.............ALERT
#2003-3............
FAIRFAX COUNTY PRIVACY
...................COUNCIL................
(Originally Published on 18 August 2003; Correction to Alexandria Public
Records Status Made on 20 August 2003)
ALERT ITEM SUMMARY:
***Delegate Jean Marie Devolites: Public
Records Privacy Problem Too Expensive to Fix***
***Public Outcry Forces Loudoun to Take Public Records off Internet***
***Pedagogical Panopticon - Fairfax County Public Schools to Make Videotapes of
Your Children***
***Fairfax County Tax Assessment Web Site Problem Update***
***Virginia Caught in MATRIX?***
***NVCC Promises End to SSN Violations - New Practices at all Virginia
Community Colleges***
***GAO Blasts Federal Privacy Law Compliance***
***USA PATRIOT ACT Under Fire***
***National "Do-Not-Call" Registry Launched***
***CASPIAN Launches Gillette Boycott and Catches Shadowy MIT Industry Group by
Surprise***
***Ebay's Swiss Cheese Privacy Policy***
***Privacy Tips***
***Privacy Quote***
Welcome! This message is intended
for members of the Fairfax County Privacy Council, and anyone else who might be
interested in advancing privacy in Virginia. Maximum dissemination of this
message is encouraged!
Privacy Notice: All communication
from the Fairfax Privacy Council is sent using blind carbon copy
("BCC") format for your security and privacy.
********************************************************************************************************
1. Delegate Jean Marie Devolites
Concludes Public Records Privacy Problem Too Expensive to Fix: Now
running for state Senate in Vienna, Ms. Devolites' justifies her opposition to
addressing the Virginia public records problem because it costs too much money
to protect the public's sensitive personal data. She stated: "I think this issue is turning out to
be a money issue...at this time, when we're in a budget crisis, there are no
additional dollars." See: http://www.connectionnewspapers.com/article.asp?article=23948&paper=72&cat=104.
Devolites contends that no cases of
identity theft have been reported based on information from court web sites.
But experts disagree, noting that ID Theft is clearly linked to the digitized
access to court records. For example, former forger (and now employee of
Privacy Guard Corporation) Frank Abagnale Jr. (the real life criminal played by
Leonardo DiCaprio in Steven Spielberg's movie "Catch Me of you Can") states that ID thieves often
"…steal information from public records" (See "Identity Thieves
Preying on Seniors," The Washington Post, by Michelle
Singletary, 10 August 2003, page F1 - http://www.washingtonpost.com/wp-dyn/articles/A37282-2003Aug9.html;
see also - "Online court records quandry: Easy Internet access means
privacy in peril, The Associated Press, 10 October 1992 - http://www.cincypost.com/2002/10/10/online101002.html).
And note: In a new study just released by Columbia University, 33.4 million
Americans have been victims of identity theft or fraud since 1990, with over 13
million since January 2001 and rising. Designed by Dr. Alan Westin, Professor
Emeritus of Public Law and Government at Columbia University; funded by Privacy
& American Business (P&AB); and conducted by Harris Interactive, the
survey also shows that victims' out-of-pocket expenses have totaled $1.5
billion annually since January 2001. Survey respondents provided actual stories
of how they were victimized by identity thieves. Of those who knew how the ID theft or fraud was committed, 4% say
someone went to a public record and used information there to steal
their identity.
2. Public Outcry Forces Loudoun to
Take Public Records off Internet: See: http://www.opcva.com/watchdog/081603b.html
Unfortunately, here in the Commonwealth of Virginia, despite passage in the
house of a bill (HB 2426, see http://www.fauquiernews.com/021403issue.htm)
that would have stopped the Internet publication of you and your families
sensitive personal data (like SSNs, dates of birth, financial account numbers,
and minor childrens' names) on the Internet by government sponsored web
servers, special interests and the machinations of some state legislators like
Fairfax County Delegate Jean Marie
Devolites (see www.fauquiernews.com/02103issue.htm)
and Fairfax County Senators Jay O'brien
and Leslie Byrne killed this bill in
the Senate by changing it to merely require that strangers first
"register" for Internet access to all your private data held in
public records such as land records, marriage records, and various licenses and
permits. Delegate Devolites has led
a special committee to study the public record problem for over a year.
Clearly, she is the leader of an effort to stall reform while your sensitive personal
data hemorrhages into the public domain. And now, the state plans to actually
sell the personal data of citizens who obtain boating, hunting, or fishing
licenses! See: http://www.opcva.com/watchdog.
Government should secure citizen data, not sell it! See http://www.opcva.com/watchdog/020303.html
to find all the Virginia Delegates who voted against HB2426 this year which,
had it passed in original form, would have protected your privacy. The following Delegates voted against
HB2426, a law that would have kept your SSN, date of birth, and other
sensitive data embedded in "public" records off the Internet:
Del. James F. Almand - County of Arlington (part) and all their records are
online alreadyDel. William K. Barlow - parts of Isle of Wight, James City,
Southampton, City of Franklin, Surry and Wm'burg (? Records online already)Del.
Robert S. Bloxom - Accomac and Northampton; part of cities of Hampton and
Norfolk (? Records online)Del. Robert H. Brink - part of Arlington (records are
online)Del. Mary T. Christian - part of Hampton Del. J. Paul Councill, Jr. -
Greensville & Sussex; part of Brunswick, Isle of Wight, Lunenburg,
Southampton; Cities of Emporia and Franklin (part) (? Records online)Del. Flora
D. Crittenden - part of both Hampton and Newport News (? Records online) Del.
L. Karen Darner - part of Arlington, Fairfax and City of Alexandria (records
online except in City of Alexandria) Del. Jeannemarie
Devolites - part of Fairfax Co. (records are online)Del. Allen W. Dudley -
counties of Franklin, Floyd, Pittsylvania (part) (? Records online)Del.
Franklin P. Hall - part of Chesterfield and part of Richmond (not yet
online)Del. Frank D. Hargrove, Sr.- part of Hanover Co. (not yet online)Del.
Joseph P. Johnson Jr. - Bristol City, and parts of Smyth and Washington
counties (may be online in all 3)Del. Daniel W. Marshall, III - city of
Danville, and parts of Pittsylvania and Henry counties (Danville may be
online)Del. Kenneth R. Melvin - parts of Chesapeake, Norfolk and Portsmouth (?
online)Del. Henry J. Parrish - part of Prince William (records are online) and
cities of Manassas and Manassas Pk.Del. J. Chapman Petersen - Fairfax City and
part of Fairfax County (records are online) Del. Clarence E. Phillips - City of
Norton, Dickenson, and parts of Russell and Wise counties (people's lives are
online in at least Wise/City of Norton) Del. Kenneth R. Plum - part of Fairfax
Co. (records are online)Del. Gary Alan Reese - part of both Loudoun and Fairfax
(records online in Fairfax)Del. Tom Rust - part of both Fairfax and Loudoun
(Fairfax online)Del. James M. Shuler - Alleghany, Bath, Craig, Giles (part) and
cities of Clifton Forge and Covington (? online)Del. Lionell Spruill, Sr. -
parts of cities of Chesapeake and Suffolk (? online)Del. Jackie T. Stump -
Buchanan; part of Russell and Tazewell (? online)Del. Marian Van Landingham -
Alexandria City (part), Arlington (part), Fairfax (part) all (except City of Alexandria)
have records onlineDel. Mitchell Van Yahres - Albemarle (part), City of
Charlottesville (? online)Del. Vivian E. Watts - Fairfax (part) - (records are
online)Del. Clifton A. Woodrum - City of Roanoke, County of Roanoke (part) (?
online)Del. Thomas C. Wright, Jr.- Amelia, Mecklenburg; parts of Brunswick,
Lunenburg, and Nottaway (? online)
Take Action:
Let your local candidates for General Assembly Delegate and Senator know that
you want the sensitive personal data held in "public records" not
just taken off the Internet, but not collected in the first place, or
declared NON-PUBLIC if it is collected! Most of these folks above are
running for election again and may intend to keep the government in the
business of selling your sensitive data to everyone - marketers and foreign
nationals and governments included. See http://legis.state.va.us
for legislator contact info.
3. Pedagogical Panopticon: (Fairfax
County Public School Video Surveillance): Over the objections of Board
Members Braunlich and Wilson, and even refusing on an 8-4
vote to first conduct a trial run, the Fairfax County School Board has approved
video surveillance to be installed outside schools and in some busses, spending
$30,000-$50,000 initially. See "Fairfax School Board OKs Video
Surveillance," The Northern Virginia Journal, by Andrei Blakely, 28 July 2003,
page 3. Apparently the cameras will not be monitored by any humans while in
use, so any security value is hinged to a theory of deterrence. Superintendent Daniel A. Domenech notes
that at least the surveillance footage "...can be used in convictions of
individuals of persons who commit a crime." However, Christian Braunlich (R-Lee District) warns: "There is somthing
worse than having a sense of security, and that is having a false sense of
security...there is no data to show that it is effective." But Student
Representative Andrew Ramish (12th
grade, Thomas Jefferson High School) perhaps was most prescient when he said:
"I hope the fact that security cameras are being used is made public and
they are used as a deterrent...instead of trapping students." Well, Mr.
Ramish, if FCPS follows the lead of other school districts in Virginia, you had
better pass the word to FCPS students that Big Brother will be watching
out…against you. For example, according
to Principal Ernest Guill, Amherst County High School, cameras have been used
most often to determine who's leaving garbage on the cafeteria tables.
"We've been able to see who didn't do away with their trash. If you're not
doing anything wrong, you don't even have to pay much attention. I would
recommend them to anyone." See: http://www.newsadvance.com/servlet/Satellite?pagename=LNA%2FMGArticle%2FLNA_BasicArticle&c=MGArticle&cid=1031770317202&path=!frontpage
Additionally, see http://www.epic.org/privacy/surveillance/
for documentation of abuses and other unanticipated consequences of video
surveillance in Washington, DC, New York City, and overseas.
And as our school board was voting to install cameras.........
A 39 year old man was charged with allegedly videotaping his nanny in a
"nonprofessional" manner when she was "not performing her
regular duties." Police arrested him at his home and held him in the
Fairfax County Adult Detention Center. See "Vienna Man Charged with
illegally videotaping family nanny," The Northern Virginia Journal, AUG 7
2003, page 14. This is not funny - and neither are the multiple lawsuits filed
by parents in the US against certain public school districts and merchants who
have been caught videotaping children in showers, bathrooms, and changing
rooms.
Our View:
Video Surveillance schemes are intrusive and inherently detract from the
quality of life (not to mention educational environments) in modern America.
While sometime valuable to help police prosecute criminals "after the
fact," cameras and tapes are no magic bullets. As we saw on September 11th
2001, video surveillance often provides simply a better record of a heinous
event and it's perpetrators. Video surveillance itself has a dark side - it's
collective voyeurism is naturally subject to mission creep (escalation),
absorbs budget resources that could have gone toward real security, and is
easily abused. Before any FCPS begins rushed construction of it's planned
pedagogical panopticon, it needs to publish an iron clad privacy policy on the
placement and usage of video surveillance, and the secure control (and subsequent mandatory destruction) of
all video footage - the last thing we need is some FCPS employee keeping film
footage of specific children for his home video collection.
4. Fairfax County Tax Assessment Web
Site Problem Update: As we told you in Alert # 2001-1, inexplicably,
the County of Fairfax Tax Assessment Office hosts a web site that allows
strangers all over the world to search your street address (no town or zip code
required) and find out the full legal names of all owners (see http://www.co.fairfax.va.us/dta/re/propadd.asp).
This web site is the perfect place for marketers, stalkers, identity thieves,
and foreign interests to invade your privacy or even harm your family - sort of
a stalker's web site of choice. But
things just got a little better when County Supervisor Dana Kaufman (D- Lee District) recently convinced the County Board
of Supervisors to direct that all future tax notices continuously remind
property owners of the current "Opt Out" policy that now appears on
the tax assessment web site: "Owner names will be withheld from the
Internet record upon request. Comments or requests may be made via e-mail to
the Real Estate Division at dtared@fairfaxcounty.gov or by phone at (703)
222-8234." Take
Action: Tell your friends, neighbors, and associates about this web site
so they can both opt out and ask their County Supervisor to "remove the
name search feature on the county tax assessment site." See: http://www.co.fairfax.va.us/government/board/default.htm
And if you are a real estate professional in Fairfax County, you owe it to
your clients to tell them about this opt out option "before closing."
Our View remains:
The tax assessment web site should not include owner names at all -
Fairfax County should join jurisdictions such as Norfolk, Portsmouth, and
Virginia Beach in removing all names from the tax assessment web site.
5. Virginia Caught in MATRIX?:
The State of Florida has won federal backing for an advanced surveillance
effort here in the USA that creates a counter-terrorism database designed to
give law enforcement agencies around the country a powerful new tool
to analyze billions of records about both criminals and ordinary Americans -
see "US Backs Florida's New Counterterrorism Database: 'Matrix' Offers Law
Agencies Faster Access to Americans' Personal Records," The
Washington Post, by Robert O'Harrow Jr., 6 August 2003; Page A01 - http://www.washingtonpost.com/wp-dyn/articles/A21872-2003Aug5.html
But Virginia is not far behind, and has joined a regional MATRIX like compact -
see "Crossing Lines to Fight Terrorism: DC, Four States to Share Law
Enforcement, Other Records," The Washington Post, by Spencer S.
Hsu, 6 August, 2003, Page B02 - http://www.washingtonpost.com/wp-dyn/articles/A21710-2003Aug5.html
6. NVCC Promises End to SSN
Violations - New Practices at all Virginia Community Colleges: Northern
Virginia Community College ("NVCC") Vice President of Academic and
Student Services Hortense B. Hinton,
Ed. D. has advised the Privacy Council last month that "The Virginia
Community College System ["VCCS"] has implemented a new common
application for admission for use at all 23 colleges in the spring of
2003." She relates that the focus of this new application and accompanying
forms, processes and procedures is to ensure full and meaningful compliance
with federal and state privacy laws (see VA Code 2.2-3806 and Section 7 of the
Federal Privacy Act at 5 USC 552 a note) that require privacy warnings
that make it clear that SSN disclosure by students is NOT required. Dr. Hinton
states: "NVCC will post signs in
its admissions and records offices notifying both new applicants for admission
to NVCC and returning students that they do not have to provide their social
security numbers; that if applicants/students choose to not provide SSN
information, the college will assign them an 800 number as a student
identifier; and that if students want to change their student identifier from
their social security number to an 800 number that Admissions & Records
officials will do so for them. NVCC will also post similar notices on its
website in conspicuous places where persons seeking information about admission
to NVCC or frequently asked questions about NVCC procedures might browse."
Our View:
This is great news for Virginia college students - other state and
county government agencies ought to take some notes from the leadership shown
by NVCC and the VCCS.
7. GAO Blasts Federal Privacy Law
Compliance: The Government Accounting Office (GAO Report is at http://www.gao.gov/new.items/d03304.pdf)
"the government cannot adequately
assure the public that all legislated individual privacy rights are being
protected." Our
View: So why is Congress letting federal agencies spend money on
technologically advanced surveillance schemes when they can't even follow
existing laws with old technology?
8. USA PATRIOT ACT Under Attack:
The USA PATRIOT Act was hastily passed by Congress after the terrorist attacks
of 11 September 2001, and it's implementation is now under heavy fire
("Report on U.S. Antiterrorism Law Alleges Violations of Civil
Rights," The New York Times, 21 July 2003, by Philip Sheldon, page A1; http://www.nytimes.com/2003/07/21/politics/21JUST.html?hp).
In a recently filed lawsuit, the American Civil Liberties Union
("ACLU") has filed a lawsuit alleging that the PATRIOT ACT is
completely un-American because it:
"Violates the Fourth Amendment by allowing the FBI to search and seize
records or personal belongings without a warrant, without showing probable
cause -- and without ever notifying even innocent people of the searches;"
"Violates the First Amendment because it allows the FBI to easily obtain
information about a person's reading habits, religious affiliations, Internet
surfing and other expressive activities that would be "chilled" by
the threat of investigation;"
"Violates the First Amendment by imposing a "gag order" that
prohibits those served with Section 215 orders from telling anyone -- ever --
that the FBI demanded information, even if the information is not tied to a particular
suspect and poses no risk to national security."
The ACLU's approach is a huge legal broadside that not everyone may agree with.
But certain specific provisions of the PATRIOT Act have drawn very concentrated
and bipartisan criticism as excessive and unwise, especially the
provision that allows secret surveillance of Americans' protected First
Amendment activity in public libraries.
-------
The Republican-led House voted overwhelmingly last month to repeal a key
provision on the use of surveillance, 152 communities have passed resolutions
objecting to the legislation because of what some saw as its Big Brother
overtones, and civil liberties groups are suing to have parts of the law struck
down as unconstitutional. Representative C. L. Otter, Republican of Idaho, who
sponsored last month's amendment in the House repealing a surveillance power in
the Patriot Act, said in an interview today that he viewed the campaign by Mr.
Ashcroft as an effort "to try to reclaim the ground that the Justice Department
has lost. "Mr. Otter, who voted against the act in October 2001, said he
thought it was a mistake for Congress to move ahead with it just weeks after
the 9/11 attacks at the administration's urging. The legislation gave law
enforcement agents dozens of new tools for wiretapping and following terrorism
suspects and probing their financial and personal records, and it made it
easier for law enforcement and intelligence officials to share information they
obtained in their inquiries. "The smoke was still coming out of the rubble
in New York City when we passed the law," Mr. Otter said. "I think there's a sense in Congress
now that maybe we moved too far too fast." David Keene, chairman of
the American Conservative Union, agreed. "Among conservatives, more and
more people are saying that the Patriot Act oversteps the powers that
government needs," Mr. Keene said. "The mood in Congress has clearly
changed since the law was passed after 9/11, and I think the attorney general
is trying to reverse that trend." [NOTE: All material in
this paragraph is from "Bush Administration Plans Defense of Terror
Law," The Washington Post, by Eric Lichtblau, 18 August 2003 - http://www.nytimes.com/2003/08/19/politics/19PATR.html?hp].
-------
Many librarians and state and local governments have rebelled against secret
library surveillance by posating warnings and changing their data collection
polices so that there is little or no library patron information available to
federal agents. Unfortunately, the Fairfax County Library system is not part of
this movement. According to Jane G.
Goodwin (Deputy Director, Fairfax County Public Library): "The Library Board has not taken
specific action to notify library customers about the provisions of the federal
"Patriot" act. However, copies of the Board policies are available in
all libraries. Managers can answer customers' questions about privacy using the
policy or refer questions to Library Administration for a response." Fortunately,
our own Fairfax County's Congressional Representative Jim Moran (D-VA-8th District) is a cosponsor of the Freedom to Read Protection Act to
repeal secret library surveillance of Americans and their families. Take Action:
Notify Congress that you want the Freedom to Read by clicking here to send a
fax - http://www.aclu.org/NationalSecurity/NationalSecurity.cfm?ID=13184&c=110.
Click here also to send a message to Congress to not even think about passing a
PATRIOT ACT II - http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=11904&c=206.
And while you're at it, you might want to send another fax to tell Congress to
halt the Terrorism Information Awareness ("TIA") project once and for
all - click on http://www.aclu.org/Privacy/Privacy.cfm?ID=13187&c=39.
9. National "Do-Not-Call"
Registry Launched: In it's first days of existence, the Federal Trade
Commission's ("FTC's") do not call registry has attracted tens of
millions of registrants. You may add your phone number to this list by calling
888-382-1222 or from http://www.donotcall.gov,
but beware, the Internet process (but no the phone call process) requires an
email address - be sure to obtain an anonymous throwaway email address from a
provider like Hotmail as it appears that the do not call list itself has few
privacy safeguards. Privacy Consultant Robert Gellman reports: "Let's look
at what the FTC actually did. Here is a routine use (disclosure authority) for
the do-not-call system of records: "Records may be made available or
referred on an automatic or other basis to other federal, state, or local
government authorities for regulatory, compliance, or law enforcement
purposes." IMHO, this routine use is overbroad and inconsistent with the
Privacy Act of 1974. Here is a quick argument: First, the FTC collects records
for a do-not-call database. Allowing disclosures to ANY government authority
for ANY regulatory, compliance, or law enforcement purpose (other than as
relevant to the do-not-call activity) fails to meet the statutory test that
disclosures be compatible with the purpose for the information was collected.
Second, the notion of an "automatic" disclosure is very troubling and
questionable. Disclosures by routine use are discretionary. An agency that allows
an automatic disclosure of personal information without some review is abusing
its discretion and could be violating the Privacy Act in other ways as well.
Third, as written, the routine use appears to allow the agency to establish a
directory of email addresses and telephone numbers and to make that available
for automatic search by virtually any government agency for any regulatory,
compliance, or law enforcement purpose. For the FTC to have reserved that
authority is appalling as well as illegal." Our View: The
"Do-Not-Call" Registry may be useful, but no substitute for switching
to a new unlisted phone number and carefully controlling your own disclosure of
it.
10. CASPIAN Launches Boycott of
Gillette over RFID/Camera Use; exposes MIT industry group's sensitive
anti-consumer documents on RFID technology: Take Action: Educate yourself on commercial surveillance
realities and dangers at http://www.nocards.org,
and http://www.BoycottGillette.com
11. EBay Sharing Information with
Government Agencies Without a Warrant: Apparently, EBay has been openly
sharing consumer data with the police without a warrant - see http://www.politechbot.com/p-04485.html.
Note: Regardless of company privacy policies, personal information disclosed to
commercial entities is usually shared or sold anyway. In some recent cases,
firms with supposedly "iron clad privacy policies" sold their
complete customer (databases including SSNs and minor children's names) while
in bankruptcy or after a merger. Take
Action: If at all possible, avoid routinely disclosing any (correct) personal information to private
companies - their privacy policies are usually not worth the paper (or bytes)
they are written on.
11. Privacy Tips Every Citizen Should
Know and Teach Her Kids:
Moving Privacy: Every time you
relocate to a new address, you have a unique and significant opportunity to
lower your information profile and enhance your privacy, but you must plan
ahead.
a. The most important thing you can do in this area is to never submit a
"permanent" forwarding order with the US Postal Service. The
permanent change of address order triggers your family's personal information
to be entered, sold, and shared globally in the USPS Change of Address
database. Use a temporary order
(check the box for temporary address change) instead (perhaps to a temporary
and safe "drop address" or PO Box) which will work for up to 12
months, by which time you will have changed your address with (only) the
correspondents to whom you wish to know where you live. Since cell phone and
many other accounts are now easily managed on line, you may decide to notify
very few companies that you have even moved at all!
b. Stop including your name in your return address for US mail (good policy
even if not moving).
c. When you order new utilities, put your foot down over disclosing your SSN
(if any) and date of birth. You may pay a small deposit, but all utilities can
be ordered in Fairfax County this way if you are persistent - I personally did
it.
12. Privacy Reference Link of
Interest: Citizens' Council on Health Care http://www.cchconline.org
13. Privacy Quote: "You're never going to have the day
come when Congress passes a law that says, 'okay, starting now, we're a police
state, and law enforcement has every power we can think of. Instead, what we
see is incremental upward adjustments in the power of law enforcement and the
power of our military such that somebody born in the United States last week is
born into a considerably less free, and arguably not more safe, United States
than his parents."
-- Susan Chamberlin, the Cato Institute's director of government ***
affairs, April 14, 2003, commenting on the [AG Ashcroft Proposed] Patriot II
Act.
********************************************************************************************************
Questions, or to be added/deleted from future Alerts? Contact Mike Stollenwerk
at majstoll@aol.com.
Sincerely,
Mike Stollenwerk
Chairman
Fairfax County Privacy Council