From: Frank Willoughby <frankw@in.net>
To: cypherpunks@toad.com
Message Hash: 993a38b3914cd20816e17793547c9a32b52e72d30c78e8a47023441512c4592c
Message ID: <9602051325.AA08532@su1.in.net>
Reply To: N/A
UTC Datetime: 1996-02-05 13:41:33 UTC
Raw Date: Mon, 5 Feb 1996 21:41:33 +0800
From: Frank Willoughby <frankw@in.net>
Date: Mon, 5 Feb 1996 21:41:33 +0800
To: cypherpunks@toad.com
Subject: Fair Credit Reporting Act and Privacy Act
Message-ID: <9602051325.AA08532@su1.in.net>
MIME-Version: 1.0
Content-Type: text/plain
FWIW, while the goal of the cypherpunks in helping to promote secure
private communications by making encryption publicly available on a
worldwide scale, definitely helps socially backward countries which
have dictators (communist or otherwise), it misses its mark somewhat
in the USA. Personally, I think that in the USA, this is treating
the symptom, but not the disease.
Probably the easiest way of ensuring that personal information isn't
wantonly distributed by credit agencies or (anyone else) is to update
our Privacy Act - which is ridiculously out-of-date and badly in need of
being re-written. It is also hampered by its apparent lack of teeth.
My personal recommendation would be a law like Germany's BDSG. The BDSG
(BundesDatenSchutzGesetz which translates to: Federal Information/Data
Protection Law (aka Privacy Act). Even better would be a law like the
one in Austria (which I understand has the world's strictest privacy act.
(Hooray for the Austrians). 8^)
If the Privacy Act were rewritten to be as strict as the BDSG, businesses
would have a (mandatory) legal requirement to:
o Ensure that personal data is stored properly (by encrypting it, etc)
o Ensure that personal data is not distributed
o Ensure that databases are *not* being maintained which describe the
characteristics of individuals (buying habits, income, property
ownership, etc) wantonly propagated by marketing (direct mail,
telemarketing, etc) companies.
(Note that credit bureaus still have a function, but they would be
(forced to be) responsible for ensuring that compliance with the
Privacy Act would be maintained. This could result in better
safeguards being implemented by the credit bureaus.)
resulting in the following by-products:
o the promotion of the use & implementation of encryption - including
the possibility of ITAR being reduced or eliminated for the export
of encryption products
o reduced propagation of personal information
o reduced amount of junk mail that winds its way to our mailboxes each day 8^)
o reduced amounts of tele-marketing 8^)
If pressure were brought to bear on the law-makers to rewrite the Privacy
Act to give it qualities like the BDSG, etc, then this would significantly
help achieve the cypherpunks' goal of promoting secure private communications.
(I realize this isn't the only goal of the c'punks, but its a start). As the
changes would be made within "the system" as opposed to outside of it, there
would be virtually no hassle from the government.
IOW, changing the Privacy Act will probably solve a variety of problems while
achieving the c'punks goal of secure personal communications.
Food for thought.
Best Regards,
Frank
<standard disclaimer>
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Management & Information Security Consulting
Phone: (317) 573-0800 - http://www.fortified.com/fortified
Home of the Free Internet Firewall Evaluation Checklist
Return to February 1996
Return to “Frank Willoughby <frankw@in.net>”
1996-02-05 (Mon, 5 Feb 1996 21:41:33 +0800) - Fair Credit Reporting Act and Privacy Act - Frank Willoughby <frankw@in.net>