Date: Tue, 19 Jan 93 17:38:57 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#008 Computer Privacy Digest Tue, 19 Jan 93 Volume 2 : Issue: 008 Today's Topics: Moderator: Dennis G. Rears New French computer security e-journal Op-ed piece on telephone Calling Number ID Radar Detector Prohib Re: Radar Detector Prohib Re: Radar Detector Prohib Re: Radar Detector Prohibitions Re: Radar Detector Prohibitions SSN and new baby Re: SSN and new baby Re: SSN and new baby Re: SSN The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: jbcondat@attmail.com Date: 31 Dec 69 23:59:59 GMT Subject: New French computer security e-journal Bonjour! A new computer security e-journal is already published in France. It's the first in my country: * weekly; * name: _Chaos Digest_; * last issue available: #1.03 (18 Jan 1993); * for a subscription send an e-message to: jbcondat@attmail.com Thanks, and hope to hear from you soon! jbc -- _-_|\ Jean-Bernard Condat / \ Chaos Computer Club France [CCCF] B.P. 8005 \_.-*_/ E-Mail: jbcondat@attmail.com 69351 Lyon Cedex 08, France v Phone: +33 1 40101775 Fax: +33 1 47877070 ------------------------------ From: scott@cs.rochester.edu Subject: Op-ed piece on telephone Calling Number ID Date: 13 Jan 93 13:46:28 GMT Organization: Computer Science Department University of Rochester I recently wrote the following article for the editorial page of the Rochester, NY _Times_Union_. It appeared (edited down a couple of paragraphs) on Tuesday, January 12th, 1993, under the (newspaper chosen) headline "Call Id Will Be Boon For Telemarketers". I thought I'd share it with the net. --------------------- Unless you act immediately, your name, address, and telephone number are about to be added to the marketing lists of a whole new set of telephone soli- citors and direct-mail advertisers. How? Through the "Call ID" facility recently introduced by Rochester Telephone. Call ID or, more accurately, Calling Number Identification (CNID), is a mechanism that gives your telephone number to anyone you call. CNID is being promoted as a way to enhance personal privacy: if you pay for CNID service and buy a special phone, you can see the number from which you are being called before you decide to answer. Unfortunately, CNID is much more useful to the marketing industry than it is to individuals. On the whole, it is likely to _reduce_ your personal privacy, rather than enhance it. To its credit, Rochester Telephone has sought to educate customers, through phone bill inserts and newspaper ads, about the technical details of CNID. Moreover, it is permitting customers to opt out of the system. By default, your telephone number will be given to anyone you call, unless you punch a special code before you dial. If you call the phone company and request "all-call restrict," this behavior will be reversed: your number will _not_ be given to anyone you call, _unless_ you punch a special code first. Many people would "like to know `who is it?'" before they pick up the phone. Advertising slogans notwithstanding, however, CNID doesn't tell you. Suppose you buy into the service. When your phone rings and displays the call- ing number, how will you decide whether to answer? Do you know the phone numbers of all the people you might be willing to talk to? If not, how will you resist the urge to pick up the phone "just in case"? Even if you memorize the phone numbers of all your friends, how will you know if they call you from a different phone, or if your spouse calls from a gas station when the car breaks down, or if a stranger calls to tell you that your child has been injured while out playing? Experience with CNID in other states suggests that the real beneficiaries are commercial customers who want to compile -- and then sell -- a list of the people who call them. For $200, your favorite business can buy a "reverse directory" that lists all the phone numbers in the Rochester area, in numeri- cal order, with the names and addresses that go with them. For $350, they can buy this directory on a computer-readable laser disk. A business that keeps track of the numbers from which it is called can easily generate a list of the people who made those calls, or at least of the people who own the numbers. Call a movie theater for show times, and within a few days you may begin to receive junk mail and phone calls inviting you to join a video-of-the-month club. Call a bank or broker to check on interest rates and you may begin to receive cold calls from financial advisors. Call any sort of specialty shop (toy store, gun shop, pro shop -- even a fancy restaurant) and you're likely to find yourself on yet another marketing list. These lists are very big business. A multi-billion-dollar industry now collects and organizes personal information on ordinary people. The same com- pany that sells reverse directories will, for a price, augment the listing with estimates of family income (guaranteed 98% accurate to within $5,000), number of children, number of cars, favorite hobbies, etc. One of their sources of information is a CNID-like service that was offered to businesses with 1-800 and 1-900 numbers several years ago. (Your number is given away whenever you make an 800 or 900 call, and there's nothing you can do to prevent it.) The company representative to whom I spoke expects local CNID to increase his business substantially, but he understands the cost: he has switched to all-call restrict for his own phone. For those who want to eliminate nuisance phone calls, there are better alternatives than CNID. Many people have taken to leaving their answering machines on all the time. I have friends whose recording says "Please state your name and the person for whom you are calling. If no one picks up the phone right away, you may leave a message." Of course, they have to listen whenever the phone rings, but they'd have to go look at the number display if they had CNID. An option that saves you the trouble of even going to the phone when an unwanted call arrives can be purchased for $70 from local telephone stores (though not from the Rochester Telephone product center). It's a "call screening" box that plugs in between your phone and the wall, and that can be programmed with a special 4-digit "security code." Callers hear a recorded message that asks them to type in the code. If they get it wrong, your phone doesn't even ring. Friends who know the code can call you from anywhere. Hammacher Schlemmer sells a fancier version that remembers up to 300 different codes. If privacy were really the goal, telephone companies could easily provide the name of the owner of the calling number, rather than the number itself, in a CNID service. The name would be much more useful to residential customers than the number is, but would be much less useful to marketers, since names do not uniquely identify households. Equally easily, phone companies could pro- vide services that duplicate the functionality of call screening boxes. If they allowed callers to identify themselves, either by voice or by punched-in code, you would be in a far better position to decide whether you wanted to answer. Knowing that your call is from "Tom at work" is a lot more useful, from a privacy point of view, than knowing the number from which the call was placed. At the same time, this sort of personalized identification is useless for the collection of marketing lists. Privacy-enhancing alternatives to CNID have been proposed in testimony to the FCC and before public service commissions across the country. In every case, telephone companies have resisted the proposals, on the grounds that they do not adequately meet the needs of their marketing customers. Marketers are clearly hoping that most Rochester residents won't bother to opt out of CNID. I urge you to disappoint them: call the Rochester Telephone customer service number (777-1200) and request all-call restrict. Keeping your phone number private is easy and free. Michael L. Scott is an Associate Professor of Computer Science at the Univer- sity of Rochester and a member of Computer Professionals for Social Responsi- bility. The views expressed here are his own. ------------------------------ From: Craig Wagner Date: Thu, 14 Jan 1993 17:13:50 -0500 Subject: Radar Detector Prohib ER> [Moderator's Note: You're underlying assumption is that breaking ER> speed limits is dangerous. This is not necessarily true. While it's true that it's "not necessarily true," it's _not_ the case that a driver can _know_ that it's _not_ dangerous, and therefore shouldn't be doing it. He may see no other cars on the road, and the driving conditions may be perfect, but he has no way of knowing precisely the road conditions ahead of him, or whether or not there's a driver waiting to turn onto the road, and expecting any oncoming traffic for which he may be looking to be no further away than could be expected based upon the posted speed limit. ER> Your statement about burglar tools is incomplete. Most states have laws ER> that ban the possession and use of burglar tools. Since most burglar ER> tools also have legitimate purposes, that law is normally only used in ER> conjuction with actual burglaries... A couple of years ago, someone locked my keys in my car for me. The service station was across a BUSY intersection. Walking across the intersection took less than a minute (the time it took the light to change). The service person who helped me, though, had to drive through the intersection (which took _several_ minutes - much longer than it would have to have walked it and a couple of changes of lights) because he "needed to have his tow truck next to him if the cops found him with" the device he used to break into my car - and yes, he was wearing a uniform identifying himself as being from the service station across the street. I'm sure he could have explained his way out of it, but the potential hassle involved in being "caught" with the tools to break into the car was apparently sufficient that he prefered dealing with the obnoxious driving conditions (this was shopping center, on a Saturday, during the Christmas season), and the extra time they required. I suppose I understand, but it seems kind of unfortunate, really. ------------------------------ From: "T. Archer" Subject: Re: Radar Detector Prohib Organization: University of Tennessee Date: Thu, 14 Jan 1993 19:43:46 GMT Apparently-To: comp-society-privacy@uunet.uu.net In article Ed Ravin writes: >In article "T. Archer" writes:>> >>Whether or not speed kills is irrelivant. Radar detectors do not kill, and >>should not be regulated unless the present a danger to the public. Wanting >>to know where radar emitters are is not a crime. > >Who says radar detectors _don't_ "present a danger to the public"? If >you follow lawful speed limits you don't need them. This does not follow. Perhaps I believe that police radar causes cancer, and I want to know where speed traps are and avoid them. Perhaps I just want to know where the police are. >There are certain >items known as "burglar tools" that if the cops find on you, they will >assume that you are planning to commit burglary with them -- Um hmm... My roommate got busted on that one. A hammer and a roll of duct tape. He make SCA combat armor and carries it in his trunk. >what else >can you do with a radar detector besides using it to reassure that you >can break speed limits with impunity? I needn't answer that. You are assuming guilt and asking me to prove otherwise. That's not the way the law works, nor should it. If that is the case, I will assume that you intend to use your net interface to commit libel and have it confiscated. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= E-Mail to PA142548@utkvm1.utk.edu, mail to ARCHER at that address will bounce. "Don't blame me, I voted Libertarian." =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------ From: "david.g.lewis" Subject: Re: Radar Detector Prohib Organization: AT&T Date: Thu, 14 Jan 1993 20:26:20 GMT In article Ed Ravin writes: >In article "T. Archer" writes: >> >>Whether or not speed kills is irrelivant. Radar detectors do not kill, and >>should not be regulated unless the present a danger to the public. Wanting >>to know where radar emitters are is not a crime. > >Who says radar detectors _don't_ "present a danger to the public"? If >you follow lawful speed limits you don't need them. First of all, these two sentences are unrelated. Whether or not one "needs" something is unrelated to whether or not it presents a danger to the public. Your logic seems to be (a) exceeding the speed limit presents a danger to the public; (b) owning a radar detector causes one to exceed the speed limit; therefore (c) owning a radar detector presents a danger to the public. If you don't like the word "causes" in (b), replace (b) with its contrapositive, one who does not exceed the speed limit does not own a radar detector, and you end up with your second statement. Others have alread argued point (a); I'll stick with point (b). Saying that "if you follow lawful speed limits you don't need a radar detector" is not only showing ignorance of the limitations and use of speed radar, it's setting a dangerous precedent. It assumes that the only people who get issued tickets for exceeding the speed limit due to the use of radar are indeed exceeding the speed limit. This would require radar to be 100% accurate. Radar is not 100% accurate. Therefore, it is possible that one could be accused of exceeding the speed limit, due to radar, when one is not. If I am falsely accused of committing a crime, do I not have the right to know? This is like arguing for the repeal of the Fifth and Sixth Amendment, because they only apply to people who have been accused of crimes, and we don't want to coddle the criminals. It's like arguing that the government should be permitted to open your mail, eavesdrop on your telephone conversations, and bug your house without your knowledge and without probable cause - because, after all, if you haven't committed any crimes, what are you worried about? The information will only be used in prosecuting criminals, and if you haven't committed any crimes, you have nothing to hide, right? >There are certain >items known as "burglar tools" that if the cops find on you, they will >assume that you are planning to commit burglary with them -- what else >can you do with a radar detector besides using it to reassure that you >can break speed limits with impunity? You can use it to ensure that, if you are monitored by radar, you are fully aware of the circumstances and surroundings so that if you are falsely accused of breaking the speed limit, you are able to provide a defense. You can use it to be aware that there are police ahead, indicating that the traffic in front of you is likely to be slowing down to *below* the speed limit, because for some reason people seem to think it's better to slow down from (whatever speed the traffic is moving at) to (five miles an hour under the prevailing speed limit) when passing a police car. Or you can use it to tell when you're approaching a supermarket with an automatic door opener. After all, what business is it of the government's what I'm using it for? If I commit a crime, prosecute me for the crime. But don't prosecute me because I have a device which someone else may use in the commission of a crime. ------------------------------ From: "T. Archer" Subject: Re: Radar Detector Prohibitions Organization: University of Tennessee Date: Thu, 14 Jan 1993 19:39:57 GMT In article gtoal@pizzabox.demon.co.uk (Graham Toal) writes: >From: gtoal@pizzabox.demon.co.uk (Graham Toal) >Subject: Re: Radar Detector Prohibitions >Date: 9 Jan 93 19:11:22 GMT >In article Richard Pierson writes: >:There is also a product on the market from uniden that >:you plug your detector into and when is senses a radar >:detector shuts off your radar unit, a Detectors, detector, >:detector so to say (Just saw one in truckstops of america >:last wednesday for $90.00). > >This sounds like a con to me; how can you detect a radar-detector? Surely >they're passive devices? Also, why would anyone except the police want one? > >Or do we have one too many 'detectors' in the description abov I would have thought "detector detectors" to be impossible for the same reason, but I hear they are out there. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= E-Mail to PA142548@utkvm1.utk.edu, mail to ARCHER at that address will bounce. "Don't blame me, I voted Libertarian." =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------ From: acg@hermes.dlogics.com (Andrew C. Green) Subject: Re: Radar Detector Prohibitions Date: 16 Jan 93 21:47:52 CST Organization: Datalogics, Inc., Chicago, IL In article , Richard Pierson writes: > Went back and looked at it. What it is supposed to do is pick up the > signal from a "radar detector detector" {Read Revenue enhancers} and > shut yours off before the "radar detector detector" {Revenue Enhancers} > detects your radar detector and NO I WONT TYPE THAT AGAIN. Also Uniden > is a reputable company as far as I know, their detectors are theft > attractors (I've lost 2 so far before I hard wired front and rear remotes > into my truck). The range I do not know about as I don't know how the > radar detectors work, whether they are "Passive" or whether the operator > goes "Active" to get a "Reflection" back from the suspected radar detector. The Radar Detector Detectors (which we shall call RDDs from now on :-) operate on the fact that radar detectors emit some sort of detectable electronic leakage/signal while they're monitoring for speed traps. The RDDs simply pick up on that leakage, but as I am not an electronics expert, that's as much as I can describe. Car & Driver magazine had an explanation of the principle a while back when reviewing the latest crop of detectors, devoting a review category to how much detectable leakage was generated by each model. This would be of great interest to Connecticut readers, although I believe that Virginia has since rescinded their ban. Driver behavior is also a good giveaway for the cops -- they just zap a likely-looking car and see if the brake lights erupt. You might want to consult John de Armond's great treatise "Trolling for Taillights". Andrew C. Green Datalogics, Inc. Internet: acg@hermes.dlogics.com 441 W. Huron UUCP: ..!uunet!dlogics!acg Chicago, IL 60610 FAX: (312) 266-4473 ------------------------------ Date: Thu, 14 Jan 93 16:31:39 EST From: "Nicholas J. Simicich" Subject: SSN and new baby Reply-To: Nick Simicich Actually, perhaps the best thing you could do for the child would be to apply for a SSN for them. More than once so that they have several to choose from when they become an adult. Nick Simicich (NJS at WATSON, njs@watson.ibm.com) -SSI AOWI #3958, HSA #318, NAUI #14065 ------------------------------ From: Esther Lumsdon Subject: Re: SSN and new baby Organization: Verdix Corp Date: Thu, 14 Jan 1993 23:17:20 GMT Mike Brokowski writes: I suspect you're writing toungue-in-cheek, but I'll respond in case you're serious: >So what is the whole story here regarding how long the state will >stay out of the business of "registering" our kids before they >throw your butt in jail? I don't recall anyone being thrown in jail for not "registering" a kid. >It seems clear that a SSN is needed to claim a child as a dependant >(if s/he is over 1 year old), but, if you don't claim the child as a >dependant, does the state care? And what about this birth >certificate business? Isn't a child's existance cerification enough >of its birth? Is there some law forcing parents to tell the state >whenever a child is born? Do these "certificates" become part of a >publically accessable record? When was this policy enacted? I think "certificates of live birth" started to be required in the 1800s. A child's existence is not sufficient evidence of its birthdate when one needs to verify citizenship or age (when applying for a driver's license, or a passport, or registering to vote, or proving that a child is old enough to start kindergarten). In addition, the State thinks it has an interest in knowing the parentage of new citizens, to disallow incestuous marriages, and to track for child support, or to locate the grandparents of the child if the parents should die. I have read an anecdotal account of the difficulties of getting a passport for a U.K. citizen whose birth was unregistered. There was nothing about being thrown in jail, or breaking any laws in not registering the birth. Or, I could just say that it's all a conspiracy so that the Church of Latter Day Saints can amass the largest collection of genealogical data for free, from government sources. -- -- Esther Lumsdon, not speaking for Verdix. esther@verdix.com Q: How many user support people does it take to change a light bulb? A: We have an exact copy of the light bulb here and it seems to be working fine. Can you tell me what kind of system you have? ------------------------------ From: John McGing Subject: Re: SSN and new baby Date: 16 Jan 93 12:25:21 GMT Organization: Express Access Online Communications, Greenbelt MD USA Reply-To: jmcging@access.digex.com Mike Brokowski writes: >So what is the whole story here regarding how long the state will >stay out of the business of "registering" our kids before they >throw your butt in jail? >It seems clear that a SSN is needed to claim a child as a dependant >(if s/he is over 1 year old), but, if you don't claim the child as a >dependant, does the state care? And what about this birth >certificate business? Isn't a child's existance cerification enough >of its birth? Is there some law forcing parents to tell the state >whenever a child is born? Do these "certificates" become part of a >publically accessable record? When was this policy enacted? >So many questions... > > Just curious as always, > - Mike It seems government have been registering births of children at least since the Roman times (given the reason for the census at Christs' birth). But yes, birth, death, marriage, divorce records are public records, and have been for a long time now. It is deemed in the public interest to know who you are, who your parents are, how old you are, where you were born.... I think some of the eastern older states have BVS records going back into the early 1800's. Check with a geneological group if you want to get an idea of what data is recorded on people and available for review. -- ------------------------------------------------------------------ jmcging@oss724.ssa.gov or jmcging@access.digex.com SSA, your FICA tax people woodb!oss2cc!jmcging@soaf1 J.MCGING on GEnie 70142,1357 on Compuserve ------------------------------ From: Wm Randolph Franklin Subject: Re: SSN Organization: Rensselaer Polytechnic Institute, Troy, NY Date: Tue, 19 Jan 1993 01:19:56 GMT In article on 8 Jan 93 00:11:56 EST (Fri), "John R. Levine" writes: > > An SSN, once issued, is ours to keep. It never changes. The SSN is > >truly the "universal identifier." > > I have read that due to 45 years of clerical errors there are over four > million people who have either more than one SSN or use an SSN also used > by someone else. It is a gross oversimplification to claim that the SSN is > unique. Apparently one can get a new SSN if, e.g., the old one has problems because a thief is widely using it. > Also note that the only two data banks > legitimately indexed by SSN, those kept by the SSA and IRS are legally > off limits to prospective employers, whether or not they have an SSN. A few years ago, the SSA was reported to be verifying (SSN, name)s for the credit agencies. They say that they don't do it any more. In article on Wed, 13 Jan 1993 00:06:18 GMT, Mike Brokowski writes: > Is there some law forcing parents to tell the state > whenever a child is born? Do these "certificates" become part of a > publically accessable record? When was this policy enacted? 1. Yes, I believe. Also deaths are to be reported. 2. Yes, altho it's getting harder since people use this info to construct new identities. 3. In the last century, at least in the UK. -- --------------------- Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261 ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA ------------------------------ End of Computer Privacy Digest V2 #008 ******************************