Interesting People mailing list archives
ID Cards & Campus Privacy [close to home]
From: David Farber <farber () central cis upenn edu>
Date: Sat, 20 Nov 1993 22:25:30 -0500
Date: Mon, 15 Nov 93 15:56:17 PST From: "Willis H. Ware" <willis () jake rand org> Subject: ID Cards & Campus Privacy Dave Millar of the Univ of Pennsylvania wants to know:
Can you help me find any information on the issues associated with information kept on security card scanner systems? We have a large network of card readers scattered across campus tracking the comings and goings of several tens of thousands of people at several hundred points on campus - administrative buildings, dining halls, dorms, libraries, etc. What, if anything, stops someone from collecting this data and using it in ways not known or intended by the people being monitored?
In a word, very little. Stop looking; you will find nothing. The University of Pennsylvania is a private institution and hence can behave largely as any entity in the private sector does with personal information, do as it pleases. In the private sector there are very few legal restrictions on what may done with personal information; credit information on an individual is one of exceptions. The only thing going in favor of the individual is the morality and ethical behavior of the institution and concerned well informed leadership and administrators. As a matter of proper behavior and sensible administration, the University should have in place a policy stipulating how such information will be protected and access to it controlled, how such information will be stored, how long it will be retained, who may be allowed access to it, with whom it will be shared, will law enforcement have access to it, is it subject to subpoena, are audit trails accumulated of any one individual, etc. Additionally, the campus population should also know what things are possible with the system; e.g., what is the information used for, how might it be used if some administrator has a bright idea for a new use, who makes policy on the use, does or should the campus population have a voice in such decisions. In short there should be a privacy policy governing the operation of such a system and the policy should be made known to all campus users. If it does not, there is no law that will require it do so. All you can do is to demonstrate, cajole, pressure, embarrass, threaten, publicize, persuade, etc. in an effort to get a proper response. In the end everyone on the Penn campus will depend on the ethics of the University administration. I suggest that you contact my colleague and friend, Professor David Farber of the Computer Science Department. He is alert to computer security and privacy problems. He may be well informed on this system and can give you more detailed answers, or help you in rectifying any shortfalls. Willis H. Ware Santa Monica, CA [ Depressing, isn't it? -- MODERATOR ]
Current thread:
- ID Cards & Campus Privacy [close to home] David Farber (Nov 20)