Date: Tue, 01 Dec 92 18:18:10 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#104 Computer Privacy Digest Tue, 01 Dec 92 Volume 1 : Issue: 104 Today's Topics: Moderator: Dennis G. Rears Lucky Supermarkets copies social security numbers on to checks. Magnetic strip on driver licenses Re: magnetic stripe Re: Re: Blockbuster announces plan to use data from video rentals Re: Comp Priv Digest Re: Re: Blockbuster announces plan to use data from video rentals My Technophobia. Privacy in VA Phone Privacy: Call Records The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- Date: Tue, 24 Nov 92 09:20:28 PST From: Phydeaux Subject: Lucky Supermarkets copies social security numbers on to checks. This appeared in misc.consumers and I thought it would be of interest here. reb ====================================================================== From: dbw@crash.cts.com (David B. Whiteman) Newsgroups: misc.consumers Subject: Lucky Supermarkets copies social security numbers on to checks. The California DMV has started to require a social security number when applying for an initial Calif. drivers license or identification card, or for renewing them. This is suppose to be used as an aid for tracking down fathers who skip out on child support payments (but they require a social security number from males and females). The signs all over the DMV clearly state that the social security number is used internally and will not be printed on the license or ID card, which is true. However all the new licenses and id cards have a magnetic strip. Now if you wish to make a purchase at a Lucky's Supermarket and pay by check the license is passed thru a magnetic card reader -- and the social security number is read from the card and printed on the back of the check. Therefore the number which is not suppose to appear on the license is simply available to any merchant that has access to a card reader. ------------------------------ From: rudis+@cs.cmu.edu (Rujith S DeSilva) Subject: Magnetic strip on driver licenses Organization: School of Computer Science, Carnegie Mellon Date: Tue, 24 Nov 1992 18:15:39 GMT In article elee@bonnie.ics.uci.edu writes (in reference to having supermarkets' using a magnetic strip on driver licenses to validate checks): >The other interesting point being discussed on the bboard was that of exactly >what information is stored on the magnetic stripe that isn't visibly printed >on the card. I would not be happy, even if all the information on the stripe was already printed on the card, because it would make it so easy for the business to start keeping records on its customers. In the U.K., it's illegal to keep records of more than name and address (I think) without registering the database with some government agency; what's the situation in the U.S.A.? [Moderator's Note: It's perfectly legal for most businesses to keep records on its citizens. The one exception being video rental places. ._dennis ] Rujith de Silva. Carnegie Mellon. ------------------------------ Date: Tue, 24 Nov 1992 16:53:37 -0500 (EST) From: "L. Jean Camp" Subject: Re: magnetic stripe > The other interesting point being discussed on the bboard was that >of exactly what information is stored on the magnetic stripe that isn't >visibly printed on the card. I would sure like to know, and who exactly >is capable of reading and using this information. Could the strip contain >information such as a person's credit record? If so, a person with bad >credit could conceivably be denied access to certain privileges that she >would not have been had the magnetic stripe not been issued. However, if our credit was included on our cards, the need for credit reporting companies would end. Services would still exist for those who lost their cards. It woudl be easier to limit the flow of data from a storage facility that is _not_ a necesssary part of the credit market. This could make it much easier both to control the dissemination of our credit information and to assure that it is correct, as we could see it written. If anyone besides myself has ever tried to correct a credit report, you'll know that it is nearly impossible. Jean ------------------------------ From: Charles Mattair Subject: Re: Re: Blockbuster announces plan to use data from video rentals Organization: Synercom Technology, Inc., Houston, TX Date: Tue, 24 Nov 1992 20:21:29 GMT I spoke with a VP at Blockbuster's corporate headquarters in Ft Lauderdale (305 832 3000) re this. They definitely plan to do this. They have no plans to divulge this information to anyone outside the BB organization. After some amount of discussion, he allowed they might be able to strike my name from the program and would check into this. Will post any subsequent info I get. Questions for the legal eagals: [Moderator's Note: I will attempt a answer for each one. ._dennis ] 1. Given that a corporation is a legal person, after a fashion, and assuming BB keeps Sound Warehouse as an unconsolidated sub, is it in violation of the Video Rentals law if it makes rental information available to Sound Warehouse? A corporation is a legal entity not a person. It depends on what type of information it is keeping. 2. Assuming the promotional literature makes a statement to the effect "you liked Ishtar enough to rent it" (that is, divulges the name of a video or otherwise indicates a particular class of videos I rented) and that BB sends the promo literature something other than 1st class, does the the (reasonably) expectable lack of privacy in the mailing constitute a defacto violation? No. 3. Assume the same mailing as in 2 above. Do I relinquish my rights under the act, once I have received the mailing, if I do not take every reasonable step to preserve the privacy of the information? That is, given I have no expectation of privacy in trash set out on the curb, am I now bound to open every piece of junk mail to ensure I don't discard a BB mailer? You have no rights under the act with the possible exception of a lawsuit. Unless you suffered real damages you can forget a lawsuit. 4. Assume 3 above except I open the mailer. Has BB in effect transferred the responsibility to ensure privacy to me? If my neighbor happens to see the mailer in my house, who is in violation, me or BB? No one. 5. Again, assuming the same mailing as in 2 above, what safeguards exist to prevent BB from sending promo literature to Clarence Thomas to a valid but incorrect address which just happens to be a _Weekly World News_ drop box? Assuming the mailing is not 1st class, there are no legal restrictions on who may open and read this mail; in effect, the law is totally and legally circumvented. [Moderator's Note: An overall note on this posting. Don't depend upon laws to protect your privacy. Unless you have a lot of money to throw away on legal fees the law as it affects most people is worthless. A video doesn't really care what you as an individual watch; only customers as a whole. ._dennis ] -- Charles Mattair mattair@synercom.hounix.org Any opinions offered are my own and do not reflect those of my employer. Never try to teach a pig to sing - you waste your time and it annoys the pig. (West Texas saying) ------------------------------ From: Carl Oppedahl Subject: Re: Comp Priv Digest Date: Tue, 24 Nov 1992 21:29:35 GMT Organization: PANIX Public Access Unix, NYC In Robert Ellis Smith <0005101719@mcimail.com> writes: >PRIVACY JOURNAL, PO Box 28577, Providence, >RI 02908, has published COMPILATION OF STATE AND FEDERAL >PRIVACY LAWS since 1974. The 1992 edition costs $29. >The book includes 600 laws, on Social Security numbers, >electronic surveillance, credit records, health, financial, >schools, Caller ID, personnel, criminal records, and much >more. There's a state-by-state chart on each >category. I have the book and can recommend it. >Our monthly newsletter, PRIVACY JOURNAL, answers >virtually every question that comes up on the >Computer Privacy Digest. It's available for a >special rate of $65 a year for Digest participants >-- from PRIVACY JOURNAL, 401/274-7861. For those who follow privacy, this is a very important journal. I recommend it, too. >Reach the publisher via MCI mail at rsmith, >510-1719. Well, for Internet people the way to address Mr. Smith is 0005101719@MCIMail.com. I think if you leave off the leading zeroes it will still work. Carl Oppedahl AA2KW (intellectual property lawyer) 30 Rockefeller Plaza New York, NY 10112-0228 voice 212-408-2578 fax 212-765-2519 ------------------------------ From: Sam Lowry Subject: Re: Re: Blockbuster announces plan to use data from video rentals Organization: Netcom - Online Communication Services (408 241-9760 guest) Date: Wed, 25 Nov 1992 16:32:55 GMT In article "Roy M. Silvernail" writes: >Richard Thomsen writes: > >> mellon@ncd.com writes: >> >Needless to say, Blockbuster does not get my business. If you don't like >> This is an interesting comment. Because a company does not rent out movies >> that you want to see, this is "censorship?" I thought this was a newsgroup >> about privacy. What about the privacy of the company, and its right to >> rent what it wants? Why does it have to rent what you want? > > >Your message does bring up an interesting point, though. While we are >all understandably concerned about our privacy, the very organizations >we decry for violating our privacy must have some reasonable expectation >of privacy, as well. Since the two imperatives obviously conflict, how >should this conflict be resolved? > What you are telling me is that companies, which are not a human being has the same rights as a living person? This is a problem we all will have to deal with. Do companies have rights? [Moderator's Note: Corporations do. ._dennis ] Mortal@netcom.com ------------------------------ Date: Wed, 25 Nov 1992 19:43:49 -0500 From: Multilingual Technogies Corporation Subject: My Technophobia. Here's why we should be worried about technology and our privacy. It's not because of evil conspiracies. It's much more banal then that. Ordinary people are in charge of and/or run technology, people who are afraid of their bosses, mostly tired of life, quite comfortable assuming the bureaucratic role. "No" always involves less hassle than "Yes". Very much trapped in what Stanley Milgram called the "agentic state". ("Obedience to Authority" - a classic, and still available in paperback. Everybody interested in any aspect of behavior should read this.) Perfectly good and charitable people running the databases at TRW and others places, dealing on a daily and hourly basis with computer botches, stolen cards, a fight with the spouse, money worries, kid problems, etc. Just one careless keystroke, and a reputation goes into limbo. Some chiropractors use an electrical stimulation device on the back to relax the muscles in preparation for adjusting the spine. Similar devices attached to the genitals of a subject in some Guatemalan prison are a very effective method of interrogation. In "Prisoner Without a Name, Cell Without a Number", Jacobo Timmermann tells how, before one session started, the technician that was about to torture him asked for his help in getting his son into college, and other pleasant banter, before turning on the current. Ordinary people doing ordinary jobs that just happen to be destroying other ordinary people. The banality of evil. That's what scares me. GB. ------------------------------ From: rlee@guest.ads.com (Richard Lee) Subject: Privacy in VA Date: Sun, 29 Nov 1992 21:09:23 GMT I will be moving to the DC area shortly, and have a few questions re privacy issues in VA. 1. SSN on DL According to recent posts, your SSN is your Driver's License number unless you object. Is getting them to use something else difficult? (I suppose it may depend on the mood of the clerk.) Do they have an algorithm for making an alternate number up, or what? 2. SSN, CC#, Phone # on checks What is VA law on stores wanting to write any of the above on your check before honoring it? [Moderator's Note: I sure as hell hope they don't restrict the practice. You have no *RIGHT* to cash a check. A store has a legitimate need for the SSN. ] 3. "Caller ID" My reading of the N VA C&P Phone Book is that C&P offers "Caller ID" but does _not_ offer any form of blocking!! Is this really the case? Is it possible to get some kind of blocking even though they don't advertise it? [Moderator's Note: Not unless you are law enforcement. ] 4. Etc Are there related issues I should know about but haven't thought to ask? Responses (preferably email) will be greatly appreciated. I will be happy to pass on relevant experiences after I move and deal with these issues. [Moderator's Note: Once again I have to ask: Does the knowlege of one SSN affect that's person privacy? I say no. All the SSN does is act as a global indentifier. In today's technology it is not difficult to for a legitimate business to get a person SSN. You don't need a SSN to get a credit report just a name and address. ._dennis ] ------------------------------ From: "Kip J. Guinn" Subject: Phone Privacy: Call Records Organization: University of Denver, Telephone Services Date: Tue, 1 Dec 92 17:39:29 GMT Apparently-To: uunet!comp-society-privacy Do phone companies keep records of local calls made from your telephone? I have heard references to "phone records"--mostly in articles about someone being investigated by the police--and wonder if they meant local calls, or long-distance. I can see where long-distance calls would be in records, but do they actually keep logs on local calls made from each residential phone? That would seem to be an awfully huge chunk of data... And a big invasion of my privacy, too! Caller ID is bad enough for some people--women's shelter's, etc-- and I don't like the fact that if I call to complain to the police, or a company, etc, that they know my home number (which I try to keep fairly private), but if local calls are routinely logged--heck, what do you do? Kip [Moderator's Note: They do not keep track of the local numbers you call. Most switches do have the capability to do so if there was a compelling need. You might disagree with the concept but that information belongs to the company not to you. I hope the fact that medical records belong to the doctor and not to the patient doesn't surprise you. ._dennis ] ------------------------------ End of Computer Privacy Digest V1 #104 ******************************