At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
Back to Tim's original point, I wonder if he knows that the P-TRAK data that Lexis/Nexis said was "public information" was actually taken from credit reports collected and sold by TransUnion. TU was able to sell the data because of a loophole in the Fair Credit Reporting Act. Sure, you post to the net that's public, but a lot of data collection is much more sleazy.
In my view, the Fair Credit Reporting Act is an unconstitutional restriction on my right to compile records as I see fit.
Under the FCRA, if I take newspaper reports and public filings, for example, of someone's bankruptcy in 1985 and make this part of "Tim's Credit Evaluation" of that person, I have violated the FCRA.
(I believe the current "limit" for such "rememberances" is 8 years. Why should the government have any ability to tell me I must "forget" records older than 8 years? In fact, what part of "Congress shall make no law..." do they not understand?)
It's an interesting argument. I don't agree, though you can certaintly try it. But more to the point of your original post, is the information that TransUnion sold to Lexis/Nexis for P-TRAK "public information"? If yes, what is private information?
More to the point of the Cypherpunks list--and this is something we talked about at the very first physical meeting, almost 5 years ago--it will become increasingly easy for the FCRA to be bypassed with offshore data havens. . . .
I know all these arguments. Some people said not to worry about passage of the CDA since it couldn't be enforced. Nice thought. Fortunately, ACLU, EPIC, et al challenged it in court.
I'd also appreciate some comment/criticism on the piece I did for Wired. My point was that in countries where there are legal rights to privacy it will be easier for technologies of privacy to flourish. I gave as examples the fact that PRZ was nearly indicted in the US while David Chaum was being applauded by the European Commission for building anonymous payment schemes. The OECD crypto policy drafting experience confirmed my suspicion.
I seldom read "Wired," so I didn't see this one. But the issues of Europe vs. the U.S. are notoriously complex. For every "Europe is better" point, such as not applying pressure to PRZ, there are the obvious counterpoints, such as Compuserve being prosecuted in Germany, the nearly full ban on crypto in France, the extradition of an American neo-Nazi publisher from Belgium to Germany, and so on.
I agree that there are real threats to cyber freedom in Europe. I'm not saying otherwise. But my point is that anonymous remailers and the like will have a better future in countries that recognize a right of anonymity as opposed to those that don't.
And as for Chaum and Digicash, Digicash is now in Silicon Valley. No firm conclusions can be drawn one way or another.
Yeah, right. And the Euro countries are pushing just as hard for key escrow as the US govt.
Oh, and as for privacy in Europe, I'll remember how much they cherish privacy the next time I'm required to leave my passport with the hotel front desk (Europeans confirm that the police compile lists each night from said deposited passports). They were still doing this in 1983 when I spent 6 weeks travelling through Europe; and it wasn't to ensure I'd pay my bill, as they had my credit card stuff for that.
Fine. And I almost got arrested two weeks ago (May 1997) walking out of the Library of Congress cause I didn't want to fill out a form with my name and the serial number of my computer.
Let me also try to explain how the simple-minded First Amendment-privacy rights trade-off often misses the point about privacy claims. Consider the article about Judge Bork's video viewing habits back in 1987. Should Congress/the Courts prevent City Paper from publishing the article? Of course not. Could Congress/the Courts require video record stores not to disclose customer records without explict consent? You decide.
The best solution is neither of these options: Video rental stores don't need True Names except to collect on unreturned tapes. (They might _like_ True Names, or at least mailing addresses, for advertising reasons, but they don't _need_ them, and, like Radio Shack, will not make it a requirement for a transaction.)
As with other such items, deposits work well here. My localvideo store does not require true names, so long as a sufficient deposit is left for each tape. Most persons use credit cards as the "return guaranty." Note also that credit cards need not be in the true name of anyone, via various options, much discussed on various lists.
I agree completely with this. I/EPIC have a strong preference for anonymous transactions. And we've been fighting this one in DC practically alone for a long time. The question is what are you going to do with companies that won't let you buy a product unless you provide your True Name? One of the consequences of legal obligations on companies that collect personal information might be to encourage more payment anonymous, psuedo-anonymous payment schemes. Wouldn't that be a good result?
To be clear, I do believe that there should be laws to protect the right of privacy and that there should be an office within the federal government to advocate on behalf of privacy interests. I also believe that if such an agency had been established in 1991 when it was proposed, it would have been much harder for the government to push subsequently for digital telephony, Clipper, GAK, etc.
I don't believe there should be such laws, obviously.
And more importantly, strong crypto provides numerous monkeywrenchings of such laws.
Pass a law requiring return addresses on all messages....the effect will be to move the spam sites offshore. Then what do you do?
I think I've answered this above. Yeah, you can always break a law, and you don't have to move offshore to do it, but laws still matter.
(When EPIC and ACLU figure out the real implications of strong crypto, look for them to talk about "compromises" on access to strong crypto....hey, maybe SAFE is an indication they've started to realize what is coming.)
I'm not quite sure what this means, but if Tim knows any group in DC that has fought harder for strong crypto, I'd like to know who it is. Marc.