Date: Thu, 03 Dec 92 11:03:39 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#105 Computer Privacy Digest Thu, 03 Dec 92 Volume 1 : Issue: 105 Today's Topics: Moderator: Dennis G. Rears New IP Address for archives Re: My Technophobia. Correcting credit report (was Re: magnetic stripe) Re: Privacy in VA Privacy in VA Re: Privacy in VA Re: Privacy in VA Re: Privacy in VA Phone Privacy: Call Records Re: Phone Privacy: Call Records Re: Phone Privacy: Call Records The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 3 Dec 92 10:53:49 EST From: Computer Privacy List Moderator Subject: New IP Address for archives Due to a minor network reconfiguration the IP address for ftp.pica.army.mil has been changed from 129.139.160.200 to 129.139.160.133. The name and machine are the same. The archives have issues 1 through 104. Dennis ------------------------------ From: Brad Miller Subject: Re: My Technophobia. Organization: University of Rochester Date: 1 Dec 92 19:08:29 Yes, the movie "Brazil", my personal favorite and has my vote for best movie of all time, should be viddied at least once by those who hold liberty and privacy as fundamental rights. A one line synopsis would be a comedic version of 1984; but the humor is gallows. Many subtle jabs at the burocracy, computers, gagets, invasion of privacy by way of "protecting society" etc. Worth owning. Brought to you by some of the same folks of Monty Python fame, so you get a hint that real humor is involved. -- ---- Brad Miller miller@cs.rochester.edu -- ---- Brad Miller miller@cs.rochester.edu ------------------------------ From: Allen Warren Subject: Correcting credit report (was Re: magnetic stripe) Organization: Test Systems Strategies, Inc., Beaverton, Oregon Date: Wed, 2 Dec 1992 00:37:02 GMT "L. Jean Camp" writes: >. . . If anyone besides myself has ever tried to correct a credit >report, you'll know that it is nearly impossible. Amen to that! 2.5 years ago, my wife and I bought our first house. I had 3 reported delinquincies of less than $100 each which were reported to the credit bureau as being over 30 days late. 2 of them I had never known about until the credit report. Still, I had to take care of each one both by paying them off AND providing letters of explanation to the lending institution which eventually gave me the loan. Exactly one year after purchasing this house, we sold it and bought another house and I had 3 NEW surprises on my credit sheet, which the same lending institution required me to clear up and provide letters once again. The toughest part was than one of the surprises was mistakenly billed to the wrong person, namely me, and this ALMOST held up my loan from going through, no matter that the rest of my 4 pages of credit history was impeccable. allen ------------------------------ Date: Tue, 1 Dec 92 16:52:12 PST From: Allen Warren Subject: Re: Privacy in VA Organization: Test Systems Strategies, Inc., Beaverton, Oregon rlee@guest.ads.com (Richard Lee) writes: >I will be moving to the DC area shortly, and have a few questions re >privacy issues in VA. >2. SSN, CC#, Phone # on checks >What is VA law on stores wanting to write any of the above on your check >before honoring it? >[Moderator's Note: I sure as hell hope they don't restrict the >practice. You have no *RIGHT* to cash a check. A store has a >legitimate need for the SSN. ] I recently read a very informative article in the Portland, OR Oregonian newspaper on all this where it was stated that a store does NOT have to honor a bank check whatsoever in that if you do not provide identification for which they ask, they do not have to accept your bank check for payment. This information came to light in an article noting differences between credit card and bank check payment. When a store accepts your check, they assume liability. When they accept your credit card, there is no liability to the store, the liability is with the credit card company. Whenever a store asks me to list my telephone number on my credit card receipt, I put down 555-1212. I had one clerk notice the number and she stated that the number was not valid since it was information. I then stated that this was the number I wrote on the receipt and I wouldn't give out my unlisted number. She called her manager. The manager said I needed to write my home phone number down. I called my credit card company right there at the register phone (thank God for the 800 number on the back of my credit card) and the operator told me that the store could NOT ask for my phone number legally. The operator then asked to talk to the manager, who got visibly upset on the phone. In the end, the manager accepted the 555-1212 number. I wrote the company offices about the whole affair and copied the credit card company, the State Attorney General and the BBB. I received from very nice responses from all parties, including a nice coupon from the company corporate offices along with a very nice apology. allen ------------------------------ From: Craig Wagner Date: Wed, 02 Dec 1992 10:38:54 -0500 Subject: Privacy in VA RL> 2. SSN, CC#, Phone # on checks What is VA law on stores wanting to RL> write any of the above on your check before honoring it? RL> RL> [Moderator's Note: I sure as hell hope they don't restrict the RL> practice. You have no *RIGHT* to cash a check. A store has a RL> legitimate need for the SSN. ] They _do_ restrict the credit card numbers here. Nothing else, though, to the best of my knowledge. RL> [Moderator's Note: Once again I have to ask: Does the RL> knowlege of one SSN affect that's person privacy? I say no. All the RL> SSN does is act as a global indentifier. In today's technology it is RL> not difficult for a legitimate business to get a persons SSN. You RL> don't need a SSN to get a credit report just a name and address. RL> ._dennis ] This comment almost makes it sound as though the only privacy issues are (1) protection from "a legitimate business" or (2) for protecting credit reports. Privacy includes the protection of _any_ information an individual chooses to consider "none of 'your' business," including, if they so choose, the SSN from being given to friends, neighbors, or strangers. As long as organizations use the SSN as an identifier for conducting transactions (American Express does this for phone transactions, and other organizations rely too heavily - and singularly - on it), an individual is being reasonable in making efforts not to have his SSN become any more public than it already is. It's precisely because of these issues that some states (the recent report of actions within the Virginia legislature is an example) are taking efforts to help individual's protect their SSN number. [Moderator's Note: The point I am making is that the SSN has become the defacto Universal Identification Number. I don't like but I have to accept that fact. ._dennis ] ------------------------------ From: "Michael T. Palmer" Subject: Re: Privacy in VA Date: 2 Dec 92 13:29:53 GMT Organization: NASA Langley Research Center, Hampton, VA USA rlee@guest.ads.com (Richard Lee) writes: >I will be moving to the DC area shortly, and have a few questions re >privacy issues in VA. >1. SSN on DL >According to recent posts, your SSN is your Driver's License number >unless you object. Is getting them to use something else difficult? (I >suppose it may depend on the mood of the clerk.) Do they have an >algorithm for making an alternate number up, or what? Apparently, a move is underway (legislatively) to use a different number on ALL drivers licences in the state. The VA DMV is upgrading their computer system, and the new numbering scheme will (hopefully) be phased in at that time because the cost is very low if the new numbers are used as licenses are renewed. Cost estimates were quite high for changing all CURRENT licences to a new scheme (mostly due to printing and mailing costs). >2. SSN, CC#, Phone # on checks >What is VA law on stores wanting to write any of the above on your check >before honoring it? >[Moderator's Note: I sure as hell hope they don't restrict the >practice. You have no *RIGHT* to cash a check. A store has a >legitimate need for the SSN. ] I disagree wholeheartedly with our moderator on the legitimate need of a store for the SSN (once the drivers license number is different). All check guarantee services use the DL number, not SSN, and the store just needs to make sure that they can find you if the check is bad. Credit card number? Simply refuse. If they won't take your check, walk out and don't do business there. Would you normally give a stranger your full name, address, bank account number, and credit card number all together? That one piece of paper has enough info on it to cause a lot of damage (even without phone # and SSN). Phone number? This seems reasonable, since again the store needs to be able to contact you if your check is returned. Remember, the store is indeed doing you a favor by accepting only a promise of payment (in the form of a personal check) instead of cash. And as reported in our local papers, many grocery stores take quite a beating on bad checks. So our moderator is correct that you do not have a *RIGHT* to have a personal check accepted as payment. >3. "Caller ID" >My reading of the N VA C&P Phone Book is that C&P offers "Caller ID" but >does _not_ offer any form of blocking!! Is this really the case? Is it >possible to get some kind of blocking even though they don't advertise >it? >[Moderator's Note: Not unless you are law enforcement. ] Yikes! Is this true? I could have sworn that one of my recent phone bills had a flyer in it that outlined several different options for call blocking of Caller-ID number transmission. [Moderator's Note: Depends on the state. NJ does not offer blocking. ] >4. Etc >Are there related issues I should know about but haven't thought to ask? >Responses (preferably email) will be greatly appreciated. I will be >happy to pass on relevant experiences after I move and deal with these >issues. >[Moderator's Note: Once again I have to ask: Does the knowlege of >one SSN affect that's person privacy? I say no. All the SSN does is >act as a global indentifier. In today's technology it is not >difficult to for a legitimate business to get a person SSN. You >don't need a SSN to get a credit report just a name and address. > ._dennis ] I disagree with the moderator's position, since knowledge of a person's SSN makes it much easier to commit fraud in the name of that person. And "legitimate businesses" have crooks working for them. I recently (September 1992) had Mastercard Security contact me at 7:30p to ask if I had just ordered several plane tickets over the phone from a travel agent in Atlanta. Someone at a restaurant there (I was there on business previously) had copied my card number down and used it to try to buy tickets which he then sold. The travel agent was suspicious and tried to get more information from the caller, and then called Mastercard Security. Her alertness paid off, since they arrested the people involved as they arrived at the airport. But I still had the hassle of getting my credit union to transfer all of MY charges onto a new card number and cancelling the old card (which was a real pain since I had just mail- ordered some computer stuff). My point is that unscrupulous people work for "legitimate businesses" and they will use all the information you supply to wipe you out. Handing over your SSN is simply NOT NECESSARY and can make their job easier. -- Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681 Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov PGP 2.0 Public Key now available -- Consider it an envelope for your e-mail ------------------------------ From: Paul Olson Subject: Re: Privacy in VA Organization: Mission Operations and Data Systems Date: 2 Dec 1992 08:31 EST Apparently-To: comp-society-privacy@uunet.uu.net In article , rlee@guest.ads.com (Richard Lee) writes... > >I will be moving to the DC area shortly, and have a few questions re >privacy issues in VA. > >[stuff deleted] > >3. "Caller ID" >My reading of the N VA C&P Phone Book is that C&P offers "Caller ID" but >does _not_ offer any form of blocking!! Is this really the case? Is it >possible to get some kind of blocking even though they don't advertise >it? > >[Moderator's Note: Not unless you are law enforcement. ] That's correct. C&P in VA does not offer blocking, even if you are calling from outside VA. About the only way you could block it (and I'm not sure it would work) would be to dial 1-703-number in order to get the call to pass through the long distance system. > >4. Etc >Are there related issues I should know about but haven't thought to ask? > Yea, radar detectors are illegal in VA. In fact, only VA and DC ban radar detectors. Personally, I wouldn't live in a state which says I can't own a radio receiver, not to mention that it's overbuilt, over crowded and you can't get anywhere on a Saturday because of traffic. If you're going to be working in DC, I'd look into moving to Maryland. But that's just my opinion. __ Paul J. Olson - VAX Systems Manager & Resident Amiga Addict C= /// Voice - 301/286-4246, 301725-5501 __ /// DECnet- DSTL86::OLSON \\\/// Internet - olson@dstl86.gsfc.nasa.gov \XX/ Disclaimer: Statements in my messages are wholely my own. AMIGA "[the universe originated] as a quantum fluctuation of absolutely nothing." - Guth & Steinhardt ------------------------------ From: "Wm. L. Ranck" Subject: Re: Privacy in VA Date: 2 Dec 92 13:56:44 GMT Richard Lee (rlee@guest.ads.com) wrote: : : I will be moving to the DC area shortly, and have a few questions re : privacy issues in VA. : : 1. SSN on DL : According to recent posts, your SSN is your Driver's License number : unless you object. Is getting them to use something else difficult? (I : suppose it may depend on the mood of the clerk.) Do they have an : algorithm for making an alternate number up, or what? : The State of Virginia is currently considering a new law that will remove SSN from your driver's license and voter registration lists. They will probably not pass this law til January. I have a friend who refused to give his SSN when he moved to Va. and he claims that after talking to a supervisor at DMV they made up a number somehow. I did not look at his license and so I can't confirm that. If you have children of school age the school system may want their SSNs, but I have simply told them no and they haven't been a problem. -- ******************************************************************************* * Bill Ranck ranck@joesbar.cc.vt.edu * ******************************************************************************* ------------------------------ Date: Tue, 1 Dec 92 18:08:21 PST From: Hal Finney Subject: Phone Privacy: Call Records > [Moderator's Note: They do not keep track of the local numbers you > call. Most switches do have the capability to do so if there was a > compelling need. You might disagree with the concept but that > information belongs to the company not to you. I hope the fact that > medical records belong to the doctor and not to the patient doesn't > surprise you. ._dennis ] The question of whom calling information "belongs to" is not so simple. There is no holy writ from above that says the information about which phone calls I make belongs to the phone company and not to me. Instead, it's a question to be negotiated. The negotiation may be in a public forum, as when laws are passed to control who can collect and keep this kind of information and what they can do with it. Or, it could be private, as when a person chooses not to patronize a particular business (like Blockbuster) because he doesn't like what the business does with the information it collects. In the case of the phone company, most of us have no choice about whom we do business with. Maybe in the future that will change, and there will be a choice of service providers. In that case, the question of what kinds of records are kept could be a competitive difference between different local phone companies. A phone company could guarantee not to keep records of individual phone calls, and could open up its databases to auditing to verify that it was following this policy. People who do feel that calling information should "belong to them" could choose this company. Alternatively, if enough people feel that calling information should belong to them and not to the company, they could pass laws requiring phone companies to not keep individual calling records. Or, to take Dennis' other example, doctors could be required to turn medical records over to patients. The point is, the question of who owns this kind of information is not as simple as Dennis would have it. If you feel that information about the specific phone calls you make is and should be private, even though the phone company inherently learns this information in providing you with their business, you have every right to feel this way. And you have every right to take action to retain your privacy. Hal Finney hal@ghs.com [Moderator's Note: I would welcome comments from John H. on what the phone company owns or doesn't. I am pretty sure they own you phone number too. ._dennis ] ------------------------------ From: "Edward J. Huff" Subject: Re: Phone Privacy: Call Records Followup-To: comp.society.privacy Organization: NYU Chemistry Dept. Date: Wed, 2 Dec 1992 06:22:36 GMT Apparently-To: uunet!comp-society-privacy In article , "Kip J. Guinn" wrote: > > Do phone companies keep records of local calls made from your telephone? New York Telephone does. I once received a bill which showed charges within the local calling area but qualifying for a higher per minute charge, and I didn't remember making the call. I asked the business office what it was, and they mailed me a list of ALL of my local calls for that month. (Yes, seeing the number, I identified the call). -- Edward J. Huff huff@mcclb0.med.nyu.edu (212)998-8465 ------------------------------ Date: Wed, 2 Dec 92 10:57:25 -0600 From: Eric Hunt Subject: Re: Phone Privacy: Call Records > Do phone companies keep records of local calls made from your telephone? [...] > home number (which I try to keep fairly private), but if local calls > are routinely logged--heck, what do you do? As per Dennis, the capability exists for the local phone company to do this. I know firsthand that the company I work for had to get a court order before they could unseal the call records from our internal PBX to find out what local numbers an employee had been calling. Long Distance numbers were no problem, but we couldn't touch the local records without court approval. And this is on our own PBX! --- Eric Hunt | bsc835!ehunt@uunet.uu.net (preferred) Birmingham-Southern College | eric.hunt@the-matrix.com Birmingham, Alabama 35254 | ^--- Nothing longer than 100 lines ------------------------------ End of Computer Privacy Digest V1 #105 ******************************