1996-02-05 - Fair Credit Reporting Act and Privacy Act

Header Data

From: Frank Willoughby <frankw@in.net>
To: cypherpunks@toad.com
Message Hash: 993a38b3914cd20816e17793547c9a32b52e72d30c78e8a47023441512c4592c
Message ID: <9602051325.AA08532@su1.in.net>
Reply To: N/A
UTC Datetime: 1996-02-05 13:41:33 UTC
Raw Date: Mon, 5 Feb 1996 21:41:33 +0800

Raw message

From: Frank Willoughby <frankw@in.net>
Date: Mon, 5 Feb 1996 21:41:33 +0800
To: cypherpunks@toad.com
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602051325.AA08532@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain


FWIW, while the goal of the cypherpunks in helping to promote secure
private communications by making encryption publicly available on a 
worldwide scale, definitely helps socially backward countries which 
have dictators (communist or otherwise), it misses its mark somewhat 
in the USA.  Personally, I think that in the USA, this is treating 
the symptom, but not the disease.

Probably the easiest way of ensuring that personal information isn't 
wantonly distributed by credit agencies or (anyone else) is to update 
our Privacy Act - which is ridiculously out-of-date and badly in need of
being re-written.  It is also hampered by its apparent lack of teeth.

My personal recommendation would be a law like Germany's BDSG. The BDSG
(BundesDatenSchutzGesetz which translates to: Federal Information/Data 
Protection Law (aka Privacy Act).  Even better would be a law like the 
one in Austria (which I understand has the world's strictest privacy act.  
(Hooray for the Austrians).  8^)

If the Privacy Act were rewritten to be as strict as the BDSG, businesses
would have a (mandatory) legal requirement to:

o Ensure that personal data is stored properly (by encrypting it, etc)
o Ensure that personal data is not distributed
o Ensure that databases are *not* being maintained which describe the
   characteristics of individuals (buying habits, income, property 
   ownership, etc) wantonly propagated by marketing (direct mail, 
   telemarketing, etc) companies.  

  (Note that credit bureaus still have a function, but they would be 
   (forced to be) responsible for ensuring that compliance with the 
   Privacy Act would be maintained.  This could result in better
   safeguards being implemented by the credit bureaus.)


resulting in the following by-products:

o the promotion of the use & implementation of encryption - including
   the possibility of ITAR being reduced or eliminated for the export
   of encryption products
o reduced propagation of personal information
o reduced amount of junk mail that winds its way to our mailboxes each day  8^)
o reduced amounts of tele-marketing  8^)


If pressure were brought to bear on the law-makers to rewrite the Privacy
Act to give it qualities like the BDSG, etc, then this would significantly
help achieve the cypherpunks' goal of promoting secure private communications.
(I realize this isn't the only goal of the c'punks, but its a start).  As the 
changes would be made within "the system" as opposed to outside of it, there
would be virtually no hassle from the government.

IOW, changing the Privacy Act will probably solve a variety of problems while
achieving the c'punks goal of secure personal communications.


Food for thought.

Best Regards,


Frank
<standard disclaimer>
The opinions expressed above are of the author and may not 
necessarily be representative of Fortified Networks Inc.

Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800   - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist








Thread