Date: Tue, 10 Nov 92 16:33:45 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#098 Computer Privacy Digest Tue, 10 Nov 92 Volume 1 : Issue: 098 Today's Topics: Moderator: Dennis G. Rears Re: Risks Of Cellular Speech Re: 1-800-CURB-DWI Re: Clinton Endorses Right to Information Privacy Re: Posting grades by SSN Re: ssn and traffic tickets Re: SSN and unique IDs Credit Thieves Re: Risks of Cellular Speech The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: "Tom R. Rice" Subject: Re: Risks Of Cellular Speech Organization: Netcom - Online Communication Services (408 241-9760 guest) Date: Sat, 7 Nov 1992 01:27:35 GMT Dave King <71270.450@compuserve.com> writes: >traffic is lighter. Scanners cost as little as $200, and are sold in virtually >every shopping mall in Toronto. It's astonishing that most people don't seem to realize that cellular phones are "wireless", i.e., they are just 2-way radios fancied up a bit. The cellular industry doesn't want customers to know this, but I'm boggled that people just don't catch on. Would they discuss sensitive information on a CB radio? BTW, a scanner is not really necessary. The older TV sets that have UHF tuners of the continuously-tuned type (rather than the channel-switch type) can easily tune in cellular calls. Ahh, the marvels of technology! trr -- "Start off every day with a smile and get it over with." --W.C.Fields Tom R. Rice WB6BYH Holler Observatory - tomrice@netcom.com Longitude: 121 d 30 m 20 s W CIS: 71160,1122 Latitude: 37 d 25 m 10 s N ------------------------------ From: Jarrod Staffen Subject: Re: 1-800-CURB-DWI Date: 6 Nov 92 22:58:42 GMT Organization: U S WEST NewVector Group, Inc. I personally think the idea of *DWI is great. I use a cellular phone and have been on the road many times behind a dangerous driver. When it is clear that the driver is under some kind of influence, I diall 911. It's free and it puts me through to State Patrol. On one occasion, I was behind a truck carrying 4 passengers. The three in the cap were hitting eachother, the truck was all over the road. They were passing beers between the guy in the truckbed (who had a case of beer) and the guys in the cab. I thought this was quite stupid, but not nearly as stupid as when they saw a hitch-hiker ahead and pretended they were going to run him over. Instead of running over him, they swerved at the last second and just threw a beer at him. I dialed 911 and followed these pukeheads until a trooper caught up a few minutes later. Justice was served. If I wanted to, I could have called anonymously as there are no means to trace the origins of a cellular call (not easily, anyway). Of course, the privilege could easily be abused. I couldn't give you a quick answer to that. But I feel the bebefits greatly outweigh the risks of abuse. Jarrod Staffen jstaffe@uswnvg.uswnvg.com ------------------------------ Subject: Re: Clinton Endorses Right to Information Privacy Date: 6 Nov 92 20:45:51 PST (Fri) From: John Higdon "Wm. L. Ranck" writes: > While the other stuff on the list doesn't bother me this one sure does. > Basically it says that the government knows what is good for me and will > not let me decide. You will also notice the general tone of the entire statement that is usually present in governmental attempts at "protecting privacy". The assertion is that people (or "The People" if you will) need to be protected from each other and, in the case now of the Democrats, from Big Bad Business. The government, however, should know EVERYTHING about you--for your own protection, of course. If you look at the "privacy" statutes in California for example, the only protection that is provided is against other ordinary citizens. The government and even certain commercial enterprizes have full, unrestricted access to your DMV records. This is one reason that I have always maintained that the best privacy protection is constant vigilance. Depending on "the government" to ensure your privacy is like asking a street urchin to hold on to your wallet while you tie your shoe. I get very nervous when I hear about new "privacy" legislation. > How long till it makes "dangerous" recreational activity > illegal? "Sorry, skis and ski poles are dangerous, you can't buy them > anymore." In case you don't know, insurance companies already use various methods to determine if a prospective insured participates in sky diving, SCUBA, and other "risky" activities. And an insurance company would like nothing better than to have a person lie on the application, find information to the contrary, and then deny a claim based upon falsification of an application--especially after collecting many years of premiums. > If a product is possibly dangerous then requiring some reasonable labeling > is fine, but to "protect" the public from what is considered dangerous is > not. This is not how the government likes to work. Just look at the list of banned products in the USA. Then see how many of them are in common use in the rest of the world, perhaps with warning labels. One of them is Thalydamide, which is an excellent low-side-effect tranquilizer. Of course the major bad side effect, severe birth defects, can easily be avoided by abstaining from the drug while pregnant. But our government feels that US citizens cannot be trusted with sharp objects, as it were, and bans all use of an otherwise useful product. Remember, privacy has been "assured" on the cellular band--not by making the communications secure with technology--but by taking the radios that can tune cellular frequencies away from citizens. Government is beneficent; Government is your friend. It protects you from other PEOPLE. And coming soon: protection from Nasty Old Corporations. -- John Higdon (hiding out in the desert) ------------------------------ From: Ramesh Doddamani Subject: Re: Posting grades by SSN Date: 7 Nov 1992 09:31:09 GMT Organization: Case Western Reserve University, Cleveland, Ohio (USA) Reply-To: ramesh@veda.esys.cwru.edu I am reading a report which is supposed to have been published in a magazine called "Education Daily" dated Aug 11, 1992. It is about a suit filed by students at Rutgers University(Krebbs v. Rutgers) regarding the posting of grades by SSNs. A federal judge has(had) temporarily barred the university action saying that the practice may violate students' privacy. University officials had said that this happened in isolated cases and is not a university policy. I wonder what happened to the case. Ramesh ------------------------------ From: wbe@bbn.com (Winston Edmond) Subject: Re: ssn and traffic tickets Date: 7 Nov 92 18:26:57 Organization: Bolt Beranek and Newman, Inc., Cambridge, MA Eric Hunt asks: >In Alabama, your SSN is printed on your driver's license. It's *not* the >DL#, but it is printed on the card itself. > >How many other states also have the SSN printed on the license? In Massachusetts, your SSN will be used as your driver's license number unless you specifically request otherwise. I vaguely recall that it took a court case to force the Registry to make the option available. -WBE ------------------------------ From: Stephen M Jameson Subject: Re: SSN and unique IDs Date: 9 Nov 92 12:42:26 Organization: General Electric Advanced Technology Labs Reply-To: sjameson@atl.ge.com In article sjameson@fergie.dnet.ge.com (Stephen M Jameson) writes: >> >>A scenario: NIST standardizes such an algorithm (perhaps with some >>local parameters so that a third party with my SSN and a company's FID >>_still_ couldn't get my ID) and use of it becomes compulsory as use of >>SSNs by private entities becomes illegal; phased in over a 4-5 year >>period, perhaps. >> ... >of privacy on the part of the individuals who are not compelled or ^^^ Of course this "not" shouldn't be here. It should read: I know that "privacy" as used in this newsgroup usually refers to specific kinds of privacy, but doesn't the whole idea of "use of it becomes compulsory" and "becomes illegal" denote government violation of privacy on the part of the individuals who are compelled or prohibited from taking certain actions? -- Steve Jameson General Electric Aerospace sjameson@atl.ge.com Advanced Technology Laboratories Moorestown, New Jersey **************************************************************************** ** . . . but I do not love the sword for its sharpness, nor the arrow ** ** for its swiftness, nor the warrior for his glory. I love only that ** ** which they defend . . . ** ** -- Faramir, "The Two Towers" ** **************************************************************************** ------------------------------ cc: tdarcos@mcimail.com Reply-to: TDARCOS@mcimail.com From: Message Center Date: Mon, 09 Nov 1992 22:23:37 EST Subject: Credit Thieves Article Summary, "The Credit Thieves" (Washington Post, Nov. 9, Page D5), "They Take Your Identity, Then Your Good Name." In "The Credit Thieves" article author Stephen J. Shaw asks if you have checked your credit rating lately; some thieves have been known to find people's personal information, then create new identities - and new credit histories - for some people. Apparently name and address is enough to be able to "borrow" someone else's credit information. Some so-called "credit doctors" charge $500 to find someone else with the same or similar name and a clean record, and give the buyer that person's credit record. Shaw declares personal exposure to credit fraud: his credit rating showed "almost $100,000" in credit, services and merchandise ("loans, credit cards, personal bank loans, plane tickets, home-entertainment systems, computers, clothes, furniture, cellular telephones and a slew of other consumer goodies") granted to "him" even though he lives in Washington DC, and the credit granted to "him" was to someone in Orlando Florida, and he's never heard of the things claimed to be charged to him. He only found out about the incident when he applied for credit with an organization and they asked him why he didn't declare all the OTHER credit cards and such that he has. Apparently almost anyone with access to a computer terminal with access to a regular credit reporting agency can probably find out your credit history. His "Credit Double" was only caught because he tried to buy a house using Shaw's name. The Secret Service is the agency that handles trying to catch people who do this. The "credit mugger" is in jail awaiting trial for four counts of bank and credit fraud. Happy ending, eh? NOT. Now getting rid of the inaccurate and fraudulent credit requests is a job in and of itself. "Equifax had deleted five of the bogus accounts, kept another four on my report and added three new ones. TRW told me that most of the disputed accounts had been deleted because the creditor had not replied to TRW's inquiry, but added that the 'creditor may re-report item.' stating , in effect, that the accounts could reappear in future editions." Trans Union did not have the incorrect accounts, but still had the Florida address. TRW also has his address listed as Florida. A New York State agency found six out of 17 credit reporting agencies which advertised would sell credit histories without any attempt to verify the purpose of the request. An executive at TRW told a 1991 Congressional hearing that "if someone is willing to lie to get a consumer report on another individual, there is nothing in the present law to act as a deterrent." Apparently it's not all that hard even to get someone's credit report legally. The Fair Credit Reporting Act (FCRA) allows anyone with "a legitimate business need for the information" can get your report; this includes prospective creditors and employers. "This loophole covers anything from renting an apartment to paying for something by check to joining a health club or a dating service. Reports can be ordered legitimately by employers checking on employees, insurance companies writing policies, someone trying to collect a debt, and government agencies deciding to grant any form of assistance or licenses." The article notes one can request not to be put in the list of "pre-screened" or "targeted" people that credit reporting agencies sell to companies that sometimes offer credit. You can also ask to be taken off mailing lists by writing the Direct Marketing Association, Mail Preference Services, 11 West 42nd St, Box 3961, New York, NY 10163-3861. They can also take reqests just to remove your telephone number from some lists. The article recommends contacting each of the three major agencies twice yearly, and at least 6 months before a major purchase, because some of them don't get what the others have. If something is wrong, contact the creditor directly as well as the reporting agency. If you can't get something corrected, ask to have a statement inserted in your record. If you're not satisfied, you can write the Federal Trade Commission at Correspondence Dept, Room 692, Washington DC 20580. The major credit reporting agencies are: - Equifax, Box 740241, Atlanta GA 30374 1-800-685-1111 - Trans Union, Box 7000, North Olmsted, OH 44070 Regional Offices: - Box 360, Philadelphia, PA, 19105 215-569-4582 - 222 South First St., Suite 201, Louisville KY 40202 502-584-0121 - Box 3110, Fullerton, CA 92634 714-870-5191 - TRW National Consumer Relations Center, 12606 Greenville Ave., Box 749029, Dallas TX 75374-9029 214-235-1200 (TRW allows one free report a year by mail from) - TRW, Box 2350, Chatsworth CA, 91313-2350 --- Paul Robinson -- TDARCOS@MCIMAIL.COM These (uninformed and probably inaccurate) opinions are mine alone; nobody else is (stupid enough to be) responsible for them. ------------------------------ Reply-to: TDARCOS@mcimail.com From: Message Center Date: Mon, 09 Nov 1992 22:56:37 EST Subject: Re: Risks of Cellular Speech In Telecom Digest 12-834, Frank Vance wrote: >I for one have been quite disappointed in the way the >entire cellular privacy issue has been handled by >the cellular providers and the U.S. Government >1. First of all, why did the various cellular providers make >promises of "safe and secure communications" when they knew >anybody with a little money could buy a receiver to listen >in? >2. Why, instead of fixing the technical deficiencies in >their product do they go sniveling to Congress to make it >illegal to listen... >3. Why in the world did our government accept the >sniveling and pass the Electronic Communications >Privacy act...most agencies of the government understand >the problem...many of them have implemented digital >scrambling. I'd like to quote from two books by Robert A. Heinlein. In his last book before he died, "To Sail Beyond The Sunset" there is - coincidentally - a telecommunication question asked where someone notices that the video telephones used (in the story) in Kansas City are flat, and the video in Dallas is stereophonic. He asks "Why is Kansas City still using flatties? Dallas phones are all tanks now." To which his mother informs him "Donald, any question that begins with 'Why Do they' can usually be answered, 'Money.'" In the second Heinlein book, "The Moon is a Harsh Mistress," the main character Mannie points out that people always ask for a law to stop other people from doing something that they don't like those people doing. "Nobody ever says, 'Please pass a law to make me stop doing something I know I should stop." So the point is that it's all about money. It's a lot cheaper (and dishonest) to leave cellular phones totally open and make it illegal to listen to them, while causing people to have the (misguided) impression that the medium is secure. Another point is that some agencies of the government DO NOT want telecommunications to *really* have privacy; there are some rumors that NSA monitors *all* overseas calls, or at least all overseas calls to 'sensitive' countries. I am sure NSA, FBI and a few others DO NOT want real security. Also, you might ask the same question about why the members of congress involved with Mr. Keating of American Savings didn't tell him to fix the problems with his S&L instead of "accepting the sniveling." Call it very effective ahem "campaign contributions." Did the same thing happen in this instance? We'll probably never know unless some Senator's aide does what one did to Ted "Chappaquittick" Kennedy. --- Paul Robinson -- TDARCOS@MCIMAIL.COM These opinions are MINE alone and nobody else's ------------------------------ End of Computer Privacy Digest V1 #098 ******************************