.............ALERT
#2003-4............
...................COUNCIL................
Originally Published
ALERT ITEM SUMMARY:
***Massive Fairfax County Office for Children Privacy Act Violation***
***Virginia HHS Secretary Confirms Teacher Privacy Rights***
***Virginia Politicians Taking Notice of Public Records Problem***
***Even Police can be Victims of Identity Theft***
***Medical Privacy Lawsuit Alleges HIPAA is a Sham***
***Congressman Proposes Canceling Americans' Grand Jury Rights***
***Homeland Security Department Proposes Unprecedented Domestic Traveler
Surveillance***
***Merry Old England - 100% DNA Registration?***
***Privacy Tips***
***Privacy Reference Link of Interest - EPIC***
***Privacy Quote***
Welcome! This message is intended for members of the Fairfax County Privacy
Council, and anyone else who might be interested in advancing privacy in
Privacy Notice: All communication from the Fairfax Privacy Council is sent
using blind carbon copy ("BCC") format for your security and privacy.
********************************************************************************************************
1. Massive Fairfax County Office for
Children ("OFC") Privacy Act Violation: In August of 2003,
the Fairfax County Office for Children's School Age Child Care operation mailed
out tens of thousands of notices to parents which unlawfully solicit Social
Security Numbers ("SSNs") by failing to provide the required federal
and state Privacy Act warnings. Both Section 7 of the Federal Privacy Act at 5
USC 552a note (see http://www.usdoj.gov/04foia/privstat.htm
at bottom of web page) and Va. Code Section 2.2-3806 require government
agencies to warn if disclosure of their SSN (if any) is required, and if so, to
cite the federal statute requiring disclosure, and in all cases to explain what
uses will be made of the SSN. While OFC Executive Tony Humphries states that
the matter has been referred to
The Virginia Attorney General, Virginia Supreme Court, and the Federal 4th
Circuit Court of Appeals all hold that it is mandatory for government
agencies to provide the statutory SSN warning. Last month in Schwier
v. Cox, No. 02-13214 (11th Cir.
Take Action: Expect
a privacy warning from every government agency asking you to disclose your SSN
- SSN privacy warnings are like the Miranda rights warnings required to be
issued by the police. If the warning is absent or does not cite a federal
statute, then the solicitation is unlawful so refuse to comply.
2. Virginia HHS Secretary Confirms
Teacher Privacy Rights: Commonwealth Secretary Health and Human
Resources Jane H. Woods confirmed last Spring by hard copy letter to a Fairfax
County Teacher that the Virginia Attorney General's Office has advised that
teachers need not disclose their Social Security Numbers ("SSNs"),
nor any data about their family members, on Department of Social Services
"background check" form such as DSS Form 032-02-151/4 (see http://www.dss.state.va.us/form/pdf/032-02-151_4.pdf).
Note: As has also long been the case, teachers do not need to disclose their
SSNs or citizenship/immigration status on the FBI fingerprinting forms either. Our View: Teacher
privacy rights have been overlooked for long enough by the encroachment of
a "papers in order" mentality in public service - Virginai teacher
unions and other educational organizations need to wake up and inform teachers
of their privacy rights, and make the state fix their forms to comply with
state and federal privacy law.
3. Virginia Politicians Taking Notice
of Public Records Problem: After Treasury Secretary John W. Snow,
stated Identity theft threatens our open economy (see Identity theft threatens
our open economy; SOAPBOX: Proposed reforms will cut down on crime," The
Portland Tribune, 29 August 2003, at http://www.portlandtribune.com/archview.cgi?id=19951)
and Congress began considering outlawing Internet broacasts of SSNs in public
records (see "Lawmakers Target Identity Theft
In New Bill," at http://www.bankrate.com/brm/frames/hyperlink.asp?link_address=http://www.senate.gov/~leahy/press/200301/012703.html),
the Augusta
Free Press openly questioned the basis for Virginia open-record laws
applying to private information held in public records (see http://www.waynesborova.net:8082/augustafreepress/stories/storyReader$12821:
"Should the public have a right to
know if you've been recently married or divorced? Is that the public's
business? What about your street address? What if you don't want the public to
know where you live?"
Some General Assembly Members are starting to "get it": Sen. Emmett
Hanger supports allowing residents to control information about their
real-estate holdings and other personal data, while challenger Steve Sisson
believes that "Citizens should be allowed control over their private
information, plain and simple." Del. Steve Landes says that "...we
would need to
get some clear advice on how we could draw that line so that information that
should be kept private can be protected without going too far" (see
"Everybody knows your name ...And where you live, and how many bathrooms
you have, The Augusta Free Press, by Chris Graham, 2 September 2003, at http://www.waynesborova.net:8082/augustafreepress/stories/storyReader$12836).
Our View:
In a twist on one of President Nixon's Watergate era aide John Halderman's
adage, "Watch what they do, not what they say." Last General Assembly
session the Senate (led by Fairfax County Senator Jay O"Brien) gutted HB2426's redaction requirement for SSNs
and other sensitive data, while Fairfax County Delegate Jeannemarie Devolites bottled up a public records reform study in
the House of Delegates. The special interests backing commercial voyeurism will
do anything to keep the "public records" information spigots turned
on full blast to profit from the use and sale of you and your family's
sensitive personal information.
4. Even Police can be Victims of
Identity Theft: See "Identity crisis: Even police can be victims
of identity theft," News Virginia, by Bertrand M.
Guttierez,
5. Medical Privacy Lawsuit Alleges
HIPAA is a SHAM: A medical privacy coalition called Citizens for
Health, represented by
6. Congressman Proposes Canceling
Americans' Grand Jury Rights: In what perhaps is the broadest attack on
Anglo-American civil liberties since King George ruled the colonies, Rep. Tom
Feeney (R-Fla.) introduced a "PATRIOT II-like" bill in Congress this
week to curtail the right of US citizens to grand jury protections. What this
means is that you and your family could be secretly compeled (as alleged
"witnesses") to produce private records and answer questions under
interrogation by federal agents without the permission of a judge or the usual
oversight by "23 of your fellow citizens with a court stenographer making
a detailed transcript" (see "Liberty Bushwhacked," The
Washington Post, Editorial, 13 September 2003, Page A20, at http://www.washingtonpost.com/wp-dyn/articles/A3554-2003Sep12.html.
Our View:
The
7. Homeland Security Department
Proposes Unprecedented Domestic Traveler Surveillance: In an
announcement in the Federal Register outlining the most aggressive and invasive
traveler surveillance scheme in history, the Department of Homeland Security
proposed to require airlines (under the Computer Assisted Passenger
Pre-Screening Program ("CAPPS") II) to provide unnamed
"government contractors" the full name, travel itinerary data, date
of birth, home address, and telephone number of every aviation passenger prior
to boarding domestic flights. The program purports to crunch this passenger
data through computers and figure out who is a terrorist. Under the scheme,
airlines and travel agents would be free to retain and use or sell your private
data. The DHS proposes to eventually expand the use of CAPPS II to screen
water, rail, and bus passengers while running criminal warrants against every
domestic passenger's "data." If your "data" matches a
terrorist or wanted criminal's profile, you will be detained and possibly
arrested, which means in states like
Experts say the system will backfire, while citizens groups are both scared...and
mad:
"Before it has even been implemented, the future of airport security is
obsolete. For about $150 worth of fake
IDs and identity research anyone can fool the computerized passenger screening
system expected to arrive at airports by the summer of 2004" (see
"Fly the suspicious skies," The St. Petersburg Times, by Robyn
E. Blumner, Times Perspective Columnist, 31 August 2003.
---------------------------
MIT Professor Arnold Barnett, an international expert on the statistics of
worldwide airline safety, writes that CAPPS II as planned will "will do us more harm than good"
(see http://www.technologyreview.com/articles/wo_barnett072803.asp).
Former Israeli Airlines ("El Al") Security Chief Isaac Yeffet
characterizes CAPPS II as "nonsense,"
and that it "is not aviation
security" (see http://www.technologyreview.com/articles/impact0903.asp.
----------------------------
"Why haven't safety officials come up with a plan to address the threat of
shoulder-fired missiles? Why haven't they done a better job of preventing
unauthorized people from entering airport runways? Why can't they seem to
follow through with the screening of baggage handlers and other airport
personnel they promised? Why is cargo allowed to bypass the scrutiny to which
travelers and their luggage are subjected? All these aspects of travel safety
should be put in good working order before ever considering a privacy-eroding
scheme such as CAPPS II" (see Security system CAPPS privacy of all
passengers," The San Francosco Examiner, 10 Septemer 2003, at http://www.sfexaminer.com/templates/story.cfm?displaystory=1&storyname=091003op_editorial.
------------------------
Former Republican Congressman Bob Barr (now at the American Conservative Union)
warns in an essay that "...all I've done is scratch the surface of what is
shaping up as a dramatic alteration to the very foundation of our society. The
original Winston Smith was scared to death of the power of government--so we
should be too. It was Benjamin Franklin, not George Orwell, who said, "They that give up essential liberty to
obtain a little temporary safety deserve neither liberty nor safety"
(see "Patriot Act Games: It Can Happen Here," The American Spectator,
by Bob Barr, 19 August 2003, at http://conservative.org/columnists/barr/030819bb.asp.
------------------------------
"Grover Norquist, president of Americans for Tax Reform, called CAPPS II
part of 'a series of police power and informational privacy power grabs that
flowed from Sept. 11," CAPPS Navigates Unfriendly Skies, Wired
News, by Ryan Singel, 26 August 2003, at http://www.wired.com/news/privacy/0,1848,60157,00.html.
-----------------------------
See also "Handicaps in CAPPS Computerized passenger screening is not so
easy," The Scientific American, By Wendy M. Grossman, September 2003,
pp. 32-33.
------------------------------
Our View: CAPPS II is an ill-conceived and un-American scheme that is Constitutionally
violative of the well established fundamental rights to interstate travel,
privacy, and assembly - it must be stopped. Even if the scheme were
Constitutional, it is simply an example of another fast food security effort
that will fail - hasn't the DHS heard that identity theft is now an epidemic
and that the digitization of public records makes widely available the names,
dates of birth, and addresses of millions of Americans?? Take action: Click on http://www.aclu.org/Privacy/Privacy.cfm?ID=13332&c=39
to first send the DHS Privacy Officer a message that CAPPS II proposal should
be withdrawn, and then click on http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12108&c=yourconfereratesatdontspyonme
to ask your Congressional delegation to wake up and pull the plug on this
bureaucratic monster.
8. Merry Old England - 100% DNA
Registration?: According to the British Broadcasting Service
("BBC"), a senior UK police officer believes that "Every single
person in the UK should be compelled to have their DNA on the national database
in an effort to prevent crime" - see "DNA tests sought 'for every
Briton'," The BBC News, 8 September 2003, at http://news.bbc.co.uk/1/hi/uk/3088920.stm.
Such ideas may migrate toward us here in the colonies soon. Under a recent
change made by Congress in accessibility to the US military DNA databank, DNA
has been used to prosecute one soldier so far; an example of "mission
creep," DNA was originally extracted from military members under the
condition that the DNA would only be used to identify remains of combat
casualties. Virginia already leads the US in it's rate of DNA registration of
it's population because due to a recent change in law, the police extract DNA
not only from all those convicted of crimes, but any person arrested for
suspicion of committing a "violent" crime. On 19 October 2002 the
Virginia DMV held a hearing in Alexandria asking for public comment on the
proposal in the General Assembly to use biometrics identifiers for driver's
licensing, which in theory, could include DNA registration. Our View:
Hmm...and what would James Madison think?
9. Privacy Tips Every Citizen Should
Know and Teach Her Kids:
Credit Card Privacy:
When you present your signed credit card in person, credit card company rules
require merchants to accept the card without demands for additional ID or other
information as long as the signature on the back of the card bears a
"reasonable likeness" to the signature you provide on the credit slip
(unfortunately, American Express allows some firms like WalMart and K-Mart to
require you to provide your billing address zip code in a digital key pad). In
over a dozen states like New York and California (but not yet Virginia), it is
also illegal for merchants to record any extra information on credit slips like
phone numbers or ID numbers. However, when ordering over the Internet or by
phone, merchants are allowed to ask you your billing address to verify the
charge without seeing the card by asking you to provide your billing address
using the Address Verification System (AVS). But AVS works across the US and
Canada only by verifying your billing address zip code you provide with the zip
code on file at the credit card company.
*
So unless you are having goods shipped to your billing address, you can conceal your billing address by giving
a bogus street/city address along with your correct state and billing zip code
- for example, you could use "101 N/A Street, Noneofyourbusinessville, VA
XXXXX."
* Refuse to show ID to use a signed credit
card - IDs, if you have one, should be secured at home unless you need a
driver's license to drive a vehicle or a passport to cross a border. Report
merchants requiring additional ID (or setting a minimum charge) to MasterCard
at http://www.mastercard.com/cgi-bin/contactus.cgi?template=ContactUsMV&rgn=1.
* List only your first initial and last name
on your credit cards and order "authorized user cards" instead of
joint accounts to avoid having to reveal any personal information about your
"authorized users" other than the name to be printed on the face of
the card. Technically, under the rules of MasterCard and VISA, you can give a
credit card in your name to any authorized user you want who then signs the
back of the card.
* Boycott American Express AVS "in
store" zip code collection by using MasterCard or VISA until American
Express allows card holders to opt out of using their zip code for a
"PIN."
* Refuse to disclose any information on
credit slips - if a line is provided for phone numbers or other data, cross
it out and write "NOT AUTHORIZED" on the credit slip.
10. Privacy Reference Link of
Interest: The Electronic Privacy Information Center ("EPIC"):
http://www.epic.org.
11. Privacy Quote: "Subtler and more far-reaching means of invading
privacy have become available to the government. Discovery and invention have
made it possible for the government, by means far more effective than
stretching upon the rack, to obtain disclosure in court of what is whispered in
the closet. . . . The makers of our constitution . . . conferred, as against
the Government, the right to be let alone -- the most comprehensive of rights,
and the right most valued by civilized man." - Justice
Louis Brandeis, Olmstead v. United States, 1928; see http://www.thirteen.org/federalist/story-privacy.html.
********************************************************************************************************
Questions, or to be added/deleted from future Alerts? Contact Mike Stollenwerk
at majstoll@aol.com.