Date: Thu, 25 Jun 92 15:20:24 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#055 Computer Privacy Digest Thu, 25 Jun 92 Volume 1 : Issue: 055 Today's Topics: Moderator: Dennis G. Rears re: Privacy in video rental records? Re: Social Security Numbers and Social Insurance Numbers Re: Social Security Numbers and Social Insurance Numbers Re: What can be done about ADVO mailings? Re: privacy dilemma Re: SSNs and Social Insurance Numbers Re: Privacy and Technology The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Tue, 23 Jun 92 08:47:46 PDT From: Phydeaux Subject: re: Privacy in video rental records? >>turned away. "It's company policy (tm). You're free to rent >>elsewhere". Now that I've calmed down, I'll have to go back and ask >>for the true story - chain-wide policy, or local? Really, REALLY want >>SSN? Procedure for contacting the home office with a complaint, etc. > >>This really sucks. I like to rent there because they have great >>selection, and also music and books and magazines, etc. Very nice >>stores and helpful clerks. I'm bummed. Boycott Hastings?!? > >Why didn't you just make up a number and give it to them? I doubt that >it is a violation of any law to give an incorrect SSN to a video rental >store. My sister used to like to get those free 'gifts' from department stores when they got you to apply for their credit cards. Every time she went past one of those displays she would fill out an application and collect whatever junk they were giving away that day. A few years later, she applied for a credit card and was turned down because they had several combinations of names, addresses and SSNs for her. Now, I doubt that your friendly video rental store is going to report your SSN and other information to TRW and the like, but one never knows. Making up a SSN and associating it with other *correct* information about yourself may be a bad idea... As usual, your own mileage can and probably will vary. reb -- *-=#= Phydeaux =#=-* reb@ingres.com or reb%ingres.com@lll-winken.llnl.GOV ICBM: 41.55N 87.40W h:828 South May Street Chicago, IL 60607 312-733-3090 w:reb Ingres 10255 West Higgins Road Suite 500 Rosemont, IL 60018 708-803-9500 ============================================================================== It has been my experience that people who have no vices have very few virtues -- Abraham Lincoln ------------------------------ From: lance@unix386.Convergent.COM (Lance Norskog) Subject: Re: Social Security Numbers and Social Insurance Numbers Date: 24 Jun 92 00:35:00 GMT Organization: Unisys/Convergent, San Jose, CA I'm pretty sure the last digit is not a check digit. My two brothers and sister were all registered en masse (born in Chile) when the folks moved back to the states, and their numbers go in a line. What is the federal law that prohibits use of the SSN by private organizations? What are the penalties, if any? Lance Norskog ------------------------------ From: Denis Coskun Subject: Re: Social Security Numbers and Social Insurance Numbers Organization: Alias Research, Inc., Toronto ON Canada Date: Wed, 24 Jun 1992 15:14:28 -0400 In sej3e@kelvin.seas.virginia.edu (Susanna Elaine Johnson) asks about the Social Insurance Number (which is the Canadian equivalent of the U.S. Social Security Number): > Consider the structure ABC-DEF-GHI. A is an area code and > denotes the area within Canada from which the SIN was obtained. > ... I is a checksum, and I wish that > somebody would be able to tell me the nature of the checksum. Yes, `I' is a checksum, and `A' encodes the region in which the SIN was issued (and therefore a good indication of where someone lived when he got his SIN). The region codes are: 1 Atlantic provinces (Nova Scotia, Newfoundland, Prince Edward Island, and New Brunswick) 2 Quebec 4 Ontario 5 Ontario (beginning only in the last couple years) 6 Prairie provinces (Manitoba, Saskatchewan, Alberta) 7 Pacific region (British Columbia) 9 issued to anyone requiring a SIN but who's not a Canadian citizen or permanent resident (if he later became a citizen or permanent resident, he'd get a regular SIN) I don't know the region code used for the Northwest Territories or the Yukon, but I'd suspect that they'd be grouped together with one or more of the above. The checksum, known as the Luhn error check (widely used on credit cards, bank cards, etc.), detects single digit errors or the reversal of two digits. Here's the procedure on, say, SIN 123-456-78: 1. Start with the incomplete SIN: 1 2 3 4 5 6 7 8 2. Use these weight factors: 1 2 1 2 1 2 1 2 3. Multiply each digit by its weight: 1 4 3 8 5 12 7 16 4. Sum the individual digits: 1 + 4 + 3 + 8 + 5 +1+2+ 7 +1+6 = 38 5. Divide this sum by 10: 38 / 10 = 3 remainder 8 6. If the remainder is 0, goto step 8. 7. Subtract the remainder from 10: 10 - 8 = 2 (this is the checksum) 8. Append to complete the SIN: 123-456-782 A few comments on the procedure: Doubling alternate digits (steps 2 & 3) checks for the common mistake of transposing two digits while typing the number. The only pair of digits that can be transposed without affecting the checksum are 9 and 0. Since the Luhn error check is used on other numbers that may have an even or an odd number of digits, the convention for doubling of alternate digits is to begin from the right (ie, from the least significant position). Step 7 buys you nothing in the way of error detection. I guess it's there for a tiny improvement in efficiency for a program that does SIN validation. Instead of calculating the checksum on 123-456-78 and comparing the result to 2, a program could do the algorithm on the whole number and then check that the result is 0, as shown: 1 2 3 4 5 6 7 8 2 1 2 1 2 1 2 1 2 1 1 4 3 8 5 12 7 16 2 1 + 4 + 3 + 8 + 5 +1+2+ 7 +1+6+ 2 = 40 40 / 10 = 4 remainder 0 Remainder is 0, so it passed the test. -- Denis Coskun (416) 362-9181 ext.346 Alias Research Inc. dcoskun@alias.com Toronto, Canada utcsri!alias!dcoskun ------------------------------ From: "J.David Ruggiero" Date: Wed, 24 Jun 92 08:41:07 PDT Reply-To: David Ruggiero Subject: Re: What can be done about ADVO mailings? pciszek@isis.cs.du.edu (Paul Ciszek) writes: PC>ADVO, as some of you may know already, is a charming organization that PC>sends people a half-pound of newsprint once a week. The newsprint is PC>delivered with a postcard, which somehow makes it "mail". I have just PC>sent my second request to ADVO asking that they stop sending my this stuff; PC>[...] PC>I have yet to hear back from ADVO. I called up the local (Seattle) office of Advo last week (hard to find - they aren't in the white pages or even the yellow pages under 'Advertising' or 'Mailing Lists'). The person answering was pleasant and helpful, taking my name/address and saying I should give it twelve weeks or so before the pre- printed labels are exhausted and I stop receiving mail under their cards. (She also mentioned they get almost as many requests from people to get *on* their lists as off them.) Apparently the lists are all controlled by the national organization (Conneticut?) and send electronically to the local branches. PC>The post office says that these folks cannot be delt with in the same PC>fashion as other direct marketers, as my name is not on any list; they PC>just send a bundle to every possible address, inhabited or not. Hmmm, this isn't quite true, at least in my area. The cards are all individually printed and have an exact street address. My letter carrier (a veteran) says if he doesn't receive a card, I don't get the flyers; several homes on his route are always skipped. PC>SO, what can be done about ADVO? If I ask them to stop several times and PC>they don't, is it harassment? Who would be willing prosecute them, anyway? Give it a bit more time, then raise some more hell. Deal with the local ADVO office (look at the fine print on one of the flyers/coupons for the "Product of Advo (xxx) xxx-xxxx" to get their number. | J. David Ruggiero Osiris Technical Services Seattle, WA | | osiris@polari.online.com or !uunet!polari.online!osiris | | Living in Seattle is like being in love with a beautiful woman... | | who's sick all the time. | ------------------------------ From: samsung!ulowell!willow.ulowell.edu!welchb@uunet.uu.net Subject: Re: privacy dilemma Organization: University of Lowell Date: Wed, 24 Jun 1992 16:34:13 GMT > Does the individual have any "right" to know where he or she > stands in relation to other individuals even though that knowledge > may result in an invasion of privacy for other individuals ? > Please don't give me the statistical arguement, because I think > it just avoids the issue. I feel ambivalent. I have previously worked at places where the "traditional" thought has been, what I make is my own business. The secretary who hands out the paychecks should only look at your name, not how much you make. I now work for a state agency. Yes, in some sense my salary is public knowledge. Yes, it could be obtained via Freedom of Info (at least I think it can; but maybe that info would only be about job titles and pay, and then you would have to go again to link up my title and job slot with the allocated funds). Yes, I agree that I should know where I stand in relation to other individuals in my group (although that, I think, is exactly what private employers try to avoid.) Here is a similar dilemma. We received a receipt for a property tax bill on a postcard (because it was a cheap, computer-generated way for the town). I agree that the tax assessment for all property in the town is publicly available, and should be. Yet, it seemed to be an offense against the American idea of politeness and privacy to think that someone could simply read my taxes off a postcard. I felt I was being singled out for special mistreatment, whereas I would not feel so if they obtained my payment from a list of all payments. -- Brendan Welch, UMass/Lowell, W1LPG, welchb@woods.ulowell.edu ------------------------------ From: Flint Pellett Subject: Re: SSNs and Social Insurance Numbers Date: 24 Jun 92 21:05:20 GMT Organization: Global Information Systems Technology Inc., Savoy, IL NIEBUHR@bnlcl6.bnl.gov (Dave Niebuhr, BNL CCD, 516-282-3093) writes: >In Privacy Digest Vol #1, Issue #51 Susanna Elaine Johnson > writes: >>(1) SOCIAL SECURITY NUMBERS >> >>There is a coding system involved in the SSN structure. These >>details are from memory and should be verified before being >>relied upon. Consider the structure ABC-DE-FGHI. If anyone really knows about SSN's, I'd love to know what plans exist for them in the future. They only have 9 digits, and since we have 250,000,000 people (or more-- I haven't kept track) currently alive in this country, that indicates that most likely 20 to 25% of the available numbers are in use by persons currently living. I would guess that within the next 100 years that we'll run out of 9 digit numbers that haven't already been used: do they plan on re-using the numbers of deceased people, (a big potential problem, I would think, since estates often live on a long time after the person), or are they going to go to 10 digits and break computer programs all over the place? -- Flint Pellett, Global Information Systems Technology, Inc. 100 Trade Centre Drive, Suite 301, Champaign, IL 61820 (217) 352-1165 uunet!gistdev!flint or flint@gistdev.gist.com ------------------------------ From: Duke McMullan n5gax Subject: Re: Privacy and Technology Date: Wed, 24 Jun 92 23:14:29 GMT Organization: University of New Mexico, Albuquerque In article Joshua_Putnam@happy-man.com writes: >In abc@brl.mil (Brinton Cooper) writes: >>As most of you probably know, the U.S. Military are about to >>collect DNA samples (blood and saliva specimens) from every member of >>our armed forces. . . . >>However, once the data are collected, who's to tell to what use they may >>be put? >If the radio report I heard on this is accurate (a very big IF), then >misuse of the information will be more difficult than it sounds. From >what the military spokesman said, the samples themselves are being >stored, not any analysis of the samples. They described it as an >index card with a blood stain and a swab of saliva, all stored in >giant card catalogs. Genetic analysis will be put off until needed, >since analyzing all the samples up front would be very expensive and >most would never be needed. As things stand, and will continue to stand in the near future, this certainly will be the case. However, as the State Of The Art improves, the price will drop. Period. End of sentence. It is forseeable, although surely not certain, that a time will come when it's easier (read: cheaper) to a) do the analysis and b) store the results in whatever form of imperishable mass storage happens to seem best. It necessarily is a tradeoff . . . individual security vs. national security . . . and something as fundamental as DNA "genoprints" do seem pretty spooky to us today. Keep up your guard. d -- "I don't smoke, I don't drink, I don't do drugs and I don't wear high heels." -- Marilyn vos Savant Duke McMullan n5gax nss13429r phon505-255-4642 ee5391aa@triton.unm.edu ------------------------------ End of Computer Privacy Digest V1 #055 ******************************