Date: Thu, 18 Mar 93 17:23:02 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#026 Computer Privacy Digest Thu, 18 Mar 93 Volume 2 : Issue: 026 Today's Topics: Moderator: Dennis G. Rears Yet another White House address Re: Employee Monitoring Systems Re: Dorothy Denning's article in Comm. of ACM Re: What is passwording? [ac388@freenet.hsc.colorado.edu (Jack Decker): Use of Medical Clearing House] Re: Social Security Numbers as ID The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Wed, 17 Mar 1993 12:17:50 -0500 (EST) From: TDARCOS@mcimail.com Subject: Yet another White House address MCI Mail announced yet another E-Mail address for messages to be sent to the White House. It stated in the note that messages sent to the address would be sent as paper mail to the White House via the USPS, rather than as E-Mail. The implication, since the usual charge for individual messages is 50c for the first 500 characters, that this could conceivably be something that the White House is paying for, since MCI Mail permits "autoforwarding" of a message sent to a mailbox to be sent to a fax number, another E-Mail address or a Paper Mail address. If MCI is doing this to encourage MCI Mail subscribers to send messages, then messages from users on Internet will almost certainly either bounce or not be sent. I encourage people on Internet to try sending a message to the address supplied by MCI Mail for messages to the White House to see what happens. I guess that's all I need to say. OH YES! You need the E-Mail address, don't you? :) 0005895485@MCIMAIL.COM --- Paul Robinson -- TDARCOS@MCIMAIL.COM ------------------------------ Subject: Re: Employee Monitoring Systems Date: Wed, 17 Mar 93 09:53:57 EST From: Bill Hefley Ellen Wentz writes that she is "currently doing research on the impacts of computer-based monitoring systems on employee behavior," and invites comments. I'd recommend a rather extensive report on the subject that should be available through libraries, especially government repository libraries. It is now out of print at the Government Printing Office. Title The Electronic Supervisor : new technology, new tensions. Organization United States. Congress. Office of Technology Assessment. Publisher Washington, D.C. : Congress of the United States, Office of Technology Assessment, [1987] Description book vii, 141 p. : ill. ; 26 cm. Subjects Supervision of employees - Data processing. Privacy, Right of - United States. Quality of work life - United States. Notes Includes bibliographical references. Date 1987 Language english Standard No. $6.50 Sudoc Y 3.T 22/2:2 El 2/7 OCLC No. 16869147 ------------------------------ From: "Prof. L. P. Levine" Subject: Re: Dorothy Denning's article in Comm. of ACM Date: Wed, 17 Mar 93 10:29:08 CDT Phones: (414) 229-5170 office; 962-4719 home; 229-6958 fax Michael T. Palmer writes: >Well! Maybe it's just me, but I thought wiretapping was used against >SUSPECTS that MAY have committed a crime. Hmmm. Now we really open >that can of worms, don't we? Because this means that private citizens >who MAY or MAY NOT have committed a crime (and all the people who talk As an aside, watch the use of the term "suspect". Police use the term far too widely, blurring the term "suspect" with what should be called "perpetrator". For example, in a recent event on this campus the police reported that "the suspect was seen running down the hall carrying the stolen object" or some such comment. That is not true. The perpetrator of the crime was seen. Later, when someone was arrested that person should be called a suspect. When convicted, he or she is a convicted criminal. This is not a trivial difference. It took a long time to get the police and the authorities to understand that they do not catch criminals, they catch suspects. The courts then determine if the suspect is a criminal. Now we see them blurring the line again, being unable (or more likely unwilling) to see the difference between who actually did it (the perp) and who they have taken into custody (the suspect). + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | Leonard P. Levine e-mail levine@cs.uwm.edu | | Professor, Computer Science Office (414) 229-5170 | | University of Wisconsin-Milwaukee Home (414) 962-4719 | | Milwaukee, WI 53201 U.S.A. FAX (414) 229-6958 | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ------------------------------ Organization: Penn State University Date: Wed, 17 Mar 1993 16:17:44 EST From: "Peter M. Weiss" Subject: Re: What is passwording? In article , "Michael A. Vitale" says: >[Moderator's Note: It's calling up all your accounts and telling the >person you want to 'password' you account. After your account is >passworded no information can be given out unless the requestor knows the >password. ._dennis ] How is the "bad guy" prevented from spoofing you, _before_ your account is passworded, requesting that your account now be passworded -- locking out the legitimate owner? /P [Moderator's Note: I password my accounts when I open them up. You might say I am a frequent mover :-). If somebody has passworded you account you can write them or see them in person. ._dennis ] ------------------------------ Date: Wed, 17 Mar 93 15:12:57 PST From: RISKS Forum Subject: [ac388@freenet.hsc.colorado.edu (Jack Decker): Use of Medical Clearing House] Use this if you wish. It seems less appropriate for RISKS. --------------- Received: from [35.214.1.1] by csla.csl.sri.com with SMTP id AA20093 (5.65b/IDA-1.4.3.12 for risks); Wed, 10 Mar 93 07:02:36 -0800 Date: Wed, 10 Mar 93 09:30:43 EST Message-Id: <265@freenet.hsc.colorado.edu> From: ac388@freenet.hsc.colorado.edu (Jack Decker) To: risks@csl.sri.com Subject: Use of Medical Clearing House Lines: 43 X-Mailer: PCElm 3.01 [Moderator's Note: This was forwarded to me from Peter Neumann, moderator of the Risks Digest. ._dennis ] The following message first appeared in a Fidonet conference called ADAJOBS (I got it via the EMPLOYMENT conference on BIZynet, a Fidonet-technology business-oriented network). The risks of the use of such a database as the one described below should be obvious (how does one know if they were denied employment because of information contained in this database? For that matter, how does one even know if the information contained in the database is accurate?). Any replies should probably go to the original author (Herbert Mansmann at Fidonet address 1:273/201, which is herbert.mansmann@f201.n273.z1.fidonet.org in Internet notation): ===================================================================== * Forwarded by Chris Gunn (1:202/1008) * Area : ADAJOBS (ADAnet - Job Hunting When Disabled) * From : Herbert Mansmann, 1:273/201 (08 Mar 93 10:55) * To : All * Subj : USE OF MEDICAL CLEARING HOUSE ===================================================================== I have been told by several personnel recruiters that something known as the Medical Clearing House exists for companies or other employers to check on person's medical expenses before hiring them, similar to a credit check. This information is kept in regional databases and is accessible over the phone to high level employee relations personnel at major corporations only. Supposedly it is illegal to release this information to unauthorized users, but it is being done routinely for high medical expense individuals since the penalties are few, the savings can be substantial, and the enforcement of the laws against this are lax. Our daughter has Cystic Fibrosis which has very high medical costs associated over many years. We believe this information and information about other medical conditions that do not interfere with someone's ability to work is being sold to avoid medical costs. Since over two thirds of the employers now self-insure instead of utilizing a real insurance company, they are motivated to eliminate these costs. If you have any information about this practice, please respond on E-mail or anonymously to Herbert Mansmann, 224 Swedesford Rd., Malvern, PA 19355. It is important to get this subject out in the open and to include it in healthcare reform. Thanks. Feel free to call (215)647-3698. --- TMail v1.31.3 * Origin: U.S. Telematics, Yardley PA (215)493-5242 (1:273/201) Jack Decker | Internet: ac388@freenet.hsc.colorado.edu Fidonet: 1:154/8 or jack.decker@f8.n154.z1.fidonet.org Note: Mail to the Fidonet address has been known to bounce. :-( ------------------------------ From: news@cbnewsh.att.com Date: Thu, 18 Mar 93 21:13:49 GMT Subject: Re: Social Security Numbers as ID In article Wm Randolph Franklin writes: That's interesting, because in some (most?) places, the police want an SSN when they arrest you. There was a local case a few years back, where someone was charged with, approx, obstruction of governmental administration for refusing. He beat that charge, but it probably took some work. A few years ago I was arrested for photographing some cops (technically the charge was "interference with an officer", but ...) and during the booking process they asked for my SSN, which I refused. They told me I had to give them the number, I said I'd like to see the law, they said "I'll bet you *would*", I said I'd like to see my lawyer, they said I couldn't see my lawyer, I said they'd already read me my Miranda rights and now they were trying to violate them, they said, ok I could see my lawyer *after* they finished booking me, but that they wouldn't be finished booking me until they had my SSN. I said I wanted to see my lawyer *now* and he *was* out in the hall, since he'd been at the events that led me to photograph the miscreants. After a few conversations between the cop and the sergeant out in the hall, we arrived at the truth of the matter, which was along the lines of "This isn't a threat, it's just a choice you can make", and that if I wanted to remain silent I could do so at the county jail, under somewhat more severe charges than I was currently charged with, and that since I was scheduled to leave on vacation the next day and bail for additional bogus charges was more than a cash machine could cough up in one night, and wasn't it a shame that it was Saturday night and the judge wouldn't be in until Monday to do habeas corpus. Since I know a threat as well as the next guy, I chickened out. Well, it took about 9 months before we got a trial scheduled so they could dismiss all the bogus charges in return for me not suing them for false arrest, and by the time I'd gotten sufficiently non-disgusted to look up the Privacy Act of 1974 and all the nifty parts about $5000 fines for individual government employees who violate it, the 2-year statute of limitations had expired. However, if this happens to you, or if it happens to me again, you can point out to the nice police officers that the fines in US Code, Title 5, Section 552a apply to them *personally* and not merely to their town government, and you can read the gory details making it hard to enforce that afterwards. [Moderator's Note: Does anyone have the text of USC Title 5, Section 552a? ._dennis ] -- # Pray for peace; Bill # Bill Stewart 1-908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ # Disclaimer available by finger (if you can get through our firewall :-) ------------------------------ End of Computer Privacy Digest V2 #026 ******************************