1997-05-31 - Re: Rotenberg as the Uber Enemy

Header Data

From: Marc Rotenberg <rotenberg@epic.org>
To: Tim May <tcmay@got.net>
Message Hash: 4fa45a9038032057f038194535bcb50e5d01f85547e66f5d3b5904e071bfb0f3
Message ID: <v03007801afb643715b3a@[]>
Reply To: <v03007801afb61ffec219@[]>
UTC Datetime: 1997-05-31 21:45:46 UTC
Raw Date: Sun, 1 Jun 1997 05:45:46 +0800

Raw message

From: Marc Rotenberg <rotenberg@epic.org>
Date: Sun, 1 Jun 1997 05:45:46 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Rotenberg as the Uber Enemy
In-Reply-To: <v03007801afb61ffec219@[]>
Message-ID: <v03007801afb643715b3a@[]>
MIME-Version: 1.0
Content-Type: text/plain

>At 12:02 PM -0700 5/31/97, Marc Rotenberg wrote:
>>Back to Tim's original point, I wonder if he knows
>>that the P-TRAK data that Lexis/Nexis said was
>>"public information" was actually taken from
>>credit reports collected and sold by TransUnion.
>>TU was able to sell the data because of a loophole
>>in the Fair Credit Reporting Act. Sure, you post
>>to the net that's public, but a lot of data collection
>>is much more sleazy.
>In my view, the Fair Credit Reporting Act is an unconstitutional
>restriction on my right to compile records as I see fit.
>Under the FCRA, if I take newspaper reports and public filings, for
>example, of someone's bankruptcy in 1985 and make this part of "Tim's
>Credit Evaluation" of that person, I have violated the FCRA.
>(I believe the current "limit" for such "rememberances" is 8 years. Why
>should the government have any ability to tell me I must "forget" records
>older than 8 years? In fact, what part of "Congress shall make no law..."
>do they not understand?)

It's an interesting argument. I don't agree, though
you can certaintly try it. But more to the point of
your original post, is the information that TransUnion
sold to Lexis/Nexis for P-TRAK "public information"?
If yes, what is private information?

>More  to the point of the Cypherpunks list--and this is something we talked
>about at the very first physical meeting, almost 5 years ago--it will
>become increasingly easy for the FCRA to be bypassed with offshore data
>havens. . . .

I know all these arguments. Some people said not to worry
about passage of the CDA since it couldn't be enforced.
Nice thought.  Fortunately, ACLU, EPIC, et al challenged
it in court.

>>I'd also appreciate some comment/criticism on
>>the piece I did for Wired. My point was that
>>in countries where there are legal rights to
>>privacy it will be easier for technologies of privacy
>>to flourish. I gave as examples the fact that PRZ
>>was nearly indicted in the US while David Chaum
>>was being applauded by the European Commission
>>for building anonymous payment schemes. The OECD
>>crypto policy drafting experience confirmed my
>I seldom read "Wired," so I didn't see this one. But the issues of Europe
>vs. the U.S. are notoriously complex. For every "Europe is better" point,
>such as not applying pressure to PRZ, there are the obvious counterpoints,
>such as Compuserve being prosecuted in Germany, the nearly full ban on
>crypto in France, the extradition of an American neo-Nazi publisher from
>Belgium to Germany, and so on.

I agree that there are real threats to cyber freedom in Europe.
I'm not saying otherwise. But my point is that anonymous remailers
and the like will have a better future in countries that recognize
a right of anonymity as opposed to those that don't.

>And as for Chaum and Digicash, Digicash is now in Silicon Valley. No firm
>conclusions can be drawn one way or another.

Yeah, right. And the Euro countries are pushing just as hard for
key escrow as the US govt.

>Oh, and as for privacy in Europe, I'll remember how much they cherish
>privacy the next time I'm required to leave my passport with the hotel
>front desk (Europeans confirm that the police compile lists each night from
>said deposited passports). They were still doing this in 1983 when I spent
>6 weeks travelling through Europe; and it wasn't to ensure I'd pay my bill,
>as they had my credit card stuff for that.

Fine. And I almost got arrested two weeks ago (May 1997) walking out
of the Library of Congress cause I didn't want to fill out a form with
my name and the serial number of my computer.

>>Let me also try to explain how the simple-minded
>>First Amendment-privacy rights trade-off often
>>misses the point about privacy claims.  Consider
>>the article about Judge Bork's video viewing
>>habits back in 1987. Should Congress/the Courts
>>prevent City Paper from publishing the article?
>>Of course not. Could Congress/the Courts require
>>video record stores not to disclose customer
>>records without explict consent? You decide.
>The best solution is neither of these options: Video rental stores don't
>need True Names except to collect on unreturned tapes. (They might _like_
>True Names, or at least mailing addresses, for advertising reasons, but
>they don't _need_ them, and, like Radio Shack, will not make it a
>requirement for a transaction.)
>As with other such items, deposits work well here. My localvideo store does
>not require true names, so long as a sufficient deposit is left for each
>tape. Most persons use credit cards as the "return guaranty." Note also
>that credit cards need not be in the true name of anyone, via various
>options, much discussed on various lists.

I agree completely with this. I/EPIC have a strong preference for
anonymous transactions. And we've been fighting this one in DC
practically alone for a long time.

The question is what are you going to do with companies
that won't let you buy a product unless you provide
your True Name?

One of the consequences of legal obligations on companies
that collect personal information might be to encourage
more payment anonymous, psuedo-anonymous payment schemes.
Wouldn't that be a good result?

>>To be clear, I do believe that there should be
>>laws to protect the right of privacy and that
>>there should be an office within the federal
>>government to advocate on behalf of privacy
>>interests. I also believe that if such an agency
>>had been established in 1991 when it was proposed,
>>it would have been much harder for the government
>>to push subsequently for digital telephony, Clipper,
>>GAK, etc.
>I don't believe there should be such laws, obviously.
>And more importantly, strong crypto provides numerous monkeywrenchings of
>such laws.
>Pass a law requiring return addresses on all messages....the effect will be
>to move the spam sites offshore. Then what do you do?

I think I've answered this above. Yeah, you can always
break a law, and you don't have to move offshore to do it,
but laws still matter.
>(When EPIC and ACLU figure out the real implications of strong crypto, look
>for them to talk about "compromises" on access to strong crypto....hey,
>maybe SAFE is an indication they've started to realize what is coming.)

I'm not quite sure what this means, but if Tim knows any group
in DC that has fought harder for strong crypto, I'd like to
know who it is.