Date: Tue, 23 Mar 93 16:52:49 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#027 Computer Privacy Digest Tue, 23 Mar 93 Volume 2 : Issue: 027 Today's Topics: Moderator: Dennis G. Rears : Social Security Numbers as ID Re: Computer Privacy Digest V2#026 police asking arrestees for SSN (was: Social Security Numbers as ID) Re: Digitizing signatures for credit card purchases Re: Dorothy Dennings article in Comm. of ACM Prof. D. Denning's trust in the FBI The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: news@saifr00.cfsat.honeywell.com Subject: : Social Security Numbers as ID Organization: Honeywell Air Transport Systems Division Date: Fri, 19 Mar 93 03:01:37 GMT In article 4@pica.army.mil, Matthew B Cravit () writes: >I was discussing a recent bunch of bicycle and computer thefts here at Michigan >State University with one of the campus police officers, and in the course of >our discussion, I asked what he suggested one do by way of identifying >property. I asked if it was advisable to put a SSN on the bottom of my computer >by way of identification, as the police in Toronto (Canada) where I used to >live suggested using your SIN (Canadian equivalent to an SSN) for >identification of property. He said that quite apart from the fact that this >is not a good idea from a privacy standpoint (I already knew that), putting a >SSN on articles for identification was quite useless because he said that the >Social Security Administration will NOT release the name belonging to a >particular SSN to any local or state law enforcement agency FOR ANY REASON >UNDER ANY CIRCUMSTANCES. Is this assertion of his correct? > >[Moderator's Note: This is true. The few law enforcement agencies I >have dealt with have always recommended to use you driver license number. >Of course this was before states starting using a SSN as a driver license >number. ._dennis ] >/Matthew Cravit, Undergraduate Communications/Computer Science Student > Michigan State University, East Lansing, Michigan > Internet: cravitma@studentc.msu.edu OR cravitm@clvax1.cl.msu.edu The US Social Security Administration has the folowing program (at least, they had it 2 years ago): If you have someone's SSN and want to send them a letter, you can put it in a stamped envelope and send it in another envelope, to the Social Security Administration, requesting that it be send to that person. They forward it to that person (or try to, anyway). They don't acknowledge the forwarding, and of course you don't get that person's address from the Social Security Admin., but that person has the choice of writing back to you. ---------------------------------------------------------------------------- S. Rathinam rathinam@saifr00.cfsat.honeywell.com opinions, if any expressed, are mine and not my employer's ---------------------------------------------------------------------------- ------------------------------ Date: Fri, 19 Mar 93 10:51:41 PST From: Mark Bell Subject: Re: Computer Privacy Digest V2#026 [Moderator's Note: Does anyone have the text of USC Title 5, Section 552a? ._dennis ] Here's the part that has the fines: Section 552a(i)(2) Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5000. Near as I can tell, the notice requirements referred to above means that agents of the state cannot construct recordkeeping edifices without due process. There was a court case cited where a fellow said he would not furnish his SSN on a voucher to receive a refund of some motor vehicle fees. He would prevail if the state DMV SSN requirement had NOT been in existence before 1974. There was another court case cited where Aid to Families with Dependent Children was denied because the applicant failed to obtain and disclose SSN's for the children. This was held NOT to violate 552a. After reading some of this stuff, I can see why there are lawyers. What happens is, you read the law and it seems clear enough. Then you read the notes that say what Congress' intention was and that seems OK too. Then you sort of glance a few pages later and see what the exceptions are, and they turn out to be bigger than the core law. Stuff is grandfathered in, the CIA is excepted, there are exemptions for "routine use" and it sort of goes on and on. But the bottom line emerges if you have the right kind of lawbook. You want to read what the court cases have been based on the law. These descriptions are succinct and state the outcome clearly. Your mileage may vary. Mark Bell Applications Engineer, IDE Los Angeles bell@ide.com ------------------------------ From: Jonathan Thornburg Subject: police asking arrestees for SSN (was: Social Security Numbers as ID) Organization: U of Texas at Austin / Physics Dept / Center for Relativity Date: Sat, 20 Mar 93 07:34:30 GMT In article Wm Randolph Franklin writes: | [...] in some (most?) places, the police want an | SSN when they arrest you. There was a local case a few years back, | where someone was charged with, approx, obstruction of governmental | administration for refusing. He beat that charge, but it probably took | some work. Gee, I wonder what happens if you don't have an SSN? Not everyone arrested by American police is an American, certainly most foreign tourists won't have SSNs... Or alternatively, what if you have one but don't know it and don't have the card with you? - Jonathan Thornburg or [until 31/Aug/93] U of Texas at Austin / Physics Dept / Center for Relativity and [until ~Apr/93] U of British Columbia / {Astronomy,Physics} ------------------------------ From: "richard.b.dell" Subject: Re: Digitizing signatures for credit card purchases Organization: AT&T Date: Sat, 20 Mar 1993 18:51:36 GMT In article Dan Hartung writes: >wicklund@intellistor.com (Tom Wicklund) writes: >> >>Many stores are going to non-computerized forms of this -- they print >>you a receipt, then print a second receipt which you sign and they >>keep. You don't have a receipt with your signature. >> >>Since I doubt the store physically sends the signed receipt to the >>bank, your bank also doesn't have a signed receipt unless they get it >>from the store, which will have a hard time finding a particular >>receipt out of the hundreds for a certain day. > Sometime ago I had occasion, I believe for warranty purposes, to get a copy of the original receipt from Sears. They had absolutely no trouble retrieving it and mailing me a copy within a week. ------------------------------ Date: Sat, 20 Mar 1993 17:05:48 -0500 (EST) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: Re: Dorothy Dennings article in Comm. of ACM In Computer Privacy Digest V2 #026 "Prof. L. P. Levine" writes: >Michael T. Palmer writes: > >As an aside, watch the use of the term "suspect". Police use the term >far too widely, blurring the term "suspect" with what should be called >"perpetrator". For example, in a recent event on this campus the >police reported that "the suspect was seen running down the hall >carrying the stolen object" or some such comment. That is not true. >The perpetrator of the crime was seen. Later, when someone was >arrested that person should be called a suspect. When convicted, he >or she is a convicted criminal. The Suffolk County, NY, Police Departement uses the "perp", suspect, criminal concept correctly. My son was the victim of an Attempted Robbery in the 2nd degree last December and the dectective in charge of the case used the terms in their correct order. At first, it was the perpetrators and after the arrests were made, they became the suspects. One is now a criminal due to going into probation because of age and the other one is awaiting trial after which he will become a criminal along with the other one with the difference being my insistance of higher charges for the "perp" than the accomplice. The police as far as I'm concerned were very helpful and kind to us. No one wants anything to happen to their kids and they helped us get over a bad situation rather well. Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ From: Carl Ellison Subject: Prof. D. Denning's trust in the FBI Date: 23 Mar 1993 21:31:52 GMT Organization: Stratus Computer, Software Engineering It's been pointed out several times that Dorothy Denning has an apparent trust in the FBI not shared by many of us (or many people who remember Watergate). In her CACM articles (March 1993), she notes: p.42 (right top): "none of the commentators has identified a single act of wiretapping abuse occurring under the current wiretapping statutes, which date back to 1968...." Watergate occurred since 1968. Nixon's enemy list was since 1968. Granted, this wasn't necessarily FBI behavior and may not have been related to the statutes. So, the argument might run that the FBI is pure and therefore this new authority should be given to them. However, in her main article, she notes: p.29 (middle, top): "Since the FBI conducts fewer than one-third of all intercepts, the total benefits derived from electronic surveillance by all law enforcement agencies is considerably higher." So, apparently, just giving the FBI permission to tap isn't good enough to justify the legislation. This applies to state and local law enforcement also. They're just as pure and uncorruptable as the FBI? They might be. We see the local LE abuses first hand. We see FBI abuses through J. Edgar's lingering PR campaign (eg., the TV series) so the FBI looks pure to us. Frankly I'm glad that P.28 (middle middle): "The [Bush] administration, the Department of Justice, and the FBI are all strong advocates for security in telecommunications networks." I hope the Clinton administration is at least as strong an advocate for security in telecommunications. My approach is to use the strongest encryption I can concoct, based on what I know and what's available to me in order to ensure my communications security. -- - <> - Carl Ellison cme@sw.stratus.com - Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 ------------------------------ End of Computer Privacy Digest V2 #027 ******************************