You are here:
EPIC Alert >>
 EPICAlert 7
EPIC Alert 1.07  EPICAlert 7 (11 November 1994)
Volume 1.07 November 11, 1994
Published by the Electronic Privacy Information Center (EPIC)
Washington, DC (Alertepic.org)
Table of Contents
 Ohio Court Upholds Privacy of SSNs
 NTIA to Hold Virtual Conference on Privacy
 Court Rejects Steve Jackson Appeal
 Canadian Gov't Releases Discussion Paper on NII Privacy
 GATT Legislation Requires SSN Issued at Birth
 New Files in the Archive
 Upcoming Conferences and Events
 Ohio Court Upholds Privacy of SSNs
In a decision handed down on October 26, the Ohio Supreme Court hasruled that governmental disclosure of Social Security numbers (SSNs)
violates individuals' constitutional right to privacy. At issue was arequest by the Akron Beacon Journal for release of computer
taperecords of the City of Akron's year-end employee master files. Thepayroll files contain various information including employees'
addresses, telephone numbers, SSNs, birth dates, education, employmentstatus and positions, pay rates, service ratings, annual and
sickleave information, overtime hours and pay, and year-to-date employeeearnings. The City had provided the records to the newspaper,
butdeleted the SSNs on privacy grounds.
EPIC staff, on behalf of Computer Professionals for SocialResponsibility, joined with the Public Citizen Litigation Group infiling
a "friend of the court" brief in the case. The CPSR/PublicCitizen brief highlighted the privacy implications of SSN disclosuresand
argued in support of the City's decision to withhold the numbers.
The brief urged the Ohio Supreme Court to follow the lead of the U.S.
Court of Appeals for the Fourth Circuit in the case of Greidinger v.
Davis, where Virginia's practice of requiring SSNs for voterregistration purposes was held unconstitutional. EPIC staff hadsimilarly
participated in the Greidinger litigation as friends of thecourt.
Significant excerpts from the Ohio Supreme Court decision:
The city's refusal to release its employees' SSNs does not significantly interfere with the public's right to monitor
governmental conduct. The numbers by themselves reveal little information about the city's employees. ...
While the release of all city employees' SSNs would provide inquirers with little useful information about the organization
of their government, the release of the numbers could allow an inquirer to discover the intimate, personal details of each
city employee's life, which are completely irrelevant to the operations of government. As the Greidinger court warned, a
person's SSN is a device which can quickly be used by the unscrupulous to acquire a tremendous amount of information about
a person. ...
Thanks to the abundance of data bases in the private sector that include the SSNs of persons listed in their files,
an intruder using an SSN can quietly discover the intimate details of a victim's personal life without the victim ever knowing
of the intrusion.
Coming a year after the Greidinger decision, the Akron Beacon Journalcase continues a trend toward judicial recognition of the privacyimplications
of SSNs. EPIC will continue to participate in relatedlitigation in an attempt to establish a body of caselaw protecting theconfidentiality
of SSNs and other personal information.
A copy of the decision is available at cpsr.org /cpsr/privacy/ssnohio_ssn_case_1994.txt.
 NTIA Virtual Conference -- Privacy Discussion
EPIC Director Marc Rotenberg and Computer Privacy Digest ModeratorProf. Leonard Levine will co-host the privacy discussion for the
NTIAVirtual Public Conference next week. The Virtual Conference is partof the Administration's effort to gather information and
opinionsabout the issues of universal service and open access. Regardingprivacy, some of the questions that the Administration would
like topursue are:
-- What potential is there for the telecommunications and information networks to compromise personal privacy? To what extent
will perceptions of reduced privacy hinder widespread, seamless access to the telecommunications and information networks?
The conference will begin on November 14th, 1994, and run throughmidnight November 18th, 1994. If there is sufficient interest, it
maybe extended an additional week.
You may subscribe to the privacy discussion by sending email to:
Your email address will be saved and you will be added to thesubscription list for the topic. You will receive an introductorymessage
about the conference. You do not need to supply anyinformation in the subject line or in the message to pre-subscribe.
If you wait and subscribe on November 14, 1994, you need to send emailto a conference topic from the account where you want to receive
themailings. The message should have the single line in it:
subscribe topic your name
where subscribe is a keyword and topic is the name of one of thefollowing topics: redefus, avail, intellec, privacy, standard,
In addition to the privacy discussion, you might also subscribe to:
redefusvirtconf.ntia.doc.gov (Redefining Universal Service and Access)
availvirtconf.ntia.doc.gov (Affordability and Availability)
intellecvirtconf.ntia.doc.gov (Intellectual Property)
opnaccesvirtconf.ntia.doc.gov (Access for Individuals with Disabilities)
To find more about the NTIA conference, go to:
Participants in the Virtual Conference are also encouraged to reviewthe following two documents recently issued by NTIA: (1) NII
FieldHearings on Universal Service and Open Access: America Speaks Out;
and (2) Notice of Inquiry (NOI) on Universal Service and Open AccessIssues (written comments in response to this NOI are being received
byNTIA and should be filed on or before December 14, 1994, to receivefull consideration). Both documents already are available throughNTIA's
IITF Gopher Server at iitf.doc.gov, dial in to (202) 501-1920,
and NTIA's Bulletin Board Service at (202) 482-1199,
ntiabbs.ntia.doc.gov (telnet, gopher or world-wide web).
Privacy materials may be found at the cpsr.org gopher site in the file/cpsr/privacy/epic. Back issues of Computer Privacy Digest
areavailable on ftp.cs.uwm.edu [22.214.171.124]. Login as "ftp" withpassword identifying youridyoursite. The archives are in thedirectory
"pub/comp-privacy". People with gopher capability can mosteasily access the library at gopher.cs.uwm.edu. Mosaic users will findit
 Court Rejects Steve Jackson Appeal
The US Circuit Court of Appeals for the 5th Circuit has ruled that theseizure of a bulletin board (BBS) which contains private electronicmail
is not an unlawful interception prohibited by the ElectronicCommunications Privacy Act of 1986. The Court of Appeals upheld alower
court ruling that the seizure was not an intercept because itwas not contemparanous with the transmission of the communications,
and thus not protected under ECPA in this case.
The Court reviewed the wording and the legislative history of the ECPAand determined that interception did not include messages that
wereelectronically stored. It found that stored messages are covered underTitle II of ECPA, which has less strict requirements for
the access ofelectronic communications. In the lower court, damages and fees were
awarded against the Secret Service for violations of Title II.
A copy of the decision is available at our Internet Library. See belowfor details.
 Canada Asks for Comments on Information Superhighway Privacy
The Canadian Information Highway Advisory Council has released adiscussion paper entitled "Privacy and the Canadian InformationHighway."
The Council is asking for comments on the paper andrecomendations on how privacy should be protected on the Canadianinformation
The paper discusses privacy issues relating to transactional data andprofiling, transaction security and individual identification,
identity cards and single identifier numbers, and monitoring. Itprovides a general overview of Canadian and international privacy
forboth government and private sector data.
The report reviews possible approaches to privacy protection:
legislation and regulation; voluntary codes and standards;
technological solutions; and consumer education and the possiblebenefits and drawbacks of each. It asks for comments from interestedparties
on possible approaches.
Comments are due by December 23, 1994, and should be sent to ParkeDavis, Director General, Information Highway Advisory Secretariat,
Room 614, Journal Tower North, 300 Slater Street, Ottawa, OntarioCanada K1A 0C8 or emailed to councilistc.ca. An electronic versionof
the paper is avaiable from the CPSR Internet Library. See below fordetails.
 GATT Legislation Requires SSNs Issued at Birth
Buried in a section of the bill implementing the General Agreement onTariff and Trade (GATT) is a requirement that Social Security
numbersbe issued at birth.
Section 742 of H.R. 5110 requires that for the purposes of the EarnedIncome Tax Credit, SSN's must be issued at birth. Currently,
parentscan wait up to one year before filing. The requirement will putfurther pressure on hospitals to issue SSNs to all newborns,
even ifthe parents do not plan to take advantage of the tax credit.
The bill is scheduled to be heard in an unusual lame duck (afterelection) session of Congress late this month. A copy of theprovision
is available from cpsr.org /cpsr/privacy/ssn/gatt_ssn.txt
 New Files at the Archive
Court of Appeals for the 5th Circuit opinion on Steve Jackson Games.
Canadian Information Highway Advisory Council Privacy Paper
canada_info_highway_privacy_eng.txt - English ASCII versioncanada_info_highway_privacy_eng.rtf - English RTF versioncanada_info_highway_privacy_fr.rtf
- French RTF version
The CPSR Internet Library is a free service available viaFTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from PrivacyInternational,
the Taxpayers Assets Project and the Cypherpunks arealso archived. For more information, contact ftp-admincpsr.org.
 Upcoming Privacy Related Conferences and Events
Security and Privacy Issues for the National InformationInfrastructure, Computer Security Institute Conference. Washington,
DC. Nov. 14-15, 1994. Sponsored by Computer Security Institute.
International Security Systems Symposium and Expo. Washington, DC.
Nov. 16-18, 1994. Contact: Brad Smith (301) 986-7800.
Free Speech and Privacy in the Information Age. Waterloo, Ontario. Nov.
26, 1994, Sponsored by University of Waterloo. Contactsfspgraceland.uwaterloo.ca.
The Technology for Information Security Conference '94 (TISC '94).
Galveston, Texas. Dec. 5-8, sponsored by: NASA Johnson Space CenterMission Operations Directorate (MOD), MOD AIS Security EngineeringTeam,
and the ISSA. Contact: John D'Agostino(dagostinkillerbee.jsc.nasa.gov).
Fall Internet World 94. Washington, DC. December 6-9, 1994. Sponsoredby Internet World Magazine. Contact: iwconfmecklermedia.com.
Health Data Initiatives: 1995. Washington, DC. Dec. 12-13, 1994.
Sponsored by National Association of Health Data Organizations.
Contact: NAHDO (703) 532-3282.
1995 Data Security Conference. Jan 9-11, 1995. Redwood City, CA.
Sponsored by RSA Data Security. Contact: kurtrsa.com
Second International Conference on Information Warfare: "Chaos on theElectronic Superhighway" Jan 18-19, Montreal, CA. January 18,
Sponsored by NCSA. Contact: Mich Kabay (75300.3232compuserve.com).
Towards an Electronic Patient Record '95. Orlando, FL. Mar. 14-19,
1995. Sponsored by Medical Records Institute. Contact: 617-964-3926(fax).
INET '95. Honolulu, HI. June 28-30, 1995. Sponsored by the InternetSociety. Contact inet95isoc.org.
Key Players in the Introduction of Information Technology: TheirSocial Responsibility and Professional Training. July 5-6-7, 1995.
Namur, Belgium. Sponsored by CREIS. Contact: nolodccr.jussieu.fr
(Send calendar submissions to Alertepic.org)
To subscribe to the EPIC Alert, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce.
Back issues are available via FTP/WAIS/Gopher/HTTP from cpsr.org/cpsr/alert and on Compuserve at Keyword: NCSA, Library 2(EPIC/Ethics)
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital
Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment
and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation
Act litigation, and conducts policy research on emergingprivacy issues. For more information email infoepic.org, or writeEPIC, 666
Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1202 544 9240 (tel), +1 202 547 5482 (fax).
The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights.
Computer Professionals for Social Responsibility is a nationalmembership organization of people concerned about the impact oftechnology
on society. For information contact: cpsr-infocpsr.org
END EPIC Alert 1.07