Date: Mon, 28 Sep 92 18:25:05 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#084 Computer Privacy Digest Mon, 28 Sep 92 Volume 1 : Issue: 084 Today's Topics: Moderator: Dennis G. Rears Privacy and Living in Today's Society Re: A pint of blood Re: cellnet privacy? Blockbuster & video rental records Big Brother has this message on file! Re: Teletrac SSN & Bush SSN in login ids The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Mon, 28 Sep 92 18:23:08 EDT From: Computer Privacy List Moderator Subject: Privacy and Living in Today's Society As moderator I been following the discussions about releasing private information to other entities in this forum and others (e.g. alt.privacy, risks, etc). Among the topics are: o Social Security Numbers on checks o Social Security Numbers required to give blood o Mothers and Fathers Drug/Alcohol history in order to get a Birth Certificate (New Jersey) o Video Rental Records (article in this digest) o extended period time given to Mortgage Holder to check out directly from the IRS the lenders record numbers Some I feel are legitimate privacy concerns. Technology hurts our privacy because of the ease of which data records can be searched and compiled on individuals. If it wasn't for the technology I think it would not be as much as a concern. SSN (social security) are a big concern. I use to make a big thing about not releasing it. My attitude now is one of "how much of a hassle would it be for me not to release it". If now a defacto National Identification Number. It is relativity trivial for one to get one's social security number if an address or phone number is known. My attitude about my personal privacy is there a few things I want to keep private, other I don't really think care that much about. The things I want to keep private, it is up to *ME* to do the work. That means on some commercial transactions I use cash instead of plastic. Some conversations I don't use my cordless/celluar phone or have the conversation face to face. I have a PO box rather a residential address. You can't depend on the governments (fed/state/local) to safeguard your privacy or the commercial world. Technology is a double edged sword. The technology that produces the wonderful gadgets we have (CD, TV, stereo, radio, & computer) brings the world together. Maybe a little bit closer together than some would want. It is here and there is no going back. All in all I think the great strides that technology has made in improving our standard of living is worth some of the drawbacks we have to pay for it. I think some of the concerns about privacy are more about "being left alone", than privacy itself. A good example would be caller-id. I am more concerned about being bothered by telemarketers than I am about somebody knowing my phone number. I have solved the telemarketing problem to my satisfaction while still having a listed number. Incidently, I heard on the news today that NJ Bell is disappointed that only 190,000 out of a possible 3,000,000 subscribers have subscribed to Caller Id. That is about 6.3% of all eligible. I frankly can't see paying $6 a month for that service. The few times I have had bad calls, I use call return. So much for my ramblings. I would like to refocus the direction of submission to the technology aspects of privacy. I think we have beat to death the discussion of SSN on checks, driver licenses, etc. Let's talk about encrypted communications, the FBI Wiretap Bill, etc. dennis ------------------------------ From: "K. Kadow" Subject: Re: A pint of blood Date: Thu, 24 Sep 92 18:22:41 CDT > > Computer Privacy Digest Thu, 24 Sep 92 Volume 1 : Issue: 083 > > This has to be taken in the context of the case before the court. If > you are in court because it is alleged you have mistreated or sexually > abused your children (as an example) then the court may well take your > child away from you. The question would be the reasonableness of the > requirement and/or the relationship it has to the case in dispute. If > you are under the jurisdiction of the court you will obey the court or > you will appeal for relief from the court's rulings -- you will not, > however simply be disobedient or in contempt of the court. I think it > would be deemed reasonable for the court to require some universal > form of identification (such as SSN) when attempting to adjudicate a > complex legal matter involving a large number of people making > financial claims. Likewise if the court is hearing a paternity case to > detirmine if you can be identified as the father of a child the court > may well order you to have blood drawn and tested. So to answer your > question, yes the court can demand your child and your blood if those > requests are considered reasonable and withstand appeal. > > > The whole point at issue here is whether the court is legally > > authorized to ask for your SSN, just as any other organization may or > > may not be legally authorized to ask. > There are some questions that private organizations are not legally authorized to ask (e.g. virginity, age, political/religious affiliation) and some questions that even the court cannot ask. I sincerely hope that the court is NOT authorized to order you to undergo a DNA test or blood test to prove paternity (or settle any civil suit). They are certainly authorized to ask your blood TYPE (which in many cases is on the birth certificate, driver's license, or other "public record", and which can _disprove_ paternity) but can the court ORDER any sort of "invasive" testing in either civil or criminal cases? ------------------------------ From: "P.Debenham" Subject: Re: cellnet privacy? Organization: Cripps Computing Centre, University of Nottingham Date: Fri, 25 Sep 92 11:34:42 GMT Apparently-To: comp-society-privacy@uknet.ac.uk Someone mentioned finding out about Cellnet privacy laws over here in England. Well as far as I know it is NOT illegal to monitor someone's Cellnet telephone conversation as it is being broadcast in such a manner to be easily publically available (like to any Joe with a decent radio or scanner). It could (only could) be illegal to record such information but even this is very doubtful. I take for my evidence the case in the British (and a lot of the World's press over a recorded CellNet phonecall which was CLAIMED to be between the Princess of Wales and an admirrer. In all the flak thrown up by this there has been no indication that the person doing the recording was doing anything illegal. Immoral definately Yes but not illegal. I only hope that the gut response of some MPs to submit a bill making such monitoring illegal is shot down in flames as it deserves. I have heard nothing from any offical government source so I think they are ignoring the issue as politically and practically the best response. The only thing that suprises me is that with the almost daily cases reported in the British press of CellPhone and also Cordless phone conversations being recorded that anyone is still stupid enough to expect privacy on one. Peter D ------------------------------------------------------------------------------ 'Death is better than a life of shame' Boewulf ------------------------------------------------------------------------------ ------------------------------ From: Mike Johnston Subject: Blockbuster & video rental records Organization: Lehman Brothers Date: Mon, 28 Sep 1992 12:28:15 GMT Apparently-To: uunet!comp-society-privacy Recently my local corner video store shutdown and I was forced to find a membership elsewhere. Since the only other store of consequence in my town was Blockbuster Video, I decided to go there. The application process was fairly quick and painless IE you show them ID and a valid credit card and you're a member in just a few minutes. After you join they give you a notepad sized piece of paper which explains the terms of the membership. I glanced at this note when I got home and was quite surprised. Imbedded with the standard legalese about being responsible for rented tapes and such is a clause that states, from memory: Member grants Blockbuster Video the right to release all information generated by or through the use of the membership card. In other words, they can give out my rental records to someone without permission. This is disturbing. It's annoying to discover that I'm liable to wind up on a whole slew of new mailing lists (video tape clubs etc), but to find out that most anyone Blockbuster deems appropriate can get a list of what I've viewed is appalling. Is there any way I can restrict Blockbuster from doing this, or should I just stop using them? This is a large chain, I'm sure many of you have already run into this. What were your experiences? MJ -- Michael R. Johnston/System Administrator mjohnsto@shearson.com =-=-= The official .signature of the 1992 Barcelona Olympics. =-=-= ------------------------------ From: "J. Porter Clark" Subject: Big Brother has this message on file! Organization: NASA/MSFC Distribution: na Date: 28 Sep 92 18:30:15 GMT Apparently-To: comp-society-privacy@ames.arc.nasa.gov I just found out last week that the local network management organization is archiving all network traffic onto 8 mm tape and has been doing so for at least six months. They plan on keeping this data indefinitely. They would hand over the tapes to Federal investigators if asked, of course. How could they do otherwise? The reason they are doing this is supposedly to troubleshoot network anomalies such as broadcast storms. This is a particularly offensive problem here for various reasons. A typical use of this system would be to play back a portion of tape into a Sniffer or similar device so that network statistics could be compiled for some arbitrary period of time. The size of network involved here is several thousand machines, most of which are PC's and Macs, but also including a substantial quantities of workstations and mainframes. I ran a rough check based on the numbers they gave me, and it looked to me like they would run through a 5 GB tape in about 30 minutes during a typical peak. This alarms me, but it's hard to say why. I'm not aware of anything I'm doing with the network which is a violation of anything, except occasionally common sense. However, I don't compose every e-mail message with the idea that I might be seeing it in the Washington Post tomorrow. Encryption isn't quite as handy as it might be, seeing as how they're trapping every keystroke I enter unless I'm logged in right at the machine. I realize that tapping into the Internet is probably not safeguarded by anything like the type of legal consequences afforded to telephone wiretapping. But this sort of systematic archiving of every byte on the net for an indefinite period of time seems to me to be typical of Big Brother at his worst, or the Soviet Union during the Bad Old Days. Compounded with this is the fact that this is a Federal Government installation, and it is required that employees avoid the appearance of guilt as well as actual guilt. IMHO, this is a profligate waste of magnetic tape. Other than that, what's wrong with the net police archiving net traffic like this? I believe that they should: (a) Recycle tapes after a couple of weeks. Else they find themselves open to: "I got this e-mail message last January and accidentally deleted it; can you get it for me?" (b) Keep the headers only and strip out the message contents. If the header is unrecognizable, keep the whole message. This should save some storage space as well as enhancing privacy. I know that the comparison with the phone system is not really legal here, but the phone system records the sources and destinations of calls but not the calls themselves. (Or do they?) J. Porter ("Testing one, two, three...") Clark -- J. Porter Clark jpc@avdms8.msfc.nasa.gov or jpc@gaia.msfc.nasa.gov NASA/MSFC Communications Systems Branch ICON: A picture or symbol that stands for a word. Icons are often used in programs for young children who cannot yet read. -- some doctor's waiting-room magazine ------------------------------ Date: Mon, 28 Sep 92 21:09:29 GMT From: news@cbnewsh.att.com Subject: Re: Teletrac Organization: Big Brother Is Watching You.. Re: transponders on cars - you don't need it - the license plate is enough. Optical character recognition technology is about good enough to read license plates today, and keeps getting faster as algorithms improve and number-crunching chip speed doubles every year or two. So all they need is a good video camera and a reader. The main advantage of transponders is that the stationary equipment is likely to be cheaper, and you can force the car owners to buy the transponders. [Moderator's Note: I have no idea who sent this. All I got was that the news program sent it. ._dennis.] ------------------------------ From: "J. Philip Miller" Subject: SSN & Bush Date: Thu, 24 Sep 92 22:29:20 CDT As another issue about disclosure of SSN, I offer the experience of my 8th grade daughter. It appears that our esteemed President will visit her school on Monday. She has the opportunity to be accredited as a member of the press (as reporter for the school newspaper) but to receive that accrediation she has to submit her full name, date of birth and SSN! Now if I were paranoid I would recall that on my 1040 there is a link between her and me and that the Secret Service might retreive my file and deny her access :-) -phil -- J. Philip Miller, Professor, Division of Biostatistics, Box 8067 Washington University Medical School, St. Louis MO 63110 phil@wubios.WUstl.edu - Internet (314) 362-3617 [362-2694(FAX)] ------------------------------ From: Eric Hunt Subject: SSN in login ids Date: Sat, 26 Sep 92 19:47:27 CDT Mailer: Elm [revision: 66.25] The University of Alabama/Birmingham's Engineering dept uses a student's full SSN as a part of their computer login ids. This machine in Internet reachable. I was wondering what relevant laws, if any, applied to this situation? I found out about it through a friend who told me what his Internet address was. I was shocked, and told him not to give that address to ANYONE because it contained his SSN. -- Eric Hunt | bsc835!ehunt@uunet.uu.net (preferred) Birmingham-Southern College | ehunt@aol.com Birmingham, Alabama 35254 | <> ------------------------------ End of Computer Privacy Digest V1 #084 ******************************