seals@uncecs.edu (Larry W. Seals) (11/17/90)
I saw an article in the WSJ this week that Lotus will be releasing a
new product called Lotus Marketplace which is a CD based database of
80 million households. Included in this database will be information
such as names, addresses, shopping habits and income. Consumers can
be categorized by socio-economic groups and targeted accordingly.
Initial offering will be 5000 names for around $695 with additional
groups of 5000 available for around $400.
The ACLU and Computer Professionals for Social Responsibility (through
Marc Rotenberg) have denounced the venture as a violation of privacy.
Lotus maintains that the information is available anyway through
mass-marketing firms and they will only sell to legit businesses and
will keep a "fraud list" of abusers. Their critics say that Lotus
Marketplace with it's ease of use/access, low cost and the difficulty
in enforcement of the non-abuse policies will make it ripe for privacy
abuses.
I foresee someone seriously slamming Lotus for the actions of some
greedy marketer on this one. It's bad enough that every government
agency in the US has a database that might have our names in it and
mail order houses send crap to my door with six different spellings
of my name. I have the feeling that the worst is yet to come here on
the frontier.
**********************************************************************
Larry Seals @ Trailing Edge Software - "When it doesn't have to be the
very best!"
"If Pro is the opposite of Con, what is Congress the opposite of?"
**********************************************************************brad@looking.on.ca (Brad Templeton) (11/17/90)
This brings up what I feel is one of the most interesting questions of the electronic frontier. We are pulled in two different directions. On one hand, we have deep concern on how the government might regulate our use of computers and what we will do with them -- what information we will collect, what we will share, what we will publish. We fear a bureaucracy and invasions of our homes by armed goons on strange pretexes. At the same time, we call for protection of privacy, and strict regulation of what people can store about us on computers, what databases can be merged and what can be done with that information. We fear big institutions most, but even today the technology exists for an individual to have a database more extensive than Lotus' Marketplace. Can we have both regulation of what you can do with a computer and freedom to do what you will with your computer? If so, how? If not, which one do we want more? How much of the other do we give up? -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
hhe@ifi.uio.no (Hans Henrik Eriksen) (11/18/90)
In article <1990Nov17.074534.8751@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: > We are pulled in two different directions. > > On one hand, we have deep concern on how the government might regulate > our use of computers and what we will do with them -- what information > we will collect, what we will share, what we will publish. We fear a > bureaucracy and invasions of our homes by armed goons on strange > pretexes. > > At the same time, we call for protection of privacy, and strict regulation > of what people can store about us on computers, what databases can be > merged and what can be done with that information. Yes, this is a difficult conflict of interest. In Norway we have rela- tively strict regulations on use of registers containing personal infor- mation. The legislators has made it a key point that every individual should be able to control the information about themselves floating around in databases (the most important exception is medical records, but this is governed by its own laws.) That is, in a sense a person is the OWNER of the information about him or herself. An individual has two basic rights regarding the control of personal information: -the right to request a printout of his or her personal record in a database -the right to request that oneself be expunged from the database (difficult with distributed material, especially CDs :-) All this comes from the assumption that the information regarding a person will be used in some way that may affect that person. Therefore it is of vital interrest that the information is CORRECT, COMPLETE (in some sense) and UPDATED, so that one will get a fair treatment when it is used. Further on, companies are prohibited from selling or giving away their customer databases. Direct mail agencies with special permits are allowed to merge registers from several companies for a ONE TIME mail job only. The merged registers must be destroyed immediately thereafter. Many direct mail agencies now print their register sources on the distributed material. Needless to say, there must be a gray marked for consumer registers in Norway, but the large and important direct mail companies are (hopefully) not willing to take the risk of doing something illegal and having their permits revoked. Hans Henrik Eriksen, hhe@ifi.uio.no
wayner@hermod.cs.cornell.edu (Peter Wayner) (11/18/90)
brad@looking.on.ca (Brad Templeton) writes: >This brings up what I feel is one of the most interesting questions of >the electronic frontier. >We are pulled in two different directions. >On one hand, we have deep concern on how the government might regulate >our use of computers and what we will do with them -- what information >we will collect, what we will share, what we will publish. We fear a >bureaucracy and invasions of our homes by armed goons on strange >pretexes. >At the same time, we call for protection of privacy, and strict regulation >of what people can store about us on computers, what databases can be >merged and what can be done with that information. >We fear big institutions most, but even today the technology exists for >an individual to have a database more extensive than Lotus' Marketplace. >Can we have both regulation of what you can do with a computer and freedom >to do what you will with your computer? >If so, how? >If not, which one do we want more? How much of the other do we give up? >-- >Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473 This is an _excellent_ point! One day, everyone is getting all excited because BellSomething didn't want Craig Neidorf keeping a document filled with information on their computers. The next day, we're getting all upset about Lotus selling information about our likes and dislikes to the world. There is a _fundamental_ problem here with our knee-jerk sympathies. The more I think about it, the more I begin to feel as if the notion of privacy in this case is a bit difficult to sustain. Say I run into someone on the street-- a perfectly public occasion. She might be wearing a Burberry's Raincoat and a Hermes scarf. From this I can immediately tell something about her income level and whether or not I, a mail-order leather biker clothes vendor, should send her a catalog. The same goes for the bum asking for change, the preppie running along the Charles River in Boston and the fan at the Celtics. If she is walking a dog, then I know she's a dog owner. And so on. If I follow her to the store, (a public act not governed by the warrant restriction of search) I can find out a bit more about her habits. The process of gathering data about someone's purchases and lifestyle minutae are really quite within the classic public domain. Heck, Sherlock Holmes would sit down next to someone and make absolute astonishing observations and draw conclusions. Everyone loved him, yet Lotus, which is just making everything smoother, quicker and more automated seems like an information-age nazi. Now, this argument is a bit specious because we are starting to see how some of the legal definitions of privacy conflict with the more intuitive notions. One of the Supremes said, I think, that privacy is really the right to be left alone. The ability to shut off the junk mail, the cold-callers and the relentless pitchmen of Madison Avenue. This is the psychological space that Lotus is violating. Of course, it might be interesting to take a Utilitarian view and wonder just what is the public good of having such a database floating around. One argument states that credit databases are great for the average, billpaying man because they reward the good with credit and punish the deadbeats. Thanks to this, I can walk up to some car dealer, say "I'll have one of those, and don't hold the chrome" and I'll be driving away after writing a check for $1,000 or so. He's run a check on me and found my word is pretty good. I certainly _like_ getting unsolicited catalogs that pander to my taste in the mail. It saves me the trouble of looking for that certain something I desire. It saves me from the blandness of the mall. It saves me from wasting gas and time. Heck, it makes me feel like a king when the merchants come a calling offering to deliver their wares to my door. Again, if I've been buying from "Leathers For All Weathers", I probably won't want to waste my time perusing a catalog from "Talbots." This whole thing reminds me of a girl I knew. When she would go to parties and spend her time fending off "geeks and computer nerds" she would come home and be totally upset about the attention. This sort of attention was, in her mind, just a slightly sublimated form of sexual harrassment. When they were acceptable men, though, she would coo and coo. So how are we going to go about defining "acceptable" data storage? Should we make all personalized solicitation (not just sexual, but all commercial) off-limits? One solution might be to prohibit any sort of solicitation that approaches groups smaller than a certain size, say 100 people. Anyone maintaining a database or selling lists of names that violate this precept would be publicly flogged like Michael Milken. This would cause a few problems in small towns. Perhaps. Then there is the question of free speech. Some sort of communication is being banned here and that makes people nervous. Well, the law could only be applied to corporations that are specifically "selling" or "soliciting." The goopy, "Gee Dad, I'm glad I'm doing great things for Dow Chemical" stuff could be let off. The current court has upheld the rights of governments to control the speech of corporations in a recent case about Michigan's proposal to limit campaign spending by corporations. (This was a weird split with Rehnquist taking the line that the corporations are legal creations of the government and therefore what the government gives the government can take away. Scalia took a more hard-line 1st ammendment approach. In the end, it was 5-4 I think. I'm not sure on this point.) So what does this boil down to? One suggestion for a law against solicitation and some ruminations that privacy isn't really anti-information as much as the right to be left alone. To blend in and feel the warmth of the crowd. Peter Wayner Department of Computer Science Cornell Univ. Ithaca, NY 14850 EMail:wayner@cs.cornell.edu Office: 607-255-9202 or 255-1008 Home: 116 Oak Ave, Ithaca, NY 14850 Phone: 607-277-6678
jgd@rsiatl.UUCP (John G. DeArmond) (11/18/90)
wayner@hermod.cs.cornell.edu (Peter Wayner) writes: >brad@looking.on.ca (Brad Templeton) writes: >>This brings up what I feel is one of the most interesting questions of >>the electronic frontier. >>We are pulled in two different directions. >>On one hand, we have deep concern on how the government might regulate >>our use of computers and what we will do with them -- what information >>we will collect, what we will share, what we will publish. We fear a >>bureaucracy and invasions of our homes by armed goons on strange >>pretexes. This problem would seem to me to have a rather simple solution. Simply prohibit the storing and using of any personal information in any database without the explicit consent of each person regarding each and every database. Said permission should required to be sought decoupled from any other transaction. Thus, your bank would not be allowed to sell your name as a condition for obtaining a loan. Some would say that this would be too expensive. Companies already spend big bucks on mailing lists. A direct mail of permission postcards would be much less expensive and much more direct. While I can sympathize with Peter's appreciation of being stroked by merchants, I go in exactly the opposite direction. I value my privacy to the upmost and to to a lot of trouble to keep my name off of mailing lists and out of databases. I should have that right just the same as Peter has the right to be stroked. The cases that piss me off the most are the ones for which I have no control. Things like credit databases or the medical information database that the insurance industry keeps so as to more easily deny you coverage. We have no effective control over these databases and how they are used. Peter made the point that one could collect personal information about someone simply by looking. That is true. However, I believe the criteria for regulation should take into account the ease, convenience and effectiveness of the collection. Just as I can legally look at your house from the street and gather some information about your lifestyle, I CANNOT fly a camera under a helicoptor and peer into everyone's living room in a particular area. Or at least I should not be allowed to. Many denials of rights have happened as a result of technology making the means available for trivial effort. For example, before computers, the IRS could not analyze your lifestyle and impute income (right or wrong) and tax you on it, despite the fascist leanings of the agency. Computers have given them the opporutnity and lowered the risk. In other words, before computers, the means was there but it was not effective or convenient. As with many losses of freedoms, convenience is the conveyance of the devil. John -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
peter@ficc.ferranti.com (Peter da Silva) (11/18/90)
I'm not worried about merchants getting my name. I'm not worried about direct marketers targeting me. I think the whole telemarketer/junk mail issue is a red herring. I'm worried about crooks getting bootleg copies of the CD, or sections of it. There will be too many copies out there (there better be, or Lotus will take a huge bath) for it to be effectively controlled. I'm going to call Lotus monday and find out how to keep my name off it. -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
larry@belch.Berkeley.EDU (Larry Foard) (11/19/90)
In article <MI17.K7@xds13.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes: [stuff deleted] > >I'm worried about crooks getting bootleg copies of the CD, or sections >of it. There will be too many copies out there (there better be, or Lotus >will take a huge bath) for it to be effectively controlled. > [stuff deleted] I think in general laws restricting publicly available information will be counter productive. Restricting this information is no different than other restrictions on the freedom to use information. No special interest group (consumer action,FBI, etc.) should get to suspend these rights just because they happen to be politicaly correct at the moment. It would make much more sense if companys providing this type of information where held liable for any damages resulting from failing to correct misleading information. Claiming computer error, or hackers should be no excuse. After banks have safes and use armored cars, a company that chooses to take on that kind of responcibility should make sure there systems are secure, and operating well.
jjewett@math.lsa.umich.edu (Jim Jewett) (11/19/90)
In article <4960@rsiatl.UUCP>, jgd@rsiatl.UUCP (John G. DeArmond) writes: |> wayner@hermod.cs.cornell.edu (Peter Wayner) writes: |> >brad@looking.on.ca (Brad Templeton) writes: |> >>We are pulled in two different directions. |> >>On one hand, we have deep concern on how the government might regulate |> >>our use of computers and what we will do with them -- what information |> >>we will collect, what we will share, what we will publish. We fear a |> >>bureaucracy and invasions of our homes by armed goons on strange |> >>pretexes. |> This problem would seem to me to have a rather simple solution. Simply |> prohibit the storing and using of any personal information in any |> database without the explicit consent of each person regarding each |> and every database. Said permission should required to be sought |> decoupled from any other transaction. Thus, your bank would not be allowed |> to sell your name as a condition for obtaining a loan. So what constitutes a database? My personal phone book is a list of people with their names, phone numbers, and email addresses. It may also include other information, such as their (home) address, or their roommates. (No need for two entries.) The information in here was voluntarily given to me, but it was often for a specific purpose. (eg ... Call me tonight about bridge ... have Joe call me immediately ...) I didn't specifically ask "Oh, can I keep your phone number?" I also keep a file of email addresses with other snatches of information about people I don't know as well. For instance, with one entry, I note that he is a grad student in a department I may someday apply to, and that he was helpful. I didn't get explicit permission to save his address, or information about him. Realistically, you don't want to ban these databases ... I could certainly do the same with pen and paper (though I'd lose it sooner.) But what if I then decide that a particular posting is really funny, and start forwarding it to everyone on my lists? Or what if I start forwarding biz.*? Or what if all I do is tell the local people about a play production that I'm in? Or what if I start a business, and use these lists as my first customer base? Where do you draw the line? These people did give me the information -- except for those who posted it publicly, but they didn't give it to me for commercial reasons. They also didn't necessarily give it to me for social reasons originally, but some would in fact be annoyed if I dropped them from the list. -jJ jjewett@math.lsa.umich.edu Take only memories. Jewett@ub.cc.umich.edu Leave not even footprints.
jmc@Gang-of-Four.stanford.edu (John McCarthy) (11/19/90)
I think it is a mistake to put any restriction on what information is kept in databases. I think people have a right to know what information about them is kept in databases offered for sale, have a right to have references to rebuttals kept available to whoever uses the database. The way I would propose to make this right effective is not by requiring the organization keeping the database do anything other than attach numbers to the items. The user of a database can ask the public rebuttal database whether a rebuttal has been filed to an item and then see it. Items put in a database should be subject to the ordinary laws of libel if the database is sold or made generally available, i.e. the items should be regarded as published. Beyond that a user of a database is responsible for any actions he takes, e.g. denial of credit, whether he does it on the basis of a database or for some other reason.
brad@looking.on.ca (Brad Templeton) (11/19/90)
I think John is right. We can't pass laws telling people what they can store. We might be able to get away with regulating what people can do with data they have, but I am wary of how such laws will be written. The use of libel law to protect against bad database entries is an excellent idea. That body of law may be expanded slightly to deal with this. That does not, however, deal with "privacy" in any way -- some people have expressed a desire not to have demographic information collected about them, or worse than that -- merged. Unfortunately, laws to deal with such questions are very difficult to enforce. And I am against laws that are difficult to enforce. We may have to come to grips with the fact that we are going to have less privacy of certain types. We can, fortunately, regulate what the *government* does. Consider the net, and its successors. I have been on the net for over ten years. I have probably written a couple of thousand postings. From those postings, you could figure out a great deal about me -- where I've lived, where I've worked, who I know on the net, what my political opinions and philosphies are, what I invest in, what software I develop, what computer products I buy and use, what causes I support and what jokes I think are funny. (The net knows *far* too much about that.) All this is public, and how can I claim it is anything but public? Yet I feel uneasy about somebody doing a database query on that, and getting all of it at once, or a quick summary of it. (Particularly some of those earlier writings :-)) Likewise I am uneasy that even today a database search of newspaper full-text will bring up my name as associated with racism, with few pointers to articles that indicate the truth. (For those who don't know, I support free speech, and thus "support" racist speech the same way the ACLU "supports" Nazis in Illinois.) But I think I am just going to have to live with it, and as nets become bigger and swallow the educated world, we may all have to. I can copyright my net postings and forbid their storing in archives, but I can't forbid summarizing. Besides, just try to make such a copyright restriction on your net postings today!) Perhaps we can look for ways to stop information from us from changing hands without our permission. That is analogous to copyright, and might be safe enough. Right now my bank knows all about me, but the ethics of banking forbid them from broadcasting it to the world. Perhaps more things like this need to be codified, in standard contracts, or if that fails, in law. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
seanf@sco.COM (Sean Fagan) (11/19/90)
In article <48514@cornell.UUCP> wayner@hermod.cs.cornell.edu (Peter Wayner) writes: >This is an _excellent_ point! One day, everyone is getting all excited >because BellSomething didn't want Craig Neidorf keeping a document >filled with information on their computers. The next day, we're >getting all upset about Lotus selling information about our likes and >dislikes to the world. There is a _fundamental_ problem here with our >knee-jerk sympathies. You don't see a difference between a document describing the implementation of a phone system, and something with 80 million names, addresses, income levels, race, gender, and ages on it? Yep. There *is* a fundamental problem with your knee-jerk sympathies. A list of just names and addresses is bad enough, but tolerable (after all, you can get more-or-less the same thing from a few hundred or thousand phone books), but adding in the ages, income levels, genders, and races really frightens me. What if someone decides to go looking for old, rich widows, and break into houses found thereby? (Yeah, it's stretching a point, but...) Then, of course, it's from Lotus, so I have a prejudice 8-). -- -----------------+ Sean Eric Fagan | "*Never* knock on Death's door: ring the bell and seanf@sco.COM | run away! Death hates that!" uunet!sco!seanf | -- Dr. Mike Stratford (Matt Frewer, "Doctor, Doctor") (408) 458-1422 | Any opinions expressed are my own, not my employers'.
curt@cynic.wimsey.bc.ca (Curt Sampson) (11/19/90)
> This problem would seem to me to have a rather simple solution. Simply > prohibit the storing and using of any personal information in any > database without the explicit consent of each person regarding each > and every database. Said permission should required to be sought > decoupled from any other transaction. Thus, your bank would not be allowed > to sell your name as a condition for obtaining a loan. Perhaps a "distributed" database is the key. Rather than having the actual data, people could have a way to get the data from the rightful owner. The owner of the record (the individual to which it refers) would have complete control over the contents of the record. When she moves, she just updates the address. When someone wants the information, say for a mailing list, that entity would send a request to the server for information from this record. The server would check to see if that entity was authorised to have the particular information requested (address, phone number, SIN, whatnot). If it were, it would send the information, if not, it would deny the request. The owner of the record could then determine who and what kinds of entities have access to which pieces of information. cjs curt@cynic.UUCP | "The unconscious self is the real genius. curt@cynic.wimsey.bc.ca | Your breathing goes wrong the minute your {uunet|ubc-cs}!van-bc!cynic!curt | conscious self meddles with it." --GBS
hhe@ifi.uio.no (Hans Henrik Eriksen) (11/19/90)
In article <JMC.90Nov18190919@Gang-of-Four.stanford.edu> jmc@Gang-of-Four.stanford.edu (John McCarthy) writes: > I think it is a mistake to put any restriction on what information is > kept in databases. I think people have a right to know what > information about them is kept in databases offered for sale, have a > right to have references to rebuttals kept available to whoever uses > the database. You left out an important right here: the right NOT to be registered in a database, or the right to control what information is kept there. Should the company where you work be allowed to keep every piece of information about you that they want to? Even if you don't want some particular item laying around? After you have quit the job? Who owns the information? It is not you who put it there. I've mentioned Norwegian law on registers with personal information, which is relatively strict. It focuses on PROTECTION of the individual, not CONVENIENCE. Items not directly relevant to your job (generally, items not relevant) is forbidden in personal registers. (sorry about always referring to Norwegian law, but since we have a working law..) The issue of public rebuttal databases rises a lot of questions. The database is of limited use if one can't use (sigh) the information in it. So one can suppose that some information is copied from the database. Life changes, and so does one's attitudes (let alone one's attributes :-) towards keeping the information public. Maybe there has been a major change in the persons life, so that important attri- butes are changed. It is impossible to get all the copies floating around the world updated or destroyed. Too bad for the person involved if this is important, and some old information is used in disadvantage to the person by somebody somewhere. Note that even appearing in a "database", even if there is no information there can be incriminating. Subscribers to "Phrack" would probably agree on this. Hans Henrik Eriksen hhe@ifi.uio.no
fwp1@CC.MsState.Edu (Frank Peters) (11/19/90)
In article <LioVs3w163w@cynic.wimsey.bc.ca> curt@cynic.wimsey.bc.ca (Curt Sampson) writes: > This problem would seem to me to have a rather simple solution. Simply > prohibit the storing and using of any personal information in any > database without the explicit consent of each person regarding each > and every database. Said permission should required to be sought > decoupled from any other transaction. Thus, your bank would not be allowed > to sell your name as a condition for obtaining a loan. Perhaps a "distributed" database is the key. Rather than having the actual data, people could have a way to get the data from the rightful owner. The owner of the record (the individual to which it refers) would have complete control over the contents of the record. When she moves, she just updates the address. When someone wants the information, say for a mailing list, that entity would send a request to the server for information from this record. The server would check to see if that entity was authorised to have the particular information requested (address, phone number, SIN, whatnot). If it were, it would send the information, if not, it would deny the request. The owner of the record could then determine who and what kinds of entities have access to which pieces of information. What about things like credit records. My cousin once had an honest misunderstanding with a credit card company. Long after he got the credit card company to admit that the mistake was theirs he was hindered by bad credit information. It took most of a year to get that information corrected. But somehow I doubt potential creditors will accept information from a database that the individual maintains about himself. FWP -- -- Frank Peters Internet: fwp1@CC.MsState.Edu Bitnet: FWP1@MsState Phone: (601)325-2942 FAX: (601)325-8921
peter@ficc.ferranti.com (Peter da Silva) (11/19/90)
In article <1990Nov18.224340.3041@agate.berkeley.edu> larry@belch.Berkeley.EDU (Larry Foard) writes: > I think in general laws restricting publicly available information will be > counter productive. I agree (surprised?). I'm just glad that someone mentioned this online so I can go about protecting myself. > It would make much more sense if companys providing this type of information > where held liable for any damages resulting from failing to correct misleading > information. Agreed. It's like seatbelts: insurance companies got seatbelt laws passed by threatening to raise their premiums if they weren't. A better solution would have been to impose a higher deductible if your injuries could have been prevented by wearing a seatbelt. -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
howell@grover.llnl.gov (Louis Howell) (11/20/90)
In article <1990Nov19.062344.2222@looking.on.ca>, brad@looking.on.ca (Brad Templeton) writes: |> I think John is right. We can't pass laws telling people what they can |> store. |> |> We might be able to get away with regulating what people can do with data |> they have, but I am wary of how such laws will be written. |> |> The use of libel law to protect against bad database entries is an excellent |> idea. That body of law may be expanded slightly to deal with this. |> |> That does not, however, deal with "privacy" in any way -- some people |> have expressed a desire not to have demographic information collected |> about them, or worse than that -- merged. |> |> Unfortunately, laws to deal with such questions are very difficult to |> enforce. And I am against laws that are difficult to enforce. |> |> We may have to come to grips with the fact that we are going to have |> less privacy of certain types. We can, fortunately, regulate what the |> *government* does. |> |> ... Right on the mark, but perhaps it should be stated even more strongly: I think we're going to have to face a simple choice between two not-so-distant futures. Either we will live in a police state, or in a goldfish bowl. It is becoming too easy for government, corporations, and ultimately individuals to copy and process all kinds of information. We can place any limitations on government we want to, and we can limit the ways that private parties can USE certain kinds of information, but the only way we can regulate the FLOW of information is by massive surveillance and censorship. The most troubling item to me in the original announcement was Lotus's statement that they would only sell the information to "legitimate businesses". Who decides who's legitimate and who isn't? I have at times done some consulting work, and I've had to file 1040 Schedule C. Does that make me a business in Lotus's eyes, or do I have to incorporate first? Does it bother anyone else that a business should have access to information that individuals are not allowed to have? If we consider laws to restrict the creation and use of databases, we should always bear in mind that these laws will hit the little guy harder than the big guy. If a community activist makes a list of people living in one corner of town and sends them mail opposing a proposed zoning change, should he be prosecuted for Illegal Possession of a Database? What if a service station keeps records of its customers and uses a computer to determine who's due for an oil change? It would be even worse if a law specifically forbid the use of a computer to process the information. Computers can greatly increase the efficacy of citizen activists and "radical" publications, as well as the more "legitimate" businesses. Now who do you think would be most likely to be targeted for prosecution under a database law? -- Louis Howell "A few sums!" retorted Martens, with a trace of his old spirit. "A major navigational change, like the one needed to break us away from the comet and put us on an orbit to Earth, involves about a hundred thousand separate calculations. Even the computer needs several minutes for the job."
steve@Advansoft.COM (Steve Savitzky) (11/20/90)
Here's another angle that I bet Lotus hasn't considered: a risk for them. If some burglar (after filing a fictitious business name, which costs all of $10 around here) gets my name and address (by querying for a list of all PC owners in my city, say) and burgles my house... any bets on whether a jury would find Lotus partially liable? Deep pockets and all that. Come on, make my day. -- \ --Steve Savitzky-- \ ADVANsoft Research Corp \ REAL hackers use an AXE! \ \ steve@advansoft.COM \ 4301 Great America Pkwy \ #include<disclaimer.h> \ \ arc!steve@apple.COM \ Santa Clara, CA 95954 \ 408-727-3357 \ \__ steve@arc.UUCP _________________________________________________________
brian@ima.isc.com (Brian Holt Hawthorne) (11/20/90)
In a recent article, brad@looking.on.ca (Brad Templeton) writes: >I think John is right. We can't pass laws telling people what they can >store. I agree. I would like to see any possible regulations couched in terms of commerce. We can, and should, pass laws telling people what they can sell. My basic contention is that electronic data regarding my habits, my identity, and the like are my property. This sort of intellectual property is similar to copyrighted material I might produce. There is obviously some level of "Fair Use" of this information, but I would argue that it should not be possible to sell the information without my permission. >Consider the net, and its successors. I have been on the net for over >ten years. I have probably written a couple of thousand postings. > >All this is public, and how can I claim it is anything but public? It is publically available information, but still your intellectual property. By posting it to the network, you give implicit permission for certain uses. You do not, however, release it into the public domain. If you were to gather up all the postings of an individual, format them nicely, do a little editing, and try to sell it as a sketch of that person, I suspect the individual in question would have a fair claim to copyright ownership of the material. It would be difficult even to claim compilation copyright, since you are compiling the statements of a single person. Recent court cases in some unauthorized biographies which attempted to use even insubstantial portions of unreleased writings attest to this (I'll try to dig up the reference. I read it in the Nation this summer). >Right now my bank knows all about me, but the ethics of >banking forbid them from broadcasting it to the world. Obviously they will not broadcast your balance or deposits, but are you so sure they are not selling your name and address? I intend to send Lotus a letter similar to the following. Any comments? Brian Holt Hawthorne c/o Interactive Systems Corp. 1030 Massachusetts Avenue Cambridge, MA 02138 Lotus Development Corp. Attn: Market Name Referral Service 55 Cambridge Parkway Cambridge, MA 02142 19 November 1990 To whom it may concern: Please remove any information from your "Household Marketplace" product, or any other products or databases maintained or marketed by your company now or at any time in the future, regarding the following names in the zip codes indicated: Names to exclude: Brian Holt Hawthorne Brian Robie Holt Hawthorne Brian R. Holt Hawthorne Brian Holt-Hawthorne Brian Hawthorne B. Hawthorne B. R. Hawthorne Brian Robie Holt Brian R. Holt Brian Holt B. R. Holt B. Holt Applicable zip codes: 02159 02172 02138 I am the only individual in these zip codes who matches the names listed. Please note that simply marking the information as "Not interested in promotional materials" or by any similar manner, without actually deleting the information is unacceptable. I consider electronic data about myself and my habits to be my personal property. Although this concept has not yet been tested in a U.S. court, it has been upheld in other nations, including Norway. I am confident that the current judicial atmosphere in this country towards property rights (witness your recent legal victory regarding intellectual property and copyright) will decide in favor of individual ownership of personal electronic data. If my name or any information about me appears in any of your products or publications, I will be forced to consider legal action on the above grounds. Thank you in advance for your cooperation, Brian Holt Hawthorne -- =brian Email brian@ima.isc.com Phone 617-661-7474 x206 Fax 617-661-2070 upstream from the last bend in the Charles River
howell@grover.llnl.gov (Louis Howell) (11/20/90)
In article <8840@scolex.sco.COM>, seanf@sco.COM (Sean Fagan) writes: |> A list of just names and addresses is bad enough, but tolerable (after all, |> you can get more-or-less the same thing from a few hundred or thousand phone |> books), but adding in the ages, income levels, genders, and races really |> frightens me. What if someone decides to go looking for old, rich widows, |> and break into houses found thereby? (Yeah, it's stretching a point, |> but...) Don't take this badly, but this is the classic, standard, control freak argument. It's so standard there ought to be a copyright on it. :-) Since I believe it's in the public domain, here's a schematic: <Item X> would <enable/encourage> <bad person> to do <Action Y>. <Action Y> is undesirable. Therefore, <Item X> should be banned. Suggested substitutions for <Item X>: gun, pornography, "Communist Manifesto", database, ethyl alcohol, automobile, BBS, "Bill of Rights", satellite dish, free press, tobacco, digital tape recorder, copy machine... If you only look at the worst case example, you've already made your decision. In reality, there are usually other factors involved. For example, "Can a prohibition be enforced without creating a police state?" "Does <Item X> have benefits that outweigh the disadvantages?" "Can we control <Action Y> without regulating <Item X>?" "Is <Action Y> really undesirable, or just unfamiliar?" "Would a prohibition be enforced evenhandedly, or would it just strengthen an elite?" and similar questions should all be given careful consideration. We can probably keep a right to privacy in the sense of a right to be left alone, to conduct our affairs as we see fit. (We don't have this right completely now, but we could have it if we wanted it.) We will lose, however, the right to privacy in the sense of keeping certain facts secret. Face it, this is already gone, we're just debating a matter of degree. The only alternative is to give the government such a degree of regulatory power that we effectively lose all privacy in both senses of the word. -- Louis Howell "A few sums!" retorted Martens, with a trace of his old spirit. "A major navigational change, like the one needed to break us away from the comet and put us on an orbit to Earth, involves about a hundred thousand separate calculations. Even the computer needs several minutes for the job."
jgd@rsiatl.UUCP (John G. DeArmond) (11/20/90)
howell@grover.llnl.gov (Louis Howell) writes: >I think we're going to have to face a simple choice between two >not-so-distant futures. Either we will live in a police state, or >in a goldfish bowl. It is becoming too easy for government, corporations, >and ultimately individuals to copy and process all kinds of information. >We can place any limitations on government we want to, and we can limit >the ways that private parties can USE certain kinds of information, but >the only way we can regulate the FLOW of information is by massive >surveillance and censorship. Not at all. Here's how to do it without a police state. The concept is to put the onus of proving that it is NOT violating our rights onto the entity that proposes to push the privacy envelope. Here's how: * Make it illegal to use personal or corporate information for any activity that has the potentional to violate the target's privacy rights without the express written consent of the target. Spell such activities out in excrutiating detail if you wish - gives the Congressional Record something to print, after all. * Allow one exception and that is the effort necessary to seek permission from the target. If a person or corporation wants to authorize a blanket use for a catagory, clearing houses similiar to the Copyright Clearing House can catalog those names. Or if you want to allow the information on your business card to be placed in customers' rolodex (electronic or otherwise), simply print the permission statement on the card. * Permit only mailed requests for permission from strangers which would stop the boilerooms that would instantly pop up otherwise. It would be up to the target to determine whether a requestor is a stranger. Require that this request for permission be decoupled from any other requirement. This would prevent a hospital, for example, from requiring a release to a medical database as a condition for treatment. * Catagorize the permission into easily recognized catagories such as direct mail, release to the government, etc. * Set up a fund, initially seeded from tax funds but sustained from fines, that pays a flat fee for an attorney to prosecute a violation. Stipulate in the law that all that is necessary to prove violations is evidence that it occured and from where. No looking at intent or other time consuming evidence. Provide fixed fines that cannot be modified by the court for each violation. $50,000 seems about right. In the event that the government is the violator, hold the individual within the government liable. Designate fixed portions of the fine to go to the fund and to the victim. * Pierce the corporate veil in the event the violator is a sham or bankrupt corporation with no assets. Provide for the seizure of all personal assets of the officers involved to satisfy the fine. * Administer the program through the IRS (they know how to go for blood) and computerize the entire administrative process with a standard reimbursement form that must be signed by the victim, the attorney, and a magistrate, which would authorize the transfer of funds as specified. Consider some aspects of this proposal: * It creates little in the way of new bureauracracy. * It involved the government ONLY in punative situations. * It does not try to directly ban a practice, which we know to be impossible from observing the drug-sponsored war on the Constitution. * It does not try to ban the possesion of data, which we also know is impossible. It instead severely punished the abuse of said data. * It puts the full clout of the government behind the little guy who is most likely to be damaged by violations of this law. Is this tougher 'n hell? Yep. Will it make life hard on the data collectors? You bet! Will it provide extreme incentive to toe the line? Hell yes. Not only are the penalties consistent with punishment for lesser crimes such as certain RICO violations, it harshly regulated an industry wtih an overwhelming potential to harm large numbers of citizens. We've accepted such harsh regulations for much less harmful activities such as liquor stores, shooting ranges, and racetracks so why not a truely harmful activity? I certainly see no police state here. The program requires no action of the government or the people and only swings into action when an alledged violation takes place. And it punishes the violator sufficiently severely that there will be an irrestable incentive to take the extra caution justified by the penalties. All we gotta do is have to guts to try such a program. We've got little to lose; after all, it can't get much worse than it is today. >If we consider laws to restrict the creation and use of databases, we >should always bear in mind that these laws will hit the little guy >harder than the big guy. No it won't. The clearing house concept will suffice for the apathetic herds who just don't care or really do want to be in all databases. >If a community activist makes a list of >people living in one corner of town and sends them mail opposing a >proposed zoning change, should he be prosecuted for Illegal Possession >of a Database? Damn right. Implicit in this question is the assumption that because someone calls himself an activist, he deserves special privilege under the law. I reject that assumption. I'd probably call that same person a troublemaker, an obstructionist or a loudmouth. Of course under my program, the activist COULD set up shop in a sympathetic mall and solicit names. Anyone who signed under those conditions would give explict permission for that one use. >What if a service station keeps records of its >customers and uses a computer to determine who's due for an oil change? Same. If he wants to keep the records, he gets the permission of each customer when he sets the database up. That would keep him from later getting greedy and selling the list to a boileroom. >It would be even worse if a law specifically forbid the use of a >computer to process the information. Computers can greatly increase >the efficacy of citizen activists and "radical" publications, as well >as the more "legitimate" businesses. I'm not advocating calling out computers or any other form of data manipulation in the law. But the concept, now that you mention it, is intriguing. Give the private citizen a method of shutting up the loudmouth who pushes the outer limit of acceptable behavior. You might have something there. Before you knee-jerk too violently, remember that your activist is my troublemaker and vice versa. -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
edp@jareth.enet.dec.com (Eric Postpischil (Always mount a scratch monkey.)) (11/20/90)
In article <1990Nov18.224340.3041@agate.berkeley.edu>, larry@belch.Berkeley.EDU (Larry Foard) writes: >It would make much more sense if companys providing this type of information >where held liable for any damages resulting from failing to correct misleading >information. That doesn't solve all the problems. For example, what happens when somebody asks the database for a list of single women over the age of 65 with accumulated wealth in a particular neighborhood? The information on the CD can be used for burglaries, fraud, and rapes, yet the company has provided accurate information and is not liable under libel laws. Note that this sort of thing has happened; in California, information from the motor vehicle administration was used to plan rapes and thefts. In addition, there are control and power issues. A government that uses this information can become extremely powerful -- able to regulate people's lives in excrutiating detail and able to track, control, and suppress dissenters. How can we have a free society when critics of the government must fear retribution for their speech? I see an ethical problem here. On the surface, there would seem to be nothing wrong with supplying freely-collected information. But the way human beings use that information will ultimately lead to abuses. How do we deal with that? -- edp
dalamb@qucis.queensu.CA (David Lamb) (11/20/90)
In article <1990Nov18.224340.3041@agate.berkeley.edu> larry@belch.Berkeley.EDU (Larry Foard) writes: >It would make much more sense if companys providing this type of information >where held liable for any damages resulting from failing to correct misleading >information. This position seems reasonable, but I worry about "the burden of proof" falling on individual consumers to prove damages. It's fairly clear that different people have widely different views on privacy; some of us don't want to have to justify some form of "damage" to prevent some company from having us on their list. David Alex Lamb ARPA Internet: dalamb@qucis.queensu.ca Department of Computing David.Lamb@cs.cmu.edu and Information Science uucp: ...!utzoo!utcsri!qucis!dalamb Queen's University phone: (613) 545-6067 Kingston, Ontario, Canada K7L 3N6
brad@looking.on.ca (Brad Templeton) (11/21/90)
I dunno but the phrases "have to prove you *didn't* violate privacy" (guilty until proven innocent) and "not a police state" don't mix together well in my book. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
howell@grover.llnl.gov (Louis Howell) (11/21/90)
John made a decent try, but his scheme still sounds way too harsh to me. What it boils down to is that he would like to make sending a letter to a stranger a major crime. I just can't swallow that. In article <5010@rsiatl.UUCP>, jgd@rsiatl.UUCP (John G. DeArmond) writes: |> Not at all. Here's how to do it without a police state. The |> concept is to put the onus of proving that it is NOT violating |> our rights onto the entity that proposes to push the privacy envelope. Put the burden of proof on the defendant. Any use of a database is forbidden unless explicitly permitted. A blanket prohibition like this could be twisted in all sorts of unforseen ways by anyone with a grudge. (Just look at how RICO has evolved over time.) Sounds like you're giving anyone an excuse to sue on the flimsiest of pretexts, with little chance of a countersuit. |> * Make it illegal to use personal or corporate information for any |> activity that has the potentional to violate the target's |> privacy rights without the express written consent of the target. |> Spell such activities out in excrutiating detail if you wish - gives the |> Congressional Record something to print, after all. |> |> * Allow one exception and that is the effort necessary to seek permission |> from the target. Isn't this inconsistent? First you say we explicitly spell out the violations, then you say that everything but asking permission is a violation. In any case, the rest of your note shows that you consider practically anything a violation, even direct mail. |> * Set up a fund, initially seeded from tax funds but sustained from |> fines, that pays a flat fee for an attorney to prosecute a violation. |> Stipulate in the law that all that is necessary to prove violations |> is evidence that it occured and from where. No looking at intent |> or other time consuming evidence. Provide fixed fines that cannot |> be modified by the court for each violation. $50,000 seems about |> right. In the event that the government is the violator, hold |> the individual within the government liable. Designate fixed |> portions of the fine to go to the fund and to the victim. Since you're not looking at intent and not giving the court the option of being lenient, even the most unintentional of violators can be nuked. A $50000 fine for sending a letter is outrageous, particularly since many people would not even consider beforehand that this could be a crime. Five people object, for whatever reason, and suddenly you've given someone a debt that makes a second mortgage look like a bar tab. This law could wipe out grass-roots organization efforts with one blow. |> Will it provide extreme incentive to toe the line? Hell yes. This sounds just like the War on Drugs propaganda we hear all the time. |> Not only are the penalties consistent with punishment for lesser crimes |> such as certain RICO violations, it harshly regulated an industry |> wtih an overwhelming potential to harm large numbers of citizens. |> We've accepted such harsh regulations for much less harmful activities |> such as liquor stores, shooting ranges, and racetracks so why not a |> truely harmful activity? What's the truely harmful activity? I agree that some uses of personal data are harmful, but most are at worst an annoyance. Credit databases are already regulated, as are employers' files on their employees. I have nothing against regulations targeted at specific abuses, but a blanket prohibition would be crazy. |> >If a community activist makes a list of |> >people living in one corner of town and sends them mail opposing a |> >proposed zoning change, should he be prosecuted for Illegal Possession |> >of a Database? |> |> Damn right. Implicit in this question is the assumption that because |> someone calls himself an activist, he deserves special privilege under |> the law. I reject that assumption. I'd probably call that same |> person a troublemaker, an obstructionist or a loudmouth. Of course |> under my program, the activist COULD set up shop in a sympathetic |> mall and solicit names. Anyone who signed under those conditions |> would give explict permission for that one use. What makes you think I'm advocating some kind of special privilege for activists? I'm just talking about a private citizen trying to influence public affairs. From what I remember of my civics classes, this is supposed to be a good thing. Sounds like you'd rather have people cowering in their basements for fear of offending their betters. |> I'm not advocating calling out computers or any other form of |> data manipulation in the law. But the concept, now that you mention it, |> is intriguing. Give the private citizen a method of shutting up the |> loudmouth who pushes the outer limit of acceptable behavior. You might |> have something there. Before you knee-jerk too violently, remember |> that your activist is my troublemaker and vice versa. Everyone who tries to be heard is someone's troublemaker. He may be your troublemaker, Exxon's troublemaker, or the government's troublemaker, but there's always someone who would like to see him shut up. Your law would be just the tool to do it, too. -- Louis Howell "A few sums!" retorted Martens, with a trace of his old spirit. "A major navigational change, like the one needed to break us away from the comet and put us on an orbit to Earth, involves about a hundred thousand separate calculations. Even the computer needs several minutes for the job."
peter@ficc.ferranti.com (Peter da Silva) (11/21/90)
[John deArmond spells out a pretty tough set of requirements for use of a "database"... read <5010@rsiatl.UUCP> if you want more info] Sure looks like police state tactics to me. So what if it's no "tougher" than RICO or the some of the stuff the IRS gets away with... that's police state tactics too. The only reason we're not obviously living in a police state is that very few institutions have been given that much power yet. -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
jmc@Gang-of-Four.stanford.edu (John McCarthy) (11/21/90)
It seems to me that there is a certain amount of superstition in the belief that very many people are likely to be harmed by databases with information about their commercial transactions. It's a bit like beliefs that a spell can be cast by someone who gets your fingernail clippings. Doubtless examples can be concocted, but the examples I know about are ones where the information is used to do something already illegal. I think the Swedish and Norwegian laws on the subject have been harmful and are subject to further abuse, especially if adopted here. Suppose we assign the task of preventing illegal database entries to the Secret Service. You can expect search warrants and subpoenas of your files checking to see if you might have someone's phone number without proper consent. Besides the possibility that the Secret Service would go mad again, you are providing an opportunity for all kinds of busybodies. Any restrictions on the use of databases will have to be written extremely carefully. Any proposals for this should be accompanied by impact statements in which the proposers anticipate what possible harm might result from their proposals and others attack the impact statements as inadequate. Let me suggest that the people who have already posted restriction proposals on this newsgroup post impact statements for them.
wayner@fulla.cs.cornell.edu (Peter Wayner) (11/21/90)
jmc@Gang-of-Four.stanford.edu (John McCarthy) writes: >.........(plenty of text saying that laws against databases are >worse than junkmail.) Let me suggest that the people who have >already posted restriction proposals on this newsgroup post impact >statements for them. I think I argued that it might be interesting to prohibit any commercial venture that targetted less than some threshold, say 100 people. It's an okay idea and I don't think it would lead to the SS (funny initials) busting down any doors. Is it better than banning databases, sure. I think it tries to draw the line between what is junkmail and what is invading a specific person's privacy. I've since learned that all of this has been hashed out before in the legal world in a case, which I think was titled "Bowers v. Post Office" in which the Supremes came down heavily in favor of a man's right to be left alone. I think this has lead to the current leave-me-alone mailing lists. I will try to dredge up a better synopsis of the case after Thanksgiving. It would be a great time to review the past before chattering away about the future. Also Time has an article on JunkMail this week. Any readers out there? One interesting point is that I discovered this fact while reading an article about Child Pornography and CompuServe circa 1985. It seems way back then (Kids today...), Pedarasts were exchange hints, tricks and anecdotes on Compuserve and this REALLY upset plenty of people. There was even a bill introduced in the Senate which specifically dealt with using computers to aid in Child Pornography. I'm not sure if it was passed. This may be some of the reason that Prodigy is so nervous about their national network. If anyone has any first hand (or preferably second hand) information about this section of our national, electronic history, it might be a good time to review it. So, I apologize for leaving so many pointers and so many, "I think"s in this piece. I'll try to pin them down after cutting the Turkey. Chow, y'all, Peter Peter Wayner Department of Computer Science Cornell Univ. Ithaca, NY 14850 EMail:wayner@cs.cornell.edu Office: 607-255-9202 or 255-1008 Home: 116 Oak Ave, Ithaca, NY 14850 Phone: 607-277-6678
craig@com50.c2s.mn.org (Craig Wilson) (11/21/90)
In article <1990Nov19.220525.18405@dirtydog.ima.isc.com> brian@ima.isc.com (Brian Holt Hawthorne) writes: >I intend to send Lotus a letter similar to the following. Any comments? [... letterhead and intro paragraphs deleted ...] > >Names to exclude: > Brian Holt Hawthorne > Brian Robie Holt Hawthorne > Brian R. Holt Hawthorne > Brian Holt-Hawthorne > Brian Hawthorne > B. Hawthorne > B. R. Hawthorne > Brian Robie Holt > Brian R. Holt > Brian Holt > B. R. Holt > B. Holt > >Applicable zip codes: > 02159 > 02172 > 02138 > >I am the only individual in these zip codes who matches the names >listed. How did you determine the above statement? Did you use a computer to help or just the phonebook? Since the phonebook is not complete (unlisted numbers and people without phones), the above statment would not be correct in that case. /craig
gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl) (11/21/90)
In article <1990Nov19.062344.2222@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: >I think John is right. We can't pass laws telling people what they can >store. > >We might be able to get away with regulating what people can do with data >they have, but I am wary of how such laws will be written. Let's say the phone company decided to sell copies of your phone bill. Let's say your credit card company decided to sell copies of transactions on your cards. Let's say your grocery store decided to sell copies of what you bought. Ooh, he's a vegetarian, except he bought 2 cans of tuna last year. Naughty naughty. Let's say your video rental store decided to tell everyone you rented "Bustful Beach Bimbos From Another Planet" -- right after you were nominated to the US Supreme Court. Where did Lotus get the information that they're selling? I certainly have never explicitly agreed that I wanted my address in there. If Radio Shack forces me to give my address because I use a credit card to buy something from them, I don't want them selling that info. In a "free market" society I'd be able to choose stores that promised to not be jerks. In reality, all big businesses seem to not care about privacy issues. I can't even convince the University of Virginia to stop advertising my social security number to just about the entire planet. So what if I consider it confidential, and it can be used for credit card fraud? If it's used that way I'll never be able to prove where the thief got it. I'm not saying that it's easy to pass laws about this. But I am saying that a rather simple change of attitude -- "the customer has to agree before we can sell their name" -- will go a long way towards solving the problem.
brad@looking.on.ca (Brad Templeton) (11/21/90)
I think we can safely pass most of the leave-me-alone laws we like. The danger comes if we pass "don't you dare know this about me" laws, except in restricting the government. The database providers *are* going to know all kinds of details about your life. We can make it hard for them, but we can't stop them. Particularly because we *want* some of them to know things about us. What can be done is to pass laws limiting how that information is used for marketing and doing business with a person. Say, for example, that rather than forbidding certain kinds of databases and certain kinds of mergers of existing databases, we forbid certain types of direct marketing based on those databases or mergers, without the explicit permission of the target. They quickly become far less valuable. I also think a lot of societal pressure can be brought to bear. People must protect the rights they already have -- the right not to have false information spread about you, the right to control copying of your own writings, the right of your private affairs and communications to be kept private. Let's be careful in considering what more we need than the above. We may indeed need more, but with luck, not much more. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
paj@mrcu (Paul Johnson) (11/21/90)
Here in the UK we have the Data Protection Act (DPA). Apart from exceptions to just about every rule for "National Security", it is pretty restrictive towards "information holders". Only two gaping holes: 1: It only applies to computer files (my university kept paper records specifically so that students would not have the right to inspect them!) 2: Inspecting your record on a database costs ten pounds (statutory fee). This sounds OK till you realise it is a per-database fee, not a per-organisation fee. Checking your credit records can be an expensive buisness. I think that Lotus Marketplace would be illegal here. Can someone with more knowledge of the DPA confirm this? Paul. -- Paul Johnson UUCP: <world>!mcvax!ukc!gec-mrc!paj --------------------------------!-------------------------|------------------- GEC-Marconi Research is not | Telex: 995016 GECRES G | Tel: +44 245 73331 responsible for my opinions. | Inet: paj@uk.co.gec-mrc | Fax: +44 245 75244
jgd@rsiatl.UUCP (John G. DeArmond) (11/21/90)
brad@looking.on.ca (Brad Templeton) writes: >I dunno but the phrases "have to prove you *didn't* violate privacy" (guilty >until proven innocent) and "not a police state" don't mix together well in >my book. Why would you say that. This is no different than if you get stopped for DUI, blow the box and it comes up tilt. You set the stage by drinking and driving, an act that is condemned by law. Once set, It's then up to you to prove you were not drunk. It would be the same situation with data collectors. The law would have condemned a certain set of behavior. if the data collector takes the risk and collects the data and and uses it to invade someone's privacy, it will be up to him to prove that he did not violate the law in doing so. There is no right as I see it, to collect personal data on others. It is a priviledge that should be heavily regulated and all but prohibited except under certain defined conditions, as noted in my original proposal. You can still get to me if you want to, you just have to do it in a non-invasive manner. John -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
jgd@rsiatl.UUCP (John G. DeArmond) (11/21/90)
howell@grover.llnl.gov (Louis Howell) writes: >John made a decent try, but his scheme still sounds way too harsh >to me. I intend it to be very harsh. In a way, the manner in which our privacy is invaded and we are harmed by centralized databases is more severe than if the purveyors of harm would just kill us. It would not matter then :-) The damage personal information databases do can follow you for a lifetime. What it boils down to is that he would like to make sending >a letter to a stranger a major crime. As I noted in my proposal, defined exceptions would be permitted under the law. Obviously writing a letter to a stranger would be permitted. Writing many letters to many people trying to collec personal information to sell would not. >Put the burden of proof on the defendant. Any use of a database is >forbidden unless explicitly permitted. A blanket prohibition like this >could be twisted in all sorts of unforseen ways by anyone with a grudge. >(Just look at how RICO has evolved over time.) Sounds like you're giving >anyone an excuse to sue on the flimsiest of pretexts, with little chance >of a countersuit. Putting the burden of proof on the offender is not uncommon. Consider the guy driving down the road with a tank truck leaking some unknown liquid. You damn sure bet that the burden of proof is on him to prove that the liquid is harmless if he is stopped. Same with the information collectors. If they choose to enter into an area that we have said through our government representatives is almost intolerable, then they should expect to walk the straight and narrow or else be slaped down. >Isn't this inconsistent? First you say we explicitly spell out the >violations, then you say that everything but asking permission is a >violation. In any case, the rest of your note shows that you consider >practically anything a violation, even direct mail. Yes, I do consider direct mail an invasion unless I ask for it. Invariably with direct mail, I've been selected on the basis of a personal profile assembled by some data collector. They probably know more about me than I do myself. THAT is what I object to. If the law only permitted the mailing of a simple permission card, perhaps not even with a name but only an address with no selection criteria applied, then there is no incentive to attempt to collect my personal information. You would probably appreciate where I'm comming from if you saw first hand how the system works. I've consulted to the credit industry and have also worked with information collectors. It is enough to make one sick. >Since you're not looking at intent and not giving the court the option >of being lenient, even the most unintentional of violators can be nuked. >A $50000 fine for sending a letter is outrageous, particularly since many >people would not even consider beforehand that this could be a crime. >Five people object, for whatever reason, and suddenly you've given someone >a debt that makes a second mortgage look like a bar tab. This law could >wipe out grass-roots organization efforts with one blow. Then the organizations should be careful NOT to violate the law. As long as the law is kept simple, violations would not be difficult to avoid. Of course, the easist way to avoid a violation is to simply stay away from that practice. Such fines are not unheardof in other important areas such as nuclear safety. It is common for nuclear operators to be fined multi-hundred thousand dollars for minor violations such as leaving an inside door unlocked. You can damn sure bet that not many operators leave doors unlocked! >What's the truely harmful activity? I agree that some uses of personal >data are harmful, but most are at worst an annoyance. Credit databases >are already regulated, as are employers' files on their employees. No they are not. It only appears that way. I can get more information on you than you know about yourself with little more than a name, and address and preferably a SSN. While I might technically violate the law, the authorities turn their heads and let it go. My proposal would enable any harmed person to use the resources of the government to right the wrong. Or consider the fact that the insurance industry keeps a cooperative pool of medical information on every one of us. You only learn about it when some (most likely inaccurate) information is used to deny you coverage. You have little recourse. I fought for over a year trying to get some bogus information purged from my record. That will haunt me for years, perhaps forever. Or consider that the IRS buys pre-qualified mailing lists and attempts to impute a lifestyle and therefore an income to you and then compare to what you report. If you are like me and are a wheeler-dealer who stretches a dollar as far as it will go and therefore appears to have more money than you have, you'll sooner or later end up on the receiving end of an audit thanks to those databases. Or consider even the most basic right to own a phone and have it for your convenience. I work mostly at night and sleep in the morning. Except that I cannot do that because despite my best efforts, some slime has managed to get my name and telemarkets to me almost every morning. Yes, I can use an answering machine but that denys me the right to know if, for example, my wife is in an emergency and needs help. I should NOT have to take special and inconvenient measures to peacefully use something that I've bought and paid for! We have to ask the question, If 90% of the players in a certain activity are harming us, do we try to pick out the bad ones on a case by case basis or do we just restrict the activity such that the 90%'ers can't stand the risk of getting caught? I vote for banning. There is no constitutional right to collect personal data on others without their permission. It is a priviledge, a priviledge that has been sorely abused. I'm damn tired of being a number! >What makes you think I'm advocating some kind of special privilege for >activists? I'm just talking about a private citizen trying to influence >public affairs. From what I remember of my civics classes, this is >supposed to be a good thing. Sounds like you'd rather have people >cowering in their basements for fear of offending their betters. Having been involved in organizing more than one political effort, all I can say is bullsh*t! I was able to obtain massive names on peittions without invading anyone's privacy. And my methods would be altered only slightly under this proposed law. people who want to be on a list can be. What it would stop is stunts like the Sierra Club selling you a calendar by mail and then taking your name and calling you a member. Or HCI buying a mailing list and calling everyone on the list "contributors" in an effort to fraudulently appear larger than they are. If you put a petition out on a table at a public gathering, that's fine. If you put a petition in my mail box unaddressed, that's fine too. I can send it back or I can anonymously chunk it. But if you collect my name from someone, send me a solicitation and then claim to have my support on the basis of soliciting me, you're in big trouble. Hell, I'd even slam the NRA for that stunt :-) >Everyone who tries to be heard is someone's troublemaker. He may be your >troublemaker, Exxon's troublemaker, or the government's troublemaker, but >there's always someone who would like to see him shut up. Your law would >be just the tool to do it, too. No, it would just make you play by the same rules as everybody else or else be financially destroyed. John -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
hhe@ifi.uio.no (Hans Henrik Eriksen) (11/22/90)
In article <JMC.90Nov20150120@Gang-of-Four.stanford.edu> jmc@Gang-of-Four.stanford.edu (John McCarthy) writes: > I think the Swedish and Norwegian laws on the subject have been > harmful and are subject to further abuse, especially if adopted here. > Suppose we assign the task of preventing illegal database > entries to the Secret Service. You can expect search warrants > and subpoenas of your files checking to see if you might have > someone's phone number without proper consent. Besides the > possibility that the Secret Service would go mad again, you > are providing an opportunity for all kinds of busybodies. I have recenty read the Norwegian law (again) regarding databases with personal information. It seems that I overstated its restrictiveness. First of all, PRIVATE registers are EXCEPTED. You can keep private databases containing anything you want, e.g. close friends with funny diseases. Next, organizations can keep registers containing relevant information on their members. Funny diseases information is not relevant for most organizations to run their business, but phone numbers and adresses are. The law explicitly mentions some data which should NOT be recorded if there is not a special reason for it: unique personal number (social security eqiv.), info about race, political or religious beliefs, health, drug abuse, sexual relationships and the like. The law does NOT discuss the question of public attribute databases, simply because it is of 1978, and the issue wasn't up then. I would guess one could (commercially) have such databases contain anything the user put in, and that any company legally could use the information as long as they did not build their own version of the database. I would think that you'd have to get a permit to run such a database. You state that the Norwegian law is harmful, setting up a worst case scenario involving the (now infamous?) Secret Service. The Norwegian law has been around for over 12 years now, without any serious complaint from the public. I think this because almost everybody find it quite reasonable, and most people are afraid of what their personal data is being used for without their knowledge, so most WANT the restrctive line. As of the penalty side of the law, nobody has gone to jail for breaking it as long at it has existed. A small number has been fined for flagrant breaches, but I don't have any case information about it. As for applying or adopting the Norwegian law in USA, I agree with you. It is designed for the Norwegian society, which is different in many ways from the American, e.g. in law enforcement. Hans Henrik Eriksen hhe@ifi.uio.no PS: Did you now that law (lagu) is a word of Scandinavian origin? :-)
howell@grover.llnl.gov (Louis Howell) (11/22/90)
In article <48683@cornell.UUCP>, wayner@fulla.cs.cornell.edu (Peter Wayner) writes: |> I think I argued that it might be interesting to prohibit any |> commercial venture that targetted less than some threshold, say |> 100 people. It's an okay idea and I don't think it would lead to |> the SS (funny initials) busting down any doors. Is it better than |> banning databases, sure. I think it tries to draw the line between |> what is junkmail and what is invading a specific person's privacy. I doubt if a numerical limit would be the way to go about this. It would specifically target small businesses, for one thing. A large company could just arrange to always send out at least a hundred letters, just by including a few marginal people in addition to the primary targets. On the other hand, your local bookstore, which might not even realize they were doing something illegal, could send out flyers about a book signing to the people who came to the last one and get slapped with a fine. It can't be much harder to determine whether personal data was misused to set up the list, than it would be to determine how many letters were sent out. -- Louis Howell "A few sums!" retorted Martens, with a trace of his old spirit. "A major navigational change, like the one needed to break us away from the comet and put us on an orbit to Earth, involves about a hundred thousand separate calculations. Even the computer needs several minutes for the job."
howell@grover.llnl.gov (Louis Howell) (11/22/90)
In article <5020@rsiatl.UUCP>, jgd@rsiatl.UUCP (John G. DeArmond) writes: |> brad@looking.on.ca (Brad Templeton) writes: |> |> >I dunno but the phrases "have to prove you *didn't* violate privacy" (guilty |> >until proven innocent) and "not a police state" don't mix together well in |> >my book. |> |> Why would you say that. This is no different than if you get stopped |> for DUI, blow the box and it comes up tilt. You set the stage |> by drinking and driving, an act that is condemned by law. Once set, |> It's then up to you to prove you were not drunk. This is not a case of guilty until proven innocent, it's just that the state has very good evidence against you. You are required to blow the box, and if it says you're drunk, you'd better have excellent evidence to the contrary in order to prove your case. DUI is precisely defined by law as a certain blood alcohol level. If you are drunker than that, you're a criminal, otherwise, you aren't. Your proposed law is nothing like that---it's purposefully vague and therefore open to all kinds of misinterpretations. -- Louis Howell "A few sums!" retorted Martens, with a trace of his old spirit. "A major navigational change, like the one needed to break us away from the comet and put us on an orbit to Earth, involves about a hundred thousand separate calculations. Even the computer needs several minutes for the job."
howell@grover.llnl.gov (Louis Howell) (11/22/90)
In article <5022@rsiatl.UUCP>, jgd@rsiatl.UUCP (John G. DeArmond) writes: |> howell@grover.llnl.gov (Louis Howell) writes: |> >John made a decent try, but his scheme still sounds way too harsh |> >to me. |> |> I intend it to be very harsh. In a way, the manner in which our |> privacy is invaded and we are harmed by centralized databases |> is more severe than if the purveyors of harm would just kill us. |> It would not matter then :-) The damage personal information |> databases do can follow you for a lifetime. |> >A $50000 fine for sending a letter is outrageous... |> Then the organizations should be careful NOT to violate the law. As |> long as the law is kept simple, violations would not be difficult to |> avoid. Of course, the easist way to avoid a violation is to simply |> stay away from that practice. |> |> Such fines are not unheardof in other important areas such as |> nuclear safety. It is common for nuclear operators to be fined |> multi-hundred thousand dollars for minor violations such as leaving |> an inside door unlocked. You can damn sure bet that not many |> operators leave doors unlocked! Be serious. Some company having a little information about you is not comparable to risking a nuclear accident. You may have a personal axe to grind, but you're blowing this way out of proportion. I'm not even sure such fines are appropriate for the nuclear plant worker. Is someone really going to be that much more careful for risking $100000 than for $10000? Once you've bankrupted a person and screwed up his life for years, perhaps permanently, does it help society in any way to keep punishing him? We're not talking about a violent offender who could be a danger on the streets, we're talking about some poor goofball who may have just made a mistake. |> We have to ask the question, If 90% of the players in a certain |> activity are harming us, do we try to pick out the bad ones on |> a case by case basis or do we just restrict the activity such that |> the 90%'ers can't stand the risk of getting caught? I vote for |> banning. There is no constitutional right to collect personal data |> on others without their permission. It is a priviledge, a priviledge |> that has been sorely abused. I'm damn tired of being a number! You might as well argue that if most inner city gun owners are rotten, we should ban all guns in the inner city. The fact that a right is listed in the constitution doesn't make it morally or ethically better, it just makes it legally more defensible. |> No, it would just make you play by the same rules as everybody else or |> else be financially destroyed. There is obviously a lot of disagreement about this issue. Does it make sense to destroy someone for an offense that many people would not even consider a crime? I've noticed that activities that are generally regarded as crimes, e.g. assault, tend to have fairly rational penalties associated with them. When something is a political issue, however, emotions flare and penalties can be stretched all out of proportion to the offense. Abortion and gun control are marvelous examples of this---something may be perfectly legal in one state and worth a ten year jail term in the state next door. I don't know what you call this, but I don't think it's justice. Is it not more reasonable to make a controversial offense at worst a rather mild crime, or should we just go crazy and punish people for the sake of exacting revenge? -- Louis Howell "A few sums!" retorted Martens, with a trace of his old spirit. "A major navigational change, like the one needed to break us away from the comet and put us on an orbit to Earth, involves about a hundred thousand separate calculations. Even the computer needs several minutes for the job."
rogers@npdiss1.StPaul.NCR.COM (Bob Rogers) (11/22/90)
It would be nice if somebody would buy Marketplace and, using the information in the database itself, send a mailing to people who appear in it. The mailing could tell Lotus' victim about the information Marketplace contains about him, explain the privacy issues raised, and include stamped envelopes, and possibly pre-printed letters of protest for the victim to sign, to the victim's congressman, senator, and to Lotus. Companies that maintain databases, especially those that make the information available to others, should be required by law to send people complete copies of their records each time the records are changed. -- Bob Rogers bob.rogers@stpaul.ncr.com NCR Network Products Div. (or) rogers@pnet51.orb.mn.org St. Paul, MN GEnie: R.C.ROGERS
levine@csd4.csd.uwm.edu (Leonard P Levine) (11/22/90)
My understanding is that Lotus will allow people to get their names off the list. The have a toll free number for the corporation. Interested people should call that number and ask about getting off the list or finding out how to correct data errors that might be on the list. I called several times and the number seems to be busy. The number is: 1-800-343-5414 + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail levine@cs.uwm.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. FAX (414) 229-6958 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
peter@ficc.ferranti.com (Peter da Silva) (11/22/90)
In article <5020@rsiatl.UUCP> jgd@rsiatl.UUCP (John G. DeArmond) writes: > Why would you say that. This is no different than if you get stopped > for DUI, blow the box and it comes up tilt. You set the stage > by drinking and driving, an act that is condemned by law. Once set, > It's then up to you to prove you were not drunk. Nope. It's up to *them* to prove you are. The breathalyser is fairly strong evidence that you were, but that's all it is. It's tough to convince a judge or jury against this evidence, but it can be done (and has been done, and continues to be done). > There is no right as I see it, to collect personal data on others. Quick, throw out your address book! Delete your mail folders! Drop your newspaper and magazine subscriptions! Go through your library and cut out the authors' names! Give me a break. -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
peter@ficc.ferranti.com (Peter da Silva) (11/22/90)
In article <1990Nov21.035243.15799@murdoch.acc.Virginia.EDU> gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl) writes: > If Radio Shack forces me to give my address because I use a credit card > to buy something from them, I don't want them selling that info. Um, say what? I've never had any problem refusing Radio Shack's request for my address. I just say "no, I don't want to be on your mailing list" and they say "OK". That's the only reason they want it. And, yes, they do sell it. (not that I care if I'm on their mailing list (in fact I am)... I just don't want to take the time to write it down so I use that as an excuse) > In a "free market" society I'd be able to choose stores that promised to > not be jerks. I don't know where you live, but in Houston it's not been a problem for me. -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
peter@ficc.ferranti.com (Peter da Silva) (11/22/90)
In article <5022@rsiatl.UUCP> jgd@rsiatl.UUCP (John G. DeArmond) writes: > I intend it to be very harsh. In a way, the manner in which our > privacy is invaded and we are harmed by centralized databases > is more severe than if the purveyors of harm would just kill us. > It would not matter then :-) The damage personal information > databases do can follow you for a lifetime. A better solution is to make sure there are enough contradictory databases that they lose all reputability, or that there is a strong central database that you have the right to challenge. Any law such as you propose *will* be used to harass individuals and discourage dissent. > Or consider that the IRS [...] The problem here isn't the database. It's the IRS. The IRS has accumulated power far beyond what was originally allowed, and is way overdue for an audit itself. Direct your attention there... > Except that I cannot do that because despite my best efforts, some slime > has managed to get my name and telemarkets to me almost every morning. Get Caller*ID and get the telemarketer's own phone number... and return the favor. This is a red herring... most every time I've been called by one of these slimes they're just calling down the phone book or the exchange. I have two lines and they are *invariably* called in order by the same company. > We have to ask the question, If 90% of the players in a certain > activity are harming us, The burden of proof is on you to demonstrate this assertion. -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
brad@looking.on.ca (Brad Templeton) (11/22/90)
In article <CMM.0.88.659206569.hhe@skakke.ifi.uio.no> hhe@ifi.uio.no (Hans Henrik Eriksen) writes: > >The law explicitly mentions some data which should NOT be recorded if >there is not a special reason for it: unique personal number (social >security eqiv.), info about race, political or religious beliefs, >health, drug abuse, sexual relationships and the like. Interesting. Here's another dilemma. When it comes to governments, I believe that one should always make such lists in the reverse direction. For example, in regulating the government, I would want the law to list what they *can* record about me, rather than what they *can't*. This is along the lines of that excellent amendment the US constitution has saying, "just because a right isn't here doesn't mean the people don't have it." Of course, with private institutions it is the reverse, as you say here. The government should only define what is forbidden, not what is permitted. Perhaps our conundrum comes from the fact that we're talking of private institutions doing things that only governments used to do, namely keep track of all of us. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
jgd@rsiatl.UUCP (John G. DeArmond) (11/22/90)
howell@grover.llnl.gov (Louis Howell) writes: >This is not a case of guilty until proven innocent, it's just that the >state has very good evidence against you. You are required to blow the >box, and if it says you're drunk, you'd better have excellent evidence >to the contrary in order to prove your case. DUI is precisely defined >by law as a certain blood alcohol level. If you are drunker than that, >you're a criminal, otherwise, you aren't. Of course, in real life it does not work that way. You are NOT required to blow the box. You establish a presumption of being drunk by doing so but you are NOT forced to blow. This could indeed be considered "guilty until proven innocent." The way you avoid this trap, of course, is to not drink and drive. Then you have no exposure to this trap. Same with my proposal. If you consider the penalty for violations to be too severe, you simply don't use others' personal data. Simple as that. Secondly, DUI is NOT precisely defined in law as you would know if you ever actually audited court proceedings in the matter. DUI is one of the largest gray areas around. If you look like a loser, 0.10 will get you jailed. If you look respectable, 0.2 can often be pled down to reckless driving. Which has nothing to do with this thread. >Your proposed law is nothing >like that---it's purposefully vague and therefore open to all kinds of >misinterpretations. Actually, since I have never written, much less posted the text of a proposed law, your statement is false. As with any law, refinement from proposal to final law will occur. My proposal is not vague. In fact, it is very black and white. If you don't want any risk, don't use personal data. If you do use personal data, get written permission first. If you don't have permission and do it anyway, I'll slap you down with the help of the government. Black and white. John -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
jgd@rsiatl.UUCP (John G. DeArmond) (11/22/90)
howell@grover.llnl.gov (Louis Howell) writes: >Be serious. Some company having a little information about you is >not comparable to risking a nuclear accident. At least until you have it used against you and you have NO recourse. Even though it was based on mindless ignorance, I can somewhat understand the emotion some people experienced during TMI. Of course, you COULD just stick your head in the sand until you get burnt. >I'm >not even sure such fines are appropriate for the nuclear plant worker. I agree but that was not the point. The point is that we've permitted and in some cases, encouraged the use of large fines to prohibit certain activities. >Is someone really going to be that much more careful for risking >$100000 than for $10000? Damn right they are. >Once you've bankrupted a person and screwed >up his life for years, perhaps permanently, does it help society in >any way to keep punishing him? We're not talking about a violent >offender who could be a danger on the streets, we're talking about >some poor goofball who may have just made a mistake. Just like the argument for the death penalty, if nothing else, the penalty would keep that individual/company from doing it again. >>I<< consider it a violent act to accumulate the most personal facts about my life, sell them to whomever had the bucks, use it to falsely deny me credit in a credit-driven society, falsely deny me medical and/or life insurance and deluge me with junk with me having absolutely no recourse other than to sue at my expense. >You might as well argue that if most inner city gun owners are rotten, >we should ban all guns in the inner city. The fact that a right is >listed in the constitution doesn't make it morally or ethically better, >it just makes it legally more defensible. Say what? What idiotic notion are you trying to promote? That constitutional rights are nothing special? You'd fit in well with a lot of people. Or are you promoting the notion that any "right" you can dream up should have the same protection as the basic human rights protected by the constitution. If that's the case then I'll just postulate the inate right to shoot anyone who collects personal data on me. No laws needed. Maybe not so idiotic after all. >|> No, it would just make you play by the same rules as everybody else or >|> else be financially destroyed. >There is obviously a lot of disagreement about this issue. Does it make >sense to destroy someone for an offense that many people would not even >consider a crime? There are a lot of things in life that people don't consider a crime that should be. They simply don't know about it. Does that mean that they should not have recourse or be protected under the law? I don't think so. >I've noticed that activities that are generally regarded as crimes, e.g. >assault, tend to have fairly rational penalties associated with them. Oh, you mean like for instance, if I want to kill you all I have to do is get drunk and run you down with my car and I'll get away with it? At most a couple of years for manslauter. Is that the kind of reasonable penalties you speak of? Or that I'll probably get more time for tax evasion than for shooting someone? is that the kind of rational penalties you speak. Or is it really the kind of irrationality under the law that makes me feel the need to go armed in most inner cities because I know that I'm the only one who can protect myself? >When something is a political issue, however, emotions flare and >penalties can be stretched all out of proportion to the offense. Abortion >and gun control are marvelous examples of this---something may be perfectly >legal in one state and worth a ten year jail term in the state next door. >I don't know what you call this, but I don't think it's justice. Is it >not more reasonable to make a controversial offense at worst a rather >mild crime, or should we just go crazy and punish people for the sake of >exacting revenge? Let's look at that supposition. Consider odometer rollback, for instance. Widely done. Widely used to rip people off. Disproportionally hits people of lower income. Nominally a felony. And pervasive in our society. The risk of a couple of years in Club Fed is just not a deterrent. People, especially people predisposed to violate your rights for a profit, understand only force. Wrist slaps won't affect them. You gotta slam-dunk 'em. Something similiar to my proposal would do just that. John -- John De Armond, WD4OQC | "Purveyors of Performance Products Rapid Deployment System, Inc. | to the Trade " (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
brad@looking.on.ca (Brad Templeton) (11/22/90)
The problem of criminal use is a tough one. Perhaps I'll sound like
the NRA here ("If guns are outlawed, only outlaws...") but we must realize
that no matter what laws we put in place, groups like the mob are going
to have these databases, and may indeed make money selling "good place to
break in" information.
So much of this information is going to flow over the public nets. You
can't stop criminals from collecting it with laws. They ignore the laws.
So will it do us good to stop legit people from collecting it? It will
make it slightly harder for the small-time hoods, that's all.
We might do the following, though. If one is to do direct marketing,
one must:
a) have the permission of the recipient, or
b) send the direct marketing materials as properly headered E-mail
only.
If all direct marketing comes as e-mail and is marked as junk e-mail, we,
the recpients can easily deal with it an minimal inconvenience to us.
And a surprising number of people will permit direct marketing to them,
although almost none will permit it by phone. I personally can survive
the stuff that is sent politely and is well marked. The phone calls and
door-to-door are what has to go as far as invasion of privacy is concerned.
This has nothing to do with computers. I want to stop phone soliciting
today, when most of them don't even know who they're calling.
--
Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473joe [Joe Zitt] (11/23/90)
gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl) writes: > that a rather simple change of attitude -- "the customer has to agree > before we can sell their name" -- will go a long way towards solving > the problem. I would guess that this would simply lead to the data collectors putting a bit of miniscule print on the bottom of, say, a credit card receipt like "The affixing of a signature to this document affirms that the client may make appropriate use of the related information" or some other doublespeak designed to make people who don't read every detail sign away their rights. Kinda like the weird pseudo-English on software license agreements... Joe Zitt ...cs.utexas.edu!kvue!zitt!joe (512)450-1916
curt@cynic.wimsey.bc.ca (Curt Sampson) (11/23/90)
jmc@Gang-of-Four.stanford.edu (John McCarthy) writes: > It seems to me that there is a certain amount of superstition in > the belief that very many people are likely to be harmed by > databases with information about their commercial transactions. > ... > I think the Swedish and Norwegian laws on the subject have been > harmful and are subject to further abuse, especially if adopted here. Well, I do see the potential for some nasty abuses, though I think that people may be overreacting a little bit. Unfortunately, what it all comes down to is that Pandora's box has been opened, and it's never going to be shut again. I think a good parallel might be drawn from cypher technology. Say someone writes a program to encypher documents, and falls into popular use. If attempts are made to keep the encypherment algorithm secret, it will remain secret, for a while. However, eventually someone is going to figure out the encypherment algorithm. At this point it becomes much better to reveal the algorithm to all. This will enable people to determine what the weakness in the algorithm are and adjust their behaviour accordingly. A similar case exists with security holes in computer operating systems. It's better to let *everyone* know about it so that it can be plugged, rather than letting only a few have that knowledge and putting them in a privleged position. My suggestion would be to let anybody keep any information they want to keep on anyone. Combine this with laws that consider keeping incorrect information on someone as libel and laws that require anybody keeping such information to reveal *all* that person's information to the person her/himself and I think the potential for abuse is kept reasonably low. Information is power. Restricting it to only a few only concentrates power. cjs curt@cynic.UUCP | "The unconscious self is the real genius. curt@cynic.wimsey.bc.ca | Your breathing goes wrong the minute your {uunet|ubc-cs}!van-bc!cynic!curt | conscious self meddles with it." --GBS
craig@com50.c2s.mn.org (Craig Wilson) (11/23/90)
In article <1990Nov22.081955.4127@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: >The problem of criminal use is a tough one. Perhaps I'll sound like >the NRA here ("If guns are outlawed, only outlaws...") but we must realize >that no matter what laws we put in place, groups like the mob are going >to have these databases, and may indeed make money selling "good place to >break in" information. I am curious as to how the proposed restrictions would affect religious organizations. Specifically, in the United States, I am wondering about the effect on the huge database the Mormons have in Salt Lake City. Supposedly, they have a large genealogical database tracking births and deaths. I don't know what else they track. Under the proposed restrictions would it be okay to compile data as long as it isn't used? Or if I suspected an organization of having "illegal" data on me, could I send the SS after them? /craig
peter@ficc.ferranti.com (Peter da Silva) (11/24/90)
In article <5039@rsiatl.UUCP> jgd@rsiatl.UUCP (John G. DeArmond) writes: > Same with my proposal. If you consider the penalty for violations > to be too severe, you simply don't use others' personal data. > Simple as that. Simple as that. If you don't want your life ruined, simply don't speak out against your employer if that happens to be certain arms of the U.S. government, simply don't use certain drugs that are no more harmful than legal ones, simply don't engage in certain sexual practices. This is the argument that is used again and again to enlarge the powers of the police, and that has pushed the United States far down the slope towards a real police state. All you have to do is have enough laws on the books with harsh enough penalties and everyone is in technical violation of one or another of them, and subject to having their life destroyed at the whim of a DA. At this point you don't need to worry about the constitution. If someone does something the pwers that be don't like, just find out what he's doing wrong and bust him for something. > [With DUI] If you look like a loser, 0.10 will get you > jailed. If you look respectable, 0.2 can often be pled down to reckless > driving. And of course if you're someone the DA likes, you never get busted for data abuse. Listen to yourself... -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
brad@looking.on.ca (Brad Templeton) (11/24/90)
Somebody just brought up a good point in comp.society.futures on this same issue. You can ban databases all you want, but you will never be able to stop somebody in (purely as an example) Taiwan from collecting a database of "really neat private facts about U.S. citizens." Most countries will be primarily concerned with protecting their own citizens, and will not pass laws prohibiting databases on foreigners for some time, if ever. And unless you have telephone police, you can't stop people from opening connections to query databases in foreign countries, even foreign countries that don't sign the "database privacy treaty." So the hard truth is that you can never stop these databases from being collected and formed, and even sold in other countries. The best we can do, if we want to, is regulate how they are used. Which means that we don't regulate what you can store on your own computer at all -- which I like, but rather what you do with it after you take it off. Perhaps accepting the goldfish bowl is the only answer. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
glr@igloo.scum.com (Glen Roberts) (11/25/90)
With all this discussion about the LOTUS databse, I am surprised that no one has mentioned the Census Bureau. They come to your house, force you to answer questions (actually, I sent them a letter saying, I wouldn't cooperate and am still waiting for them to come and try to collect their hundred bucks). Then, even though they claim the answers will be kept confidential, they create a statistical profile for your ``census blocks'' 20 to 100 homes and sell the results to whoever wants them. Criminals, the IRS, Draft Registration board, and of course direct marketers. So, even if you don't answer, you will be classified based upon the income, lifestyle, etc, of your nearby neighbors. The Lotus database, at least was compiled from information YOU gave out to someone voluntarily
bzs@world.std.com (Barry Shein) (11/25/90)
I don't believe we need more laws regarding commercial databases (we
probably do to limit the govt.) "All" you really need is a few
lawsuits which produce damages due to real harm. The feared damages
are already litigable (since what's litigable is quite broadly
defined.) Lawsuits, class-action suits etc with real monetary awards
are heard loud and clear in the business sector.
It also forces the plaintiffs to clearly define what the harms might
be (actually, what the harm was.) I think that's eminently reasonable.
The problem with trying to craft laws a priori to accomplish the same
is the tendency to badly define what the feared harms exactly are and
one will probably end up with vagaries like "invasion of privacy" or
laundry lists of cans and can'ts that may or may not reflect
realities, just best guesses.
Maybe what we really need is the ability to copyright our own
information, clearly it's valuable property, and it seems reasonable
that I own my own name and address etc.
Then we could license our info out and collect royalties for the right
to market to ourselves or use our info for credit or
statistical/actuarial reports. Something like an ASCAP clearinghouse
might be just the model.
--
-Barry Shein
Software Tool & Die | {xylogics,uunet}!world!bzs | bzs@world.std.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLDsking@nowhere.uucp (Steven King) (11/25/90)
Here in texas, southwestern bell ( the local phone company ) supplies
a database ( the white pages ). If you dont want to be in it, they make
you pay, via a surcharge on your phone. Perhaps lotus might provide the
same "service".
The very first visable result of registering nowhere as a uucp site was
some unsolicited paper mail derived from the information in the map file.
( okay, I voluntarily provided that information, but it wasnt being used
for what I had intended ).
A recent issue of WSJ ( I think ) had an article about companies supplying
"illegal" databases of "bad employment risks" ( ie, individuals with a
history of filing workman's compensation claims ) for companies looking to
hire.
One could go on and on with a list of minor and not so minor abuses
already present. However, just to play the devils advocate here...
The discussion has been assuming that our "right to privacy" is
self-evident, but what makes this so? After all, many civilized non-western
cultures do not seem to hold privacy in such high reguard. Indeed, in a
modern society, is such a "right" appropriate?
--
sking@nowhere | better to remain unseen
..!cs.utexas.edu!ut-emx!nowhere!sking | and be thought a fool
| than to post
| and remove all doubt...craig@com50.c2s.mn.org (Craig Wilson) (11/26/90)
In article <BZS.90Nov24160859@world.std.com> bzs@world.std.com (Barry Shein) writes: >Maybe what we really need is the ability to copyright our own >information, clearly it's valuable property, and it seems reasonable >that I own my own name and address etc. I briefly looked into this a few years ago. I figured that if I could copyright my name I should be able to charge companies everytime they sell it on a list. The unofficial legal advice I got was not to bother, it wouldn't hold up. I think it would help if maintainers of credit, medical, etc., type databases would just send out a copy of the files to the person involved on a regular basis. Or maybe whenever the data changed. This would be expensive for them to do unless some sort of electronic access is provided, though. MEDIA ALERT - ----------- The NOVA television show on PBS is going to air a show called: "We Know Where You Live" on Tuesday, November 27 at 9:00P.M. (check local listings). The blurb on it says: "Those who have been plagued by unwanted marketers, by mail, or by phone, should be intrigued by this new episode. It shows the technological reasons why advertisers have a sense of which consumers to target, since they have obtained plentiful facts on indiviuals." Sounds interesting and timely. /craig
wex@dali.pws.bull.com (Buckaroo Banzai) (11/27/90)
In article <1990Nov23.201651.980@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes:
You can ban databases all you want, but you will never be able to stop
somebody in (purely as an example) Taiwan from collecting a database of
"really neat private facts about U.S. citizens."
[...]
The best we can do, if we want to, is regulate how they are used. Which
means that we don't regulate what you can store on your own computer
at all -- which I like, but rather what you do with it after you take it
off.
Perhaps accepting the goldfish bowl is the only answer.
Not at all. My personal alternative is to attempt to become a "blank."
That is, even though I can't disappear myself from all records everywhere, I
can continually confuse and obfuscate. Markov Chaney is my role model.
Example behaviors:
- deliberately refrain from correcting misinformation. Use
different names for yourself and, when you get tired of one variation, start
marking it "deceased" and sending the junk mail back.
- propagate wrong information. It's a crime to lie to the Feds, but
all the card companies can do is take away my card (which they don't because
they make enough money off me).
- Lie. Tell pollsters the wrong info. Fill out warranty cards with
bizarre info. Take every survey you can, and give inconsistent answers
(particularly to the questions they're going to index on, like age, number
of household members).
- sign your cats up for things. As long as it comes to your P.O.
box, what do you care who it's addressed to? Make up creative life
histories for them and have them purchase things.
- have duplicates of those things which are used to keep noxious
records. Two Avis Wizard numbers are better than one.
- stay within the law, but take advantage of the loopholes. For
example, if you're owed a refund and don't mind waiting, file your tax
returns >6 months late. Guess what time window the IRS uses for searches
and try to fall outside that window. File your state and federal returns >6
months apart.
- start a company. It doesn't have to do anything, nor ever make or
lose a cent. It just has to create chaff in the computerized systems. Sign
your company up for lots of freebies. If you're energetic, register many
names for your company ("Foo-Bar, trading as Barfyou"); names that are
easily misspelled as each other are best.
- refuse to give out information to people who don't deserve (or
have a legal right) to have it. If they get insistent, give them wrong
information. I've put more bogus SSNs on non-government forms than I can
remember.
Enough for today. I'm off to sow more confusion. SLAM!
--
--Alan Wexelblat phone: (508)294-7485
Bull Worldwide Information Systems internet: wex@pws.bull.com
"SCO is the Milli Vanilli of operating systems."brad@looking.on.ca (Brad Templeton) (11/27/90)
The idea of being a blank is appealing, but how many of the world's sheep are going to follow through? If not enough, you gain little. If too many, the powerful forces against you will lobby for anti-blank laws. It is already against the law to lie in the process of a commercial transaction. Nobody would think of enforcing it now for stupid lies that gain you nothing, but who knows? Your enemies are rich and powerful, and the government *can* be bought. Never forget that. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
jcunca@uncecs.edu (Joan Colburn) (11/28/90)
To have your name removed from the Lotus Marketplace database, write to: Lotus Dev. Corp. Attn: Marketplace Removal Service 55 Cambridge Parkway Cambridge, MA 02142
wex@dali.pws.bull.com (Buckaroo Banzai) (11/28/90)
In article <1990Nov27.015917.20215@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes:
The idea of being a blank is appealing, but how many of the world's sheep
are going to follow through? If not enough, you gain little.
Au contraire. If only a few percent do, then I win big. The error in the
system becomes large enough to mess with their reliability and cost them
money, but not enough so that they engage in the counter-measures you
describe. Your argument is self-defeating in that if too many people are
doing it, they can't make it a law or they'd never be able to enforce it
(like the 55 MPH limit).
Your enemies are rich and powerful, and the government *can*
be bought. Never forget that.
That's what makes it fun. If my enemy was as small and swift as I, it
wouldn't have the Biblical overtones which make it all the more fun.
SLAM!
--
--Alan Wexelblat phone: (508)294-7485
Bull Worldwide Information Systems internet: wex@pws.bull.com
"SCO is the Milli Vanilli of operating systems."johng@neptune.uucp (John A. Gregor) (11/28/90)
In article <17478@shlump.nac.dec.com> edp@jareth.enet.dec.com (Eric Postpischil (Always mount a scratch monkey.)) writes: >For example, what happens when... >Note that this sort of thing has happened; in California, information >from the motor vehicle administration was used to plan rapes and >thefts. So punish the thieves, rapists, etc. for the crimes they commit. Last time I checked, rape and theft were punishable by law regardless of the technology used to plan the crime. Creating a law against data abuse will not eliminate it. It only creates a false sense of security that makes the victims all that more plentiful and vulnerable. Do you realize that if some people had their way you would have committed a crime merely by pointing out how the system could be abused? > In addition, there are control and power issues. A government that > uses this information can become extremely powerful -- able to regulate > people's lives in excrutiating detail and able to track, control, and > suppress dissenters. How can we have a free society when critics of > the government must fear retribution for their speech? Critics of just about every organization have feared (or, at least, been in danger of) retribution ever since the concepts of organization and criticism have been around (which significantly predates computers). We are finally entering an era where THEY (whoever they are) are subject to scrutiny and accountability and WE (whoever we are) can organize and disseminate information freely. > I see an ethical problem here. On the surface, there would seem to be > nothing wrong with supplying freely-collected information. But the way > human beings use that information will ultimately lead to abuses. How > do we deal with that? By subjecting the abusers to the same scrutiny and penalties as everyone else. Agreed, it's hard to subject the government to the rules of mere mortals (since national security != the good of the people). But the Net and BBSs are beginning to change things. The net is very hard to kill. Taking out all long distance phone lines would come close. But that would be hard to do covertly. It would also be economic suicide. But these are the folks who feel that 40% civilian casualties are acceptable. I believe that the availability of communications and computing technology will significantly change the nature of government. Pity that governments seldom change without bloodshed... I'm worried, but not about TRW's databases. John -- johng@oce.orst.edu Where's a good .signature when you need one?
cosell@bbn.com (Bernie Cosell) (11/29/90)
jgd@rsiatl.UUCP (John G. DeArmond) writes: }brad@looking.on.ca (Brad Templeton) writes: }>I dunno but the phrases "have to prove you *didn't* violate privacy" (guilty }>until proven innocent) and "not a police state" don't mix together well in }>my book. }Why would you say that. This is no different than if you get stopped }for DUI, blow the box and it comes up tilt. You set the stage }by drinking and driving, an act that is condemned by law. Once set, }It's then up to you to prove you were not drunk. Huh? Either I'm missing something subtle, or else you're not making sense here. Replace "drinking and driving" with some other crime and see if it still feels like it is not a problem. Say: Possession of pornography is illegal. Therefore, it is OK to pass a law that unless you "voluntarily" allow the police to search your house and conduct a book-audit to verify that you do not possess any such stuff. Paraphrasing, "You set the stage by having pornography around the house, an act condemned by law. Once set, it's then up to you to prove you don't have any around the house". I look at the breathalyzer stuff far more simply than you do: the gov't accuses me of a crime, and *compels* me to provide evidence against myself. [and presumes me guilty of the crime if I refuse to assist in gather this self-incriminating evidence]. How do you phrase this so it doesn't sound like "police state"-like activities? /Bernie\
jgd@Dixie.Com (John G. DeArmond) (11/30/90)
cosell@bbn.com (Bernie Cosell) writes: >}Why would you say that. This is no different than if you get stopped >}for DUI, blow the box and it comes up tilt. You set the stage >}by drinking and driving, an act that is condemned by law. Once set, >}It's then up to you to prove you were not drunk. >Huh? Either I'm missing something subtle, or else you're not making sense >here. Replace "drinking and driving" with some other crime and see if it >still feels like it is not a problem. Say: > Possession of pornography is illegal. Therefore, it is OK to pass a law > that unless you "voluntarily" allow the police to search your house and > conduct a book-audit to verify that you do not possess any such stuff. > Paraphrasing, "You set the stage by having pornography around the house, > an act condemned by law. Once set, it's then up to you to prove you don't > have any around the house". First off, I didn't say I liked the way the law works, I was simplying stating that it DOES work that way now. You DO indeed have to prove your inncence once you blow the box and fail. Which really has nothing to do with the discussion of the use of databases against us. Your pornography analogy is faulty. You are not licensed to buy porn as you are to drive a car. Porn is a victimless crime in stark contrast to improperly operating a motor vehicle. (Please, no drivel about the actor "victims") Porn puts no one at risk. And lastly, it is, as a manifestation of the First Amendment rights, a protected activity - even if some prudes on the supreme court have occasionally thought otherwise. So your spurrious analogy using porn was just that, spurrious. Improper personal data use DOES involve a victim. Real people are harmed by mostly large companies. (not to be interpreted as a bias against large companies.) And since corporations are an enitity created by the government, the government has an obligation to take special measures to protect us from its creation. John >I look at the breathalyzer stuff far more simply than you do: the gov't >accuses me of a crime, and *compels* me to provide evidence against >myself. [and presumes me guilty of the crime if I refuse to assist in >gather this self-incriminating evidence]. How do you phrase this so it >doesn't sound like "police state"-like activities? > /Bernie\ -- John De Armond, WD4OQC | "Purveyors of speed to the Trade" (tm) Rapid Deployment System, Inc. | Home of the Nidgets (tm) Marietta, Ga | {emory,uunet}!rsiatl!jgd | "Vote early, Vote often"
price@uclapp.physics.ucla.edu (John Price) (11/30/90)
In article <5020@rsiatl.UUCP>, jgd@rsiatl.UUCP (John G. DeArmond) writes: >brad@looking.on.ca (Brad Templeton) writes: >>I dunno but the phrases "have to prove you *didn't* violate privacy" (guilty >>until proven innocent) and "not a police state" don't mix together well in >>my book. >Why would you say that. This is no different than if you get stopped >for DUI, blow the box and it comes up tilt. You set the stage >by drinking and driving, an act that is condemned by law. Once set, >It's then up to you to prove you were not drunk. Um, no. You don't, at least not in California, *have* to "blow the box." Then, they have no evidence against you. Of course, if you don't, you lose your license for some amount of time, I think. But, since driving is a privilege, and not a right (again - this is in California - I won't speak for other states), I don't see that this is any invasion of privacy. I would imagine that the 5th Amendment would allow you to refuse to "blow the box" in other states as well, but I don't know for sure... --------------------------------------------------------------------------- John Price | Internet: price@uclapp.physics.ucla.edu 5-145 Knudsen Hall | BITNET: price@uclaph UCLA Dept. of Physics | SPAN: uclapp::price Los Angeles, CA 90024-1547 | YellNet: 213-825-2259 --------------------------------------------------------------------------- Where there is no solution, there is no problem.
peter@ficc.ferranti.com (Peter da Silva) (12/01/90)
In article <5157@rsiatl.Dixie.Com> jgd@Dixie.Com (John G. DeArmond) writes: > First off, I didn't say I liked the way the law works, I was simplying > stating that it DOES work that way now. You DO indeed have to prove > your inncence once you blow the box and fail. I'm sorry, John, but I'm going to have to blather some more. Your whole RICO-style database proposal, and the fact that you brought up drunk driving and breathalysers to support it, does rather strongly imply that you like the way the law works. And of course... > Which really has nothing > to do with the discussion of the use of databases against us. So why did you bring it up? Or do you have an Evil Twin? Which John DeArmond are we to believe? -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com
jxh@attain.teradyne.com (Jim Hickstein) (12/02/90)
In article <5157@rsiatl.Dixie.Com> jgd@Dixie.Com (John G. DeArmond) writes: >Improper personal data use DOES involve a victim. Real people are >harmed by mostly large companies. (not to be interpreted as a bias >against large companies.) And since corporations are an enitity >created by the government, the government has an obligation to take ^^^^^^^^^^^^^^^^^^^^^^^^^ >special measures to protect us from its creation. A correction (at the risk of insulting you, since you seem to know commercial law better than the average citizen): there are two kinds of corporations, public and private. Most of them are private. Public corporations are created by an act of Congress, e.g. the FDIC and the Federal Reserve Bank, just to name two. That the government should protect us from *these* guys is evident. But private corporations, being separate legal entities, capable of suing and being sued, owning assets and incurring liabilities, just like a person, can be created by anyone. It's one of the things I really like about this country. :-) Do you mean that the government, having propounded laws that recognize private corporations as legal entities, is responsible for their behavior? That contradicts the laws themselves, which make it clear that a private corporation is responsible for its own behavior. Even if I accept that the government is somehow at the bottom of some bad behavior or, more likely, a trend or bias in favor of corporations over individuals, I don't know if I can buy the idea that it has a special responsibility to protect "us" from "them." If there is a tort, the government has already done its bit in setting up civil courts. Lacking that, I don't think it's that clear. It seems to me the underlying issue in this thread is that no one can define what use of a database constitutes a tort, or rather that some so-called "abuses" do not fall within the existing definition of a tort. Someone calling me on the phone to annoy me on the basis of their knowledge of my income falls in this grey area. Is it any better if they annoy me with no prior knowledge of their likelihood to sell me something? (Hmm... This gets weirder all the time.) I agree with the recent article that puts it in the context more of "politeness", and I despair of the civil courts ever being able to resolve this, since there's no law against being an asshole. Are we to hold corporations to different standards in this regard (i.e. impoliteness by a corporation is a tort)? It's not enforcable, since no definition exists. What about individuals who obtain and abuse such data? It seems to me more likely that the really egregious abuse, like planning crimes, is done by individuals. I don't know if there is a proper role for government in preventing this. That it ought to be prevented I don't argue; but should the government be involved? Why is it that, if increasing age is supposed to turn me into a Republican, I voted for Libertarians almost straight down the line at the last election? It must be the result of reading the net. :-) BTW, my position on annoying phone calls is that I regret the waste of paper in junk mail (it's got to be collosal), but prefer mail to phone calls since the latter is inherently interrupt-driven: my mailbox doesn't ring. I hope email will overtake the destruction of the forests; then we can invite anyone to mail to a sub-mailbox (jxh.bulk@attain... ?) and ignore it or give it special priority as we wish. It seems that the USPS could provide this service if everyone had a different mailbox for each class of mail (1st, third, other). It's just its expense with physical mailboxes that has prevented its being done already; computers make it trivial. Or how about ISDN providing a "no ring" phone call that gets directed to my answering machine (or voice mailbox) unconditionally, to be "opened" and "read" at my convenience. Looks like there's not going to be a renaissance of correspondence in my lifetime; this would mean that you wouldn't even have to be able to write *or* type, just talk. -- "Figures don't lie, but liars can figure." -- Jim Hickstein, Teradyne/Attain, San Jose CA, (408) 434-0822 FAX -0252 jxh%attain.teradyne.com@apple.com ...!{amdcad!teda,sun!teda,apple}!attain!jxh
jane@hpuxa.ircc.ohio-state.edu (Jane M. Fraser) (12/03/90)
In article <=447HB8@xds13.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes: >I've never had any problem refusing Radio Shack's request >for my address. I just say "no, I don't want to be on your mailing list" >and they say "OK". The last time I was in Radio Shack, the sales clerk asked for the last 4 digits of my phone number; I said 1234. He said "Wow, look at all these people with the same last digits of their phone numbers as your phone number." 3 second pause. I said: "No, actually these are all people who don't want to give you that info." He said: "No. Don't you understand? They all have the same last digits as your phone number." 3 second pause. I said "Why, yes, you're right. And that person there is me" (pointing randomly). My transaction was concluded, and I left, greatly amused. Jane Fraser Center for Advanced Study in Telecommunications The Ohio State University P.S. Feel free to use my phone number next time you deal with Radio Shack.
cyberoid@milton.u.washington.edu (Robert Jacobson) (12/10/90)
In California, in 1989, a bill (AB 539, Moore) was authored by Assemblywoman Gwen Moore to redress the imbalance between those creating and selling databases, and those who personal information was contained in them. It required a company not already covered by one of several more specific privacy laws to either: (1) Notify people upfront, when information was collected, that their information was going to be passed around, and to whom (in at least a general sense). or (2) Annually provide a notice of third parties to whom the person's personal information (as defined, intimate stuff not normally released to the public) had been released. You may be surprised to know that, with the exception of TRW, almost all of the commercial parties to a legislative pow-wow on this proposal agreed with its general tenor. They also made the case that legitimate firms had everything to gain from alleviating consumers' worry about their personal information, and everything to lose by fly-by-nights serving the stuff up without safeguards. The penalty for failing to provide information, direct and indirect damages for release of the information and resulting harm, were similarly agreed to on an approximately 35-1 "vote." Banks, retailers, Realtors, credit agencies, database vendors...all had positive things to say. But, the California Legislature being the weak institution it was, it only required TRW to make its case for the bill, which had passed the State Assembly, to fail in the Senate. I know. I drafted the legislation and hammered out the amendments. It could have worked, kept "government" out of the enforcer role, and redressed the imbalance. Too bad that some entities want it all. Bob Jacobson Former Principal Consultant Assembly Utilities and Commerce Committee