Date: Wed, 30 Sep 92 15:56:54 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#086 Computer Privacy Digest Wed, 30 Sep 92 Volume 1 : Issue: 086 Today's Topics: Moderator: Dennis G. Rears cellnet privacy? Re: Computer access to SSN and bank accounts: 48hrs episode Re: SSN in login ids PO boxes Bank balances SSNs and Drivers Liscenses in NY Re: Privacy vs. Anonymity Re: Address required on checks The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: 29 Sep 92 17:39:56 EDT From: "Murray J. Brown" Subject: cellnet privacy? A Toronto radio station reported today that the Supreme Court of Canada has upheld a lower court's decision that Cellular Telephone Calls are not deemed to be 'private communications' as defined by the Criminal Code of Canada and are thereby legally subject to interception by a third party. Reportedly, police departments welcome this decision in aid of their fight against criminals who make extensive use of this technology. . | Murray J. Brown | E-mail: mbrown@vnet.ibm.com | | Distributed Services Technology, | Telephone: (416) 448-3185 | | IBM Canada Ltd. (Toronto) Laboratory | Standard Disclaimer Applies | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------ From: Ben Gross Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Reply-To: b-gross@uiuc.edu Organization: University of Illinois at Urbana Date: Tue, 29 Sep 1992 21:59:25 GMT Did anyone tape this that would be willing to loan their copy out for a few days? Ben -- ! Mail to: b-gross@uiuc.edu /!\ NeXT mail: gross@sumter.cso.uiuc.edu ! ! No matter where you go, there you are. --Buckaroo Bonzai-- ! !-------------> Reality is only for those who lack imagination. <-------------! !-----------> Disclaimer: I am the Lorax, I speak for the trees. <-----------! ------------------------------ From: Dave Grabowski Subject: Re: SSN in login ids Organization: New Jersey Institute of Technology, Newark, N.J. Date: Wed, 30 Sep 1992 00:02:04 GMT In article bsc835!ehunt@uunet.uu.net (Eric Hunt) writes: >The University of Alabama/Birmingham's Engineering dept uses a student's >full SSN as a part of their computer login ids. This machine in Internet >reachable. > >I was wondering what relevant laws, if any, applied to this situation? I found >out about it through a friend who told me what his Internet address was. I >was shocked, and told him not to give that address to ANYONE because it >contained his SSN. A few weeks ago, I posted a msg about how NJIT uses student's SSN's for Student ID's and for UNIX System ID's as well. It was the custom for exam grades to be posted by SSN as well, but as I just found out today, it seems that, at least in the Physics Dept., this is no longer going to be done. They have now changed it so that the listing is done by >FIRST NAME< only. This has GOT to be the most ridiculous way to post grades. The Prof. mentioned that in one of his other classes, there were three "Mark"'s in a row. Another person (who was checking her grade while I was) said, "Nobody else has my name, anyway" (it was something obscure, like Aretha). Perhaps it's time for schools to realize that SSN's aren't the way to go, and some crazy methods like this don't work either. -Dave -- ----------------------------------------------------------------------------- Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu 9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com ------------------------------ Date: Tue, 29 Sep 1992 19:31 EST From: "Garnet (x5738)" Subject: PO boxes >In Computer-Privacy-Digest: Volume 1, Issue 082, Gordon Burditt > asks >Now, for those who say that giving false information is fraud: >what happens if the information is blatantly and obviously false >to anyone who looks at it? Is that giving false information, or >just withholding it? >Example: on a credit application form, filling in SSN: JUS-TS-AYNO >Example: on a credit card slip, filling in "your phone number" >(literally) on the line marked "phone number". >Example: when an address is asked for on a check, filling in >"Go swim in a toilet". On a federal tax return, it is called "filing a frivolous return" which is subject to fines and penalties. The same is true of any derogatory remarks about the IRS that you write in the margins of the form. [I guess they can't take a joke.] >Another question: You have a physical address where you *CANNOT* >receive mail. You have a post office box where you can receive mail I face this problem every time someone asks for my address. I usually respond by asking: "street or mailling?". Sometimes it leads to confusion when giving the address to people who assume that the Post Office always delivers to the door and leave off the PO box number. Fortunately, the town is small enough that they will look up the box number. ------- Garnet gharris@lando.hns.com ------------------------------ Subject: Bank balances Date: Tue, 29 Sep 92 21:14:09 EDT From: "Michael P. Deignan" Reply-To: kd1hz@anomaly.sbs.risc.net -> As for the bank balances, I'm not sure about that one. I don't know -> how to do it, but I do know that if there is a way to get the information -> somone is selling it. Rather easy, actually. All you need is a bank account number. Call the bank and say "I'm Mr. X doing a credit check on Ms. Y - her account number is ZZZ". Usually, the drone on the other end will say something to the effect of "Yes, Mr. X.... Ms. Y opened her account on MM/DD/YY, and currently has a balance in the [high,mid,low] [single, double, triple, etc.] digits. You can then go to the person in question and give them a rough idea of how much they have in their account (i.e. "ah, looks like you have a couple thousand...") without giving an actual number (which generally flucuates for most people, anyway.) MD -- -- Michael P. Deignan / Sex is hereditary. If your -- Domain: mpd@anomaly.sbs.com / parents never had it, chances -- UUCP: ...!uunet!rayssd!anomaly!mpd / are you won't either... -- Telebit: +1 401 455 0347 / ------------------------------ Date: Wed, 30 Sep 1992 9:46:43 -0400 (EDT) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: SSNs and Drivers Liscenses in NY My wife recently received her invitation to renew her driver's liscense and the only time an SSN is required is for a commercial liscense according to the instructions on the card's back. This is surprising since NY seems to want to know everything about a person including visits to the throne room :-). Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ Return-Path: uucp@mathcs.emory.edu From: Pete Hardie Subject: Re: Privacy vs. Anonymity Date: 30 Sep 92 14:04:20 GMT Organization: Digital Transmission Systems, Duluth, GA. In article Jim.Hunt@eng.sun.com (Jim Hunt) writes: >To drive a car requires release of some anonymity, every car must >have a plate. (though this does not uniquely identify the driver) > >Plates are so we can catch those who violate the societal rules of the >road. Nobody says the requirement to carry a plate is a violation of >privacy, it is accepted. Why then do some people respond so vehemently >to a request to identify themselves? The idea of a unique identifier >is perfectly acceptable for every car on the road, and the requirement >that it be prominently displayed is also accepted. My freedom to drive >wherever is legal is not compromised by my plate. Two comments here: 1) Driving is (mainly) a necessity in modern society. If you do not drive, you are severely limited in your place of employment, your choice of shopping places, etc. If something in a necessity, people will sacrifice other considerations for it. 2) A license plate on a vehicle merely identifies the vehicle, and does not limit *my* movements, or allow unscrupulous monitoring of my other activities. >The problem of proof of identity is at the core of many of these >discussions, and is often confused with privacy issues. I accept >that a merchant must have sufficient proof of my identity before >he/she should accept a piece of paper in lieu of cash. This is >an identity problem, not a privacy problem. That merchant is not >trying to find out what you do, but who you are. Why should the merchant care *who* I am, as long as the money I am giving for purchase is good? Note that if I pay cash, the merchant will not ask for any ID, or proof that I have the money legally. The only issue I feel a merchant has is "Is the credit there? Is there really money behind this check?" With a better-designed credit card system, my number, etc could be completely invisible - the clerk would run the card through a magnetic scanner, enter the purchase amount, and never know my name, credit card number, or anything else. And that would suit the need of merchants quite well. >I often get the impression that those who plan to break the law >are the ones attacking identification under the shield of privacy. But our legal system is based on the principle of 'innocent until proven otherwise" - we cannot remove anonymity for all just to catch the criminal few. >Anonymity helps those who break the law. The bombing of PG&E Anonymity helps those who hold unpopular views/lifestyles/etc. Think how many people you know about would persecute a Wiccan solely because they dislike the faith? Case in point: I am getting married on Halloween, for the two reasons of liking the holiday, and it falling on a weekend this year. My fiancee, when she was telling someone about the wedding, was asked "What religion is your fiance?" in a manner that made her feel intimidated. The Bible Belt still holds strong intolerance, at least. Basically, I hold to the idea that my actions are not to be recorded unless there is a demonstrated need, simply because if there is data on me, someone, somewhere, will find a way to abuse it, whether legally, economically, or otherwise. -- Pete Hardie: phardie@nastar (voice) (404) 497-0101 Digital Transmission Systems, Inc., Duluth GA Member, DTS Dart Team | cat * | egrep -v "signature virus|infection" Position: Goalie | ------------------------------ From: Wm Randolph Franklin Subject: Re: Address required on checks Organization: Rensselaer Polytechnic Institute, Troy, NY Date: Wed, 30 Sep 1992 17:53:45 GMT Apparently-To: comp-society-privacy@cis.ohio-state.edu In article on Thu, 24 Sep 92 14:02:46 GMT, amdunn@mongrel.UUCP (Andrew M. Dunn) writes: > Of course, cash will always be accepted without your address on it. Oh? 1. Service Merchandise, a local catalog store gets quite unfriendly when I pay in cash. They've told me they must have a name. (So I give them 'Mario Cuomo'). 2. Then there's Radio Shack. 3. You must give id when spending over $10K with one merchant in, I believe, one year, or the merchant can get in serious trouble. 4. I've heard stories about IRS offices refusing to accept cash, though I can't vouch for them myself. There is one loophole however, which is probably still open. You can buy money orders anonymously, put whatever name you want on them, and then use them to pay people who refuse cash. -- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------------------------------ End of Computer Privacy Digest V1 #086 ******************************