Privacy Journal




To order a subscription at a special rate of $65 a year (a 50 percent discount), provide a credit card number and expiration date and send us an e-mail,










INDEX covering 1994 through October 2005 - $14.50 hard copy from us or $6 by e-mail from us.

Back issues in electronic formats are available in ProQuest Computing and ProQuest Platinum Periodicals databases and in ProQuest microform (1978 to the present).


Hard-copy back issues, since 1974, are available directly from Privacy Journal, 401/274-7861.


Back issues since 1994 are available electronically by e-mail or floppy discs so that you can store them in your computer and search by key words or dates. Indexes to all our volumes are available electronically or in hard copy.



Celebrating Our 31st Anniversary This Year









___________________


Our Privacy Policy


In more than 30 years of business, we have never disclosed our subscriber list and do not intend to do so.

We maintain separate lists of persons we know to be interested in privacy issues. These are the lists to which we send advertisements about our newsletter and books. These are business addresses, not residences. On occasion we permit selected organizations marketing conferences or publications to mail these addresses. We remove from the lists anybody who makes a request.

We do not place "cookies" on your computer when you visit this site. The personal information you provide when you order books is stored off-line in a secure computer. We store customers' credit card account numbers so that we may retrieve them when repeat customers place orders. Sometimes we use the phone numbers of customers to notify them of the latest editions of our publications, but we never disclose telephone numbers or e-mail addresses to outsiders.


___________________





Highlights
From Recent Issues


Do You Still Have an Expectation of Privacy?
By Robert Ellis Smith


From Privacy Journal June 2006

Do you have a reasonable expectation of privacy? In the identity of the phone calls you make and receive? In your bank records? In your travels from place to place? In your medial records? Your phone conversations? Your Social Security number? Your Internet browsing? (Careful, it’s a trap question.)

What if the government or a private agency begins getting access to personal information that you previously assumed was reasonably confidential? Does that obliterate your “reasonable expectation of privacy”?

It took a Canadian to raise the question. At a conference on privacy at Carleton University in Ottawa last fall, Stephanie Perrin, now with the federal Privacy Commissioner’s office, rose to say that talking about an expectation of privacy in these times is a trap. “We should be talking about a reasonable need for privacy.” She went on to point out that we have a need for privacy in many areas even though that privacy has been eroded. In other words, governmental and business practices ought not eliminate a “reasonable expectation of privacy” on the part of the individual.

Other Needs, Not Expectations

Can’t the same be true about environmental protection? We may not expect clean air and clean water, but we do need them and are entitled to them. Or consider personal safety. We may not expect safe neighborhoods and cities, but we need them.

In 1967, when the U.S. Supreme Court ruled that the Constitution protects “people, not places” a lot of people and a lot of judges came to believe that the court had set a standard that the Constitution protects “a reasonable expectation of privacy” – and apparently only a reasonable expectation of privacy. But there is no basis for this in case law over the years.
The term never appeared in the court’s opinion in Katz v. U.S. (The court spoke of “the privacy upon which he justifiably relied.”) The idea of “reasonableness” comes from the concurring opinion by Justice John Marshall Harlan. He was characterizing the majority opinion saying that for a Constitutional violation “first, that a person must have exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as ‘reasonable.’”

The Reality

What the majority opinion actually said was that notions of private property and trespass were not really relevant in protecting the Constitutional right to privacy. What matters is what a person “seeks to preserve as private, even in an area accessible to the public.”

It is important in these times to recall that the Supreme Court in its 1967 decision invalidated the kind of government wiretapping that had been unchecked virtually since the invention of the telephone system. It the Katz decision, the court found a privacy interest against a practice that had been commonplace until then.

Yet, privacy advocates are constantly confronted with proclamations from government and corporate lawyers that there can be no reasonable expectation of privacy against practices that we have known about for years. Sometime this is morphed into a “legitimate expectation.”

Under that reasoning, we had a reasonable expectation of privacy in our bank transactions only until the Bank Secrecy Act was enacted in 1970, or only since passage of the Gramm Leach Bliley Act in 1999.

We had a reasonable expectation that credit bur reaus wouldn’t sell information in our credit reports without protections of the Fair Credit Reporting Act until they began to do so in the early 1990s.

We had an expectation that credit bureaus would not use Social Security numbers to confirm the identity of credit applicants until they began to do so in the early 1990s (and gave rise to an epidemic of identity theft).

We had a reasonable expectation of privacy in the contents of our medical files until a regulation under a 1996 law, HIPAA, removed much of that.

We had a reasonable expectation in the confidentiality of our records held by libraries, travel agents, real-estate agents, brokerages, retail stores, and private clubs. Did that disappear with Section 215 of the PATRIOT ACT, enacted in 2001 and renewed in 2006? (Much of that act requires that a terrorism investigation be a predicate for governmental demands into these files, but not all of it.)

We had a reasonable expectation of privacy in overseas phone conversations – at least if there was no probable cause of criminal activity or a need to gather foreign intelligence – until that was taken away by the Bush Administration.

We had a reasonable expectation of privacy in the numbers we dialed and the numbers of persons who phoned us – at least if we didn’t create any suspicion in our activities – until that was taken away by the Bush Administration.

We had an expectation that our Internet browsings would be confidential until the Department of Justice decided in 2006 that it would be a fine idea for Internet service providers to preserve that information for later government access.

A Loser for Citizens

What’s left? Under the “reasonableness” formulation (a loser every time for individual rights), we still have an expectation of privacy that our transactions at automatic bank teller machines in our neighborhoods and around the world will not be used to track our movements and prevent our making withdrawals. But do we forfeit that as soon as the government decides that it needs to use the ATM network for that purpose? Will it be said, “Americans cannot really expect that their ATM transactions won’t become known to investigators when this capability has existed for years and when the transactions take place in public”? (The Right to Financial Privacy Act of 1978 seems to require that customers get advance notice when federal agents get such access, but the PATRIOT Act may override that.)
Under the “reasonableness” formulation, we still have an expectation of privacy in a secret ballot. But where does that come from?

No law requires a secret ballot, no Constitutional provision, no court decision. And the secrecy of the ballot has been compromised from time to time when courts are investigating allegations of fraud. Yet we rely on it. Will the Bush Administration discover that this element of democracy is protected only by tradition, thereby allowing it to probe into the way each of us votes? The wedge has already been provided in the Help America Vote Act, which requires a driver’s license or portion of a Social Security number in order to vote. It creates state databases to keep track of voters and their identifying numbers. Experts testified just last month that the creation of these databases significantly increases the possibilities that hackers will be able to penetrate voting records.

Governmental Justification

If the government regarded a resolution to “fight terrorism in Iraq” as authority to monitor overseas telephone calls without regard to the federal law already on the books (as it did), will it regard the PATRIOT Act as authority to track citizens through their ATM usage? Will it regard the Help America Vote Act as authority to probe into the way we are voting? Will we then say collectively, “Gee, we thought that information was private. We had a reasonable expectation of privacy in that information.” And the government will say, paraphrasing Justice Harlan, “That was not an expectation that society is prepared to recognize as ‘reasonable’ under this administration. Just last month experts testified that hackers can get into voting information.”

Copyright © 2006 Robert Ellis Smith

Medical Theft of Identity
- From July 2006 issue

The World Privacy Forum warns about the emergence of theft of medical identity. Fraud artists are getting medical treatment in the name of a victim. The victim has no knowledge of the transaction until he or she discovers in the patient record mysterious entries for medical procedures he or she did not have.

Sometimes only insurance or payments information is used, not names or Social Security numbers.
One victim was told that he couldn’t have access to the information in his own medical file because it doesn’t pertain to him, it pertains to an impostor.
It is said that the former wife of Rep. Joe Barton, R-Tex., has had a stranger get medical treatment under her name in their hometown of Ennis, Tex. Barton is chair of the House Energy and Commerce Committee, which held hearings on theft of identity (the original version) in March.

The University of Connecticut Health Center reports a dozen attempts each week of persons trying to impersonate beneficiaries, sometimes to secure prescription drugs. Across the nation, this has resulted in additional requirements for patients to show identification documents before getting treatment. Blue Cross has begun warning its subscribers about medical ID theft.

For the full story, ask for a sample of our July 2006 issue.

Or ask for our June 2006 issue for a blockbuster article pointing out how some ill-informed lawyers' notions about "an expectation of privacy" actually diminishes your privacy. We will send you a free copy of the issue, if you send an email or U.S. mail request. Or call us, 401/274-7861.

Don’t Believe the Number
Of Laptop Losses of Personal Data?

See page three of our July 2006 issue for a complete listing of the losses of laptops with personal data in them.
Ask for a sample copy.

Another Credit Score to Decipher
- From May 2006

Just when you got used to figuring out your “FICO score” and its importance to determining your credit-worthiness, the Big Three credit bureaus want to change all that.

For years the benchmark for rating consumer-credit applicants has been the FICO score developed by Fair Isaac from data supplied by each of the Big Three. Each of the credit bureaus used its own data and formulas to score consumers and each credit grantor had different criteria for assessing a FICO score.

After a long battle [by PRIVACY JOURNAL and others], consumers finally got access to their own scores, which range from 300 to 850, with 720 generally regarded as the cut-off for acceptable risk. About 80 percent of the major lenders use the FICO score.

But Experian, Equifax, and Trans Union, which are supposed to be competing with each other, got together and did an end-run around Fair Isaac. They created their own credit score, based on a lettering system, A through F. The new product is to be called VantageScore. (The letter grades are backed by a numbering system roughly equivalent to academic grades; 901 or higher equals an A, 801 to 900 equals a B, etc. This means that a 720 as a VantageScore is so-so, but from Fair Isaac is a respectable credit score.)

“This will only cause confusion in the marketplace,” said Travis Plunkett, legislative director for the Consumer Federation of America. The three separate national credit bureaus will use the same methodology but will issue different scores for the same person. They will charge perhaps $5 for a consumer to see his or her own score, beginning next month. By federal law, consumers are entitled to see their own credit scores.

One analyst of the industry, Bill Hardekopf of LowCards.com, said that this scheme is a way for the major credit bureaus to recoup revenue
that they lost when Congress in 2003 required free credit reports for any consumers who ask.

“This isn’t about making credit easier for the little guy,” writes Liz Pulliam Weston, personal finance columnist for MSN Money. “This is business.”

For more about credit reports, ask us for a sample copy of PRIVACY JOURNAL with information about credit bureaus. orders@privacyjournal.net

Most Trusted Federal Agencies
- From March 2006

Ponemon Institute asked respondents in a survey which federal agencies they trust the most in handling personal information. Some of the results, showing the percentage of persons with confidence in the agency:

U.S. Postal Service 78 percent
Department of Veteran Affairs 76
Internal Revenue Service 75
Social Security Administration 70
Federal Trade Commission (FTC) 70
Bureau of Consumer Protection 68
National Institutes of Health 68
Federal Court System 67
Census Bureau 66
Military (Army, Navy, Air Force, Marines) 62
Bureau of Labor Statistics 62
Federal Emergency Management Agency 58
AMTRAK 58
Department of Commerce 57
Department of Health & Human Services 56
Small Business Administration 55
Department of Education 55 * * *
GOVERNMENT AVERAGE 52 * * *

LEAST TRUSTED:

Federal Bureau of Investigation (FBI) 42
Immigration and Customs Enforcement 40
Bureau of Citizenship & Immigration 39
Drug Enforcement Agency (DEA) 38
Transportation Security Administration 30
National Security Administration (NSA) 29
Department of Homeland Security 27
Central Intelligence Agency (CIA) 27
Department of Justice 24
Office of the Attorney General 22

ASK FOR A FREE SAMPLE OF OUR MARCH 2006 ISSUE FOR THE REST OF THE STORY

Personal Phone Number for ID
- From February 2006

Presenting a Social Security number is offensive to many people and it’s a publicly known number. It was never intended as an all-purpose ID. Microchip implants and tattooed bar codes may finally stretch the acceptability of the American public to the breaking point. (But who’s to say?)

Industry apologists herald “biometrics” as the best method for establishing identity. They regard matching of fingerprints, voices, eye characteristics, or facial geometry as impeccable methods for confirming a person’s identity. But every biometric identifier has false positives, sometimes 10 percent or more.

Latanya Sweeney has a better idea. Why not issue an individualized “identity telephone” to everyone?

She stresses that the idea is no more than an “academic exercise,” not a pragmatic proposal.
She and her computer science students at Carnegie Mellon University in Pittsburgh have been studying the possibility of issuing a tiny cell phone at birth that would combine elements of a camera, a fingerprint reader, geographical positioning (GPS), perhaps recognition software, and wireless technology.
To charge a purchase or enter a secure facility, a person would provide his or her “ID number/phone number.” The person seeking verification would call the number and the holder of the phone would acknowledge the call by pressing a key. That return signal would also verify the location where the person is at the present time.

Credit-card companies would bill directly to the phone number, perhaps with the use of an additional PIN. “There’s no extra information floating around,” says Sweeney; “the phone really just packages the needed information for a particular transaction. It separates people from the information about them. There’s no need for a central database.”

If the phone is lost, it is simply deactivated. Sweeney’s scheme would allow a government office to disable phones and reissue new phones.

For more on this story, ask us for a free copy of the February 2006 issue.

Cell Phone Numbers Called - Get 'Em Online
- From December 2005 issue
A mother of two children living in central Massachusetts was shocked to discover that her estranged husband could easily get a list of the telephone numbers she had dialed form her cell phone. “I’m sure he wanted to make sure I wasn’t seeing anyone,” says the woman. “He found a cell phone number that he didn’t recognize, called it and left threatening messages.”
For about $100 at several Internet sites, the husband and many others like him can purchase lists of numbers dialed from a targeted person’s cell phone. The same is true of land-line phone calls.
Is it legal? No state or federal laws restrict telephone companies from disclosing such information about customers, although most have policies against disclosure. How do the Internet brokers get the information? It’s possible that they pay a person within the phone company to provide the data – a disgruntled employee, a former detective now in the company security department, or a clerk who applied for a job precisely to feed the data brokers and make some extra money. Or perhaps it’s simpler than that: A security consultant in Quebec City reported that he was able to get call records faxed to him from major phone companies merely by knowing the targeted person’s postal code. Another method: Hackers can use special software to make their own number appear on call displays regardless of where they are calling from. Phone companies rely on the call display as confirmation of the caller’s identity and then provide the information to the imposter, according to the Quebec consultant. . . . ASK US FOR A FREE SAMPLE OF THE DECEMBER 2005 ISSUE, FOR THE FULL STORY.

Rosa Parks of Privacy Protection?
A 50-year-old mother of four children living in Denver faces minor federal charges this month for declining to provide personal identification while on a city bus on her way to work. One of her kids is soldiering in Iraq.
The RTD (Regional Transportation District) bus that Deborah Davis took to work in September happens to pass through the Denver Federal Center in Lakewood, Col. As she was sitting reading a book, a federal guard climbed aboard and demanded to see her identification. . . . what happened to her? ASK FOR THE JANUARY 2006 ISSUE FREE.

Quotable
- From November 2005 issue

“Fifty million consumers have had their data compromised this year, though I don’t think the sky
is falling.”
- Michael Turner, president of the Information Privacy Institute (whatever that is).

Credit References for Renters
- From November 2005 issue

The Federal Trade Commission has identified three new credit bureaus that attempt to provide credit information on tenants and low-income consumers whose present credit transactions don’t show up in the credit reports of the major bureaus, Equifax, Trans Union, and Experian.

One is PayRentBuildCredit based in Annapolis, Md., www.prbc.com. The founder concedes that getting credit data from millions of landlords is formidable, and so he has “verification partners” like mortgage brokers and insurance companies report the data.
At no cost, consumers may take receipts, cancelled checks, and utility bills to one of these “partners” to verify rent or utility payments. The
businesses then report the information to Pay-RentBuildCredit, to create a record of the person’s credit history.

Fair Isaac, which creates credit scores from traditional credit-bureau data, has another score for those with thin credit. "The FICO Expansion" score gathers information from non-traditional sources. www.ficoexpansionscore.com/Lender
Value.aspx. But among the sources are “payday loans,” intended to bridge the borrower’s cash-flow gap between paydays. Consumer advocates disapprove of using pay-day loan information because they believe this type of borrowing is not in a consumer’s best interests.)

First American Credco, which first offered consolidated credit reports (“Instant Merge”) based on reports from the Big Three, has begun selling a supplement called NTReport, which includes data from non-traditional sources like rent and utility payments. www.credco.com/emerging
markets.

For the full story, ask us for a free copy of our November 2005 issue.

Spend 20 Minutes for Your Kids
- From October 2005 issue

You may have thought that personal information possessed by your child’s school is protected, but that is not always so. The Department of Defense has a pervasive program for harvesting 4.5 million students’ addresses, dates of birth, even cell-phone numbers and e-mail addresses. The data file also includes Social Security numbers, in apparent violation of the federal Privacy Act. This is part of the Joint Advertising, Market Research and Studies program (JAMRS) in the Pentagon.

The infamous No Child Left Behind law, 20 U.S. Code 7908(a)(1), requires schools to turn over this data to military recruiters. It also provides parents with a chance to opt-out and demand that schools not disclose the information. But parents have to act to make this happen.

It is best to make a request in writing, and be sure to state whether you want your option to apply only to military recruiting or to all requests for directory information about your child (name, grade level, etc.).
Parents and students may also take advantage of the Defense Department’s own “name-suppression” database. Write JAMRS Opt-Out, 4040 N. Fairfax Dr., Suite 200, Arlington, Va. 22203. For more information, go to www.pta.org/documents/military.pdf.
The Pentagon has contracted with a marketing company named BeNow in Wakefield, Mass., to collect and massage the data. The system also collects similar data on 4.6 million college students and data on other young people from other sources. Two of the sources are American Student List, which has long compiled marketing lists on students, and Student Marketing Group. The Federal Trade Commission has cited the first company for deception in its data collection, and the New York State Attorney General has cited the second company for collecting data on students through phony survey forms.

Best advice: Insist that your child bring home any survey form before filling it out. Under the No Child Left Behind Act, ask that your school not release data on your children. Complain to 703/601-4722, Records Management Section, Pentagon 1155, Washington D.C. 20301-1155, that you think that the Defense Department’s operation of this information collection violates the federal Privacy Act.

Entire contents of this Web site:
Copyright © 2005 Robert Ellis Smith

U.S. Court Reverses Self on E-Mail Intercepts
- From September 2005 issue

In a 5-2 decision, the full Court of Appeals for the First Circuit has ruled that the interception of e-mail temporarily stored while en route to its final destination violates the federal law on electronic surveillance.

This reversed an earlier ruling by a panel of three judges on the same federal appeals court that an e-mail service provider did not violate the law by acquiring users' incoming e-mails without their knowledge or consent to gain a commercial advantage over a competitor. The original decision caused great consternation among privacy advocates, including Sen. Pat-rick Leahy, ranking member of the Senate Judi-ciary Committee, and prosecutors.

Judge Kermit V. Lipez, writing for the majority of the full First Circuit, concluded that the federal wiretap act definition of an electronic communication that may be intercepted to include “transient electronic storage that is intrinsic to the communication process for such communications." However, the court stopped short of deciding whether an electronic communication can be intercepted within the meaning of the law "after a message has crossed the finish line of transmission." U.S. v. Councilman (1st Cir. Aug. 11). Send an e-mail or phone for a free sample copy of the September issue with the full article.

Find a typo, spelling error or other mistake on this Web site and win a free book of your choice.

Letter to the Editor
- From August 2005 issue

From St. Paul, Minn.: Awesome articles on the cover and on page three of the July issue [RFID tags required of elementary students in California and parallel efforts to impose a national ID card]. “Scarifying,” as usual.

Would you provide a discussion of, or references to, solid and specific information about privacy implications (if any) of switching phone service to Voice Over Internet Protocol (VOIP)? Specifically, privacy implications for employees when the employer makes the change to VOIP?

For example, I assume that a record of outgoing calls (date, time, destination, length) is captured “in-house” and thus more easily accessible to the employer than records kept by a phone service provider – especially for local calls. Is the source of an incoming calls recorded anywhere other than on the telephone set (called ID, etc.)? As computer keystrokes can be recorded, can phone set “pulses” be tracked also? And what is the system’s ability (if any) to record or monitor the content of the calls as voices are “digitized” and sent over the Internet?

Response: Employers and others indeed have the capability of monitoring, logging, and tracking conversations transmitted via VOIP, as they do over existing telecommunications technologies. Your inquiry is timely. Phil Zimmermann, the man behind the popular and accessible Pretty Good Privacy encryption program for e-mail, has just announced that he is launching a new program that aims to provide the same security for Internet phone calls.

Like PGP and PGPfone, which he created as human rights tools for people around the world to communicate without fear of eavesdropping, Zimmermann’s new program, zfone, is intended for everyday users and for businesses seeking to combat corporate espionage. Whether employees will be permitted to use the product at work is another question.

VOIP, or Internet telephony, allows people to speak to each other through Internet connections. VOIP uses broadband networks, making conversations vulnerable to eavesdropping.

Need to know the states with "security breach laws" and the specifics? In our June 2005 issue. Ask for it.

The Specter of Surveillance
in One City

- From June 2005 issue

If you look out the windows of the downtown Boston offices of the American Civil Liberties Union of Massachusetts, you see surveillance systems closing in on you.

“Even in Massachusetts – the nation’s historic ‘cradle of liberty’ – civil liberties are under threat in ways that don’t necessarily make us more secure,” says Carol Rose, executive director of the Massachusetts ACLU. The surveillance cameras and other high-tech devices installed for the Democratic National Convention in August have found a permanent home in Boston.

One of the greatest threats, in Rose’s mind, is a new automated fare collection system on the subway line that has no anonymous option if transit riders purchase their fare cards with a credit card or debit card. The purchase is linked to an individual’s identity, as is use of the Fast Lane toll option on the Massachusetts Turnpike and on most toll roads in the U.S.

In Boston senior citizens, students, or those who are disabled must now show identification documents and have personal information linked to their fare cards to get discounted rates.

The transit system (called “The T” or the MBTA) will document the identity of riders and time, date and location where they board a bus or trolley or pass through a subway turnstile. Because of the vagaries of Boston’s aging sys-tem, there are no card-reading devices or turn-stiles at many disembarking points, and so the system doesn’t always record when a person leaves.

The new “smart card” is called a “Charlie Card,” named after “the man who never re-turned” when he got lost on the Boston subway, in the political song of the 1940s popularized by The Kingston Trio in 1959. (Charlie got lost be-cause of a complicated fare system.)

MBTA officials see the Charlie Card as allow-ing it to track riders and ridership, cut down on fare evasion, and create a more efficient transit operation.

"It will be a magnet for identity thieves seeking to get this information, and the worst thing is that consumers have no idea this is going to happen to them,” said State Senator Jarrett T. Barrios of Cambridge, who has been urging the transit authority to strengthen its privacy protections.

For the complete story, e-mail or call 401/274-7861 and ask for a free sample of the June 2005 issue.

Careless Record Keeping:
The Cumulative Effect

- From May 2005

To appreciate THE CUMULATIVE EFFECT, Privacy Journal newsletter compiled the following list of breaches of sensitive personal information, disclosed just since January. It's not an atypical list for a three-month period, but breaches are obviously getting more press attention.

* Tepper School of Business at Carnegie Mellon University reported that a hacker had access to Social Security numbers and other sensitive personal
information relating to 5000 or more students, staff, and alumni.

* Tufts University notified 106,000 alumni, warning of "abnormal activity" on its fund-raising computer system listing names, addresses, phone
numbers, and, in some cases, Social Security numbers and credit-card account numbers.

* ChoicePoint, the "information broker" based in Georgia, sold personal data on 100,000 or more persons to fraud artists posing as legitimate businesses.

* DSW Shoe Warehouse experienced a hacking incident involving access to an estimated 1.4 million credit-card numbers and names, 10 times more than
investigators estimated at first.

* HSBC North America, which issues GM's MasterCard, urged all customers to replace their cards as quickly as possible because personal data was compromised. The customer records of Polo Ralph Lauren Corp., were involved.

* Ameritrade Holding Corp., the online discount broker, informed about 200,000 current and former customers that a back-up computer tape was lost during shipping.

* Canadian Imperial Bank of Commerce, CIBC, one of Canada's leading banks, misdirected confidential faxes sent to outside parties over a three-year period. Bank of Montreal, Royal Bank of Canada, Scotiabank, TD Bank, and National Bank have also misdirected faxes with customer information.

* Motor vehicle departments in four states have lost personal data. The Texas Department of Public Safety mailed to 500 to 600 licensed drivers
renewal documents that pertained to other persons. In March, burglars rammed a vehicle through a back wall at a Nevada Department of Motor Vehicles and drove off with files on about 9000 people, including Social Security numbers. In April police arrested 52 people, including three examiners at the Florida Department of Motor Vehicles, in a scheme involving the sale of more than 2000 fake driver's licenses. Also, Maryland police arrested three people, including a DMW worker there, in a plot to sell about 150 fake licenses.

* A Boston-based storage company named Iron Mountain Inc., lost Time Warner Inc.'s computer back-up tapes with Social Security numbers and names of 600,000 employees and dependents. This is the fourth time this year that Iron Mountain has lost tapes during delivery to a storage facility, according to The Wall Street Journal.

* Someone gained access to the personal information of 59,000 students at California State University, Chico, the university revealed in March.

* A laptop that contains about 100,000 Social Security numbers of students and personnel at the University of California, Berkeley was stolen from the school's campus.

* Someone hacked into a database at the Kellogg School of Management at Northwestern University, possibly exposing data pertaining to 21,000 individuals.

* More than 1600 parents discovered in January that records in the Colorado State Health Department relating to an autism study were lost.

* * *A free copy of the current issue of Privacy Journal is available through orders@privacyjournal.net. Specify e-mail copy or hard copy (and include a mailing address).

A press interview
with Publisher Robert Ellis Smith

- From April 2005 issue

1. Issuing your special report on ChoicePoint is interesting timing. Do you really think it’s a good idea to kick a good company like ChoicePoint when it’s down? In football, piling on draws a penalty.

Robert Ellis Smith: I’m a journalist. Everybody needs to know about this company. It has been in the headlines but people do not realize that it grew out of Equifax, that it has been out of compliance with FTC orders for years, and that it is closely allied with the voter-list purge in Florida in 2000 and the development of “Matrix.” If mere words can crumble a company, it deserves not to survive. [To download the report on ChoicePoint, click below.]

2. Did you decide to issue your special report before the revelations about the loss of data made earlier this year?

Response: I issued it because of the many inquiries I have received wanting to know about the company and its nature. No one has covered Equifax more than I have.

3. What were some of its problems when it was Equifax? How did the company respond to privacy concerns before it became Equifax?

Response: When ChoicePoint was the insurance reporting division of Equifax, the FTC found it out of compliance with Fair Credit Reporting Act accuracy and correction requirements. Continually. ChoicePoint acquired an “information broker” that was known to be in-accurate, irresponsible and out of compliance with the FCRA (CDB Infotek).
Equifax was formerly known as Retail Credit
Co. It was abuses in the insurance and employment “consumer investigation” part of Retail Credit Co. that alone led to passage of the Fair Credit Reporting Act. That, in short, is why an act with “credit” in the title also regulates consumer investigations for insurance and employment purposes. See my book Ben Franklin’s Web Site for documentation of this. Within three years after the FCRA was enacted, the part of Retail Credit Co. now known as ChoicePoint was found by the FTC and a federal court to be out of compliance with the act in serious ways.

For the rest of the story, ask for a free sample of our April 2005 issue.

ID Theft Mainly in America. Why?
- From March 2005 Privacy Journal

Theft of identity is largely an American phenomenon.

There are reasons for that. Other nations don’t rely on an identifying number – like a number to keep track of pension accounts or government benefits – for other purposes, like identifying consumers in credit reports.

Since the early 1990s credit bureaus in the U.S. have been collecting Social Security numbers and relying on the numbers to confirm a match when a lender requests a credit report on an applicant. By the same token, credit bureaus usually ask a consumer who wants to see his or her own credit report, as permitted by law, to provide a Social Security number to confirm his or her identity. The Federal Trade Commission, which regulates credit bureaus, actually encouraged this in the 1990s.

Strangers can get Social Security numbers from payroll records or buy them from Internet sites.

Thus, it’s not hard to see why theft of identity is easy in the U.S. A stranger need only get a Social Security number to match a name and then ask a credit bureau to provide a copy of “his” credit report. The impostor changes addresses on the credit accounts listed on the credit report.

For the full story, ask us for a sample copy of our March 2005 issue.

Choicepoint, A Corporate History
- From March 2005 Privacy Journal

In our March 2005 issue, we published a timeline of the ignoble history of ChoicePoint, a former division of Equifax that is now known mainly for massive sales of personal information in its files to ID thieves. Here is an excerpt:

1996 CDB Infotek advertises that it will sell information at the top of a credit report – “header information” like Social Security number, date of birth, phone number, and “a/k/a’s.” It offers access to Social Security account information, the change-of-address lists of the Postal Service, lists of registered voters (in violation of state laws in California and elsewhere), and data on personal assets. It sells criminal and civil-court records, demographics of a target’s closest neighbors, California driving records, employment reports, and much more. In 1992 CDB had been cited by the FTC for major violations of the credit-reporting law. CDB did not challenge the FTC findings.

1996 Seven months after CDB’s ad appears, Equifax purchases 70 percent of CDB Infotek and folds it into its Insurance and Special Services unit.

1997 An Equifax shareholder, in a formal demand for due diligence by the parent company, cites “law-breaking, fraud and unethical conduct” by CDB.

1997 Alarmed by its negative reputation with the acquisition of Infotek, its FTC cease-and-desist orders, and consumer lawsuits, Equifax spins off its Insurance and Special Services unit and calls it ChoicePoint. The new unit absorbs CDB’s files. It also takes in driver and motor-vehicle, divorce, marriage, corporate, property-ownership, and other data of questionable reliability owned by a company called Database Technologies, Inc., in Boca Raton, Fla. ChoicePoint’s independence is questionable. The chair of Equifax, Inc.is chair of the executive committee of ChoicePoint’s board of directors. ChoicePoint’s new president was executive vice president of Equifax.

For the full story of ChoicePoint from 1970 to the present, ask for a sample copy of our March 2005 issue.

For a brand new report collecting all of Privacy Journal's past stories about this company (13 pages, $8.50) click above.

Uniform Drivers License = National ID Card
- From January 2005 issue

Tucked away in the intelligence reform act enacted in December is Section 7212, requiring federal standards for state drivers licenses and identification cards.

While previous Congresses and Administrations flatly rejected similar proposals because implementation amounts to a national identification system, the 108th Congress overwhelmingly passed the bill containing this provision.

After the standards are finalized through regulations, states must certify they are in compliance, and the Secretary of Transportation may conduct audits to guarantee compliance. After a specified date, no state drivers license that fails to conform to the minimum standards may be used for any federal “official purpose.” This means a nonconforming license may not be used for such things as boarding an airplane, buying a firearm, obtaining federal benefits, or entering a federal building.

Section 7212 specifies some items that must be on a drivers license (name, date of birth, gender, drivers license number, digital photograph, physical address of principal residence, signature) but leaves other items to a negotiated rulemaking. The final requirements will be set forth in a regulation that must be published within 18 months.

From a privacy perspective, placing your physical address on a license or identification card advertises that information to anyone viewing the license. FOR THE REST OF THE STORY, ask for a free copy of our January 2005 issue.

A National ID by Bureaucratic Stealth?
- From November 2004 issue

Congress is about to give Homeland Security Chief Tom Ridge the sole authority to create the equivalent of a national identity document.

Under an amendment added to a current proposal to create an intelligence czar (S 2845), Congress gives to the Secretary of Homeland Security the authority to issue a regulation for a uniform national driver’s license. But under the legislation, the document would be far more than a driver’s license. It would be required to board an airplane, a train or a bus, if Ridge so decides. It could be required to enter a federal building or to get federal benefits, and perhaps to vote. And the document will include fingerprints or eye scans, if Ridge so decides.

The provision does not require states to adopt the national uniform driver’s license, but by requiring it as ID in disparate non-driving contexts, Congress, or the Department of Homeland Security, will coerce the states into adopting it.

The House-approved version, part of HR 10, calls for creation of a national databank for storing and sharing personal information on all drivers. Congress would allocate about $100 million to assist the states in the conversion. It is the high price tag, not the civil liberties consequences, that has led many Members of Congress to offer timid opposition. Residents of blue states can’t blame this on a conservative trend among voters; the amendments creating a uniform driver’s license have bipartisan support, including from the expected Number Two Democratic leader in the Senate, Richard Durbin of Illinois.

Can Software Defeat 'Phishing'?
- From October 2004

New software tools to combat the intrusive on-line practice of “phishing” may require monitoring your Internet traffic in a way that is possibly more intrusive than the scourge of phishing itself.

Phishing accounted for an estimated $500 million in fraud in the past year, according to TRUSTe, a non-profit privacy group. TRUSTe’s new study also found that three-quarters of online users had experienced an increase in incidents in the past few months.
Phishing is the sending of an e-mail falsely claiming to be a legitimate enterprise, even using the logos of the enterprise, to tempt a user into visiting a site and surrendering personal information, which can then be used for identity theft and fraud.

Prominent victims include Bank of America, Best Buy, Citigroup, eBay, and their customers.

People are directed to Web pages that look identical to the companies' sites. Most ignore the “fishing” bait, but many bite. The practice is also called brand spoofing or carding.

The Securities and Exchange Commission warned this month about a scam in which phony e-mails purportedly sent by Smith Barney [pictured in our hard copy edition], a stock-brokerage unit of Citigroup, Inc., seek recipients’ account information.

In response, developers have created new forms of anti-phishing software; Microsoft has pro-posed new security standards directed at stop-ping the phenomenon. But are the new tools also intrusive? The first line of defense that companies such as MasterCard have used against phishing is simple, “intelligent” online monitoring. The electronic asset protection company NameProtect, for example, offers a service to MasterCard and others that scours millions of Web pages, domain names, chat rooms, and the like for indicators of online fraudulent activity.

For the REST OF THE STORY, call or write for a free sample of our October 2004 issue.

The ABCs of RFID
By Mikhail Zolikoff
- From August 2004
Beginning next year, observant consumers will notice an additional logo stamped on the products they purchase from retailers. This logo will indicate that the product carries an RFID (or “radio frequency identification”) tag.

RFID electronic chips are capable of storing unique identifying information about a product and then remotely transmitting that information to a tag reader by use of radio waves. Manufacturers will be using these miniature imbedded tags to keep track of materials in production and distribution. Retailers are implementing this technology with the hope that the checkout experience will be shortened, inventory costs will reduced, and product theft and shrinkage (the loss of product between the manufacturer and the shelf) will be eliminated.

Eventually these tags, also known as “Electronic Product Codes” (EPCs), will replace the familiar but outdated UPC, the Universal Product Code, or bar code. Distinct RFID tags would be assigned to each individual item; by contrast, a bar code is assigned to all identical items. RFID tags identify a particular item purchased at a particular time; bar codes merely identify a category of individual items. RFID tags have the capacity to transmit large amounts of data about an individual item. Bar codes, by contrast, can reflect only the identity of the generic product, brand, size, and pricing.

Privacy activists have repeatedly expressed their concerns that the RFID labels in consumer goods could potentially be used for tracking the possessor of the item without consent. While the electronic chip embedded within each tag has the capability of being “killed” or deactivated and therefore no longer able to transmit its identifying information, this has not been established as a default when consumers purchase their items and leave the store. As such, anyone with a tag reader – the devices are readily available on the Internet and the price is quickly dropping – could scan you, your car, or your home without your permission to determine which products you’ve purchased and have in your possession.

Hewlett-Packard, one of the corporate sponsors of the 27-mile Boston Marathon, sponsored a project in which RFID tags were imbedded in the shoelaces of each runner in the event last April. As the runner ran across special mats placed along the route to Boston the transponder reported each competitor’s place and the running time to a Web site. Family members and news reporters could then access the infor-mation in real time.

Privacy critics of the technology ask us to imagine the consequences when the highly per-sonal items we carry around day to day are identifiable without our consent.

For the full text of this story, ask us for a sample copy of our August 2004 issue.

Why Are Fingerprints Demeaning?
- From June 2004

Letter to the Editor
From Minneapolis: How can we explain, in a language the average American can understand, why fingerprinting foreigners is a bad idea? I have lots of theoretical arguments, but nothing visceral.

Response: We are familiar with fingerprints in a criminal context. That’s why it is an indignity to be asked for a fingerprint, in order to cash a check, cross a border, get public assistance, or hold a job. Getting fingerprinted is stigmatizing. It connotes suspicion. In addition, in the electronic age, the print image goes beyond the control of the individual who provides it, and probably beyond the control of the organization gathering it.

There is a real possibility that the electronic image could be affixed to a crime scene, to a piece of evidence, or other object, either maliciously or in error. The same is true of electronically stored signatures. Wise citizens know to refrain from providing such sensitive biometric bits of themselves before the technology has been fully tested for reliability and trustworthiness.

Further, providing a fingerprint in a law-abiding context increases the chances that an individual’s prints will be stored in the databases that are checked when latent prints are found at a crime scene - like the National Crime Information Center or the FBI’s automated fingerprint database. This increases the chances that the innocent individual will be identified by an erroneous match. These false positives are not frequent, but persons whose prints are not in the database have a zero chance of being the victim of a false match.

A component of privacy is autonomy – the ability to make personal choices – and to control sensitive personal information, even if it is accurate. Within that definition, the collection of fingerprints from masses of law-abiding individuals is a loss of privacy.

Video Voyeurism Bill Advances

The House of Representatives is expected to pass a bill making it a federal crime to capture an “improper image” of an individual nude or in undergarments without consent, where there is “a reasonable expectation of privacy.” The so-called “video voyeurism” bill, S 1301, matches laws enacted in 32 states in the past five years but does not preempt or invalidate them. The federal bill, approved by unanimous consent by the Senate last September, exempts law en-forcement and intelligence. Michael DeWine, R-Ohio, introduced the bill a year ago; in his home state prosecutors had difficulties trying to charge or convict a man accused of using a hid-den video camera in his home to record unsus-pecting female cheerleaders changing clothes to use his swimming pool.

For the complete story, ask for a sample copy of our June 2004 issue.


Nearly Half of Us Add Content
- From March 2004

About 44 percent of Americans who access the Internet have contributed content to it, in the form of photographs on Web sites (21 percent), or text (17 percent), like blogs or personal on-line journals. Thirteen percent have their own personal Web sites and 15 percent contribute to sites operated by their businesses or volunteer organizations. Users in their twenties are the most active, according to a new survey and re-port from the Pew Internet & American Life Project called “Content Creation Online,” www.pewinternet.org/reports/toc.asp?Report=113.

Among 3300 adults surveyed this year, 91 per cent were aware of the federal Do-Not-Call list and 57 per cent had registered with it; 25 per cent of those registered said that cold calling had stopped completely, while 53 per cent said they had received fewer calls. Humphrey Taylor, the chair of Harris Interactive, which conducted the survey, said: “It is rare to find so many people benefiting from a relatively inexpensive government program. This successful initiative now raises questions about the desirability of [permissive do-not-spam legislation enacted last December] when, according to other surveys by Harris Interactive, the overwhelming majority of those online find spam very annoying.”

Privacy Journal publishes up-to-the-minute news on meetings, new publications, polling, and legislative proposals each month. Write us for a free sample.

20 Minutes
- From January 2004 issue

This monthly feature advises you how to protect your own privacy, by taking 20 minutes a month.

Dispose of any documents or correspondence that show your Social Security number, credit-card numbers, or other sensitive personal information only after shredding, either by hand or machine. If you tear off the portion with account numbers by hand, dispose of the pieces in a separate trash can and place it for collection on a separate day.

Or you can purchase a shredder, now a necessity in most homes. Pro-Tech Shredding in Worcester, Mass., will provide you with a ten-percent discount if you mention PRIVACY JOURNAL (before May 30). Check out their HSM 80 to 100 series, at www.protechshredding.com, or place your order
at 800/893-6703, fax 508/799-0517800,
aklaucke@surfbest.net.

The Man Who Just Said 'No'
- From December 2003 issue

He’s been called an “unemployed cowboy with no assets beyond a few head of cattle and a pickup truck.”

A newspaper article called him a grouchy farm hand. An article on the Web site of the Clark County (Las Vegas) Bar Association, which should know the libel laws, calls him “a drunk in rural Nevada.”

A national newspaper columnist said that his name should be Obstinate.


And that’s the whole point. Dudley Hiibel declined to give his name when approached by a police officer just outside the limits of his hometown of Winnemucca, Nev. (pop. 9400). A witness had reported to the deputy seeing a man strike a woman with whom he was riding in a pickup truck. The deputy found Hiibel standing by his vehicle at the side of the road. He assumed that Hiibel had been drinking. Eleven times the officer asked Hiibel to identify himself, and 11 times Hiibel declined. And so the officer arrested him on charges of violating a state law that requires a person to identify himself when police stop him or her with reasonable suspicion of criminal activity. The woman he was with was his daughter.

Hiibel engaged the public defender in Humboldt County, Robert Dolan, to defend him. Hiibel – known as Larry D. Hiibel in court documents – was convicted of obstructing and delaying a police officer, a misdemeanor worth a $250 fine.

When a higher court affirmed the conviction, Hiibel immediately turned to his lawyer and said, “I’m being treated like I’m in a communist country.”

Dolan sued the court on his client’s behalf, and the case of Hiibel v. Sixth Judicial District Court soon came before the State Supreme Court of Nevada. Hiibel, 54, was not seen at the oral arguments, but he managed to get three of the seven members of the high court to agree with him. But a four-person majority ruled against him. Now the U.S. Supreme Court has scheduled oral arguments for January in his appeal to the highest court in the land.

For the full story, and to learn what this has to do with personal privacy, send an e-mail or call us for a free sample copy of our December 2003 issue.

Privacy Tip
- From October 2003 issue

Credit-card company rules require merchants to accept a card charge without demanding additional ID or other information as long as the signature on the back of the card bears a "reasonable likeness" to the signature you provide on the credit slip. Report merchants requiring additional ID (or setting a minimum charge) to MasterCard at www.mastercard.com. (However, American Express allows some firms like WalMart and K-Mart to require you to provide your billing address Zip code in a digital key pad). In CA, DE, DC, FL, GA, KA, MD, MA, MN, NJ, NY, ND, PA, RI, and WI, it is illegal for merchants to record any extra information on credit slips like phone numbers, addresses, or ID numbers. For more on this tip for protecting your privacy, ask us for a sample copy of the October 2003 issue.

Federal Regulations for Ferry Travel
- From September 2003 issue:

All ferry companies in the U.S. must develop security plans by the end of the year that may lead some of them to demand photo IDs for passengers.

An interim Coast Guard regulation requiring new security precautions on maritime vessels does not require or even suggest demanding IDs; in fact, it says that a ticket is adequate proof that a person belongs on a vessel. But any ferry company is free to use the regulation to initiate a photo ID requirement for passengers, and the regulation recognizes the seagoing tradition that a boat captain may deny passage to anyone for any reason.

On a separate matter, the authority to search passengers, the interim regulation requires boat companies to “conspicuously post signs that describe security measures currently in effect and clearly state that . . . boarding the vessel is deemed valid consent to screening or inspection; and failure to consent or submit to screening or inspection will result in denial or revocation of authorization to board.”

However, the vessel operator must also “ensure vessel personnel are not required to engage in or be subjected to screening, of the person or of personal effects, by other vessel personnel, unless security clearly requires it. Any such screening must be conducted in a way that takes into full account individual human rights and preserves the individual’s basic human dignity.”

On IDs, the same section of the rule says that vessel operators must “check the identification of any person seeking to board the vessel, including vessel passengers and crew, facility em-ployees, vendors, . . and visitors. This check includes confirming the reason for boarding by examining at least one of the following: (i) joining instructions; (ii) passenger tickets; (iii) boarding passes; (iv) work orders, pilot orders, or surveyor orders; (v) government identifica-tion; or (vi) visitor badges issued in accordance with an identification system required [by the regulation].” Further, the vessel operator must, “deny or revoke a person’s authorization to be on board if the person is unable or unwilling, upon the request of vessel personnel, to establish his or her identity.” * * *


For the full story, call or write for a free sample of our September issue.


Complaints Lead to New Air Travel Proposal
- From August 2003 issue

In response to complaints from privacy activists and advocacy groups for Middle Eastern ethnic minorities, the Transportation Security Administration in the U.S. Department of Homeland Security narrowed somewhat its proposal to gather and search out personal data on airline passengers.

The proposed CAPPS II program is to detect passengers who may raise suspicions that require heightened searches at airports. Originally TSA wanted to keep its data for 50 years; that has been curtailed to a day or two after a flight unless there is suspicion. Originally, TSA wanted to query credit records. That element has been left out of the latest, revised proposal. www.tsa.gov/public/display?theme=8&content;=631, 68 Federal Register 45265, Aug. 1.

Still, the new proposal now calls for demanding date of birth from airline customers and for passenger records to be “run against commercial databases.” That usually means using ChoicePoint, a discredited database company that has been cited repeatedly for selling erroneous data. ChoicePoint has Social Security numbers, and home addresses, along with phone numbers of millions of individuals and some arrest data. (Attorneys in Florida have filed a class-action lawsuit against ChoicePoint and the parent company of Lexis-Nexis for allegedly obtaining drivers’ records in violation of the Driver’s Privacy Protection Act. Levine v. ChoicePoint, 03-80491 (S.D. Fla. 2003).)

If you object to providing a date of birth every time you make an airline reservation and object to a federal agency promoting use of the dubious databases of ChoicePoint, send comments to the Privacy Office, ATTN: Yvonne L. Coates, U.S. Department of Homeland Security, Washington, DC 20528. You must identify the docket number DHS/TSA-2003-1 at the beginning of your comments, and you should submit two copies. You may also submit comments via e-mail to privacy@dhs.gov.


Twenty Minutes a Month
- from the May 2003 issue
This monthly feature advises you how you can campaign for privacy protection or protect your own privacy, by taking 20 minutes a month. If you subscribe within the next month, ask us for a copy of all of these tips, and we'll send it to you free.

One simple way to dramatically reduce your risk of identity theft and secondary use of personal information is to opt-out from prescreened credit card offers. These offers are sent to individuals whose credit reports match criteria desired by credit issuers. The problem with these offers is that they can be intercepted in the mail by a fraud artist and then used to obtain credit in your name. Prescreened offers are delivered not only by mail; there is a growing movement to transmit them by e-mail, which implicates even greater security risks.

You can opt-out of prescreening from Experian, Trans Union, and Equifax by calling one phone number: 1-888-5-OPTOUT. Pay careful attention to the options on the phone menu. The first option on the menu will remove your information for only two years. The second option places you back on prescreening lists! The last option is the one that you want – it will remove your information from prescreened list permanently. In order to exercise this last option, you will have to complete a form that will be mailed to you after you complete the telephone call.

Other ways to reduce the risk of identity theft: Provide your Social Security number only when the transaction has tax consequences or involves Medicaid or Medicare. Do not provide it to apply for credit, employment, or insurance. Don’t provide it by telephone to strangers or to anyone by fax. Check your own credit report for accuracy, perhaps once a year. Before disposing of documents with credit-card numbers or Social Security numbers on them, tear them in half, splitting the identifying numbers, and then deposit the pieces in separate trash containers.

Just Published
From the April 2003 issue

In a new study, the Center for Democracy and Technology advises a couple of tricks to lessen the amount of unwanted e-mail advertising (spam). List your address on Web sites and newsgroups as username at isp.com. for example. Listing your real address, like username @isp.com makes it easy for marketers to harvest it automatically and add it to their lists. Another idea: use a second e-mail address as the “public address” that you make available on-line and in commercial transactions. Information from Ari Schwartz, 202/637-9800, www.cdt.org/speech/spam/030319spamreport.shtml.

CDT has also published a handsome collection of papers from advocates and corporate officials on issues before the current session of Congress, Considering Consumer Privacy, A Resource for Policymakers and Practitioners, edited by Paula J. Bruening (102 pages). www.cdt.org.

In each issue, Privacy Journal provides tips like this and a listing of new publications and upcoming events relevant to protection of personal privacy.

20 Minutes
From the March 2003 edition

This monthly feature in Privacy Journal advises you how you can change the world, or at least one part of it, by taking 20 minutes a month. This suggestion is submitted by Chris Hoofnagle of EPIC.

Customer proprietary network information (CPNI) is data collected by telephone companies about your phone calls. It includes the time, date, duration, and destination number of each local call on your account. Telephone companies wish to sell this information for marketing purposes and have mounted legal challenges to laws that increase privacy protections for your calling information.

Currently, the Federal Communications Commission is allowing telephone companies to use opt-out as a method for allowing consumers to end CPNI sharing. To protect the information about your calls, call your phone company and specifically request that CPNI not be shared. The telephone companies bet that you won’t call. In challenging stronger privacy protections, the Qwest Corporation described consumers as “uneducated, inattentive adults.” Let’s opt-out of CPNI sharing, and prove Qwest wrong!

The next time you receive a phone bill, be sure to call your telephone service provider, and request to opt-out of all CPNI sharing. The opt-out system varies among carriers, and in some cases, depending on the state in which you reside. Also, be warned that one company, Verizon, has established a toll-free opt-out system (866/483-9600), but the process is confusing and Verizon describes your right to opt-out as placing a “restriction” on your account.

A New Fashion Statement?
- From February 2003 edition

There a “ChipMobile” moving about the nation – or at least about communities in Florida. It’s Applied Digital Solutions’ “state-of-the-art, fully equipped mobile unit to spread awareness about the benefits of VeriChip to wide audiences.”

VeriChip, first announced in December 2001, is a miniaturized radio-frequency identification device (RFID) that can be used in “a variety of security, financial, emergency, identification and health-care applications,” according to the company. It now has seven authorized VeriChip centers in Florida, Washington, D.C., and elsewhere in the U. S.

Back in September 1994, PRIVACY JOURNAL reported, “Entrepreneurs in the microchip-implant business who are eager to sell their products to ‘the human market’ have said that implanting identity chips in Alzheimer’s patients would be the most benign and publicly acceptable use of human implants with which to begin.”

Indeed, doctors for Applied Digital Solutions
first implanted the tiny VeriChip transponder in a memory-impaired patient on May 10, 2002. Now there are 20 Americans walking around with them, including the company’s public relations consultant, who proudly wears an implant in his upper right arm. The new chips are inert demos right now because the reading devices for them are scarce and because the chips do not locate the individual or store medical information.

For the complete story, ask us for a sample copy of the February 2003 edition:

Virginia Citizen Makes Courts Think Twice
- From January 2003 issue

Court clerks throughout the nation may be moving to post court documents on their Web sites, but in Virginia that trend has skidded to a halt because of the efforts of one woman.

Betty “BJ” Ostergren of Hanover County began her campaign to warn citizens of the invasion of their privacy last August, when a local title searcher told her that the county clerk planned to place court records on-line. The records would include deeds of trust with signature facsimiles and Social Security numbers; certificates of satisfaction/assignments; homestead deeds; final divorce decrees; judgments and liens; wills; lists of heirs; fiduciary reports for estates; and Financing Statements (often called UCC’s).

BJ was infuriated by this prospect. She decided to spend money she had set aside for family Christmas gifts to launch a direct-mail campaign.
BJ Ostergen’s direct-mail approach was effective. She downloaded personal information from Web sites maintained by neighboring counties and mailed it to the individuals involved, along with a letter urging action. She started with King County. “I got the folks riled up over there and the Board of Supervisors eventually voted to kick the clerk off the Web site since he was using the county’s site,” she told FauquierNews, an electronic investigative news-letter on open records in Virginia edited by James Borland.
www.fauquiernews.com/010703issue.htm.

Ostergren claims credit for ending Internet pub-lication of citizens’ documents in King William, Scott, and Warren counties. Her home county never went ahead with its plan. At a citizens meeting on general concerns sponsored in Richmond last month by the Virginia Institute, Ostergren energized the people there, got a State Senate candidate fired up by displaying the data on him that she had downloaded, and had a member of the state legislature promise to intro-duce a bill to limit the kinds of personal data that courts may display on Web sites. This month she’s building her own Web site, not to show personal information about citizens but to inform them of their vulnerability. www.opcva.com/watchdog.

For the full text of the article, send us an e-mail request for a free sample of the January 2003 issue.
_________
If you have gotten this far in our Web site, you deserve a free 6 month subscription! Call us or e-mail us and ask for the free subscription to the "Eric Blair" special. If you identify the significance of that name, we'll add a free month to your 6 free months!

Canada’s Privacy Watchdog Presses On
– From December 2002 issue

The Privacy Commissioner of Canada has had an extraordinarily busy year, and no month has been busier than November. Within just 25 days, George Radwanski took on the Parliament, the Customs Agency, the passport office, and the entire governmental establishment implementing anti-terrorism proposals.
When George Radwanski was appointed in 2000, it was predicted that he would be controversial. He has not disappointed. Back in 2000, Conservatives in the Parliament and some privacy activists sharply attacked the nomination, saying that Radwanski was “unacceptable” because he was too chummy with the Liberal government of Prime Minister Jean Chretien. [See PJ Sep 00.] Indeed, Radwanski had held several partisan offices (like his predecessors as Privacy Commissioner actually).
A year ago, Radwanski was out on a limb with several assertive rulings in favor of protecting privacy. [See PJ Nov 01.]
He fired off more salvos last month:
Nov. 1: The Commissioner criticized the government’s proposal in Parliament to provide the Royal Canadian Mounted Police and the Canadian Security and Intelligence Service with unfettered access to personal information on all Canadian passengers held by airlines. “I have raised no objection to the primary purpose of this provision, which is to enable the RCMP and CSIS to use this passenger information for anti-terrorist ‘transportation security’ and ‘national security’ screening. But my concern is that the RCMP would also be expressly empowered to use this information to seek out persons wanted for criminal offenses that have nothing to do with terrorism, transportation security or national security. In Canada, it is well established that we are not required to identify ourselves to police unless we are being arrested or we are carrying out a licensed activity such as driving. The right to anonymity with regard to the state is a crucial privacy right. Since we are required to identify ourselves to airlines as a condition of air travel and since [the proposed law] would give the RCMP unrestricted access to the passenger information obtained by airlines, this would set the extraordinarily privacy-invasive precedent of effectively requiring compulsory self-identification to the police.”

Nov. 5: He told the foreign ministry to remove “place of birth” from Canadian passports because “We do not have different classes or categories of Canadian citizens depending on their country of birth.”

Nov. 22: The Commissioner, for a second time, termed as illegal a planned expansion of a Customs Agency database to collect personal information on new arrivals in the country and keep it on file for six years. This time he produced two legal opinions provided at his request by a retired Supreme Court justice and by a former deputy attorney general who helped draft the Canadian Charter of Rights and Freedoms. “I have made clear to you and to your most senior officials on numerous occasions my concern that the amassing of dossiers of personal information on all law-abiding Canadians, as is being done by your CCRA database, has no place in a free and democratic society like Canada,” Radwanski said in a sharply worded letter to the Minister of National Revenue. “These concerns have been endorsed by seven provincial and territorial information and privacy com-missioners from across Canada. Now you have it on the authority of two of Canada’s most eminent legal and Charter experts that your ‘Big Brother’ database is in violation of the Canadian Charter of Rights and Freedoms. I cannot imagine what more a reasonable person such as yourself can require to be persuaded that this database initiative is untenable and cannot stand.”

Nov. 25: The Privacy Commissioner told the heads of three ministries that their plan for “lawful access” to citizens’ Internet, cell phone, and e-mail activities was ill-advised. “If Canadians can no longer feel secure that their Web surfing and their electronic communications are in fact private, this will mark a grave, needless and unjustifiable deterioration of privacy rights in our country,” he stated. Radwanski said in a newspaper interview that the Liberal government had lost its moral compass. The ministries replied that they heard Radwanski’s complaint but “our interest in these proposals is public safety.”

For the full story, write us for a free sample of our December 2002 issue.

Letters to the Editor
- From the November 2002 issue

From Boston: I’m gathering information about theft of identity on college campuses. Many schools have students use their Social Security numbers as their student ID#, which frequently gets placed on a student ID card (which can be lost or stolen). That number is used for everything from getting your grades to getting into the cafeteria.

Response: Laws in Arizona, New York, and Wisconsin now prohibit state universities from requiring Social Security numbers as student ID numbers.

From Cyberspace: Can any one tell me the idea and meaning of this question? “Most persons think of the publication of private facts about a person when they think of the right to privacy, yet this variety of the tort has been the least accepted by the courts. Why?” What’s that mean deeply?

Response: Lawyers traditionally have divided the “tort” of invasion of privacy into four branches: disclosure of private facts about a person, commercial appropriation of a person’s likeness or persona, portraying a person in a false light even though “truthfully,” and intruding upon a person’s solitude or personal space. The question says, “People usually think of the disclosure of private facts when they think of privacy, yet of the four branches, courts seem most reluctant to accept it, or approve lawsuits involving it. Why?”

From Van Meter, Iowa: I just recently ordered the Compilation of State and Federal Privacy Laws from Amazon, and I want you to know how helpful I’ve already found the compilation book.

From Cyberspace: Would you consider doing a piece on www.vitalsearch-ca.com? They are publishing birth records on all of the people born in California. And that includes everyone’s mother’s maiden name and DOB. We don’t like to see our children’s names on these Web sites. Maybe if everyone goes to the Web site, and finds their name, they’ll be so disgusted that they’ll get a law passed to stop this nonsense. You might also consider doing a piece on www.anybirthday.com. They get this DOB information from voter registration records. If people knew that when they registered to vote their names and dates of birth were going to be sold to companies such as this one, they’d probably not register again. When we called one of the county offices, even their own employees were unaware that the government sold this information. Luckily, you can remove your name from this Web site, but that does not really solve the problem. The government should stop selling this information.


Go to our Ranking
of States in Privacy Protection




Essential Books

A - Legal Reference
B - History
Ben Franklin's Web Site: Privacy and Curiosity From Plymouth Rock to the Internet

the tug between privacy and surveillance in U.S. history
C - Advocacy
D - Current issues
War Stories

Anecdotes of Persons Victimized by Invasions of Privacy
D - Current Issues
D - Current issues
Our Vanishing Privacy

Essays on privacy issues
E - Directory
Directory of Privacy Professionals

500 names, address, phone numbers, and web sites of the top experts and organizations in the field of personal privacy. $12.50
F - Legal Reference
G. Classic Still Available
Privacy: How to Protect What's Left of It

1980 National Book Award nominee
Order Form
Regional Humor
Block Island Trivia

Quiz for a Rainy Day


Created by The Authors Guild

A note for users of older versions of Internet Explorer, Netscape, or AOL:
This site will look a lot better in a newer browser. Download one for free!
Internet Explorer: Windows Mac   |   Netscape: Windows Mac Other
For AOL users, please choose Internet Explorer above.