers whose primary focus is on significant applications are strongly encouraged but must clearly address the general underlying issues and principles, as well as provide details of algorithmic aspects. Papers whose primary focus is on algorithms and methods must address issues of complexity, efficiency/feasibility for large data sets, and clearly state assumptions and limitations of methods covered. Short application summaries (1-3 pages) are also encouraged and would be judged on the basis of application significance, technical innovation, and clarity of presentation.
SUBMISSION INSTRUCTIONS: We encourage electronic submission of postscript files. Authors should submit five hard copies of their manuscript to: Ms. Karen Cullen , DATA MINING AND KNOWLEDGE DISCOVERY Editorial Office, Kluwer Academic Publishers, 101 Philip Drive, Norwell, MA 02061 phone 617-871-6600 fax 617-871-6528 email: kcullen@wkap.com Submissions should be in 12pt font, 1.5 line-spacing, and should not exceed 28 pages. We strongly encourage electronic submissions, please visit http://www.research.microsoft.com/research/datamine/ to obtain instructions on electronic submissions. Detailed instructions for submission of final manuscripts and Kluwer format files for LaTex, MS Word, and other typestting programs are provided at the above site.
Exact instructions for hardcopy and electronic submission to Kluwer can be accessed at http://www.research.microsoft.com/research/datamine/
Being a publication for a rapidly emerging field, the journal would emphasize quick dissemination of results and minimal backlogs in publication time. We plan to review papers and respond to authors within 3 months of submission. An electronic server will be made available by Kluwer for access to accepted papers by all subscribers to the journal. Authors would be encouraged to make their data available via the journal web site by allowing papers to have an "electronic appendix", containing data and/or algorithms authors may want to publish when appropriate.
The journal will be a quarterly, with a first volume published in January 1997 by Kluwer Academic Publishers.
[ Additional text deleted by MODERATOR due to length. ]
InfoWarCon (Europe) '96 Defining the European Perspective Brussels, Belgium May 23-24 1996
Sponsored by:
National Computer Security Association Winn Schwartau, President and CEO, Interpact, Inc. Robert David Steele, Chairman & CEO, OPEN SOURCE SOLUTIONS
Information Warfare represents a global challenge that faces all late-industrial and information age nation states. It also represents the easiest and cheapest way for less developed nation-states and religious or political movements to anonymously and grieviously attack major nations and international corporations.
Not only are the definitions of InfoWar unclear, but they span many areas and disciplines. This conference will examine the European perspectives on all three classes of Information Warfare while contributing some American lessons learned, mistakes made and successes enjoyed.
Class I: Personal Privacy Class II: Industrial and Economic Spying and Warfare Class III: Global Conflict, Terrorism and the Military
As at all other InfoWarCon, this special European Conference encourages active audience participation, contribution and debate.
...
[ Additional text deleted by MODERATOR due to length. ]
...
MAIL OR FAX OR EMAIL REGISTRATION TO:
National Computer Security Association 10 South Courthouse Avenue Carlisle, PA 17013 Phone 717-258-1816 or FAX 717-243-8642 EMAIL: conference@ncsa.com
To obtain the latest edition of this program, send EMail to:
euroinfowar@ncsa.com
For more information about NCSA:
WWW: http://www.ncsa.com CompuServe: GO NCSA EMail: info@ncsa.com
Sponsorships for various InfoWarCon (Europe) 96 events are still available. To find out how to sponsor portions:
Contact Paul Gates at the NCSA: pgates@ncsa.com
To reach: Winn Schwartau: Winn@Infowar.Com Robert Steele: ceo@oss.net
V 1.1/12.7.95
Peace & Happy Holidays Winn
Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn@InfoWar.Com
------------------------------
End of PRIVACY Forum Digest 05.02 ************************