Date: Wed, 06 May 92 17:02:03 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#014 Computer Privacy Digest Wed, 06 May 92 Volume 1 : Issue: 014 Today's Topics: Moderator: Dennis G. Rears The End Re: Free TRW Credit Report Re: Modem Tax (N Is e-mail private? New phone technology, privacy, and the FBI Re: Cordless Phones A wierd way to run a mail system Re: Call for a new moderator? NO! The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Tue, 5 May 92 13:42:07 -0700 From: "Robert L. McMillin" Subject: The End Flipping past yet another channel on cable yesterday, I came across someone hawking one of my favorite hokums: apocalyptic predictions. (Maybe it was the End of The World Channel... the program was "Biblical Prophesy Today", approximately.) Fine, you may say, but what does this have to do with technology and privacy? Well, the connection is that the vintage blather these guys sold had it that ATMs and their PIN numbers, along with credit cards, etc., will soon perform identity verification using some kind of implantation system, whereby You Won't Be Able To Buy Anything Unless You Have The Implant (dramatic music goes here), which of course will be the Mark Of The Beast, and therefore a Sign of The End Times. It was all very amusing. The videotape cost $29.95, as I recall. Pretty good markup on previously blank tape, eh? (Really, now, do they honestly believe that people en masse would allow themselves to be mutilated in order to do what they do now with paper money? Maybe these people should withdraw all their money from the bank and buy a clue...) --- Robert L. McMillin | Voice: (310) 568-3555 Hughes Aircraft/Hughes Training, Inc. | Fax: (310) 568-3574 Los Angeles, CA | Internet: rlm@ms_aspen.hac.com ------------------------------ From: Garrett S Fitzgerald Subject: Re: Free TRW Credit Report Date: Tue, 5 May 1992 16:43:17 GMT Apparently-To: uunet!comp-society-privacy In article michael@xanadu.com (Michael McClary) writes: >Note, by the way, that many banks and credit-card providers make the >last month-or-so of your account history available over the phone to >anyone who can touch-tone in the account number and your zipcode or >SS number. Well, Fleet Bank, when they send you your statement, gives you an extra code to punch in for your account information. Nice of them... -------------------- "A foolish consistency is the hobgoblin of little minds." Sarek of Vulcan a.k.a. Garrett Fitzgerald `:-) Sarek@world.std.com ------------------------------ Date: Tue, 5 May 1992 16:53 EDT From: MCULNAN@guvax.georgetown.edu Subject: Re: Free TRW Credit Report People have commented on the amount of information TRW requires before they will provide you with your credit report. The research I have done over the past two years on direct marketing and the experience of one of my colleagues/horror stories in the press suggests that 1) TRW *may* need a lot of information to positively identify you due to problems they have had with mixed files in the past and 2) if you do provide this information to them, it is unlikely they will learn anything new about you that they don't already have in their marketing database. TRW maintains an extensive marketing database on individuals from which it sells mailing lists. The source of this information includes public records (drivers license, deeds, USPS change of address information), credit reports, and information it has purchased from mail order companies. Names and addresses may be selected based on such factors as exact age, height, weight or whether or not you wear glasses (from drivers license records), information about a home mortgage (amount, type), recording date and whether or not the transaction was a purchase or a refinance (deed/tax assessor records), whether you are a "new mover," the distance of your move and whether it is local, regional or out-of-state as well as the date (USPS change of address information), whether you are a credit shopper, an active credit shopper, your purchasing power (credit report) and whether you shop by direct mail, are a multi-category buyer, recent purchase date, and category of purchases (e.g. collectors, crafts, high tech, sports, etc. etc) (information purchased from unspecified third parties). TRW is not the only company in this business. There are a number of large direct marketing firms which sell similar types of lists. We would all be able to exert much more control over the secondary use of our personal information if public records came with a check-off box, allowing each person to decided whether or not he/she wanted to received solicitations because they bought a house or car, moved and changed their address, or got a drivers license. Currently you can only ask these companies not to resell your name by writing to them directly or by signing up for the DMA's Mail Preference Service. Mary Culnan School of Business Administration Georgetown, University MCULNAN @ GUVAX.GEORGETOWN.EDU ------------------------------ From: Charlie Mingo Date: Wed, 06 May 1992 03:23:41 -0500 Subject: Re: Modem Tax (N Lars Poulsen writes: > mc/G=Brad/S=Hicks/OU=0205925@mhs.attmail.com writes: >> You can call from anywhere in the continental US to CompuServe's >> mainframes in Columbus, Ohio for TWENTY FIVE CENTS PER HOUR. Can you >> make any other long-distance phone call for $0.25 per hour? And the >> government enforces this inequity by law. > > I am fairly certain that this statement is counter-factual. As far as > I know, CIS charges several dollars per hour for such connections. The argument is really one of semantics. CompuServe charges $.25/hour (in addition to the $12.50/hour connect fee) for connections made through it's own CPN packet switched network. This compares with a $3/hour surcharge for calls made through Telenet/Tymnet. Of course, you are really paying for your long distance fees in the form of the $12.50/hour connect charge. Some services (America Online) purport not to charge you anything for the call, and bill you "only" for the connection. Since you cannot use CPN's $.25/hour service to call anyone else, it matters little whether you pretend it's one fee or two. If you use CompuServe's CPN network to call any other information provider, the charge is in the range of $4.50 to $5.50/hour. Thus, you really should think of CompuServe charging you $8/hour for the connection, and $4.75/hour to carry your call. ------------------------------ Date: Wed, 6 May 92 07:08:15 -0700 From: vikrum@milton.u.washington.edu (Vikram Madan) Subject: Is e-mail private? Date: Wed, 6 May 1992 14:02:04 GMT I was reading the discussion about privacy and the cordless phone and I was just wondering ... how private a medium is e-mail legally? Is it illegal to tap into someones e-mail and read it and if so what legal repercussions can the wrong-doer face? Its happened once with me that someone trying to show his hacking skills managed to divert my e-mail and was reading them regulary (just to prove he could do it) I didnt press any charges or anything but what does the law say on this issue if I had wanted to do so? Thanks, vikrum. ------------------------------ From: "Brantley E. Riley" Subject: New phone technology, privacy, and the FBI Date: 6 May 92 15:10:41 GMT Hello all - With all this discussion of cordless phones and privacy, I thought it would be worthwhile to discuss the privacy issue as it relates to other types of phone technology. I was concerned to read in the local paper on Monday about proposed legislation being backed by the FBI and Justice Department. The bill would "block telephone companies from introducing new technologies until they develop ways to let the [FBI] eavesdrop." The bill would also "require that new communications technologies be vetted by FBI specialists before any advances could be offered to the public" and "require telephone customers to pay for the bureau's snooping." The article was an editorial in the Op/Ed section of the paper, so it didn't go into great detail on the bill (who was sponsoring it, etc.), but the editorial did go on to describe briefly the difficulties in tapping fiber-optics and digital phone systems. The editorial was clearly opposed to the proposed law. So, I'd like some feedback on this issue... what do people think? I am wholeheartedly opposed to the entire idea, and it frightens me to think that it has been seriously proposed and supported. Does anyone have more details on the bill (who is sponsoring it, when it was introduced, actual wording)? brantley (All references are from an editorial titled "Unwarranted FBI phone snooping" that appeared in the Monday, May 4th issue of the Baltimore Evening Sun.) -- "Have I told you this before?" "No, we only met about half an hour ago." "So little time to pass?" said Merlyn, and a big tear ran down to the end of his nose. -- T.H. White, _The Once and Future King_ ***** brantley@umd5.umd.edu ***** ------------------------------ From: Mark E Anderson Date: Wed, 6 May 92 12:06 CDT Subject: Re: Cordless Phones From: Anthony Rzepela > How much privacy can we afford? That is the new, evil question. This is a good question. I guess it all comes down to what is the downside of losing privacy. Like the old saying "If you have nothing to hide, you have nothing to fear." The only legitimate use of privacy is to protect secure information that can be used by competitors to gain a market advantage. Other than that, the only reason for privacy is to protect something that someone has to hide from the government or insurance companies. The nothing-to-hide-nothing-to-fear argument has been widely used to stretch our 4th Amendment rights to where the police can set up road blocks, make you pee in a cup, and maybe eventually randomly search your house on a hunch. Why should communications and purchases be treated any differently? If I were running an insurance company and my salary and career was based on the earnings per share, I would push as hard as I could to find out everything there is to know about the people who I am insuring. It only makes sense to charge those who have a higher potential of abusing costs by smoking or eating fried foods or red meat to pay more into the system. From a business point of view, this makes alot of sense. There is little that can stop invasion of privacy. The momentum has already been formed and the only saving grace will be when those that were most instrumental in eroding our privacy get burned themselves by their own actions. By then, it may be too late. In the meantime, I freely talk on my cordless and cellular phones caring little about those who may be listening in. . If someone is that lonely to listen to my mundane conversations, then they're the ones with the real problem. Until someone can stop the thought process in the vast majority of Americans that anything is OK because if-you-have-nothing-to-hide-you-have-nothing-to-fear, the erosion of privacy will never stop. Your only recourse is protect yourself and be aware of what is going on. Mark Anderson ------------------------------ Subject: A wierd way to run a mail system Date: Wed, 6 May 92 13:31:03 EDT From: "John R. Levine" I just got this bounce message from a machine at AT&T having responded to a message someone sent to comp.compilers. It appears that their mailer uses employees' SSNs as the internal acccount ID and thoughtfully blats the SSN on any mail bounce message. The original message had a different return address in the text at the end, so we'll see if that works better. Doesn't AT&T have privacy guidelines? Regards, John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl [Moderator's Note: For obvious reasons I have replaced the actual SSN with X's. _Dennis] Forwarded message: |From spdcc!cbnewsf.att.com!postmaster Wed May 6 13:16:30 1992 |Message-Id: <9205061651.AA16124@ursa-major.spdcc.com> |From: postmaster@cbnewsf.att.com |Date: Wed, 6 May 92 12:47 EDT |To: iecc!johnl@ursa-major.spdcc.com | |>From postmaster Wed May 6 12:47 EDT 1992 |Mail to `pevzner' alias `ssn=XXXXXXXXX' from `att!ursa-major.spdcc.com!iecc!johnl' failed. |The command `exec post -x -o '%^24name %20ema %^city, %+state' -- ssn=053769177' returned error status 100. |The error message was: |post: ssn=XXXXXXXXX: Not found [message followed] ------------------------------ Date: Wed, 6 May 92 16:40:40 EDT From: Brinton Cooper Subject: Re: Call for a new moderator? NO! William Pfeiffer supports Dennis Rears's continued moderation of this forum but adds: > but try > to find a more condusive computer connection. Even if YOU are 100% honest > (as I believe you to be) who's to say what commander has 'root' > access to your army system and is keeping nice little diaries about all > that we discuss here. After all, Privacy and our rights there-to > would be very interesting reading for some in the Government > Intelligence community. This is a logical contradiction. If this is an open forum (freedom of speech is the issue which began this thread), then Dennis's commander, having Internet access, can keep his/her little diaries quite adequately. You should believe strongly that the "Government Intelligence Community" probably reads every word of these postings. Either we have a public forum, or we don't, and that isn't affected one iota by whether it originates from *.army.mil, *.edu, or public-access.org. _Brint [Moderator's Note: I really *WANT* this discussion to end! As I said before I will *NOT* allow anyone to tell me what *NOT* to post. If push comes to shove I will post from another machine. _Dennis] ------------------------------ End of Computer Privacy Digest V1 #014 ******************************