Date: Thu, 18 Jun 92 16:14:49 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#051 Computer Privacy Digest Thu, 18 Jun 92 Volume 1 : Issue: 051 Today's Topics: Moderator: Dennis G. Rears Re: is personal privacy overrated ? Re: is personal privacy overrated ? Re: Photo-Credit Cards Re: Privacy in video rental records? What can be done about ADVO mailings? More on Call Return in Area Code 516 Social Security Numbers and Social Insurance Numbers Re: Privacy and Technology Re: Computer Entrapment Re: Can I lose the rights to my name and address? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Mon, 15 Jun 1992 19:23:50 PDT From: Hans_Lachman.OSBU_North@xerox.com Subject: Re: is personal privacy overrated ? In some article, jartz@mitre.org writes: > I think there are many benefits to the > individual of unrestricted information flows.... > Not knowing about other people leads us to feel > isolated and often unintegrated into the fabric of society.... > Before anyone dismisses this as laize faire lunacy, let me add that I > initially compared free flowing information as a philosophical goal to the > individual's right to vote.... > John M. Artz, Ph.D. I think you're off the point. The issue of concern, I think, is not whether it's a good idea to publish information about the behavior of large numbers of people, in an aggregate impersonal fashion. The issue is whether we think it's OK to have unrestricted flow of information that links specific facts to specific individuals. On that subject, I think your position has merit if the goal is to maximize freedom, e.g.: you are free to sell my name to a junk mail company, and I am free not to do business with people like you. But it appears that this society is willing to make itself less free when there is a consensus that certain activities are offensive and therefore should be restricted. I agree with some of these restrictions, e.g., in the case of pollution. Pollution is enough of a general offense that it should be restricted. So, in the area of exchanging information about private individuals, what activity do the people think is offensive enough to be restricted? Well, if someone sells my name to a junk mail company, then they are conspiring to pollute my home, and that offends me. Even if they don't send me junk mail, I consider it rude that businesses exchange data on me without the courtesy of consulting me first. Now, we can't force everyone to act with good manners, but we CAN require companies to extend specific courtesies to us private individuals. (Of course, it would be better if they acted with courtesy in the first place, and then we wouldn't have to talk about whether to legislate it.) Hans Lachman hlachman.osbu_north@xerox.com ------------------------------ From: bear@tigger.cs.Colorado.EDU (Bear Giles) Subject: Re: is personal privacy overrated ? Date: Tue, 16 Jun 1992 20:47:16 GMT In article jartz@mitre.org writes: >Clearly that is the heart of the issue. I think there are many benefits to the >individual of unrestricted information flows. I will give one example and then >generalize the point I am trying to make. > >If I join a grocery store shoppers club that collects data on all my purchases, >I might be reluctant to have that information dissemminated because it may >reflect badly on me or I might be damaged in some way. For example if I >buy two bottles of wine every day and every girlie magazine on the shelf, >I might be reluctant to have that information shared with my friends, neighbors, >and prospective employers. Clearly I would fear being exposed as a drunken >pervert, etc, etc. However, I claim that it is restricted information flows that >leads to this problem. If everybody's purchases were know, we might find >out that 20 million people have purchasing habits just like mine. If I am in >the company of 20 million other people I might be less afraid of being >exposed. > >My point here is that lack of information leads to supposition, inuendo (sp?), >even superstition and prejudice. We always see people on the television >comming forward to announce their problems to the world in case somebody >else is in a similar situation. Not knowing about other people leads us to feel >isolated and often unintegrated into the fabric of society. Thus, I believe >that free flowing information does provide potentially large benefits to >the individual. > John M. Artz, Ph.D. > jartz@mitre.org Three points: First, you imply that people wish to 'hide' their personal habits, perhaps out of shame. If only they knew of the thousands (millions) of others just like them.... In a word: hogwash! I have no doubt that many people in their teens and twenties want privacy to avoid 'shame', but many people have other reasons for wishing privacy. We consider the number of people who share our interests completely irrelevant. In fact, I consider such a concern intellectually dishonest. If you are doing something wrong it doesn't matter how many other people are doing it as well. You justify your actions on their own grounds, not by majority rule. As a concrete example, I have purchased a substantial amount of adult material during the past five years. While many people would be offended by that fact, I'm not concerned because I was using it as a _tool_ to overcome childhood sexual abuse. (It was classical phobia treatment, where I had associated _any_ sexual context with fear and pain -- a reasonable association given my past). I may be the only person who has done this (although I doubt it), but by your reasoning I'm simply one of 20 million who enjoys the pictures! (I have to use the exclamation point since it was anything but enjoyable for a long time!) Second, you imply the worst that can happen is a person will feel 'shame.' Unfortunately, much worse is possible. People generally don't have a right to work; their employment is solely at the discretion of their employer. It is _very_ conceivable that a manager would force an employee out after learning something 'undesirable' about them. (They may not fire them outright... just give them undesirable jobs and poor reviews). The way Ross Perot ran EDS gives a good example of this. An on-the- job dress code made sense, especially in the beginning. But why should EDS be concerned if an employee decides to live with a partner outside of marriage? Housing is a similar situation. I don't have problems with an individual setting (reasonable) standards for isolated properties... but why should a large apartment complex be concerned with such arrangements? (I remember one complex (in Orlando) which made a point that they didn't mind an unmarried mixed-sex couple sharing a one-bedroom apartment, but would not rent to two same-sex friends. (This was in college, when dorm rooms were frequently _three_ people to a room) It wasn't simply a problem with students, since over half of their residents were students). Finally, there is a _big_ difference between people admitting things on their own (as I did above) and people being forced to admit to problems. The latter would create additional barriers to overcome for people facing difficult situations. Using a concrete example again, I could imagine a Christian "outreach" which somehow picked up on me starting to remember my childhood abuse and running to "help" -- completely ignorant of the abuse's close association to the Church. (Occurred at a church-run preschool, threatened with Hell if I told, etc). My knowledge of how the Catholic Church has attempted to 'hush up' pediaphilic priests would have prevented _any_ church-affiliated programming from helping... but they could have done a _lot_ of damage before they learned. Bear Giles bear@fsl.noaa.gov ------------------------------ From: "Wm. L. Ranck" Subject: Re: Photo-Credit Cards Date: 16 Jun 92 14:53:07 GMT In article jcp@islay.dco.dec.com (Jolly C. Pancakes) writes: > Having the picture on the card might not mean a thing, either. >We had a case here recently where a field service engineer from HP was >murdered in a downtown parking garage by a couple of fine youths, >who then high-tailed it to the DMV where an accomplice (read: >girlfriend) issued a new license in the murdered man's name - reporting >his as "lost". The murderer was actually stopped by state police for >speeding the next day and no one questioned why a 17 yr old black guy's >picture was on the license of a man described as white and 35 yrs old, >with a Lithuanian name. Please note that in the case you describe here the criminal had an accomplice on the "inside" at DMV to get the picture replaced. The fact that the cops didn't pay attention to the age on the license was not a fault in the license but in the procedures of the police. Just because some guy is black doesn't mean he can't have a Lithuanian sounding name, but the age should have been a clue. Anyway, I'm not convinced that pictures on credit cards are a good idea. I'm not convinced that they are bad either. It bothers me that some banks are apparently issuing them through the mail. That seems like an invitation to fraud if you ask me. If you had to go in person to get your picture on the card it would make it harder for someone to get his picture on another person's card. Just to clarify, the original poster asked why the bank was doing this and how they justified the expense. I was only trying to answer those questions, not depict the practice as good or bad. I haven't made up my mind about that yet. ************************************************************************* * Bill Ranck __ O DoD #0496 RANCK@VTVM1.CC.VT.EDU * * // \ * * // Lean it like you mean it! * ************************************************************************* ------------------------------ From: Carl Paukstis Subject: Re: Privacy in video rental records? Nntp-Posting-Host: frigg.isc-br.com Date: Tue, 16 Jun 1992 20:11:33 GMT In article CStacy@stony-brook.scrc.symbolics.com (Christopher Stacy) writes: >I picked up an application and a sample member's rental receipt at >a local Blockbuster Video (near Boston, MA) the other day, and I >couldn't find any of the small print people have been referring to. >Perhaps they have been convinced to discontinue the practice >(or at least the notification), or maybe only some stores do it. Are you referring to requiring SSN? I have avoided Blockbuster for this reason, and usually rent from Hastings (a national music store chain which has also gone big into video in the last couple of years). This weekend, I went to rent from them, and was told that they were now required to "update my card", and wanted my SSN. I told them they couldn't have it, argued with them, argued with the manager, and was turned away. "It's company policy (tm). You're free to rent elsewhere". Now that I've calmed down, I'll have to go back and ask for the true story - chain-wide policy, or local? Really, REALLY want SSN? Procedure for contacting the home office with a complaint, etc. This really sucks. I like to rent there because they have great selection, and also music and books and magazines, etc. Very nice stores and helpful clerks. I'm bummed. Boycott Hastings?!? -- Carl Paukstis, Software Generalist | War On (some) Drugs -> Police State USA ISC-Bunker Ramo / Spokane, WA | DoD #0432 I'm the NRA #TMB6692H Phone: +1 509 927-5439 | AMA #634630 HOG #0507772 Mensa #1086355 Mail: carlp@frigg.isc-br.com | My employer accepts no responsibility... ------------------------------ From: Paul Ciszek Subject: What can be done about ADVO mailings? Keywords: Junk Mail Date: Wed, 17 Jun 92 06:16:55 GMT Apparently-To: uunet.uu.net!comp-society-privacy ADVO, as some of you may know already, is a charming organization that sends people a half-pound of newsprint once a week. The newsprint is delivered with a postcard, which somehow makes it "mail". I have just sent my second request to ADVO asking that they stop sending my this stuff; No matter how carefully I page through the advertising, there is a definate possibility that pieces of "real" mail have gotten lost in it, due to the amount of material that has to be crammed into a little apartment mailbox. I have yet to hear back from ADVO. The post office says that these folks cannot be delt with in the same fashion as other direct marketers, as my name is not on any list; they just send a bundle to every possible address, inhabited or not. SO, what can be done about ADVO? If I ask them to stop several times and they don't, is it harassment? Who would be willing prosecute them, anyway? -- Paul Ciszek, pciszek@nyx.cs.du.edu | No nation was ever drunk when wine was | cheap. -- Thomas Jefferson ------------------------------ Date: Wed, 17 Jun 1992 13:29:32 -0400 (EDT) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: More on Call Return in Area Code 516 In comp-privacy Vol 1 Issue 40, I wrote: In article NIEBUHR@bnlcl6.bnl.gov (Dave Niebuhr, BNL CCD, 516-282-3093) writes: >>In today's {Newsday} there's an article about a concern from the head of the >>State Consumer Protection Board regarding Call Return. The intro goes into >>a scenario where the phone is ringing while the homeowner is bringing in a >>bag or bags of groceries and misses the call (the radio ad is even better >>with the sound of breaking glass). >> >>This scenario was provided by a psychologist who described another scene >>that affected him where he called a "highly disturbed individual, a convicted >>felon" calling him back via *69 after the psychologist had called him. >> >>I quote here: "To my astonishment, this individual was on the line ... He >>was able to access my private unlisted phone in my home by pressing a code >>furnished by ... the telephone company." In comp-privacy vol 1, Issue 50 barmar@think.com (Barry Margolin) >I don't understand the psychologist's concern. He wanted to talk to th >disturbed individual, and succeeded. Why is he now bothered that "this >individual was on the line"? > >It's not the case that the disturbed individual now knows the doctor's home >phone number (that's a concern with Caller ID, which is why people are >calling for the ability to prevent your number from being delivered) and >can call him night and day. He can only call the doctor right after the >failed call. (Does the Call Return information ever time out? Perhaps it >should.) > >[Moderator's Note: I have used call return several times. On my bill is >just a charge with the notation "Call Return". _Dennis] >-- Call Return is very new in my area code (516 - Long Island) and is still in the "try-it-out" stage and will be in place permanently on July 1, 1992. First of all, several things have to be in place for a phone number showing up on a phone bill if and when Call Return is activated. If the call is returned to a phone number that is local to the calling number no itemization will appear on a phone bill if the Flat Rate billing option is in effect. If Message Rate billing is used, then the call would show up after the "free" allowance was exceeded. The next part to finding the phone number is more difficult if Flat Rate usage is the billing method. Information about all non-local calls can be obtained from NYTel but it takes about a month to get that list. I can understand some of the paranoia but it seems that some people are trying to make a mountain out of a molehill. As a side note and a followup, the head of the Consumer Protection Board, Richard Kessell, has petitioned the NY Public Service Commission to kill Call Return until NYTel can come up with a way to prevent the above situation (he's the mountain maker). Also, right now every residential in selected exchanges has carte-blanche usage but that should drop off when the consumers find out the charges ($3.00 per month or 75 cents per use). ------------------------------ Date: Wed, 17 Jun 92 15:18:47 -0400 From: Susanna Elaine Johnson Subject: Social Security Numbers and Social Insurance Numbers (1) SOCIAL SECURITY NUMBERS There is a coding system involved in the SSN structure. These details are from memory and should be verified before being relied upon. Consider the structure ABC-DE-FGHI. The group DE is a control group (I forget what the exact nomenclature is). If this group is ODD, then (generally) C is EVEN. If this group is EVEN, then (generally) C is ODD. There are validity ranges in the group DE, and these validity ranges depend upon where the SSN is issued and when (i.e., at what point in the last 60 odd years). The group ABC is an area group, and denotes where in the US the SSN was obtained. The group FGHI isa assigned sequentially and conveys no information other than serial number. (2) SOCIAL SECURITY NUMBERS Consider the structure ABC-DEF-GHI. A is an area code and denotes the area within Canada from which the SIN was obtained. The area code 9 is used to denote a foreign national not permitted to work within Canada, and if a person obtains a job and submitts to Revenue Canada a SIN beginning with 9 he/she will shortly be visited by CSIS. I is a checksum, and I wish that somebody would be able to tell me the nature of the checksum. The rest of the digits are a serial number. (3) EVADING THE REQUIREMENT FOR A SSN IN THE UNITED STATES IF YOU HAVE: (1) A Canadian driving licence (2) A college diploma (3) A job offer (4) $50.00 US you can go to the border and obtain a T/C work permit. If you are a US citizen then you can keep quiet about that fact. If you have a T/C work permit you have a perfect excuse for not having a social security number. Disclaimer: The above information is believed to be accurate but nor warranty, express or implied, is extended. Further, no illegal action is suggested or implied, and anyone who uses the information for any purpose whatsoever does so at his own risk. Finally, the discussion contained in this transmission concerns hypothetical cases and situations only and is not intended as invitation, suggestion, or other encouragement to perform an illegal act. annaj@virginia.edu ------------------------------ From: Joshua_Putnam Subject: Re: Privacy and Technology Reply-To: Joshua_Putnam@happy-man.com Date: Wed, 17 Jun 1992 20:06:10 GMT In abc@brl.mil (Brinton Cooper) writes: >As most of you probably know, the U.S. Military are about to >collect DNA samples (blood and saliva specimens) from every member of >our armed forces. The advertised reason for this is to provide for the >unequivocal identification of the remains of military folks killed in >combat or in accidents. >However, once the data are collected, who's to tell to what use they may >be put? If the radio report I heard on this is accurate (a very big IF), then misuse of the information will be more difficult than it sounds. From what the military spokesman said, the samples themselves are being stored, not any analysis of the samples. They described it as an index card with a blood stain and a swab of saliva, all stored in giant card catalogs. Genetic analysis will be put off until needed, since analyzing all the samples up front would be very expensive and most would never be needed. Again, this is all what I heard on the radio, and we know how careful media science reporters are. Does anyone have first-hand or better documented information? -- Joshua_Putnam@happy-man.com Happy Man Corp. 206/463-9399 x102 4410 SW Pt. Robinson Rd., Vashon Island, WA 98070-7399 fax x108 We publish SOLID VALUE for the intelligent investor. NextMail OK Info free; sample $20: Send POSTAL addr: Solid-Value@happy-man.com ------------------------------ From: daryl@aixwiz.austin.ibm.com Subject: Re: Computer Entrapment Followup-To: comp.society.privacy Keywords: entrapment defense dangers Reply-To: daryl@aixwiz.austin.ibm.com Date: Thu, 18 Jun 1992 14:52:35 GMT In article , NEELY_MP@darwin.ntu.edu.au (Mark P. Neely) writes: > > Computer underground Digest Sun May 17, 1992 Volume 4 : Issue 22 > > The Defense of Entrapment > As it Applies to Bulletin Board System Operators > > By Randy B. Singer, Esq. > > You may surmise from my reticence to commit to > saying that the defense of entrapment definitely WOULD apply that the > defense of entrapment is not a defense that I recommend that you rely > on. It's good to see some informed, professionally stated facts introduced into the discussion. I'd like to follow up Mr. Singer's excellent point above by relating a caution on the entrapment defense which I was taught while pursuing my degree in Criminal Justice. I am not an attorney but the instructor who told me this was. He pointed out that one of the risks of using the entrapment defense is that you must stipulate the factual aspects of the allegation. In other words, you must admit that the events took place as the prosecution alleges. Your defense is that these events would not have taken place had you not been entrapped. The problem is, if the court does not accept the entrapment defense, you've essentially confessed to the crime and surrendered your right to force the prosecution to prove that aspect of their case. In short, he cautioned that this defense can not only fail, it can backfire. Daryl Green ------------------------------ From: Wm Randolph Franklin Subject: Re: Can I lose the rights to my name and address? Date: Thu, 18 Jun 1992 18:54:40 GMT Apparently-To: comp-society-privacy@cis.ohio-state.edu In NYS, Walter Taylor, owner of Bully Hill wines, and a relative of the Taylor who founded Taylor wines, was forbidden by a judge from using his name on his wine. This was at the request of Coca Cola, owner of Taylor wines. Then he was forbidden from stating that he was forbidden to state his name. All he could do was to include a statement on the label saying to write the winery if you wanted to know who the owner was. -- Prof. Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ======= LOST MAIL: Mail sent to me between F5-29-92 and M6-1-92 might ======== ======= have been lost in a disk crash. Please resend it. Sorry. ======== ------------------------------ End of Computer Privacy Digest V1 #051 ******************************