|
Electronic Privacy Information Center (EPIC) Newsl
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
=============================================================
@@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@
@ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@ @ @ @@@@@ @ @@@ @@@ @
@ @ @ @ @ @ @ @ @ @ @
@@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @
============================================================
Volume 1.07 November 11, 1994
------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, DC
([email protected])
=======================================================================
Table of Contents
=======================================================================
[1] Ohio Court Upholds Privacy of SSNs
[2] NTIA to Hold Virtual Conference on Privacy
[3] Court Rejects Steve Jackson Appeal
[4] Canadian Gov't Releases Discussion Paper on NII Privacy
[5] GATT Legislation Requires SSN Issued at Birth
[6] New Files in the Archive
[7] Upcoming Conferences and Events
=======================================================================
[1] Ohio Court Upholds Privacy of SSNs
=======================================================================
In a decision handed down on October 26, the Ohio Supreme Court has
ruled that governmental disclosure of Social Security numbers (SSNs)
violates individuals' constitutional right to privacy. At issue was a
request by the Akron Beacon Journal for release of computer tape
records of the City of Akron's year-end employee master files. The
payroll files contain various information including employees' names,
addresses, telephone numbers, SSNs, birth dates, education, employment
status and positions, pay rates, service ratings, annual and sick
leave information, overtime hours and pay, and year-to-date employee
earnings. The City had provided the records to the newspaper, but
deleted the SSNs on privacy grounds.
EPIC staff, on behalf of Computer Professionals for Social
Responsibility, joined with the Public Citizen Litigation Group in
filing a "friend of the court" brief in the case. The CPSR/Public
Citizen brief highlighted the privacy implications of SSN disclosures
and argued in support of the City's decision to withhold the numbers.
The brief urged the Ohio Supreme Court to follow the lead of the U.S.
Court of Appeals for the Fourth Circuit in the case of Greidinger v.
Davis, where Virginia's practice of requiring SSNs for voter
registration purposes was held unconstitutional. EPIC staff had
similarly participated in the Greidinger litigation as friends of the
court.
Significant excerpts from the Ohio Supreme Court decision:
The city's refusal to release its employees' SSNs does
not significantly interfere with the public's right to
monitor governmental conduct. The numbers by themselves
reveal little information about the city's employees. ...
While the release of all city employees' SSNs would
provide inquirers with little useful information about the
organization of their government, the release of the numbers
could allow an inquirer to discover the intimate, personal
details of each city employee's life, which are completely
irrelevant to the operations of government. As the Greidinger
court warned, a person's SSN is a device which can quickly be
used by the unscrupulous to acquire a tremendous amount of
information about a person. ...
Thanks to the abundance of data bases in the private
sector that include the SSNs of persons listed in their
files, an intruder using an SSN can quietly discover the
intimate details of a victim's personal life without the
victim ever knowing of the intrusion.
Coming a year after the Greidinger decision, the Akron Beacon Journal
case continues a trend toward judicial recognition of the privacy
implications of SSNs. EPIC will continue to participate in related
litigation in an attempt to establish a body of caselaw protecting the
confidentiality of SSNs and other personal information.
A copy of the decision is available at cpsr.org /cpsr/privacy/ssn
ohio_ssn_case_1994.txt.
=======================================================================
[2] NTIA Virtual Conference -- Privacy Discussion
=======================================================================
EPIC Director Marc Rotenberg and Computer Privacy Digest Moderator
Prof. Leonard Levine will co-host the privacy discussion for the NTIA
Virtual Public Conference next week. The Virtual Conference is part
of the Administration's effort to gather information and opinions
about the issues of universal service and open access. Regarding
privacy, some of the questions that the Administration would like to
pursue are:
-- What potential is there for the telecommunications and
information networks to compromise personal privacy? To what extent
will perceptions of reduced privacy hinder widespread, seamless
access to the telecommunications and information networks?
The conference will begin on November 14th, 1994, and run through
midnight November 18th, 1994. If there is sufficient interest, it may
be extended an additional week.
You may subscribe to the privacy discussion by sending email to:
[email protected]
Your email address will be saved and you will be added to the
subscription list for the topic. You will receive an introductory
message about the conference. You do not need to supply any
information in the subject line or in the message to pre-subscribe.
If you wait and subscribe on November 14, 1994, you need to send email
to a conference topic from the account where you want to receive the
mailings. The message should have the single line in it:
subscribe topic your name
where subscribe is a keyword and topic is the name of one of the
following topics: redefus, avail, intellec, privacy, standard,
opnacces.
In addition to the privacy discussion, you might also subscribe to:
[email protected] (Redefining Universal
Service and Access)
[email protected] (Affordability and Availability)
[email protected] (Interoperability)
[email protected] (Intellectual Property)
[email protected] (Access for Individuals
with Disabilities)
To find more about the NTIA conference, go to:
http://ntiaunix1.ntia.doc.gov:70/0/press/virtcon.txt
Participants in the Virtual Conference are also encouraged to review
the following two documents recently issued by NTIA: (1) NII Field
Hearings on Universal Service and Open Access: America Speaks Out;
and (2) Notice of Inquiry (NOI) on Universal Service and Open Access
Issues (written comments in response to this NOI are being received by
NTIA and should be filed on or before December 14, 1994, to receive
full consideration). Both documents already are available through
NTIA's IITF Gopher Server at iitf.doc.gov, dial in to (202) 501-1920,
and NTIA's Bulletin Board Service at (202) 482-1199,
ntiabbs.ntia.doc.gov (telnet, gopher or world-wide web).
Privacy materials may be found at the cpsr.org gopher site in the file
/cpsr/privacy/epic. Back issues of Computer Privacy Digest are
available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with
password identifying yourid@yoursite. The archives are in the
directory "pub/comp-privacy". People with gopher capability can most
easily access the library at gopher.cs.uwm.edu. Mosaic users will find
it at gopher://gopher.cs.uwm.edu.
=======================================================================
[3] Court Rejects Steve Jackson Appeal
=======================================================================
The US Circuit Court of Appeals for the 5th Circuit has ruled that the
seizure of a bulletin board (BBS) which contains private electronic
mail is not an unlawful interception prohibited by the Electronic
Communications Privacy Act of 1986. The Court of Appeals upheld a
lower court ruling that the seizure was not an intercept because it
was not contemparanous with the transmission of the communications,
and thus not protected under ECPA in this case.
The Court reviewed the wording and the legislative history of the ECPA
and determined that interception did not include messages that were
electronically stored. It found that stored messages are covered under
Title II of ECPA, which has less strict requirements for the access of
electronic communications. In the lower court, damages and fees were
awarded against the Secret Service for violations of Title II.
A copy of the decision is available at our Internet Library. See below
for details.
=======================================================================
[4] Canada Asks for Comments on Information Superhighway Privacy
=======================================================================
The Canadian Information Highway Advisory Council has released a
discussion paper entitled "Privacy and the Canadian Information
Highway." The Council is asking for comments on the paper and
recomendations on how privacy should be protected on the Canadian
information superhighway.
The paper discusses privacy issues relating to transactional data and
profiling, transaction security and individual identification,
identity cards and single identifier numbers, and monitoring. It
provides a general overview of Canadian and international privacy for
both government and private sector data.
The report reviews possible approaches to privacy protection:
legislation and regulation; voluntary codes and standards;
technological solutions; and consumer education and the possible
benefits and drawbacks of each. It asks for comments from interested
parties on possible approaches.
Comments are due by December 23, 1994, and should be sent to Parke
Davis, Director General, Information Highway Advisory Secretariat,
Room 614, Journal Tower North, 300 Slater Street, Ottawa, Ontario
Canada K1A 0C8 or emailed to [email protected]. An electronic version
of the paper is avaiable from the CPSR Internet Library. See below for
details.
=======================================================================
[5] GATT Legislation Requires SSNs Issued at Birth
=======================================================================
Buried in a section of the bill implementing the General Agreement on
Tariff and Trade (GATT) is a requirement that Social Security numbers
be issued at birth.
Section 742 of H.R. 5110 requires that for the purposes of the Earned
Income Tax Credit, SSN's must be issued at birth. Currently, parents
can wait up to one year before filing. The requirement will put
further pressure on hospitals to issue SSNs to all newborns, even if
the parents do not plan to take advantage of the tax credit.
The bill is scheduled to be heard in an unusual lame duck (after
election) session of Congress late this month. A copy of the
provision is available from cpsr.org /cpsr/privacy/ssn/gatt_ssn.txt
=======================================================================
[6] New Files at the Archive
=======================================================================
Court of Appeals for the 5th Circuit opinion on Steve Jackson Games.
/computer_crime/jackson_ecpa_appeal_1994.txt
Canadian Information Highway Advisory Council Privacy Paper
/privacy/privacy_international/country_reports/canada
canada_info_highway_privacy_eng.txt - English ASCII version
canada_info_highway_privacy_eng.rtf - English RTF version
canada_info_highway_privacy_fr.rtf - French RTF version
The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy
International, the Taxpayers Assets Project and the Cypherpunks are
also archived. For more information, contact [email protected].
=======================================================================
[7] Upcoming Privacy Related Conferences and Events
=======================================================================
Security and Privacy Issues for the National Information
Infrastructure, Computer Security Institute Conference. Washington,
DC. Nov. 14-15, 1994. Sponsored by Computer Security Institute.
International Security Systems Symposium and Expo. Washington, DC.
Nov. 16-18, 1994. Contact: Brad Smith (301) 986-7800.
Free Speech and Privacy in the Information Age. Waterloo, Ontario. Nov.
26, 1994, Sponsored by University of Waterloo. Contact
[email protected].
The Technology for Information Security Conference '94 (TISC '94).
Galveston, Texas. Dec. 5-8, sponsored by: NASA Johnson Space Center
Mission Operations Directorate (MOD), MOD AIS Security Engineering
Team, and the ISSA. Contact: John D'Agostino
(dagostin@killerbee.jsc.nasa.gov).
Fall Internet World 94. Washington, DC. December 6-9, 1994. Sponsored
by Internet World Magazine. Contact: [email protected].
Health Data Initiatives: 1995. Washington, DC. Dec. 12-13, 1994.
Sponsored by National Association of Health Data Organizations.
Contact: NAHDO (703) 532-3282.
1995 Data Security Conference. Jan 9-11, 1995. Redwood City, CA.
Sponsored by RSA Data Security. Contact: [email protected]
Second International Conference on Information Warfare: "Chaos on the
Electronic Superhighway" Jan 18-19, Montreal, CA. January 18, 1995,
Sponsored by NCSA. Contact: Mich Kabay (75300.3232@compuserve.com).
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926
(fax).
INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the Internet
Society. Contact [email protected].
Key Players in the Introduction of Information Technology: Their
Social Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: [email protected]
(Send calendar submissions to [email protected])
=======================================================================
To subscribe to the EPIC Alert, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to [email protected]. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce.
Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org
/cpsr/alert and on Compuserve at Keyword: NCSA, Library 2
(EPIC/Ethics)
=======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data. EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email [email protected], or write
EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1
202 544 9240 (tel), +1 202 547 5482 (fax).
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: [email protected]
------------------------ END EPIC Alert 1.07 ------------------------
|
|
