Date: Fri, 16 Apr 93 15:34:03 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#033 Computer Privacy Digest Fri, 16 Apr 93 Volume 2 : Issue: 033 Today's Topics: Moderator: Dennis G. Rears Re: Computer Privacy Digest V2#032 Re: ssn as authenticator SSN National ID Card and the end of Privacy Don't post to this group! SOURCE to Macintosh PGP 2.2 in C available The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Mon, 12 Apr 93 16:32:33 PDT From: Al Sargent Subject: Re: Computer Privacy Digest V2#032 ~~ ~~ From: chris.carpenter@loebbs.com (Chris Carpenter) ~~ Subject: Re: What can "they" do with my SSN? ~~ Date: 8 Apr 93 20:29:00 GMT ~~ Organization: The LAND OF ENCHANTMENT BBS! Albuquerque, NM 505 857-0836 ~~ ~~ TO: All ~~ ~~ David Hoffman asked: ~~ ~~ >.After reading many articles here about how not to give your SSN away, ~~ >.it occurs to me that I don't know WHY I shouldn't give it away. What ~~ >.can some third party do with my SSN that I wouldn't like? I think ~~ >.every credit card company in the world probably knows mine by now. ~~ ~~ Where I work or what I do doesn't matter. If I have sufficient ~~ knowledge of various agencies operations I can destroy your credit, give ~~ you a legal/traffic record (Issue a Warrant for your arrest), obtain/use ~~ your credit card #'s, assume your identify when conducting paper ~~ business with uncle sam, utilize your Social Security Benefits and much ~~ much more... whatever my imagination and ability enables. ~~ ~~ -Chris ~~ (chris.carpenter@loebbs.com) ~~ This last risk -- the use of your Social Security Benefits by someone other than yourself -- is a very real one. Over a year ago, when I applied for unemployment insurance, I found that someone had somehow acquired my SSN and had been collecting benfits on it. The guy at the unemployment agency said that the numbers get collected and sold to illegal immigrants. Of course, there was nothing he could do to correct the situation. He told me that I would have to take care of the problem by going to the social security administration office. In my case, the government did not even check to make sure that my SSN matched my name. They just gave this guy benefits because he could come up with a valid SSN. It is truly amazing how inept the government is with validating information that so much of our society is based on. Al --- net.disclaimer: --- do you really think my opinions are those of my employer? ------------------------------ From: Joel M-for-Vnews Snyder Subject: Re: ssn as authenticator Date: 12 Apr 1993 21:50 MST Organization: Opus One Distribution: world Reply-To: jms@opus1.com News-Software: VAX/VMS VNEWS 1.50A In article , reed@interval.com (David P. Reed) writes... >Every time I get money from someone, I MUST provide my SSN (so they can >file a 1099 form with the IRS, except in certain cases where I am allowed >through "backup withholding" to pay for anonymity). There is a deep >conflict between this use, which does not provide "proof" of identity, and >use as an authenticator. Not strictly true. An organization paying funds to an incorporated entity may not require the employee of the incorporated entity to provide a personal SSN. Organizations also don't file 1099s on money they give to corporations.* As a payee, you can use the corporate veil, at least, to save passing out your SSN. I suspect it's not worth it, but it is possible for the truly ambitious. jms Joel M Snyder, 1103 E Spring Street, Tucson, AZ, 85719 Phone: 602.882.4094 (voice) .4095 (FAX) .4093 (data) Internet: jms@Arizona.EDU BITNET: jms@Arizona Yow! I just went below the poverty line! * Not strictly true; something to do with medical payments you have to report, but I never cared about that, and something else to do with payments in lieu of interest or dividends. ------------------------------ From: fec@arch2.att.com Date: Tue, 13 Apr 93 14:42 EDT Original-From: arch2!fec (F E Carey +1 908 949 8049) Subject: SSN I have just been summoned for jury duty in Hunterdon County, New Jersey. Along with the summons came a short questionnaire to be promptly returned. On it I am expected to report such things as my drivers license number, whether I have served as a juror in the last year, whether I speak English, etc. And, of course, I'm asked to divulge my Social Security Number. The court system further explained in the summons package that jurors are selected, in part, from drivers license files and that drivers license numbers are used to differentiate people with the same name living at the same address. After carefully reviewing all requested information and deciding that my drivers license number is adequate identification, I decided to omit my SSN and returned the questionnaire yesterday without it. Does anybody know of any reason why the court would have a legitimate need for my SSN? Do they withhold from the meager juror pay? Would it be reasonable to argue that the SSN isn't needed until a person is actually selected and reports for duty? Am I being paranoid? Frank Carey at Bell Labs f.e.carey [Moderator's Note: They need it for pay purposes. You can avoid giving it to them up unitl the time you are chosen for jury duty. ._dennis ] ------------------------------ From: The Jester Subject: National ID Card and the end of Privacy Date: 13 Apr 93 19:29:03 GMT I am curious if anyone has any FACTS regarding the 'national medical ID card'. Is the Clinton administration aware of the horendous privacy implications this card has? How have they addressed these issues? If you thought SSN's were bad, wait till you see what this baby will do! Please Post All Facts Available, The Jester -- The Jester -PGP VER2 Key on Request Why all Politicians should be like Ross Perot: "Hes too short to be seen, to rich to be bribed, and will quit before he does any real damage"-Jay Leno ------------------------------ From: Mitch Collinsworth Subject: Don't post to this group! Date: 14 Apr 1993 17:02:48 -0400 Organization: Cornell University Program of Computer Graphics Junk-Mail: Just say no. Don't post to this newsgroup if you don't want to receive junk mail (yes, snail mail) from Robert Ellis Smith's Privacy Journal. (And at over $100 for a subscription you really gotta be into this stuff to want it!) Perhaps we need to invent a new header line to include in news postings that indicates if the poster wishes not to receive junk mail. See sample above. Sheesh! What will they think of next? -Mitch Collinsworth mitch@graphics.cornell.edu [Moderator's Note: It appears that the address was taken from his .signature address. In a followup to a question of mine. Mitch writes: It's not an e-mail solicitation, it's paper mail, but I feel certain it was due to my having posted to comp.society.privacy a few times in the past. Evidence of this is that the envelope is not addressed at all like any address I ever use. Instead it contains the information available from the headers of my news postings: Mitch Collinsworth Cornell University Program of Computer Graphic Ithaca, NY 14851 Except for the (incorrect) zip code, the above is contained in my From: and Organization: news headers. I couldn't tell you about alt.privacy or PRIVACY Forum. I have never read alt.privacy, let alone posted there. I subscribe to PRIVACY Forum, but have never posted. But the Organization: header doesn't go out in e-mail, only in news postings. Also, for what it's worth, the PRIVACY Forum information message contains the following: >The names and e-mail addresses of subscribers to the PRIVACY Forum >mailing list are private (naturally). Now comp.society.privacy is not the only newsgroup I've ever posted to, but it's the only one with any relavence to the topic of privacy. ._dennis ] -Mitch Collinsworth mitch@graphics.cornell.edu ------------------------------ From: 1016/2EF221 Subject: SOURCE to Macintosh PGP 2.2 in C available Organization: capriccioso Date: Thu, 15 Apr 1993 22:38:53 GMT Apparently-To: comp-society-privacy@uunet.uu.net *** SOURCE code to Macintosh PGP 2.2 now available via anonymous FTP *** FTP netcom.com CD pub/grady MGET MacPGP2.2src.sea.hqx MGET MacPGP2.2srcSIGNATURE Convert to a Compact Pro self-extracting archive with BinHex 4.0. If appropriate, check the digital signature of the .hqx file with your copy of PGP. (Non-Macintosh users wishing to check the digital signature please note that 'CR' denotes the end-of-line on a Macintosh, not 'LF' or 'CRLF'.) For the purposes of the ITAR act, this 'unclassified technical documentation' is hereby released into the public domain. (However no representation is made as to copyright or other commercial rights that may exist in this package.) Full source code, Symantec THINK C 5.0.4 projects and full user documentation is included for both 68020 and 68000 versions of Pretty Good Privacy, a strong public key encryption and digital signature application using the RSA algorithm patented in the United States and the IDEA cipher patented in Switzerland. No executables are included. Executables are available via anonymous FTP from: leif.thep.lu.se (Sweden) night.nig.ac.jp (Japan) van-bc.wimsey.bc.ca (Canada) soda.berkeley.edu (P.R. of Berkeley) src.doc.ic.ac.uk (United Kingdom) ghost.dsi.unimi.it (Italy) plaza.aarnet.edu.au (Australia) nic.funet.fi (Finland) Other's public keys are available from anonymous server sites: (Send message subject "help" for more information.) Internet sites: pgp-public-keys@junkbox.cc.iastate.edu Michael Graff explorer@iastate.edu FTP: tbird.cc.iastate.edu:/usr/explorer/public-keys.pgp pgp-public-keys@toxicwaste.mit.edu Derek Atkins warlord@MIT.EDU FTP: toxicwaste.mit.edu:/pub/keys/public-keys.pgp pgp-public-keys@phil.utmb.edu John Perry perry@phil.utmb.edu FTP: phil.utmb.edu:/pub/pgp/public-keys.pgp pgp-public-keys@demon.co.uk Mark Turner mark@demon.co.uk FTP: ftp.demon.co.uk:/pub/pgp/pubring.pgp UUCP site: pgp-public-keys@jpunix.com John Perry perry@jpunix.com The executable application built from these sources has NOT been licensed by RSA Data Security, Inc. nor has the RSA public key algorithm or the IDEA block cipher algorithm been approved by the National Security Agency. This unclassified technical documentation is made available for EDUCATIONAL USE ONLY; possession, distribution, or use of an executable binary built from this source may be a civil or criminal offense. Suggested improvements, bugs, or comments should be directly posted to alt.security.pgp or to the principal developers listed among the source documents. General questions and comments about public key cryptography or the IDEA cipher may be posted to alt.security.pgp or to the sci.crypt Usenet groups. -- grady@netcom.com 2EF221 / 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F ------------------------------ End of Computer Privacy Digest V2 #033 ******************************