Home/red-rock-eater/CPD -- travel and medical privacy

CPD -- travel and medical privacywriting

militaryhistorysurveillanceprivacylibrariesinternet-culturehealth
1994-11-22 · 9 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/1994/CPD.--.travel.and.medica.html

Content

This web service brought to you by Somewhere.Com, LLC.

CPD -- travel and medical privacy

``` We're just now encountering a new generation of privacy issues that are, in my opinion, much more serious than anything we've seen before. Some of the messages I've excerpted from an issue of Computer Privacy Digest touch on these. You may not feel so bad about carrying credit cards and drivers' licenses with magnetic strips on the back, since at least you know when the data is being read. But technologies are proliferating, such as the Metro card mentioned here, that make you a walking (or driving) emitter of bit radiation, permitting you to be tracked for all sorts of reasons. "So what?", you might say, "I'll just refuse to use these technologies." Well, good luck. It'll be about as easy as refusing to drive or use credit. A much better alternative is to learn more about them now and get involved. Throw a public spotlight on the highly political standards-setting processes behind these systems, and make sure that people understand that they very frequently CAN be made anonymous and that they very frequently SHOULD be made anonymous.

Phil Agre

Date: Wed, 30 Nov 94 14:50:59 EST From: Computer Privacy Digest Moderator Subject: Computer Privacy Digest V5#068

Computer Privacy Digest Wed, 30 Nov 94 Volume 5 : Issue: 068

---

From: Dave Moore Date: 28 Nov 1994 14:06:14 -0500 (EST) Subject: DC Metro Smart Cards

I saw an interesting article in yesterdays (27 Nov. 94) Washington Post. It was an article on the planned introduction of a Smart Card for using the DC Metro. That's the local subway for those few people in the world that don't live near DC .

There were several aspects about this smart card that caught my interest.

The article stated that the card only needed to be brought within about 14 inches of the reader, thus allowing the user to keep it within his or her purse or wallet. I infer from this that it is an RF reader and not optical.

It also stated that it was far more secure than a standard fare card because if you lost it, you could report it stolen and have it disabled. I infer from this that your personal ID is tied to the card and that it is not anonymous.

Although it may not be intended, this automatically gives the ability to track your personal use of the subway. Granted that this is pretty benign for most people, it is nevertheless interesting.

Other possibilities present themselves. Since the "scan" of the card is non-contact and not optical, the possibility exists of covertly scanning from other locations. What if stores added a smart card detector to their current theft detectors?

The other thing that struck me is that they (Metro Authority) plan on charging a "Premium" for the card. A discount I could understand to encourage its use, but why would anyone want to pay extra for this thing?

---

From: bcn@world.std.com (Barry C Nelson) Date: 29 Nov 1994 08:00:04 GMT Subject: Re: DMV Records Organization: The World Public Access UNIX, Brookline, MA

John Medeiros <71604.710@compuserve.com> wrote: The following article was printed in the "Orange County Register", Tuesday, November 22, 1994, news section, page 2: Car-rental firms checking on drivers [...] rental-car companies are taking advantage of a California system to allow instantaneous access to drivers' records. [...]

The recently enacted Violent Crime Act changes the federal law with regard to granting access to state DMV records. Sec 300001 adds a new chapter in Title 18 U.S.C., Chapter 123, Section 2721 (a): "Except as provided in subsection (b) a State department of motor vehicles and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record."

Interestingly, "personal information" does not include information on vehicle accidents, violations or driver's status or zip code.

Of course, one of the exceptions is for "legitimate" business use to verify personal information submitted by the individual, and another allows disclosure if the requester demonstrates written consent by the individual. Also, State law may authorize any other use related to motor vehicle operation or public safety. Effective 9/97. There are criminal and civil penalties for violations. $5,000 per day for a state found in violation.

Should be interesting to see how states are going to deal with this one.

---

BCNelson

---

From: "Richard Schroeppel" Date: 29 Nov 1994 14:41:03 MST Subject: Re: DMV Records

Car-rental firms checking on drivers The companies turn down about 8 percent of drivers for accidents, tickets and other telltale signs that a driver might wreck their car. More than 1 million drivers have had their records checked in the first year of the Department of Motor Vehicles program. Alamo, Avis, budget, Dollar, Hertz and Thrifty rental companies are the major ones tapped into California driver records. Enterprise and National are not.

The thing that annoyed me about this was that Budget accepted a rental reservation over the phone, and then did the checking (weeks later) when I showed up at the car rental desk. To my mind, accepting the reservation implies a commitment to do business.

---

Rich Schroeppel rcs@cs.arizona.edu

---

From: John Kwiatkowski <0007152212@mcimail.com> Date: 29 Nov 94 23:15 EST Subject: Re: DMV Records

I have seen it mentioned here and elsewhere about DMV databases from various state that are actually available to the public via on-line services. However,no one has said exactly which services provide this DMV information to subscribers. If anyone knows which services re available out there that make these databases available,I would sure like to know who they are and most everyone reading this Digest,I am sure,would like to know also.ANy information is appreciated.

---

John

---

From: vberdaye@magnus.acs.ohio-state.edu (Vicente Berdayes) Date: 29 Nov 1994 03:07:19 GMT Subject: List of Speakers: Privacy Conference Organization: The Ohio State University

PRIVACY, THE INFORMATION INFRASTRUCTURE AND HEALTHCARE REFORM

A One Day Symposium presented by

The Center for Advanced Study in Telecommunications & The National Regulatory Research Institute at The Ohio State University

Co-sponsored by

Department of Communication, The Ohio State University Hospitals & The Ohio Supercomputer Center at The Ohio State University

Friday, January 27, 1995 The Ohio State University's Ohio Union 1739 N High Street, Columbus, Ohio 43210

LIST OF CONFIRMED SPEAKERS:

Robert Belair. Mr. Belair is Editor of Privacy and American Business and CEO of Privacy and Legislative Associates, a legal and policy consulting firm. Prior to entering private practice Mr. Belair served as an attorney for the Federal Trade Commission assigned to, among other things, Fair Credit Reporting Act matters. Mr. Belair later served as Deputy counsel of the White House Office on the Right of Privacy. He has served as a legal consultant on privacy, freedom of information and information policy matters to numerous government agencies and commissions and was lead amicus counsel in the Supreme Court's 1989 landmark privacy and freedom of information decision, Reporters Committee for Freedom of the Press v. Department of Justice.

Janlori Goldman, is Director of the Privacy and Technology Project of the Electronic Frontier Foundation. Ms. Goldman is a member of the Committee on Regional Health Data Networks of the Institute of Medicine. Formerly Director of the Project on Privacy and Technology at the American Civil Liberties Union, she is involved in current efforts to pass healthcare record privacy legislation. Prior to joining the Washington Office of the ACLU, Ms. Goldman was Legal Counsel to the Minnesota ACLU.

Mary Gardiner Jones, formerly with the Federal Trade Commission, Ms. Jones is President of the Consumer Interest Research Institute. She is an expert on medical records privacy and telemedicine issues and is co-author of 21st Century Learning and Health Care in the Home: Creating a National Telecommunications Network.

Pierrot Peladeau, Vice-president of the Canadian information security consulting and audit firm, Societe Progestacces and member of the expert committee advising the Canadian government on the privacy issues related to the Canadian information superhighway initiative. Mr. Peladeau has written extensively on both telecommunication and healthcare related privacy issues, and is recognized as the leading expert on the comprehensive data protection law recently enacted in Quebec.

Jeffrey Ritter, Program Director of the Electronic Commerce, Law, and Information Policy Strategies Initiative of the Ohio Supercomputer Center. Formerly a partner of Vorys, Sater, Seymour & Pease. Mr. Ritter serves as Rapporteur on Legal Questions for the United Nations Working Party on Facilitation of International Trade Procedures, and has worked extensively on issues of electronic data interchange pertaining to health delivery systems. Mr. Ritter is Chair of the American Bar Association Subcommittee on electronic Commercial Practices.

James Rule, Professor of Sociology, State University of New York, Stony Brook, NY. Professor Rule is author of The Politics of Privacy (with D. McAdam, L. Stearns, & D. Uglow) and Private Lives and Public Surveillance. Recipient of the C. Wright Mills Award; Rockefeller Foundation Humanities Fellow; Guggenheim Fellow, and Member of the School of Social Science, Institute for Advanced Study, Princeton. Professor Rule is currently working on property rights based solutions to privacy problems.

Bruce Schneier. Mr. Schneier is with Counterpane Systems, a Chicago area cryptography consulting firm. He is best known as the author of Applied Cryptography (John Wiley, 1994). This book has been held unexportable in diskette form for national security reasons. His next book on electronic-mail privacy will be released in December. Mr. Schneier is currently working on a book with David Banisar of the Electronic Privacy Information Center on cryptographic privacy policy.

REGISTER NOW!

Conference fee is $100.00 including meals and materials

Direct registration fee and inquiries to: CAST/OSU 3016 Derby Hall/154 N. Oval Mall Columbus, OH 43210-1339 PH: 614/292-8444 FAX: 614/292-2055

General Inquiries should be directed to: Vicente Berdayes Conference Coordinator 614/292-0080 E-Mail: vberdaye@magnus.acs.ohio-state.edu

Register now by printing the following form and mailing it along with the registration fee of $100 to:

CAST, 3016 Derby Hall, 154 N. Oval Mall, Columbus, OH 43210-1339.

Phone 614-292-8444. FAX 292-2055. For further information, parking, directions, lodging, or bus schedules, contact the CAST office.

Name: Affiliation: Address: Phone: E-Mail:

---

From: "Prof. L. P. Levine" Date: 28 Nov 1994 08:46:14 -0600 (CST) Subject: Info on CPD, (unchanged since 11/28/94) Organization: University of Wisconsin-Milwaukee

The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu.

This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply.

If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below.

On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing.

Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest and is not redundant or insulting. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons.

A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy".

People with gopher capability can most easily access the library at gopher.cs.uwm.edu.

Mosaic users will find it at gopher://gopher.cs.uwm.edu.

Older archives are also held at ftp.pica.army.mil [129.139.160.133].

---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+-----------------------------------------

---

End of Computer Privacy Digest V5 #068

--- ```

This web service brought to you by Somewhere.Com, LLC.