Date: Tue, 13 Oct 92 16:55:15 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#091 Computer Privacy Digest Tue, 13 Oct 92 Volume 1 : Issue: 091 Today's Topics: Moderator: Dennis G. Rears Re: "IF you have nothing to hide..." Re: SSN in login ids / posting grades Re: Computer Privacy Digest V1#090 Re: SSN and Airline Antitrust Settlement Re: Computer access to SSN and bank accounts: 48hrs episode Re: Computer access to SSN and bank accounts: 48hrs episode question on surrepticious Posting grades by SSN ssn in login ids / postin ssn and traffic tickets Re: Citibank photo credit card Re: [Mike Brokowski: Re: Address required on checks] Re: What is privacy? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: norvax!astroatc!nicmad!madnix!striker@uunet.uu.net Subject: Re: "IF you have nothing to hide..." Summary: search and seizure rights Organization: ARP Software Date: Wed, 20 May 1992 14:04:24 GMT In article (Daniel E. Platt) writes: > >In article , (Steve Cavrak) writes: >|> HEY !@ >|> . . . . >|> - I have the right not to be searched WITHOUT DUE CAUSE. > >Not if you ride a public bus. > Actually, Mr. Cavrak is correct. You do have the right to not be searched without probable cause. even on a bus. Mr. Platt is thinking about a case that was decided in the US Supreme Court last session (Florida v. Bostick, for you law types) which says that a person does have the right to refuse to have a search or a search of your possessions even on a bus. Of course whether or not a) an average person knows of this right or b) whether a person who is being confronted by police in a bus would refuse, thereby incurring the potential wrath of the police or his fellow passengers (for holding up the bus departure) is questionable. Sorry for the digression. It's just a good idea for everyone to know what their rights in fact ARE, considering they seem to be shrinking every day. We now return to our regularly scheduled discussion... > ------------------------------ From: John Boyd Subject: Re: SSN in login ids / posting grades Date: 9 Oct 92 21:13:34 GMT Organization: Tinker Air Force Base, Oklahoma In article allan@cs.cornell.edu (James Allan) writes: >Cornell does not allow student grades to be posted by SSN or by the >students' Cornell ID number. In the classes I teach, I get a 6 or so At the university I attend, the grade sheet is printed out in alphabetical order, with the SSN last, but the strip that is posted only contains the last four digits of your SSN/ID, and then your grade is hand-written in a space after that. The previously mentioned alphabetical fault is acknowledged. ------------------------------ Date: Fri, 09 Oct 92 14:40:56 PDT From: Dave Gomberg Subject: Re: Computer Privacy Digest V1#090 On Fri, 09 Oct 92 16:06:56 EST you said: > >There is something I don't understand about this. If you see an >unauthorized inquiry on your credit file, can't you use it as evidence >to sue the deep pocket credit bureau for invasion of privacy? But if >you can, why haven't millions of disgusted consumers already done so? Anyone can look at your credit report "for any legitimate business purpose." This does NOT require your permission. And it is hard to imagine why some- one would look at your account unless (1) they had a business reason (2) they knew you. In the latter case they are likely a friend, so why would you sue anyone? If there were a nasty person who was doing it JUST to invade your privacy AND you could show the credit bureau was lax in enforcing a CLAIM of legitimate business purpose, you might have a case against them. Otherwise, YOU had better have deep pockets for the legal fees you will rack up losing. Dave Dave Gomberg GOMBERG@UCSFVM Internet node UCSFVM.UCSF.EDU (415)731-7793 Seven Gateview Court, San Francisco CA 94116-1941 ------------------------------ From: mea@ihlpl.att.com Date: Fri, 9 Oct 92 17:43 CDT Original-From: ihlpl!mea (Mark E Anderson +1 708 979 4716) Subject: Re: SSN and Airline Antitrust Settlement >A "Settlement" of a monetary amount will be reported to the IRS as >income for tax purposes. This is essentially the same requirement as a >bank requesting the SSN so as to be able to report interest on a >savings account to the IRS. This is permissable under federal law. The way I read the settlement, it sounded like a big marketing scam by the airlines. For the vast majority of cases, you could only use the settlement money towards the purchase of new tickets and it couldn't exceed more than 10% of the price of the ticket. I really doubt that the IRS would consider this income. Ticket prices have been fluctuating alot more than 10% in the last few price wars so I find this settlement kind of dubious. Maybe I misinterpereted something though. >They PROBABLY want the SSN for some reason other than the legal one... It's a nice way to catalog your customers for the last five years. I wonder how they got the court system to play along? Mark Anderson ------------------------------ From: James Davies Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Organization: Cray Computer Corporation Date: Fri, 9 Oct 92 23:59:56 GMT Apparently-To: In article erc@netcom.com (Eric Smith) writes: > >There is something I don't understand about this. If you see an >unauthorized inquiry on your credit file, can't you use it as evidence >to sue the deep pocket credit bureau for invasion of privacy? But if >you can, why haven't millions of disgusted consumers already done so? >Surely the deep pockets of the credit bureaus and/or their client >corporations such as banks etc. are enough money to motivate consumers >to sue, especially considering that this is already a litigation prone >society. But in that case the credit bureaus would have gone broke >from all the judgements already. So I guess I'm confused, there must >be some factor I'm not considering that resolves this contradiction. Probably that "invasion of privacy" isn't illegal in the U.S., except for specific circumstances (such as peering into a window of a house). ------------------------------ From: Khan Subject: Re: Computer access to SSN and bank accounts: 48hrs episode Organization: University of Illinois at Urbana Date: Tue, 13 Oct 1992 15:13:03 GMT In article Eric Smith writes: > >There is something I don't understand about this. If you see an >unauthorized inquiry on your credit file, can't you use it as evidence >to sue the deep pocket credit bureau for invasion of privacy? But if >you can, why haven't millions of disgusted consumers already done so? >Surely the deep pockets of the credit bureaus and/or their client >corporations such as banks etc. are enough money to motivate consumers >to sue, Perhaps those same deep pockets can afford more and better lawyers than Joe Consumer is able to muster, thus intimidating the little people into not bothering. ------------------------------ From: keith.willis@almac.co.uk Date: 10 Oct 92 (07:00) Subject: question on surrepticious 0005066432@mcimail.com (Tansin A. Darcos & Company) said: TA> I thought the only time where a call could be recorded without the TA> knowledge of the people on the call - even in a federal agency - is TA> either if there is a wiretap order from a court or it's a security or TA> law enforcement agency such as the FBI, NSA, CIA or other such. This TA> agency is not generally a law enforcement agency. TA> Could someone tell me if I'm wrong and this type of activity is legal? Certainly in the UK, such unannounced monitoring would be illegal without the backing of a court order. My answering machine has a facility which enables me to to tape calls, whether originated or answered by me, but it is a legal requirement that the equipment emit a beep, which must be audible to both parties to the call, every 15 seconds. I believe I am also obliged to state to the other party that I am recording the call. --- PQ 2.15 194 "Ford, why have I got this fish in my ear?" -- ALMAC BBS Ltd. 0324-665371 Dos based USENET access, call for details! ------------------------------ Date: Sat, 10 Oct 1992 11:40:25 EDT From: gulino@ouvaxa.ucls.ohiou.edu Subject: Posting grades by SSN I'd like to chime in here briefly about posting course grades. I teach at the college level, and the courses I teach generally contain 30-50 students. At the end of the term, I calculate the final grades and post them, in random order, by the last four digits of the SSN. I think it is very important that the students get an independent accounting of their grade and not simply wait for their grade report to arrive in the mail. This is because there is always the possibility of a mistake in the process of transmitting the grade from my grade book through the registrar to the student. I know of one story where a student had done well in a course, or so he thought, but received a final grade of C. Later the next term, when he saw the course professor, he casually remarked "I guess I really blew the final, huh?" The professor was surprised and said, "No, you received the highest in the class on the final exam." To which the student replied, "then why did I get a C in the course?" To which the professor replied, "you didn't, I gave you an A!" They looked into it and discovered that the registrar's office had made a mistake in transcribing the grade from the professor's grade report form into the computer. If this student had not casually mentioned to the professor about his grade of C, he might never have known about the mistake, and his GPA, etc., would have been forever incorrect. Moral of story: The student's need to be informed of their course grade independently of the normal grade reporting process so they can verify the accuracy of what they receive. In a class of 5 or 10 students, this can generally be done fairly easily on a personal basis, and posting the grades is generally not necessary. But when the class is large, this is not practical. The school where I teach, Ohio University, uses the SSN as identification for everything. This is probably not a good idea, but it's what they do. I believe that by posting my grades in the way that I do (use only the last four digits of the SSN and randomize the order on the list), I am satisfactorily insuring anonymity, and the potential harm to the student by possibly releasing part of their SSN is greatly offset by the advantage to the student of assuring that their final course grades are accurate. Of course, if the registrar makes an error THE OTHER WAY (i.e., the student gets an A when he should have received a C), you can be sure the student will keep his mouth shut and I'll certainly never hear about it. :) But this would happen even if I didn't post the grades. Dan Gulino Department of Chemical Engineering Ohio University ------------------------------ From: Chris Guilmartin Date: 10 Oct 92 (14:05) Subject: ssn in login ids / postin Tom Wicklund writes: >Any system of publicly posting grades is going to voilate privacy. >Whether a student ID is a social security number or a unique within >the university ID, it can be misused. And most of the time grades >posted by student ID are still listed in alphabetical order (making >it easy to find people near the start or end of the alphabet). > >If one wants grade privacy, then professors should be encouraged not >to post grades. Ideally the university will have a reliable way to >inform students of grades in a timely fashion. It seems to me that the real problem is that schools need to made aware that many students value their privacy. For that matter, the way it should work is that if _any_ of the students value their privacy the school should respect this. First of all, the failure to take the grades out of alphabetical order is just laziness on the part of professor/graders (or the use of bad grade tracking software). There are many simple ways to increase the privacy of publicly posted grades. How about passing out a random identifier to each student at the beginning of the course, for this purpose? Or if this is too complicated, let the student enter an (optional) identifying name or number next to their name on the test itself. Sure, some students might abuse this by making it easy to identify, but isn't privacy a right that does not have to be exercised? Slightly more trouble to implement then the current systems, but convenience is often privacy's enemy. --- WinQwk 2.0b#218 -- Channel 1 (R) Cambridge, MA ------------------------------ From: Chris Guilmartin Date: 10 Oct 92 (14:05) Subject: ssn and traffic tickets Recently a national radio talk show caller related a story which occured in Texas whereby his girlfriend received a traffic ticket. In filling out the ticket the policeman demanded the girl's SSN. His justification apparently was "there's a spot on the ticket for it, and it has to be filled in, so you must provide it". While I don't live in Texas, and have no direct knowlege of this, this seems like an abuse of the SSN. Does anyone have any further information on this situation? And what would the SSN be used for, that a drivers license number couldn't serve for? --- WinQwk 2.0b#218 -- Channel 1 (R) Cambridge, MA ------------------------------ From: rodger@Cadence.COM (Rodger Hughes) Subject: Re: Citibank photo credit card Organization: Cadence Design Systems, Inc. Date: Mon, 12 Oct 1992 18:17:07 GMT Dave Grabowski writes: >In article usenet_interface@almaden.ibm.com writes: >> >> >>I am a late comer to this group...so... >> >>Has there been a discussion about Citibank's commercial where they state >>that their CC's are the most secure? > Actually, I doubt that thieves would actually take the time to put >your CC# on their card. There are LOTS of easier ways to make credit >card purchases (I know.). Citibank claims that their cards are more >"secure" for you, but in actuality, is seems to be a benefit for THEM. >If your card is stolen, you are responsible for, at the most, $50. Big >companies, like Citibank, probably wouldn't even make you pay that. So, >supposing your card was stolen, and someone used it, it wouldn't hurt ^^^^^^^^^^^^^^^^ >you ANYWAY. Citibank is actually protecting themselves, but is selling ^^^^^^^^^^^ >it on the premise that it will protect YOU. >-Dave >-- > ----------------------------------------------------------------------------- >Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu >9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com And who do you think pays for all the credit card fraud? Can you say membership fees, outrageous interest rates etc...? I knew you could. -- -------------------------------------------------------- Rodger Hughes rodger@cadence.com (408)894-3099 San Jose, California 95134 U.S.A. ------------------------------ Subject: Re: [Mike Brokowski: Re: Address required on checks] From: jms@carat.arizona.edu Date: 12 Oct 1992 12:01 MST Reply-To: jms@Arizona.EDU Organization: University of Arizona MIS Department - Mosaic Group In article , abc@brl.mil (Brinton Cooper) writes... > > Mike Brokowski writes, in part > >>>3. You must give id when spending over $10K with one merchant in, I >>>believe, one year, or the merchant can get in serious trouble. > . > . >I believe this is a misstatement. IRS has a rule regarding the handling >of large sums of money at a bank. If you withdraw a sufficiently large >sum ($10K?), they must file something like a 1099 with IRS. You're confusing two things here. ("You" being several posters). First of all, the 10K limit is a per-transaction one. Annual aggregation of grocery checks is not something that anyone cares about. Banks are required to report any transaction of $10K (or more) to the IRS. This is to make sure that you aren't hiding bucks. Additionally, merchants who accept cash transactions of $10K or more are also required to report these, and are strongly urged to report any large cash transaction, or, for that matter, any other transaction which the merchant finds "suspicious." The rationale given here is "War on Drugs" related. These are two separate sets of regulations, and are done for different reasons. Joel M Snyder, 1103 E Spring Street, Tucson, AZ, 85719 Phone: 602.882.4094 (voice) .4095 (FAX) .4093 (data) BITNET: jms@Arizona Internet: jms@arizona.edu SPAN: 47541::telcom::jms Yow! I'm imagining a surfer van filled with soy sauce! ------------------------------ From: Simona Nass Subject: Re: What is privacy? Date: Tue, 13 Oct 1992 05:26:05 GMT Organization: PANIX Public Access Unix, NYC I'm fascinated by the various meanings the word "privacy" has taken on. I've seen it used to mean freedom from trespass on property, freedom from forced disclosure or, where information is disclosed (voluntarily or not), a right to informational self-determination (as some European countries are articulat- ing it), etc. I agree that defining privacy is vital to understanding the various controversies that rage and the conflict between disclosure and its counterpart, whatever that's called. So, let's hear it for other forms of "privacy." -S. -- Alumni of Stuyvesant HS of New York: e-mail stuy@panix.com if you wish to participate in compiling an alumni e-mail directory --------- simona@panix.com or {apple,cmcl2}!panix!simona ---------- Disclaimer: I am not an attorney, though I do have an opinion on everything. ------------------------------ End of Computer Privacy Digest V1 #091 ******************************