Citizens of the City of Mind
Randolph Fritz
library, built when California cities could actually afford reasonable
investments. The library has computer recordkeeping; a system donated
by Hewlett Packard.
I did a bit of research while I was there (rotten collection of
material on Iraq, I'm sorry to say), took a couple of books and went
to the checkout desk. They scanned my library card & said "you have a
35 cent fine due." I paid it; it was a book I'd returned to their
drop box. And walked out of the library, thunderstruck.
Because, you see, the library remembered me. Not the librarian;
anyone at the checkout desk would have asked for that fine and if I'd
talked to one of the librarians away from that desk they wouldn't have
noticed. The Library remembered. For a moment, I'd had the strange
sense of being known, not to a person, but to an organization.
For a while now, I've been wrestling with the question of why it is we
are so bothered by the large institutional personal databases. Now, I
believe I know. We talk about the impersonality of large
bureaucracies -- but that's last generation's war. Foucault said that
feudal power was like an iron grip and lots slipped through its
fingers. The forms of power evolved with the emergence of capitalism
were more personal; bio-power, the manipulation of a population and
its labor. The forms of power now evolving are -- what? You are no
longer a single number; now you're quite a few numbers. To this new
form of power, you are a person. Organizations now interact with us,
slowly, in real time, as entities with personalities. Call it
culturo-power; the ability to affect masses of people in the minute
particulars of their lives.
And we sense that these new entities are malign. For a long time it's
been acceptable to run an organization any which way; if it's run by
bastards -- who cares? No more. Those nasty credit policies of our
banks, that nasty greedy attitude of so many large businesses -- those
are now personalities; unethical management is becoming unethical
behavior, sometimes behavior which ought to be illegal.
"What is to be done?"
Well, one thing is *not* going to be done -- this genie isn't going
back into the bottle. We aren't giving up computers. And I think we
all want to keep them. So we are going to have to learn to live with
organizations that know about us as people.
I therefore propose the following items for futher thought:
1. Start thinking about organizations as entities capable of criminal
as well as civil offenses.
2. Begin to understand what makes an informed electronic community
"good" or "bad". Let's try to say why Usenet, certainly a service
which distributes a vast amount of personal information, is less of
a privacy concern than Equifax. Or should be be more concerned
with privacy here?
3. Begin to work out just where the boundaries are in cyberspace.
Just where does pursuing sales prospects become invasive? How do
we control large-scale confidence games? How do we protect
potential victims -- and remember that we are all potential
victims.
4. Begin to explore the positive potential of this technology.
Granted that a large-scale database and network can give an
organization or community a kind of personality -- what are the
creative, constructive possibilities of this new capability? Can
we use it to make for more pleasant workplaces, saner cities?
nd t
ou ui
R Press T __Randolph Fritz sun!cognito.eng!randolph || rand...@eng.sun.com
ou ui Mountain View, California, North America, Earth
nd t
Ian Lance Taylor
(interesting to me, anyhow!).
In article <72...@exodus.Eng.Sun.COM> rand...@cognito.Eng.Sun.COM (Randolph Fritz) writes:
>1. Start thinking about organizations as entities capable of criminal
> as well as civil offenses.
What does it mean to convict an organization of a criminal offense,
and what is the point of such an action? Presumably a criminal
conviction would have to carry a harsher penalty than a mere fine;
otherwise, why not just use a civil suit?
I can think of three main purposes to a criminal conviction:
1) to reform the organization to prevent future criminal actions
(for example, the breakup of AT&T)
2) to destroy the organization to prevent future criminal actions
(presumably if reform appears impossible)
3) to deter other organizations from similar criminal actions
I am deliberately not including punishment for its own sake, since
there seems to be even less point to applying that to an organization
than there is to an individual.
The most interesting purpose is the third. What sorts of actions can
be taken to deter future criminal actions by other organizations? I
would argue that organizations are less susceptible to ``crimes of
passion'' than individuals are (I know that the Gulf War can be viewed
as a counterexample, but I'll still stand by *less* susceptible), so I
would assume that deterrence can be maintained by increasing the
cost/benefit ratio to an unacceptable level.
There is still the hardest part of deterring crime, which applies to
individuals and organizations alike: detection.
To completely shift gears, it is worth remembering that while
organizations are entities in their own right, they are still run by
people. Dramatic penalties for those individuals responsible for the
crime might be a far more effective deterrent than any penalty applied
to the organization. Determining who those individuals are, on the
other hand, would probably often be very difficult, and in some cases
there might be no responsible individuals at all.
I'll let other people take it from here.
>2. Begin to understand what makes an informed electronic community
> "good" or "bad". Let's try to say why Usenet, certainly a service
> which distributes a vast amount of personal information, is less of
> a privacy concern than Equifax. Or should be be more concerned
> with privacy here?
One obvious concern with Equifax is that they can distribute personal
information without the individual's knowledge. Usenet provides a
means of distributing potentially damaging personal information to a
vast number of people, but the person affected would almost certainly
become aware of it (although the culprit would not necessarily be
known). We should be aware that Usenet has a vast potential for harm,
though, because it can be used as a cheap, easy, anonymous broadcast
system (and as far as I know, it is the *only* such system in
existence; newspapers edit their contents, and stapling notices on
telephone poles is not easy).
>4. Begin to explore the positive potential of this technology.
> Granted that a large-scale database and network can give an
> organization or community a kind of personality -- what are the
> creative, constructive possibilities of this new capability? Can
> we use it to make for more pleasant workplaces, saner cities?
Saner cities? Sure. By allowing white-collar workers to work and
communicate from wherever they choose, we can accelerate the flight of
capital from urban centers and speed up their collapse into barbarism.
A hundred years from now, they should provide convenient and
fascinating guided tours of primitive society. (I don't think this is
desirable, but I don't mean it as a joke).
--
Ian Taylor
uunet!airs!ian | If I were employed, my opinions would not be
airs!i...@uunet.uu.net | my employer's. As it is, they are not anyone's.
Randolph Fritz
how do we appear to the organizations?
Returning to my neighborhood library, what does it see of me?
Catalog requests (from an unidentified source)
Book check-out and -in
Book reserves
Possibly magazine loans
What, let us say, a supermarket sees of us is mostly our credit record
and our buying history. A serious search performed by detective
agency will show a credit record, some buying information, licenses, a
criminal record, a bit of personal material. Quite possibly the NSA
or the FBI knows my politics.
What is striking about all this is how little control we have over it
all, and how very public it all is. Errors can usually only be
corrected years after they've appeared in cyberspace and even so, the
error will probably continue to propagate; a kind of electronic
gossip. And, since there's some much sharing, every organization
knows (almost) everything. It's usually the prerogative of
businesspeople to conceal their vendors and customer lists, but this
prerogative has been taken away from us as private citizens, and small
businesses will probably lose it next.
We are (in two senses of the word) the subjects of all this vast data
collection; it is about us, and it rules our "lives" in cyberspace.
We are subjects of this data base in a third, political, sense: the
data is used to direct the tools of power which control people's
lives. Here in the USA we are very lucky that this power is, for the
most part, limited to taxation and city planning. In many parts of
the world, such power extends to political party membership, the
workplace, and any aspect of your life tyrannical governments see fit
to extend it to.
But another relation is possible. We could govern so as to place our
visibility in that space was under our control (perhaps using a
zero-knowlege system) and to create a cybernetic presence for most of
us. In such a world, we would retain control over who we dealt with,
and be able to negotiate what they did with the information about us.
Now, all this is a long way from happenning. The part about
"presence" in cyberspace is especially difficult, as it essentially
means making computer network access as widespread as the telephone
and this is very, very scary to most of us. It's important to stress,
too, that new technologies of social power are going to evolve within
such a system; abuses will still be possible. What this does do is
give us a fighting chance against abuse. Currently, we truly have no
defense at all.
daniel lance herrick
>
> One obvious concern with Equifax is that they can distribute personal
> information without the individual's knowledge. Usenet provides a
> means of distributing potentially damaging personal information to a
> vast number of people, but the person affected would almost certainly
> become aware of it (although the culprit would not necessarily be
> known).
This contains an assertion about Equifax and the opposite assertion
about Usenet. I think both are naive.
Usenet can distribute personal information about the individual
members of the Supreme Court of the United States for a long time
before those targets become aware of what is going on. If the
target of a campaign is someone who hangs out on Usenet, then,
yes, the target will become aware quickly. These two cases are
different.
When one of the purveyors of mailing lists distributes personal
information, the information they distribute is a mailing address,
the person buying it paid ten cents or a dollar for the information.
The reason they spent the money was so they could make a targeted
sales pitch. The pitch arrives soon, and the individual knows
his mailing address has been distributed.
dan herrick
herr...@iccgcc.decnet.ab.com
David Gast
>In article <12...@airs.UUCP>, i...@airs.UUCP (Ian Lance Taylor) writes:
>> One obvious concern with Equifax is that they can distribute personal
>> information without the individual's knowledge. [Comments about usenet
deleted].
>This contains an assertion [which] I think both [is] naive.
>When one of the purveyors of mailing lists distributes personal
>information, the information they distribute is a mailing address,
>the person buying it paid ten cents or a dollar for the information.
>The reason they spent the money was so they could make a targeted
>sales pitch. The pitch arrives soon, and the individual knows
>his mailing address has been distributed.
The individual gets mail, but s/he does not necessarily know what
information about him/her was sold or who sold it. The individual
may know his/her mailing address has been distributed, but s/he does
not know what else was. Consider the case of the ``preapproved credit
cards''; surely more information has been obtained than just the address.
Anyway, when did I ever make Equifax my agent and ask them to sell info
about me?
David
daniel lance herrick
>
> Anyway, when did I ever make Equifax my agent and ask them to sell info
> about me?
>
it as the agent of the person you gave it to or as their own agent.
dan herrick
herr...@iccgcc.decnet.ab.com
Trip Martin
>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>>
>> Anyway, when did I ever make Equifax my agent and ask them to sell info
>> about me?
>>
>You freely gave information that is valuable and Equifax is selling
>it as the agent of the person you gave it to or as their own agent.
More like he was forced to give that information or be denied service.
--
Trip Martin
ni...@rpi.edu
--
Trip Martin
ni...@rpi.edu
Ian Lance Taylor
>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>>
>> Anyway, when did I ever make Equifax my agent and ask them to sell info
>> about me?
>>
>You freely gave information that is valuable and Equifax is selling
>it as the agent of the person you gave it to or as their own agent.
While the information is freely given, it is easy to not be aware that
you are giving out information, and it is hard to become aware, after
the fact, that you have given it out. This could be considered a
hazard of living in this society, but I would just as soon eliminate
the hazard.
This is some information extracted from a post to comp.risks (11.28)
quoting a Wall Street Journal article (14 Mar 1991, p. A1;A8). (If
you don't read comp.risks, you should check it out; if you don't get
news, you can get on the mailing lists by sending to
RISKS-...@CSL.SRI.COM). The posting to comp.risks was made by
Mary Culnan (mcu...@guvax.georgetown.edu). The rest of this post is
quoted from hers (apologies to people who will see it twice).
Specific lists cited in the article include:
* Metromail's "Young Family Index Plus" which lists about 67,000
new births each week compiled from clipped birth announcements,
referrals from Lamaze coaches and names acquired from companies that
deal in baby supplies
* America List Corp sells lists based on high school yearbook listings
about virtually every high school class in the U.S.
* Benadryl bought names and addresses (based on phone numbers sold
to them) of people calling an 800 number for pollen count information
* The Big 3 credit bureaus sell mailing lists based on aggregated
credit data, e.g. "Credit Seekers Hotline" of people who recently
applied for credit and are "prospects who want to make new purchases"
Finally, an Atlanta-based company which prepares marketing questionnaires asks
if there has been a recent death in the family. The company's President is
quoted, "Death has always been a negative life style change nobody thought
could be sold, but I differ. I think it's a very good market."
--
Ian Taylor airs!i...@uunet.uu.net uunet!airs!ian
Quoted from a courtroom deposition in the Boston Globe of February 18, 1991:
Q: Doctor, how many autopsies have you performed on dead people?
A: All my autopsies have been on dead people.
Khaos the Binary Warlock
So how does one avoid giving this info?
herr...@iccgcc.decnet.ab.com
> herr...@iccgcc.decnet.ab.com (daniel lance herrick) writes:
>
>>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>>>
>>> Anyway, when did I ever make Equifax my agent and ask them to sell info
>>> about me?
>>>
>>You freely gave information that is valuable and Equifax is selling
>>it as the agent of the person you gave it to or as their own agent.
>
> More like he was forced to give that information or be denied service.
Ok, let's express it differently. He bought something that had two
components to its price - some money and some information. He is
keeping the thing he bought, but now he wants the information back
(rendered unavailable to the person to whom he sold it).
If the price was too high, he should not have paid it. When the
market agrees with him, the price will come down.
Don't talk about stealing the business assets of Equifax. That horse
is already out of the barn. Close the barn door and keep the rest of
your private information private by not giving it away.
When you are signing insurance releases at a hospital admissions desk,
add a time limitation clause. Or tell them you will pay and don't
sign insurance releases. Move your checking account to a money
market fund because *their* bank makes the obligatory pictures of all
the checks of all the clients of the mmf and it is harder to segregate
yours. Use cash instead of a credit card or check. Don't tell *their*
computers where you are and what you are doing.
The price of freedom is eternal vigilance. If you have been asleep
at the watch tower, then you have given away some freedom. Start
watching where you make a computerized record that is easy for them
to use and stop doing it.
dan herrick
herr...@iccgcc.decnet.ab.com
Tom Horsley
woolf> My concern is primarily with situations where there are no personal
woolf> incentives to respect my preferences (which I hope isn't the case
woolf> with most of my friends) and where there are incentives to sell
woolf> information about me without my consent ($3 per name per mailing
woolf> list, in many cases).
woolf> Again, I don't like the "more laws" solution much, except I could see
woolf> a law that requires people to get my consent before they sold personal
woolf> information about me, and tell me if I ask what they've done with such
woolf> information. I'd settle for that "free flow of information" going
woolf> both ways.
Actually, if there is to be a law, perhaps the best form would be something
like:
"You can't sell information about your customers without cutting them
in on the profits"
This would put most organizations in the position of either having to give
away the information they gather, or organize some way to distribute
the profits to their customers.
They wouldn't do either of these, because both of them would be a lot of
trouble which would actually cost them money. Remember, the only way to
stop something is to come up with a way to make it unprofitable...
Actually, I have been thinking about starting this company that gathers
names and addresses from .signature files that come over the net and selling
them to companies who want to market things to computer hacker types...
:-) :-) :-) :-) :-) :-) :-) :-) :-).
--
======================================================================
domain: taho...@csd.harris.com USMail: Tom Horsley
uucp: ...!uunet!hcx1!tahorsley 511 Kingbird Circle
Delray Beach, FL 33444
+==== Censorship is the only form of Obscenity ======================+
| (Wait, I forgot government tobacco subsidies...) |
+====================================================================+
Randolph Fritz
see can be implemented technically with public-key cryptographic
systems. These are known as zero-knowlege systems and they were
written up in Communications of the ACM a few years back. If people
are interested, they should write me and I'll get a citation. Anyone
who's got the citation easily available is invited to post. Also,
anyone out there have an article on zero-knowlege systems they'd care
to post? Tim? You out there?
kevin young
I'm generally uncomfortable with suggesting "more laws" as an
answer to anything, but what would people want to see in a
"Propagation of Private Information" law? What should the
principles behind it be? We have specific laws that cover specific
types of information (e.g. credit); how, and to what, should they
be extended?
I would not want to see a law such as this. I don't want to see
George Orwell's world become reality. A law such as this will require
the information police to enforce it. When I have a conversation with
someone, I don't want to have to worry about what I can and can not do
with the information they give me. The simplest solution is to take
responsibility for your own privacy. Become informed. Don't rely on
government to cover your ass. Use the free flow of information to
your advantage by finding out which companies will help you to protect
your privacy.
Daniel Guilderson
ry...@cs.umb.edu
J. Luce
>In article <3778.2...@iccgcc.decnet.ab.com> herr...@iccgcc.decnet.ab.com (daniel lance herrick) writes:
>>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>>>
>>> Anyway, when did I ever make Equifax my agent and ask them to sell info
>>> about me?
>>>
>>You freely gave information that is valuable and Equifax is selling
>>it as the agent of the person you gave it to or as their own agent.
>
Well, I had something more scary happen... I just bought a townhouse,
I went for Homeowner's Insurance. the agent took the info over the phone.
He placed the business and I came by, dropped off the check to pre-pay
for 1 year, got my policy and left. 2 weeks later the insurance (which
had been prepaid) was cancelled due to my Credit Report from
CBI/Equifax. *NEVER EVER* did I give anyone the right to look up my
report or check *ANY* kind of reference. So, I call South Carolina
Insurance Commission (Insurer is located there) and complain. Sorry,
they say, it is a *STATE LAW* that anyone with a 'vested interest' can
grab your credit report, *WITHOUT* your permission. For example, if you
are at a hotel and did not pre-pay your room, the hotel can call and get
your report because you owe them money. If you pre-pay but *could* use
room service to order a midnight snack, that gives them grounds to do the
check...
This was straight from the S.C Insurance Commissioner. They said this
holds true in N.C. also (I'm checking tomorrow). How's that for
protection from big brother???
Is there a Federal Law out there that overrides this manure ? If so, who
do I call, the U.S. Atty. General's office here said it wasn't their
problem...
Thanks...
Fuming In Raleigh...
Suzanne Woolf
>In article <17...@venera.isi.edu> wo...@isi.edu (Suzanne Woolf) writes:
>
> I'm generally uncomfortable with suggesting "more laws" as an
> answer to anything, but what would people want to see in a
> "Propagation of Private Information" law? What should the
> principles behind it be? We have specific laws that cover specific
> types of information (e.g. credit); how, and to what, should they
> be extended?
>
>I would not want to see a law such as this. I don't want to see
>George Orwell's world become reality. A law such as this will require
>the information police to enforce it.
This is somewhat true, which is why I'm uneasy with "more laws". (I
don't feel that privacy protective laws *necessarily* lead to
"information police", but I'm willing to stipulate it's not a good
idea to trust the government with this sort of thing.) It seems more
like what's needed is attitude adjustment-- new customs to arise in
society, new ways of looking at the problem. Perhaps we need more of
a sense among people that privacy is both important and threatened.
>When I have a conversation with
>someone, I don't want to have to worry about what I can and can not do
>with the information they give me.
Please note I'm talking about people/organizations I do business with.
Personal relationships and casual conversation are a different realm
entirely. My concern is primarily with situations where there are no
personal incentives to respect my preferences (which I hope isn't the
case with most of my friends) and where there are incentives to sell
information about me without my consent ($3 per name per mailing list,
in many cases).
>The simplest solution is to take
>responsibility for your own privacy. Become informed. Don't rely on
>government to cover your ass. Use the free flow of information to
>your advantage by finding out which companies will help you to protect
>your privacy.
Part of the inspiration for my original post is that I *am*
"informed", and mostly what I'm informed of is that *everyone* is
selling information about me, and that most of them don't care what I
think of it. I'm not relying on the government to cover my ass, but
my own efforts are demonstrably not adequate; I'm finding that if I
want any privacy at all, the list of things I must not do keeps
getting longer. And it is unfortunate but currently true that the
only "free flow of information" is from me to them-- in general, in my
experience, simply asking a representative of a business you're
dealing with "Is your company selling customer information, if so to
whom?" doesn't get you anywhere. (Ask the Customer Service people at
your bank who they've sold your name to lately. They won't know, or
they won't tell you.)
Again, I don't like the "more laws" solution much, except I could see
a law that requires people to get my consent before they sold personal
information about me, and tell me if I ask what they've done with such
information. I'd settle for that "free flow of information" going
both ways.
I suspect that if most people knew how much information about them is
benig passed around behind their backs, they'd be fairly concerned;
many people appreciate getting targetted advertising mail, but many
don't. Informed customers can make up their own minds-- which is why
the marketers and database builders seem to be trying so hard to make
sure people aren't informed.
I'd like to see the default assumption change from "You can do
whatever you want with information about me" to "Information about me
belongs to me, and you can't propagate it outside our business
transaction without my consent". I'm more than happy to start with
"You have to tell me."
--Suzanne
wo...@isi.edu
Suzanne Woolf
>>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>>>
>>> Anyway, when did I ever make Equifax my agent and ask them to sell info
>>> about me?
>>>
>>You freely gave information that is valuable and Equifax is selling
>>it as the agent of the person you gave it to or as their own agent.
>
>While the information is freely given, it is easy to not be aware that
>you are giving out information, and it is hard to become aware, after
>the fact, that you have given it out. This could be considered a
>hazard of living in this society, but I would just as soon eliminate
>the hazard.
>
At the risk of wandering off on a tangent, this strikes me as a
critical aspect, not much discussed, of the debates on the nature of
privacy, private information, etc.
The argument that "You freely gave valuable information" to Equifax
makes an assumption: that information I give, or my credit card
company gives about me, to Equifax is theirs to do as they wish
(subject only to the law) *regardless of the intent* of the
information provider.
Another way to put the question is this: If I give someone information
about me for a specific purpose, should there be any limitation on
what they can do with it outside of that purpose? Or must I give up
all say over the further propagation of that information? Do I, by
consenting to one use of the information, consent to all?
Currently, in practice, yes. However, I don't think it should be this
way.
I give my bank information about me so that I may conduct my financial
affairs with them, not so they can sell my name to credit card
companies. When I buy something by mail order I give them my address
so that they can deliver to me the merchandise I have ordered, not so
they can sell my name to mailing list companies. When I give
information about my finances on my mortgage application, it's so they
can verify my credit, not so they can put me on Equifax's Hot List of
credit seekers. Etc. By entering into a business relationship with
any of these people I don't feel I've given prior consent to them to
use information provided as part of the transaction for any other
purpose, and it bothers me quite a lot that they regularly get away
with acting as if I had.
Increasingly you hear the argument that "If you don't want them to do
this, don't do business with them": "If your phone company puts
CallerId on your phone and you don't want me to have your phone
number, don't call me." "If you don't want to end up on mailing
lists, don't order anything through the mail." "If you don't want
bank/credit card company junk mail, don't have a credit card or apply
for a loan", etc. But it seems to me there are-- there ought to be--
more choices than that, especially as the limitations we have to live
under to protect our privacy keep getting more restrictive.
To some extent we can encourage this to happen by not doing business
with people that resell customer information without notification or
consent. But I'm interested in other people's ideas about how to
handle this problem when *every* service provider you can find is
reselling information without permission, or when it proves impossible
to find out who is selling the information, or when the offender is
quasi-public (e.g. the phone company). I'm generally uncomfortable
with suggesting "more laws" as an answer to anything, but what would
people want to see in a "Propagation of Private Information" law?
What should the principles behind it be? We have specific laws that
cover specific types of information (e.g. credit); how, and to what,
should they be extended?
"Live with it" is not an answer: Of course we *could*, but why should
we? Why can't we figure out a way to increase the choices available,
instead?
--Suzanne
wo...@isi.edu
Randolph Fritz
for credit must give you a copy of the credit report. You can also
request a correction if there are errors, and add your own version if
the credit reporting company refuses to correct an error. Procedures
for this are published every so often in *Consumer Reports*, and I
suggest you check there -- putting things in writing and obeying time
limits may be important.
Also, check around in your local library -- they may have something on
this.
herr...@iccgcc.decnet.ab.com
In another post, my response boiled down to "pay cash". There I listed
two or three specific strategies.
Here, develop a paranoid attitude. If someone asks for information,
decide whether you want to release the data before answering.
If a wrong number comes in and the calling party asks "Who is this?",
I answer "Who did you call?" If I don't like the answer, I tell them
"Well, you did not reach them."
Back to Equifax, your address is in the phone book. The county registrar
of deeds holds as public information the assessed valuation and amount
of tax on the property at that address. The Equifax/Lotus database did
not connect these data, it only offered a neighborhood average
income/lifestyle estimate.
Abolish the property tax as a way of paying for government. Otherwise
local government will continue to have the lifestyle data available.
Of course, there are other sources for such data - such as asking
prices of houses for sale.
Another approach - don't ever use your residence address for
- publication in a phone or other directory
- subscribing to a magazine
- buying by mail order
- registering an automobile
the list goes on. You can move a lot of this to a poBox.
When the representative of Haines comes around asking questions to get
the data right in the "City Directory", they find me quite frustrating.
They want information for their purposes, not mine. I try to not be
helpful. Unfortunately, my wife is less obnoxious than I and they
keep coming around, year after year.
When the Catholic Diocese comes asking questions for their "census",
I am curmudgeonly and uncooperative.
The other poster that I answered spoke of "denial of service". Information
is part of their asking price. Don't pay. If they won't sell without
the information, don't buy.
decide how private you want to be, and then teach your spouse and children
to not cross the line. You can break many of the information connections
without giving up the advantages of our society. Real privacy requires
an unacceptable lifestyle.
dan herrick
herr...@iccgcc.decnet.ab.com
Randolph Fritz
easier to begin building zero-knowlege systems -- that is, public key
systems where personal information can be given out only once, and
only with the consent of the keeper? They've been technically
feasible for at least five years. This would require some legal work,
but nothing like what you're proposing.
This is very scary stuff. On the one hand, some of us are so worried
about privacy that they're prepared to make unpredictable social
changes just to protect it. On the other hand, some of us are
basically arguing that, if you make a business of it, it's all right
to be a snoop. I'm having real problems understanding this position
-- if prying is wrong for individuals, surely it is also wrong for
organizations? And destroying privacy is one of the big methods of
totalitarian social control -- one of the ways you design a prison is
to make all spaces public and encourage snitching. Supporting this in
the name of freedom also looks a lot like panic.
May I suggest we keep our heads?
nd t
ou ui
R Press T __Randolph Fritz sun!cognito.eng!randolph || rand...@eng.sun.com
ou ui Mountain View, California, North America, Earth
nd t
Perrot: And there's no point for the prisoners in taking over the
central tower?
Foucault: Oh, yes, provided that isn't the final purpose of the
operation. Do you think it would be much better to have the prisoners
operating the Panoptic apparatus and sitting in the central tower,
instead of the guards?
-- From "The Eye of Power", a conversation of Michael Foucault with
Jean-Pierre Barou and Michelle Barou, collected in *Power/Knowlege*
John Eaton
< getting longer. And it is unfortunate but currently true that the
< only "free flow of information" is from me to them-- in general, in my
< experience, simply asking a representative of a business you're
< dealing with "Is your company selling customer information, if so to
< whom?" doesn't get you anywhere. (Ask the Customer Service people at
< your bank who they've sold your name to lately. They won't know, or
< they won't tell you.)
Discussing privacy issues with you local bank clerk is about as useful
as discussing calculus with your cat. You seem to get the same vacant
stare that indicates they haven't the slightest clue of what the problem
even means.
Institutions of all levels have no concept at all of privacy. To them
information is a comodity to do with as they please. Your only protection
is to never give out any info that you don't want to leak out. The problem
is that most us were once young and poor and would tell anybody anything in
order to get Credit. That info is now impossible to control.
What we need is a good book on Stealth living. Tips on what an average
citizen can do to keep in control of his personal information. Perhaps
we can make using personal data in commission of a crime liable for an
extra hash sentance in the same manner as using a gun. An example would
be a thief who collects plate numbers from airport long term parking and
then uses DMV records to find the home addresses.
John Eaton
!hp-vcd!johne
Guest Account
I don't agree with the idea that "Information about me belongs to me".
I have information about you right now. I know that you like to read
comp.org.eff.talk. That could be valuable information to the
publisher of a magazine for activists. I don't have your permission
to have this information and since you are claiming to "own" all
information about you, I must be breaking the law. Clearly, that is
not the current state of the law. You want to limit the scope of the
law to business transactions but that makes the law complicated and
hard to enforce fairly. It will also make goods and services more
expensive for everyone whether they care about privacy or not.
Personally, I feel all the necessary tools are already available. You
want to make a business transaction which involves divulging some
information to another party. You don't want the information to
propagate beyond this transaction. You have the party (by some sort
of contract) agree not to propagate the information. Later, you find
out they did propagate the information. You sue the pants off 'em.
I hear your argument that there are no companies willing to operate
this way but I believe in a free market system. If enough people
demand privacy, it won't be long before some enterprising company
figures out a way to make a profit by giving them what they want.
Maybe you could collect names of people who want more privacy and tell
some credit card company that they are all interested in having
"private" accounts. I know the IEEE allows people to limit the
propagation of personal information.
Daniel Guilderson
ry...@cs.umb.edu
Brad Templeton
personal communications 100% secure. You'll use E-mail and
digital voice, but since it's easy, you'll use security all the
time. Your key will probably be stored in a smartcard or smartwatch
that you carry with you. On your computers, it will be stored in
RAM -- you'll need to enter your password when you boot.
The criminal community will jump to get ahold of this technology, although
it won't be sold for them at first. But even we non-criminals can see
the virtue in routine security. Nobody wants to be wiretapped or
E-mail snooped. (E-mail will get this first. The ECPA lets them
look at your E-mail with a warrant, but soon that will become valueless
to them, unless your E-mail provider refuses to take encrypted data!)
I have been told that the drug merchants are already using Prodigy as
a communications base, simply because it's harder from a logistic
standpoint to do the tapping, at least right now. (In theory, it should
be easier, until they encrypt)
But some day it will all be encrypted as a matter of course. How will
the law, public and the police react to this?
Will they pass laws forbidding encrypted communication? I can hardly
see this getting by the ACLU and others, but there is still a risk.
Will they have to do lightning raids on people they suspect to
grab their computers while they are still on with the keys in ram?
Rip your smartwatch off your wrist to get your code?
Will they be more tempted to violate your rights to extort your code
out of you?
Will the courts be able to force you to reveal your code, or will this
be considered unfair self-incrimination under the bills of rights?
We know what it should be. But the police are powerful, and they will
react very badly to the elimination of the wiretap from their arsenal.
How will they catch some of the criminals they now do catch with this
tool? Even if Jane Public is not that careful, the Mafia will be.
--
Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
Randolph Fritz
communications technology for quite a while now, mostly by attempting
to classify it and developments in this area. Since much research is
done with Department of Defense grants, they are moderately successful
at classification.
By the way, it's likely that the NSA is monitoring this group, if only
for recording.
Steven J Owens
>In article <17...@venera.isi.edu> wo...@isi.edu (Suzanne Woolf) writes:
>
> I'd like to see the default assumption change from "You can do
> whatever you want with information about me" to "Information about me
> belongs to me, and you can't propagate it outside our business
> transaction without my consent". I'm more than happy to start with
> "You have to tell me."
>
>I don't agree with the idea that "Information about me belongs to me".
>I have information about you right now. I know that you like to read
>comp.org.eff.talk. That could be valuable information to the
>publisher of a magazine for activists. I don't have your permission
>to have this information and since you are claiming to "own" all
>information about you, I must be breaking the law.
You're twisting his words a bit here. What he said was "you
can't propagate it outside our business transaction without my consent."
It might be better expressed as "I have a copyright on my personal
information, and you can't distribute that information without my
consent." Actually, this leads to some interesting thoughts. What
if I trademark/copyright my name and personal information? Could I
then sue any company which violated such restrictions by distributing
information about me?? Hm...
Steven J. Owens | Scratch@Pittvms | Scr...@unix.cis.pitt.edu
John Eaton
< Personally, I feel all the necessary tools are already available. You
< want to make a business transaction which involves divulging some
< information to another party. You don't want the information to
< propagate beyond this transaction. You have the party (by some sort
< of contract) agree not to propagate the information. Later, you find
< out they did propagate the information. You sue the pants off 'em.
----------
Fine. Your assignment for this week is to pick any local government
agency that you wish to do business with and get them to agree not
to propagate your personal information. Let us know how it turns out.
John Eaton
!hp-vcd!johne
John Eaton
< Another approach - don't ever use your residence address for
<
Official PO boxes are not the best way to do this because even
the most dimwitted clerk knows that you do not sleep in yours
every night. Get a box at your neighborhood MailBoxes-R-Us store.
They cannot by law be called a PO box so you must use an address
that looks for all intents and purposes like an Apartment address.
John Eaton
!hp-vcd!johne
J. Luce
-There is a federal law requiring that the company who turns you down
-for credit must give you a copy of the credit report. You can also
-request a correction if there are errors, and add your own version if
-the credit reporting company refuses to correct an error. Procedures
-for this are published every so often in *Consumer Reports*, and I
-suggest you check there -- putting things in writing and obeying time
-limits may be important.
-
-Also, check around in your local library -- they may have something on
-this.
-
- nd t
- ou ui
-R Press T __Randolph Fritz sun!cognito.eng!randolph || rand...@eng.sun.com
- ou ui Mountain View, California, North America, Earth
- nd t
I am well aware of this stuff, what *IRKS* me is that they or anyone
else with this so-called vested interest can access my data without
asking *AND* getting my permission. What you suggest is after-the-fact
stuff. I want to know if there is anything on the Federal Books against
the accessing of this credit info without written or at the very least
verbal OK to do so...
Dag Erik Lindberg
>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
}>
}> Anyway, when did I ever make Equifax my agent and ask them to sell info
}> about me?
}>
}You freely gave information that is valuable and Equifax is selling
}it as the agent of the person you gave it to or as their own agent.
I give away lot's of information that is valuable to people for
SPECIFIC PURPOSES. For example, I give my medical history to my doctor
and my insurance company, but if they were to sell it I would have
legal recourse. I give my VISA number to certain vendors over the
phone, but if they were to sell it there are serious civil and legal
penalties in store for them. Your argument doesn't hold water.
--
del AKA Erik Lindberg uunet!pilchuck!fnx!del
Who is John Galt?
Wm Randolph Franklin
>
>Will the courts be able to force you to reveal your code, or will this
>be considered unfair self-incrimination under the bills of rights?
Well, the courts already have forced people to sign orders to foreign
banks telling the bank to reveal the person's account info.
Sorry, I lied. The courts didn't FORCE anyone to do anything; just made
it a condition of their purging a charge of criminal contempt (for
refusing to reveal the info in the first place) and getting out of jail.
Contempt is a crime with a life sentence w/o parole.
One way to avoid bill-of-rights problems (and beyond-reasonable-doubt
problems) is to make it a civil case.
--
Wm. Randolph Franklin
Internet: w...@ecse.rpi.edu (or @cs.rpi.edu) Bitnet: Wrfrankl@Rpitsmts
Telephone: (518) 276-6077; Telex: 6716050 RPI TROU; Fax: (518) 276-6261
Paper: ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180
Dag Erik Lindberg
>In article <12...@airs.UUCP> airs!i...@uunet.uu.net (Ian Lance Taylor) writes:
>>In article <3778.2...@iccgcc.decnet.ab.com> herr...@iccgcc.decnet.ab.com (daniel lance herrick) writes:
>>>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>consent. But I'm interested in other people's ideas about how to
>handle this problem when *every* service provider you can find is
>reselling information without permission, or when it proves impossible
....
>with suggesting "more laws" as an answer to anything, but what would
>people want to see in a "Propagation of Private Information" law?
I just had an interesting idea, sparked somewhat by the idea that
in the future the most valuable commodity will be information. It
only requires a new interpretation and application of existing law.
The copyright laws. A person's personal information, including
address, phone #, financial and medical data, would be protected
by copyright. An institution would have implicit contract to what
amounts to a site license to use your information for any purposes
within the organization, but would be prohibited from selling or
giving the information to any other person or organization without
your express consent.
Comments?
Suzanne Woolf
>In article <GUEST.91M...@geech.ai.mit.edu> gu...@geech.ai.mit.edu (Guest Account) writes:
>>I don't agree with the idea that "Information about me belongs to me".
>>I have information about you right now. I know that you like to read
>>comp.org.eff.talk. That could be valuable information to the
>>publisher of a magazine for activists. I don't have your permission
>>to have this information and since you are claiming to "own" all
>>information about you, I must be breaking the law.
>
> You're twisting his words a bit here. What he said was "you
>can't propagate it outside our business transaction without my consent."
>It might be better expressed as "I have a copyright on my personal
>information, and you can't distribute that information without my
>consent."
Exactly. Thanks for this followup. I'll try to clarify further.
The poster writing as "gu...@geech.ai.mit.edu" (sorry, I lost your
.sig) does have my permission to have the information he cites;
clearly it would be a bizarre waste of my time to be writing this
stuff without expecting it to be read, and I've done it knowing that
dozens of strangers now have my email address and some information
about my opinions and beliefs. What he doesn't have is my permission
to give/sell the information he has to that hypothetical activists'
magazine for their mailing list (or whatever). I don't care if it
would be of interest to them, it ought to be up to me to decide
whether they get it, not them and not some third party who once saw my
name on a usenet post.
>Actually, this leads to some interesting thoughts. What
>if I trademark/copyright my name and personal information? Could I
>then sue any company which violated such restrictions by distributing
>information about me?? Hm...
What a thought. Actually, copyright law would say you could sue.
Maybe that means that instead of staying out of the databases, we
should just demand royalties :-)
--Suzanne
wo...@isi.edu
Randolph Fritz
or performed, or played on the radio is standard procedure. So it's
technically possible to do the same with publishing personal
information. I'd sure dislike it, though.
__R
Scott Draves
Why are new laws necessary for any protection of personal information
you want?
If you are involved in a business transaction where you divulge
information that you want to remain private, than just put it in the
contract that the information must remain private. If they tell
anyone, sue! what could be simpler?
--
christianity is stupid
Scott Draves communism is good
sp...@cs.cmu.edu give up
lee
It seems to me that although Suzanne Woolf's first suggestions went
too far in the direction of interference with the normal flow of
information (we don't need one more way of prosecuting someone for
idly revealing what didn't even appear to be a confidence), she is
on the right track with the notion that SELLING personal information
should require the informed consent of the person informed about.
This is already a part of the law for certain kinds of information.
Try MAKING A BUCK on insider knowledge of corporate profitability
(yeah, I know thousands do it and don't get caught). The crime isn't
in passing on the information, but in capitalizing on it (as far
as I know, ignorance of the law being my only excuse).
--
------------------------------------------------------------------------
Lee Story (l...@wang.com) Wang Laboratories, Inc.
(Boston and New Hampshire AMC, and Merrimack Valley Paddlers)
------------------------------------------------------------------------
Greg Alt - Perp
like I should be able to get the product name made into a trademark. Then
anyone who prints my name must mention that it is a trademark of Greg Alt Co.
I have a feeling this wouldn't work, but why not? Also, I think it would be interesting to have special laws that require royalties to be paid to the names on
a mailing list when it is sold.
Greg
((((C.Irby))))
> I just had an interesting idea, sparked somewhat by the idea that
> in the future the most valuable commodity will be information. It
> only requires a new interpretation and application of existing law.
>
> The copyright laws. A person's personal information, including
> address, phone #, financial and medical data, would be protected
> by copyright. An institution would have implicit contract to what
> amounts to a site license to use your information for any purposes
> within the organization, but would be prohibited from selling or
> giving the information to any other person or organization without
> your express consent.
Well...
Chad Irby
Copyright (c) 1959
All rights reserved
It sort of bothers me that my signature (to follow the major copyright
conventions) is about 5 times as long as my name... (41 vs. 8).
;-)
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ C Irby ci...@vaxb.acs.unt.edu cirby@untvax ++
++ Someday, I'll know all of the answers. Of course, by ++
++ then I won't understand the questions any more... ++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Greg Alt - Perp
> Do all the other Greg Alts in the world have to pay royalties to you
> as well?
>
> Daniel Guilderson
> ry...@cs.umb.edu
How about if I make a product called Greg Alt/555-1234/My street/My town/My zip.
Or separate products like Greg Alt/555-1234 and Greg Alt/address.
Then anyone selling my name and info would be selling a trademark and would have
to pay royalties. I think the comparison of me giving out my credit card number
is a good one. If I give out my number, it is private information is illegal to
distribute. My phone number and address also should be considered private unless
I feel otherwise.
Greg
Ian Lance Taylor
>
>If you are involved in a business transaction where you divulge
>information that you want to remain private, than just put it in the
>contract that the information must remain private. If they tell
>anyone, sue! what could be simpler?
This might possibly be workable, but it is not simple.
For example, I occasionally find it necessary to mail order various
items. I doubt the mail order companies would be willing to enter
into such a contract, not necessarily because they want to sell my
address and information about my purchases but because it would likely
be more time and effort for them than the sale would be worth.
--
Ian Taylor airs!i...@uunet.uu.net uunet!airs!ian
First person to identify this quote wins a free e-mail message:
``Consistency may be the hobgoblin of little minds, but inconsistency does
tend to bring one to the attention of the police computers.''
William Vajk
>People who really care about privacy should pay for it. Those that
>don't really care should not have to subsidize those that do.
>Daniel Guilderson
>ry...@cs.umb.edu
I suppose it had to come to this sooner or later.
When do you stop paying to be left alone, to not have others intrude
into your life ?
On this same basis, Daniel, I suggust that it would be OK for me to punch
you in the nose every day, till you decide to pay me to stop. And carrying
matters one step further, others shouldn't interfere or subsidize protections
on your behalf, cause they don't care that you're being punched in the nose.
Bill Vajk
Robert Minich
| In article <12...@airs.UUCP> i...@airs.UUCP (Ian Lance Taylor) writes:
|
| For example, I occasionally find it necessary to mail order various
| items. I doubt the mail order companies would be willing to enter
| into such a contract, not necessarily because they want to sell my
| address and information about my purchases but because it would likely
| be more time and effort for them than the sale would be worth.
|
| People who really care about privacy should pay for it. Those that
| don't really care should not have to subsidize those that do.
|
| Daniel Guilderson
| ry...@cs.umb.edu
Uhmmm. Uhmmm. I don't want to panic or anything, but the Supreme Court
*has* acknowledged a fundamental right to privacy. Should those who
desire life, liberty, and the pursuit of happiness have to pay extra???
Should I also be forced to pay extra for police services if I "really
care about" my life and property so those who don't give a damn don't
have to subsidize me and the criminal justice system? Should it cost
me more to prohibit Joe Schmo from entering my home and looking
through my desk? (After all, this is just another blow to my privacy.)
Is it really too much to ask that EVERY database be required to use
a flag indicating whether it is OK to distribute information about me
for purposes other than which I granted access to the information? (By
default, the data should be considered private.) That is much less
restrictive than requiring, say, that everyone in the database be
notified of its existance or, even more interesting, notification of
each access made to information about themselves. (_I_ would really
like to know when and why information about me is being accessed. It
is difficult to defend yourself when you are not allowed to face your
[possibly silicon] accuser.) I don't think a bit per person is too
much to ask.
If the data collectors complain that an absolute yes or no is too
great of an imposition, they are welcome to add more access control
bits to their database. I think it is safer and easier for all involved
to *grant* access to information rather than trying to *deny* such
access or prevent propagation of information that is incorrect and/or
desired to be kept private. If a database where found to have
inappropriately obtained data, its owners should be required to delete
such data upon request.
Finally, how many people don't care at least somewhat about their
privacy? Would you be offended if I browsed through your bills, tax
returns, bank accounts, shopping list, or sock drawer?
--
|_ /| | Robert Minich |
|\'o.O' | Oklahoma State University| "I'm not discouraging others from using
|=(___)= | min...@d.cs.okstate.edu | their power of the pen, but mine will
| U | - "Ackphtth" | continue to do the crossword." M. Ho
Randolph Fritz
big techniques of power in our time -- think of prisons, workplace
supervisors (and yes, supervision as we understand it is only a few
centuries old), and all those intelligence agencies.
Surveillance is cheap power, you see -- it multiplies direct control
by at least a hundred-fold. In a prison, instead of constantly
supervising everyone, you supervise infrequently -- and only sometimes
let the prisoners know when they're being watched. So the prisoners
have to supervise themselves. This is how a small group of guards
controls a large group of prisoners.
The positive converse of this power, of course, is the strength comes
from free sharing; community. That's the hopeful side of the
electronic frontier.
To suggest that people should buy privacy is to suggest that people
should buy freedom. If that's the new order, then viva la revolution!
(Spell checkers? We don't need no stinkin' . . .)
nd t
ou ui
R Press T __Randolph Fritz sun!cognito.eng!randolph || rand...@eng.sun.com
ou ui Mountain View, California, North America, Earth
nd t
Dag Erik Lindberg
>There is a federal law requiring that the company who turns you down
I don't think this is germane(sp?) to the issue. The issue is with a man that
was denied PREPAID service because of a bad credit report. Maybe he really
DOES have bad credit. So what? Maybe the man screwed up and wasn't able
to pay a few bills. He gets a bad credit rating. Now he can't buy
insurance on his house, even if he pre-pays. His house burns down, with
everything in it, and now the man is left with nothing. And probably a
major outstanding debt, which combined with bad credit will certainly
prevent him from buying a new house. And if landlords in NC also have
a 'vested' interest in his credit rating (and who could argue they don't?)
the man wouldn't even be able to rent a place. The guy ends up on the
street, or begging for a couch from friends.
IMHO this is serious misuse of credit information, and I'll make sure I
*never* move to NC!
James A. Sharaf
> But it seems to me there are-- there ought to be--
> more choices than that, especially as the limitations we have to live
> under to protect our privacy keep getting more restrictive.
>
> [paragraph skipped]
>
> "Live with it" is not an answer: Of course we *could*, but why should
> we? Why can't we figure out a way to increase the choices available,
> instead?
Amen!
--
(617) 964-5866 | James A. Sharaf
jsh...@world.std.com | 46 Newbury Street
uunet!world!jsharaf | Newton, Massachusetts 02159
--
=============================================================================
(617) 964-5866 | James A. Sharaf
jsh...@world.std.com | 46 Newbury Street
uunet!world!jsharaf | Newton, Massachusetts 02159
herr...@iccgcc.decnet.ab.com
> In article <12...@airs.UUCP> airs!i...@uunet.uu.net (Ian Lance Taylor) writes:
>>In article <3778.2...@iccgcc.decnet.ab.com> herr...@iccgcc.decnet.ab.com (daniel lance herrick) writes:
>>>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
>>>>
>>>> about me?
>>>>
>>>You freely gave information that is valuable and Equifax is selling
>>>it as the agent of the person you gave it to or as their own agent.
>>
>>you are giving out information, and it is hard to become aware, after
>>the fact, that you have given it out. This could be considered a
>>hazard of living in this society, but I would just as soon eliminate
>>the hazard.
>>
>
> At the risk of wandering off on a tangent, this strikes me as a
> critical aspect, not much discussed, of the debates on the nature of
> privacy, private information, etc.
>
> The argument that "You freely gave valuable information" to Equifax
> makes an assumption: that information I give, or my credit card
> company gives about me, to Equifax is theirs to do as they wish
> (subject only to the law) *regardless of the intent* of the
> information provider.
>
> Another way to put the question is this: If I give someone information
> about me for a specific purpose, should there be any limitation on
> what they can do with it outside of that purpose? Or must I give up
> all say over the further propagation of that information? Do I, by
> consenting to one use of the information, consent to all?
>
[discussion omitted]
> quasi-public (e.g. the phone company). I'm generally uncomfortable
> with suggesting "more laws" as an answer to anything, but what would
[more discussion omitted]
Suzanne: I believe I have preserved your point while omitting your
defense of it. Thank you, this is a direction I have been trying to
point this discussion. Now, my comments.
Each of the written requests for information has some sort of contractual
structure. The telephone application for insurance filled out a form that
had the same structure.
Action you can take: Every time you put answers to questions on a piece
of paper, add to the contract before you sign it a statement of what
purposes you are willing to have the information used for.
Some organizations at the other end of such contracts will live by the
contract you signed. Some will refuse your business, as is their right.
Some will accept your business and violate your contract.
The way we can change the way people do business is to cause companies
in the second category to forego a lot of business for this reason and
to cause companies in the third category to lose some big judgments over
breach of contract.
A very large fraction of the information abuses people complain of have
a signed piece of paper behind them. Teach people to change those
boilerplate contracts before they sign them.
dan herrick
herr...@iccgcc.decnet.ab.com
herr...@iccgcc.decnet.ab.com
>>In article <1991Mar11....@cs.ucla.edu>, ga...@lanai.cs.ucla.edu (David Gast) writes:
> }>
> }> Anyway, when did I ever make Equifax my agent and ask them to sell info
> }> about me?
> }>
> }You freely gave information that is valuable and Equifax is selling
> }it as the agent of the person you gave it to or as their own agent.
>
> I give away lot's of information that is valuable to people for
> SPECIFIC PURPOSES. For example, I give my medical history to my doctor
"freely gave" and "for SPECIFIC PURPOSES" are opposites of each other.
> and my insurance company, but if they were to sell it I would have
> legal recourse.
Take a look at the language of the insurance information clause you
are asked to sign at a hospital. It gives them permission to reveal
your medical data to an insurance company anytime (no expiration).
The permission to disclose information on a life insurance application
gives the insurance company that collects the info the right to enter
it into a perpetual data base operated by a fourth party and available
to other insurance companies for a membership or subscription fee. There
is a fee so that this limited publication could be called "selling". Have
you exercised the "legal recourse" you mention?
> I give my VISA number to certain vendors over the
> phone, but if they were to sell it there are serious civil and legal
> penalties in store for them. Your argument doesn't hold water.
>
Again, the information is not "freely given". There is a contractually
limited purpose.
dan herrick
herr...@iccgcc.decnet.ab.com
herr...@iccgcc.decnet.ab.com
information. And what it says is that they will use it to minimize
your privacy. Social Security records are used to enforce the draft
registration law. And the Internal Revenue Code is used to encourage
parents to get Social Security Numbers for two year olds before they
can make an informed decision to register or not to register.
The most spectacular example of doublespeak is the Bank Privacy Act
that declares that your bank will keep a record of all your checking
account activity over some threshold amount in case some government
representative wants to see it.
Of course you said "local" and my examples are federal. Most of the
government abuses at every level are mandated by law and fixing them
requires changing that law. A useful and desirable objective, but
it is possible to improve one's own situation by being circumspect
faster than it is possible to change such laws.
dan herrick
herr...@iccgcc.decnet.ab.com
Brad Templeton
large that this is a right to privacy wrt the government, and extension to
private citizens is far less certain. (Not to say that it won't be there,
but it will not be as rigid)
We should encourage statute law to define default terms of confidentiality
for personal information given in business transactions, just as law and
ethics already define such terms for certain special transactions today,
such as those with doctors, lawyers and other professionals.
This is what we need. We need no less, but we also need no more. If we
go overboard with crazy concepts like "copyright" or "trademark" on your
name and personal information, you create more bureaucracy and more flaunting
of the laws.
We fleshed all this out in detail a couple of months ago. Is this group going
to be one of those groups with recycling discussions?
--
Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
Robert J. Kudla
about my opinions and beliefs. What he doesn't have is my permission
to give/sell the information he has to that hypothetical activists'
magazine for their mailing list (or whatever). I don't care if it
would be of interest to them, it ought to be up to me to decide
whether they get it, not them and not some third party who once saw my
name on a usenet post.
So if the circulation editor of such a magazine read this newsgroup
and added your name to his mailing list, do you feel he would be
breaking the law? (I've gotten on two real world mailing lists, both
of which I quite enjoy, through just such a thing happening....)
I must admit that I find all of this restriction-of-personal-info
stuff silly at best and frightening at worst. One of my former
roommates bagged my landlord for multiple hundred bucks and we've been
reduced to "covert operations" or whatever you want to call snooping
around people who know him hoping to catch a scrap of info, all
because it's too easy in this world to hide oneself.
I greatly favor a society where people can "slip through the cracks"
and carry on with their lives without fear of someone watching
everything they do, and I would really love to see a society without a
standard means of identifying anyone at will (i.e., eliminate social
security numbers which were never meant for that purpose anyway). But
I've also seen people abuse their "right to self-concealment" or
whatever to the point where I'm extremely suspicious of *anyone* who
wants to hold back that kind of info.
Robert Jude Kudla <ku...@rpi.edu>
No more bars! No more cages! Just rollerskating, disco music, and
the occasional light show....
Robert J. Kudla
Uhmmm. Uhmmm. I don't want to panic or anything, but the Supreme Court
*has* acknowledged a fundamental right to privacy. Should those who
desire life, liberty, and the pursuit of happiness have to pay extra???
No, but maybe those who don't should be able to pay less..... not that
I know anyone who doesn't enjoy life, liberty and t.p.o.h., while I
know at least a few people who don't give a damn about privacy, myself
included.
Should I also be forced to pay extra for police services if I "really
care about" my life and property so those who don't give a damn don't
have to subsidize me and the criminal justice system? Should it cost
me more to prohibit Joe Schmo from entering my home and looking
through my desk? (After all, this is just another blow to my privacy.)
I think you're over-reacting a little bit here. But I also feel that
those with no property shouldn't really have to protect their property
(and the tax system seems to agree with me somewhat).
Is it really too much to ask that EVERY database be required to use
a flag indicating whether it is OK to distribute information about me
for purposes other than which I granted access to the information? (By
default, the data should be considered private.) That is much less
restrictive than requiring, say, that everyone in the database be
notified of its existance or, even more interesting, notification of
each access made to information about themselves. (_I_ would really
like to know when and why information about me is being accessed. It
is difficult to defend yourself when you are not allowed to face your
[possibly silicon] accuser.) I don't think a bit per person is too
much to ask.
Isn't there some bureau all these people who really want to be
invisible to marketroids can write to to eliminate 90 or 95% of their
name's incidences on mailing lists? I've heard something to that
effect lots of times.
desired to be kept private. If a database where found to have
inappropriately obtained data, its owners should be required to delete
such data upon request.
"should be required" is a mighty easy phrase to use when the subject
is someone other than yourself.
Finally, how many people don't care at least somewhat about their
privacy? Would you be offended if I browsed through your bills, tax
returns, bank accounts, shopping list, or sock drawer?
Of course I wouldn't. What do I have to hide? Of course, I don't
feel I should be *required* to provide any such information (or socks)
to anyone, but I also don't feel real property is the same as
intellectual property, and don't feel like opening that can or worms
right now.
Robert J. Kudla
When do you stop paying to be left alone, to not have others
intrude into your life ?
When do we stop threatening essentially harmless actions with endless
litigation?
On this same basis, Daniel, I suggust that it would be OK for me to
punch you in the nose every day, till you decide to pay me to stop.
And carrying matters one step further, others shouldn't interfere
or subsidize protections on your behalf, cause they don't care that
you're being punched in the nose.
I fail to see how receiving a few extra pieces of junk mail per day is
even remotely similar to receiving a daily bodily injury. Care to
elaborate how junk mail = broken nose, or even how creditors catching
up with you = broken nose?
herr...@iccgcc.decnet.ab.com
>
> Uhmmm. Uhmmm. I don't want to panic or anything, but the Supreme Court
> *has* acknowledged a fundamental right to privacy. Should those who
Excuse me, but what the Supreme Court did was create a "right to
privacy" to use as a cover for killing unborn babies.
They did not acknowledge a right to privacy that conforms to
ordinary understandings of the words.
dan herrick
herr...@iccgcc.decnet.ab.com
Free speech is a sound investment
In article <675...@hp-vcd.HP.COM>, jo...@hp-vcd.HP.COM (John Eaton) writes...
><<<<
>< Another approach - don't ever use your residence address for
><
>< the list goes on. You can move a lot of this to a poBox.
>----------
>Official PO boxes are not the best way to do this because even
>the most dimwitted clerk knows that you do not sleep in yours
>every night. Get a box at your neighborhood MailBoxes-R-Us store.
>They cannot by law be called a PO box so you must use an address
>that looks for all intents and purposes like an Apartment address.
>
There is a drawback to this idea, in that the software at the Big 3 (TRW,CBI,
EquiFax) will flag your credit profile with a warning that this is not your
'real' address. Some credit institutions might regard this as attempted
credit fraud, or at a minimum, not grant your request for credit.
*- --*-- -*
Jim Pflueger | pflu...@thewav.enet.dec.com
DEC Enterprise Integration Services| !decwrl!thewav.enet!pflueger
Costa Mesa, California | "I take da job!" - Frogman
*- --*-- -*
Dag Erik Lindberg
>In article <9...@fnx.UUCP>, d...@fnx.UUCP (Dag Erik Lindberg) writes:
>> SPECIFIC PURPOSES. For example, I give my medical history to my doctor
>
>"freely gave" and "for SPECIFIC PURPOSES" are opposites of each other.
A semantic nit I'm not sure I agree with.
>Take a look at the language of the insurance information clause you
>are asked to sign at a hospital. It gives them permission to reveal
>your medical data to an insurance company anytime (no expiration).
Thank you for pointing this out. I will double check this next time
I am in the hospital. I was under the assumption that insurance
companies needed a release just the same as anyone else. I was under
this assumption since last time I was in a major accident the (paying)
insurance company asked me for a release for my hospital records. This
implies they couldn't get them without the release, or is this a smoke
screen?
>The permission to disclose information on a life insurance application
>gives the insurance company that collects the info the right to enter
>it into a perpetual data base operated by a fourth party and available
>to other insurance companies for a membership or subscription fee. There
>is a fee so that this limited publication could be called "selling". Have
>you exercised the "legal recourse" you mention?
Since I don't have life insurance, the answer is "no". Thank you for
pointing this issue out for me. When and if I do get life insurance, I
will be very conscious of this.
>> I give my VISA number to certain vendors over the
>> phone, but if they were to sell it there are serious civil and legal
>> penalties in store for them. Your argument doesn't hold water.
>>
>Again, the information is not "freely given". There is a contractually
>limited purpose.
Where is this contract?