Date: Tue, 29 Sep 92 16:29:51 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#085 Computer Privacy Digest Tue, 29 Sep 92 Volume 1 : Issue: 085 Today's Topics: Moderator: Dennis G. Rears Re: Address required on checks Re: Computer access to SSN and bank accounts: 48hrs episode Re: Computer access to SSN and bank accounts: 48hrs episode Re: Computer access to SSN and bank accounts: 48hrs episode Re: Computer access to SSN and bank accounts: 48hrs episode Re: Citibank photo credit card Re: Computer Privacy Digest V1#084 Privacy vs. Anonymity Photos on credit cards Re: cellnet privacy? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: amdunn@mongrel.UUCP (Andrew M. Dunn) Subject: Re: Address required on checks Organization: A. Dunn Systems Corporation, Kitchener, Ontario, Canada Date: Thu, 24 Sep 92 14:02:46 GMT In article James Zuchelli writes: > >Last year when I bought some books at a local community college they insisted >that I put my street address on the check. (I have my P.O. Box printed on the >checks.) I don't like giving out my address yet they refused to take the >check unless it had an address. > >At one point they said they needed so "when your check bounces we can come >find you." > >How much right do you have to not give out your phyusical address, how much >right do the school bookstores have to refuse your check if you street address >isn't on it. > They can decide what substitutes for cash currency they will let you use to purchase goods from them. If they don't like it, you can't use it. Of course, cash will always be accepted without your address on it. -- :-------------------------------------------------------------------------: : Andy Dunn (amdunn@mongrel.uucp) ({uunet...}!xenitec!mongrel!amdunn) : : "AT&T thinks Usenet is an Underground organization" - are we really? : :-------------------------------------------------------------------------: ------------------------------ From: "Michael E. Adams" Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Organization: California State University, Chico Date: Sat, 26 Sep 1992 22:31:50 GMT >got 2 people's names and addresses and were able to look up >their SSN and their credit cards and bank balances >via a computer at a private eye's office? > >Can anybody with a terminal and a modem do the same thing, Yep. Anyone can! Just get an account with TRW, CBI or some other information dealer, pay your monthly bill, and YOU can find out all about MY credit! You can see who else is doing credit checks on me (handy if you need to know if I'm talking to some OTHER salesman down the street), you can find my employers name, where I used to live, how much I owe on my home, etc. As for the bank balances, I'm not sure about that one. I don't know how to do it, but I do know that if there is a way to get the information somone is selling it. And that's where the REAL problem is. Information collection is not bad as long as EVERYONE has access to it. But currently, only people who are in the 'right job', wealthy, or powerfull can have regular access to the data that is collected on ALL of us. This sets an uneven playing field in all kinds of negotiations. Ex. If I want to hire you, and you say you won't work for less than $xYY, and I know your in debt up to your eyeballs, then I may call your bluff and sweat you down to $YY. Privacy is a myth. What we common people need is access! -- Hi! I am a .signature virus. Copy me into your .signature to join in! ------------------------------ From: Dave Grabowski Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Organization: New Jersey Institute of Technology, Newark, N.J. Date: Sun, 27 Sep 1992 05:19:42 GMT In article joe@babel.ho.att.com (Joseph M Orost) writes: >Did anybody see the 48hrs episode on CBS on 9/23/92 where they >got 2 people's names and addresses and were able to look up >their SSN and their credit cards and bank balances >via a computer at a private eye's office? > >Any idea how they did that? > >Can anybody with a terminal and a modem do the same thing, >or is this some kind of "all people" database that >one can subscribe to? > > regards, > joe > I can't say how THEY did it, but I can tell you how I used to do it. There are many not-so-moral people working at cerdit bureaus (TRW, Trans-Union, Equifax, etc). It's not all that hard to obtain passwords for their on-line services, and then it's only a matter of dialing it up (not directly, they have nationwide ANI), and pulling anyone's credit report: all you need is a SSN or part of a name & address. -Dave -- ----------------------------------------------------------------------------- Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu 9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com ------------------------------ From: James Hightower Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Date: Sun, 27 Sep 92 08:32:11 GMT Organization: Netcom - Online Communication Services (408 241-9760 guest) joe@babel.ho.att.com (Joseph M Orost) writes: >Did anybody see the 48hrs episode on CBS on 9/23/92 where they >got 2 people's names and addresses and were able to look up >their SSN and their credit cards and bank balances >via a computer at a private eye's office? >Any idea how they did that? >Can anybody with a terminal and a modem do the same thing, >or is this some kind of "all people" database that >one can subscribe to? I didn't see the show, however I do know that that sort of thing can be done by pulling an "atlas" report from Trans Union. Since the report contains no credit information, you do not need to be a credit granter to get this report. All you need is a modem and a TU account. TRW and Equifax provide similer reports. ------------------------------------------------------------------------------- James Hightower jamesh@netcom.COM ...Don't try this at home! ------------------------------ From: hgpeach@ms.uky.edu (Harold Peach) Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Date: Mon, 28 Sep 1992 13:47:21 GMT Organization: University Of Kentucky, Dept. of Math Sciences Joseph M Orost writes: >Did anybody see the 48hrs episode on CBS on 9/23/92 where they >got 2 people's names and addresses and were able to look up >their SSN and their credit cards and bank balances >via a computer at a private eye's office? Yes, I was really bored by the whole thing. I expected to see something new and exciting. All they did was use services/methods that have been around for years to try and scare the more naive viewers. >Any idea how they did that? Anyone who is a credit bureau member can find out most everything they did using that "computer." >Can anybody with a terminal and a modem do the same thing, >or is this some kind of "all people" database that >one can subscribe to? Anyone who is a credit bureau member can do what they did from a terminal. ANYONE can go to their local credit bureau and for a reasonable fee get a paper copy of the same info. At my previous job, we ran several credit reports per week, by computer (an IBM PCjr!). With an SSN you can find out all of the rest. The system will even let you know if the SSN is from a valid range, making it hard to get by with a fake one. With a name, you can usually find the person's SSN and then get the rest. In today's world, it is virtually impossible for anyone who maintains an AVERAGE lifestyle to get lost from anyone for more than a month or two. If you have a telephone, credit card, rent or buy a place to live, have a car, etc. you just about can't get lost for long. Worrying about giving out your SSN is moot, it is too late. I can (could when I had access to the services) find out almost anyone's SSN with just your name, or probably just from your address. -- Harold G. Peach, Jr. ><> N4FLZ _% hgpeach@s.ms.uky.edu ------------------------------ From: Dave Grabowski Subject: Re: Citibank photo credit card Organization: New Jersey Institute of Technology, Newark, N.J. Date: Sun, 27 Sep 1992 05:19:42 GMT In article usenet_interface@almaden.ibm.com writes: > > >I am a late comer to this group...so... > >Has there been a discussion about Citibank's commercial where they state >that their CC's are the most secure? >They completely ignore the fact that the thief need only put your CC >number onto his CC with his photo...sounds like a sales gimmick to me. > Actually, I doubt that thieves would actually take the time to put your CC# on their card. There are LOTS of easier ways to make credit card purchases (I know.). Citibank claims that their cards are more "secure" for you, but in actuality, is seems to be a benefit for THEM. If your card is stolen, you are responsible for, at the most, $50. Big companies, like Citibank, probably wouldn't even make you pay that. So, supposing your card was stolen, and someone used it, it wouldn't hurt you ANYWAY. Citibank is actually protecting themselves, but is selling it on the premise that it will protect YOU. On top of all that, I wouldn't want another ugly pic of myself like the one on my driver's license, anyway! -Dave -- ----------------------------------------------------------------------------- Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu 9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com ------------------------------ Date: Mon, 28 Sep 1992 19:37:40 -0700 (PDT) From: Steven Hodas Subject: Re: Computer Privacy Digest V1#084 Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=us-ascii Today I received an offer from Citibank to get my photo digitized on the back of my MasterCard at no charge. Hmmm... My first thought, of course, is suspicion, especially if Citibank likes the idea enough to offer it for free. Now I'm wondering if it isn't perhaps a minimally intrusive way to get some protection against simple fraud. Anticipating feedback, Steven ------------------------------ Date: Mon, 28 Sep 92 20:07:06 PDT From: Jim Hunt Subject: Privacy vs. Anonymity I would like to discuss the difference between Privacy and Anonymity. As always, read completely twice through before responding. Definitions: Privacy: keeping what I DO - in private - secret. Anonymity: keeping my IDENTITY secret when interacting with others. Observations: At the time our constitution and bill of rights was written, there was almost no concept of anonymity. Everyone in town knew everyone in town, and "the stranger in blue" was sufficient for any newcomers. Privacy with respect to government seems to be different from other forms of privacy, in law, in these discussions, and in most matters. To drive a car requires release of some anonymity, every car must have a plate. (though this does not uniquely identify the driver) ========= Plates are so we can catch those who violate the societal rules of the road. Nobody says the requirement to carry a plate is a violation of privacy, it is accepted. Why then do some people respond so vehemently to a request to identify themselves? The idea of a unique identifier is perfectly acceptable for every car on the road, and the requirement that it be prominently displayed is also accepted. My freedom to drive wherever is legal is not compromised by my plate. I do not see how anonymity is a cornerstone of freedom. If I am free to do something, I am free to announce my name while doing it. If I choose NOT to announce my name while doing something legal, then I still have no qualm with someone writing down my license number, or snapping my picture, or shaking my hand for a DNA sample. In cases where the law places unjust restrictions on my freedom, the law should be attacked, not those who would identify you and violate your anonymity, but NOT your privacy. (NOTE, this is in public, don't stick a camera in my window) The problem of proof of identity is at the core of many of these discussions, and is often confused with privacy issues. I accept that a merchant must have sufficient proof of my identity before he/she should accept a piece of paper in lieu of cash. This is an identity problem, not a privacy problem. That merchant is not trying to find out what you do, but who you are. There are many true abuses of this identity information. Mailing lists are the most common and least worrisome. People living alternative lifestyles are most at risk, but I do not want to see freedom eventually lost by erosion of privacy. True freedom must be protected, and I admit that privacy/anonymity are blurry at the edges and overlap quite a bit. I often get the impression that those who plan to break the law are the ones attacking identification under the shield of privacy. Anonymity helps those who break the law. The bombing of PG&E power stations however, does NOT automatically give the FBI the authorization to take down every license plate at an Earth First rally. But if Earth First literature was found at the scene, then the line gets vague. And further, should the FBI be restricted from doing what any citizen could do? In cyberspace, and our daily lives as they take on aspects of it, these discussions often also hinge on the definition of private. Courts have said your phone is private, unless they don't want it to be (taps), or it would be too costly (encrypting of cell calls). In my mind, your phone is thus NOT private. Email is even grayer, and I'm sure will turn out just as private as your phone. (None!) Perhaps the need is for a law that information given for the purpose of identification not be released without permission. The selling of mailing lists was never officially authorized by law or discussed in Congress, it just started. I would like to see it stopped. I could go on, but this should seed some discussion. Card carrying member of the ACLU. But then again, I'm still getting older... jim hunt@Eng.Sun.COM yatta yatta disclaimer George Bush is 68 years old and Dan Quayle is an idiot. In '96, George Bush will be 72 and Dan Quayle will still be an idiot. ------------------------------ From: Steven Hodas Subject: Photos on credit cards Organization: University of Washington Date: Tue, 29 Sep 1992 03:08:10 GMT Today I received an offer from Citibank to get my photo digitized on the back of my MasterCard at no charge. Hmmm... My first reaction, of course, was suspicion, especially if Citibank likes the idea enough to offer it for free. Now I'm wondering if it isn't perhaps a minimally intrusive way to get some protection against simple fraud. Anticipating feedback, Steven -- ***************************************************************************** NSA CIA BUSH HACKER KILL ASSASSIN IRAN FBI CRIME QUAYLE SPOOK RSA PGP DES IRAQ DSS RDX RSA CUBA ENCRYPT LIBYA ***************************************************************************** ------------------------------ Date: Tue, 29 Sep 92 15:27:08 +0100 From: Mik Butler Subject: Re: cellnet privacy? Peter Debenham writes : >/ hpopd:comp.society.privacy / ppxpmd@mips.ccc.nottingham.ac.uk (P.Debenham) / 12:34 pm Sep 25, 1992 / >Someone mentioned finding out about Cellnet privacy laws over here in England. >Well as far as I know it is NOT illegal to monitor someone's Cellnet telephone >conversation as it is being broadcast in such a manner to be easily publically >available (like to any Joe with a decent radio or scanner). (rest deleted) Sorry Peter, it IS illegal to monitor cellnet/vodaphone telephone conversations in the UK. The Wireless Telegraphy Act (1949) states that you can in general only legally receive to Broadcast stations (i.e. broadcast television and radio), and Radio Amateur stations. In practice, the dti (department of trade & industry, UK gov. body responsible for among other things the airwaves) don't have the resources to track down & prosecute people who illegally monitor the radio frequencies. I can't remember the last time someone was prosecuted for listening to Air Traffic Control (just go to Heathrow and see how many aviation enthusiasts listen in), but prosecutions for listening to Cellnet/Vodaphone, police, etc. do happen from time to time. Mik Butler, G8RKO 11th commandment : "Thou shalt not get caught" ------------------------------ End of Computer Privacy Digest V1 #085 ******************************