Date: Thu, 06 Aug 92 17:16:12 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#070 Computer Privacy Digest Thu, 06 Aug 92 Volume 1 : Issue: 070 Today's Topics: Moderator: Dennis G. Rears SSNs and Southern California Re: SSN Required to Buy Car in Calif Re: Encrypted Communications Re: 800 numbers (Re: Caller ID decision) Court Ruling on SocSec# at Rutgers, info needed The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Tue, 4 Aug 92 10:20:26 -0700 From: "Robert L. McMillin" Subject: SSNs and Southern California You write: > The plot thickens. I was required to give my SSN to PURCHASE > (with cash) a television, and there was much wailing and gnashing > of teeth when I explained that, as a foreign national, I do not > have one. > I also very nearly went to jail last week when I tried to use a > Chevron CANADA card at a Chevron USA gas bar. > > I have noticed that in SC it has to be exactly by the book, no > exceptions, or the transaction is disallowed. I am thinking of > writing a monogtaph on the subject, entitled "Ritual-Taboo > Behaviour in a Technological Society". The above does not appear > to be true in other parts of the US. You wouldn't think it ritualistic if you knew anything about what happens on the other side of the counter. My father owned a retail music store for three years and got a tremendous number of bad checks. The problem is so bad in this state that even the treble damages law has had seemingly little effect. (Retailers and others receiving a bounced check are entitled to three times the amount on the check -- if they can collect it, a mighty big if.) Stores where people routinely write checks for large amounts (Home Depot comes to mind here) frequently keep internally-generated lists of known rubber check writers. I expect that this has much to do with the general overcrowding and poverty in the City of Angels. I'm sure New York has similar problems. No doubt, its merchants have similar policies to deal with them. --- Robert L. McMillin | Voice: (310) 568-3555 Hughes Aircraft/Hughes Training, Inc. | Fax: (310) 568-3574 Los Angeles, CA | Internet: rlm@ms_aspen.hac.com ------------------------------ From: bear@tigger.cs.Colorado.EDU (Bear Giles) Subject: Re: SSN Required to Buy Car in Calif Organization: National Oceanic & Atmospheric Adminstration / Boulder Labs Date: Wed, 5 Aug 1992 00:18:29 GMT In article gast@cs.ucla.edu (David Gast) writes: >In article idela!bell@uunet.uu.net (Mark Bell) writes: >>Well, I bought a car for our kid a couple of weeks ago and >>was stunned to find that they wouldn't sell it to me without SSN! > >>The law went into effect a few months ago. > >>Is there anyone out there who can advise how to beat this? I'd be happy >>to guinea-pig a court case if someone has any ideas. How did you pay for it? If you handed the salesman a thick wad of currency he had a legitimate need to know your SSN due to our wonderful War On Rights. All cash transactions over N dollars (used to be 10k, but it may be down to 3k) require extensive documentation. Personally, I would have told the salesman to produce a copy of that law or sell me the car... or face a breach-of-contract suit. (I'm assuming everything else was settled, papers signed, etc., when he demanded the SSN). Bear Giles bear@fsl.noaa.gov ------------------------------ From: bear@tigger.cs.Colorado.EDU (Bear Giles) Subject: Re: Encrypted Communications Organization: National Oceanic & Atmospheric Adminstration / Boulder Labs Date: Wed, 5 Aug 1992 00:57:42 GMT In article dwp@sunsrvr3.cci.com (Dana Paxson) writes: >In general, I think laws making encrypted communications illegal >are wasteful, stupid and oppressive, for the following reasons: > >1) They would be a violation of free speech rights. Irrelevant. The government could claim, with some justification, that the "Freedom of Speech" applies to _public_, _political_ speech. There is ample historical precedence for limiting non-political speech (libel, speech causing imminent harm, and some forms of commercial speech (cigarette and hard liquor ads on TV, actors drinking beer in same), etc). And private communications is not really "speech," especially if it is encrypted so that a casual listener could not readily determine its contents. Finally, I would not be surprised to find our current courts accepting the non sequiter that encryption, a priori, constitutes reasonable suspection that the person is up to no good. After all, if the person had nothing to hide, why did he go to the effort of encryption? (Note: I do _not_ agree with these arguments, and in fact feel that these arguments show an incredibly superficial understanding of what the First Amendment is intended to protect. However, I have seen them presented as legitimate arguments that encrypted, private communications are not protected as "speech.") >2) They would be a waste of time and effort, since > determining violation can be impossible. So's the Federal anti-drug parephenia (sp?) law, but our local U.S. Attorney General has happily seized hundreds of thousands of dollars, without filing a _single_ court case, since bothering to prove guilt in a court would not be an "effective use of manpower" -- the forfeiture laws provide "sufficient punishment." From the newspaper accounts, he considers bothering to convict the shop owners of a crime unnecessary. BTW, the shop owners got in trouble for selling the same items you can get in any good hardware store... it's just that they also sold tee-shirts and pipes instead of power tools and pipe (the kind used in plumbing). (There were a few unusual items, but as the local newspaper (a conservative one, BTW) pointed out the shop owners had asked the local police if there was any problem selling these items, and the items were all cleared). >3) They would be a further waste of time and effort, > since such laws are impossible to enforce. See above. >4) They would allow a government to apply enforcement > selectively, singling out a few (for arbitrary > reasons) and prosecuting them under the vague > suspicion that some communication contained en- > crypted matter. Here's the crux of the matter. Our laws have reached the point where law-abiding citizens are not uncommonly compelled to break the law. I know it's happened to me -- omitting the boring (accounting) details I acted in good faith at all times, but an obscure IRS regulation prevented me from doing the logical thing when circumstances unexpectedly changed. (BTW, in my case the amount in question was only a few hundred dollars, but my finances are _extremely_ simple -- I can't imagine the trouble people with complex finances face). There are ways around this, the primary one being "Jury Nullification." Unfortunately, the legal system is going to great lengths to eliminate knowledge of Jury Nullification (many recent law-school grads have never heard of it), and it's irrelevant when the government can confiscate all of your property without the bother of a trial. The government could make a major impact on citizen confidence by strongly supporting personal encryption technology. Instead, I have seen proposals to 1) require trapdoors in encryption software, 2) spend ca. $300,000,000 to make it easier to implement legal wiretaps (there were only a few hundred court-authorized wiretaps last year, according to an article on Usenet, incidently), 3) make the maximum digitial signiture length the same as the minimum length, despite the obvious impact on security, 4) restrict RSA key length on exported software to on obscene number like 32 bits (and present that as "good enough" for domestic users as well),.... Bear Giles bear@fsl.noaa.gov ------------------------------ From: bear@tigger.cs.Colorado.EDU (Bear Giles) Subject: Re: 800 numbers (Re: Caller ID decision) Organization: National Oceanic & Atmospheric Adminstration / Boulder Labs Date: Wed, 5 Aug 1992 01:05:40 GMT In article John Higdon writes: >David Gast writes: > >> Rather I see a tradition over at least the last couple decades that no one >> knows who is calling until the person identifies him or herself. > >Of course this has been the result of technological limitations, not a >matter of conscious, determined policy. In every means of electronic >communication that has been developed since the telephone, if the >technology exists, a positive ID of the message originator has been >built into the system. Unlike early telephones that required operator assistance for _all_ calls? When did automatic dialers become commonplace, anyway? I know the _Andy Griffith_ show always showed the people calling through the operator (who generally said something like "Andy, Goober is calling. Say, how's your son?"), but it was set in a rural area. Perhaps if we gave Caller ID a voice-synthesis front-end, instead of an impersonal LCD panel...? Bear Giles bear@fsl.noaa.gov ------------------------------ Date: Thu, 6 Aug 1992 17:28:10 GMT From: peterson@CS.ColoState.EDU (james peterson) Subject: Court Ruling on SocSec# at Rutgers, info needed Date: Thu, 06 Aug 1992 17:28:08 GMT I just read a short article in the 5 August issue of the Chronicle of Higher Education that a US District Judge (H. Lee Sarokin) had ruled against Rutgers in a suit brought by present and former students, who claimed that the institution had violated their privacy rights by misusing their social security numbers. Evidently, the judge did not order Rutgers to stop using the numbers for routine administrative use (that would be too much of a hardship, I guess) but rather to stop allowing distribution of the numbers (as in rosters, etc.) cited as a practice which "allows any student to decode another student's grades, obtain credit report, etc." Does anyone know the details of this case, and exactly what is prohibited by it? For example, does this ruling prohibit the the posting of grades and social security numbers without names (a fairly wide-spread practice), or merely the posting of rosters containing both names and SS#'s? james sends -- james lee peterson peterson@CS.ColoState.edu dept. of computer science colorado state university "Some ignorance is invincible." ft. collins, colorado (voice:303/491-7137; fax:303/491-6639) ------------------------------ End of Computer Privacy Digest V1 #070 ******************************