Date: Sun, 02 Jan 94 08:45:19 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#012 Computer Privacy Digest Sun, 02 Jan 94 Volume 4 : Issue: 012 Today's Topics: Moderator: Leonard P. Levine Privacy with Credit Card Transactions Re: Driver Protection Act Ludwig's book on viruses forbid in France CBC Newsworld Documentary - US Communication Interception The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Justin Fidler Date: Sun, 26 Dec 1993 18:31:46 -0500 (EST) Subject: Privacy with Credit Card Transactions There was an interesting article in the Washington Post on 26 December 1993 by Jane Bryant Quinn that discusses what information a consumer making a credit card purchase must provide. Excerpts below: >[...] They must check your signature and the card-- electronically or by telephone-- to be sure it's valid. Once an answer comes up yes, they can go ahead and charge. >They can't ask you for any further identification-- not a license plate number, Social Security number, proof of address, phone number nor picture ID. >Your personal ID isn't needed, because Visa, MasterCard and American Express guarantee payment on cards that have been properly checked. If [...] The article then goes on to detail the problem one consumer had at a gas station where the gas station employees insisted on writing down his license plate number. It then lists the conditions under which a merchant may ask for ID: >The card holder's signature on the back of the card is the only ID necessary-- even if the merchant has some reason to be suspicious. [...] You can be asked for identification only if you proffer a card that isn't signed on the back (and how often I have forgotten to sign a new card when it comes in the mail!). Then, the merchant can ask for identification and require you to sign the card immediately. The article then states that some companies, like MasterCard, will come down hard on offending merchants, to the point of assessing them with a fine of as much as $2,000. The article goes on to mention that in the case of Visa and MasterCard, there is no minimum purchase amount required for a consumer to use a card. American Express DOES allow for a purchase minimum, provided the merchant extends it to all other cards being accepted at that store (so if a merchant accepts Visa or MC as well, there can be no AmEx minimum, because no minimum can be placed on Visa or MC). >[...] A merchant can ask for your address when you order by telephone, however. There it's used to authorize the card, absent a signature. The privacy issues here? Lots of them. I have made numerous credit card purchases where the merchant has asked for a driver's license or some other type of identification. It appears the best revenge is not to argue at the store if the merchant is insistent, but rather to notify the credit card company, who will really come down hard on the merchant. The credit cards mentioned in this article with the policies I've listed above are Visa, American Express, and MasterCard. The Discover card does allow the merchant to ask for ID and to set a minimum purchase limit (maybe this is why so many merchants were eager to accept the Discover card?). The article ends with a list of contacts if you have had problems with merchants, I've listed them below. >[...] MASTERCARD: Send the name and address of the store, and an account of what happened, to MasterCard International, c/o Radio City Station, P.O. Box 1288, New York, NY 10101. >VISA: To report a merchant, send a letter to the bank that issued your Visa card. >AMERICAN EXPRESS: If a merchant does anything to hinder your use of an American Express card-- such as requesting identification or asking for a Visa or MasterCard even though the American Express logo is in the window-- report the incident to American Express at 1-800-YES-CARD. ------------------------------ From: geoff@ficus.CS.UCLA.EDU (Geoff Kuenning) Date: Mon, 27 Dec 93 20:58:40 GMT Subject: Re: Driver Protection Act Organization: UCLA, Computer Science Department > "(7) For use in marketing activities, if the motor vehicle > department- ... > "(C) has received assurances that each entity that This is a loophole big enough to drive the Space Shuttle (with boosters) through. Note that there are no penalties specified for people who buy the list under false "assurances" and then misbehave. "Oh sure, Mr. Bureaucrat, I'm not going to misuse this list. BTW, can you tell me where the nearest gun shop is? Let's see...Sanders...Saldana. Aha, here she is!" (For those who don't know, Theresa Saldana is an actress who was viciously attacked by a person who stalked her.) I'd be a *lot* happier with this bill if it prohibited selling lists entirely. Otherwise it's a toothless sham. Why does the DMV need to sell my name, anyway? I can't believe it's going to be making a significant amount of money. I doubt that mailing lists are worth a lot more than the per-name postage; even if we assume $1.00 per name, that wouldn't even pay for my fancy new ha-ha-forgery-proof license with the hologram and mag stripe. -- Geoff Kuenning geoff@ficus.cs.ucla.edu geoff@ITcorp.com ------------------------------ From: cccf Date: Wed, 29 Dec 93 7:00:31 EST Subject: Ludwig's book on viruses forbid in France Translated in French language by Jean-Bernard Condat, Mark A. Ludwig's book "The Little Black Book of Computer Viruses" is actually available in all bookstores for 198 FF. The editor of this event is Addison-Wesley France (41 rue de Turbigo, 75003 paris, France; Phone: +33 1 48879797, Fax: +33 1 48879799). Yesterday, Addison-Wesley France receive a legal pursuit to stop the diffusion of all issues of "Naissance d'un Virus" immediately. The judgement will be definitive on Dec. 30th at 11:00 at the Tribunal de Grande Instance in Paris. Followed the increadible text, piece of humor :-) [I have chosen to remove the remainder of this posting. It was the legal judgement in French and had signinficant parts lost in transmission. MODERATOR] ------------------------------ From: ua602@freenet.victoria.bc.ca (Kelly Bert Manning) Date: Thu, 30 Dec 93 00:43:22 PST Subject: CBC Newsworld Documentary - US Communication Interception This aired Dec 28 on the broadcast CBC network and will be repeated at 18:00 Pacific Time Sun/Jan/2 and 01:00 PST Mon/Jan/3 on the CBC Newsworld satellite/ cable channel. "Satellite Entertainment Guide" lists this as KU-band channel 31 on the Anik E1 satellite, located at 111 degrees west. This particular story takes up the last half hour of the hour long show. The bulk of the article dealt with the "Menwith Hill" listening station in southern England and left me with the impression that the US intercepts all satellite transmissions it can on a regular basis, both voice and data. The long range shots showed a very large area covered with scores of weather domes concealing scores of large and small antennas. At one point it showed a speaker identified as "Abdeen Jebarah" (phonetic spelling) who was described as a US civil rights lawyer who was said to have won a unique case against the NSA forcing it to admit to intercepting his foreign communications. The show gave the impression that many other individuals are being targeted by having key words and names included in computerized "watch lists". Apparently it is perfectly legal for the US to intercept these communications outside the US, even if they originate in the US from US citizens or companies, without specific authorization from a court. A man identified as "Stansfield Turner" (phonetic spelling) and said to be a former director of the CIA(circa 1979) described how he had gotten the CIA involved in the business of economic warfare after hearing a station chief describe how he had not forwarded intercepted bids from three foreign companies to the single US company bidding on a "major contract" because there was "no policy" about this. Mr. Turner said that he was "not impressed" by this and arranged for a new "Office of Intelligence Liason" organization to be set up inside the US Dept. of Commerce which is known to pass along information from stations like Menwith Hill as a way of "lending a hand" to US companies facing international competition. This leaves me with the impression that US spy agencies would quickly find themselves with a full set of Skipjack/Clipper keys for use outside the US without specific authorization if the proposals were ever implemented. These keys would be used to routinely monitor any communciations that could be intercepted. If all of this is true it seems like it would hasten the move towards satellites becoming a specialized service for broadcasting to multiple receivers at once time, rather than being a reliable secure form of point to point communication. The only error I could spot in the broadcast was a claim that "all" overseas traffic goes by satellite. I have the impression that the satellite belt is already saturated and losing out in favor of fiber optic land lines for point to point service where fiber access is readily available. At one point the journalists set up a small domestic satellite dish outside the fence at Menwith Hill and used a total of $3,000 of consumer satellite electronics to monitor phone conversations, broadcasting an audio sequence in which a female voice instructed "dear" about closing out a bank account before travelling to join her. This illustrates that satellite communication without secure encryption is really open to interception by anyone. Private individuals or companies may not have the resources(or the voice recognition and AI technology) to match Menwith Hill, let alone build a worldwide network of such listening posts, but they may be able to target specific communications if they have enough information to narrow down the satellite and the band. The article also showed documents obtained by a group of local residents who oppose the presence of Menwith Hill and who routinely climb over the fence and go whereever they can inside to gather as much "intelligence" as they can about the activities and what is going on. One retired physicist said that she had been over the fence at least 500 times and had stopped counting long ago. Apparently they do not break any British laws, even the trespassing law, as long as they leave at once whenever they are found by the guards. The 30 minute show included several minutes of footage of people climbing over the fence, and guards walking by a few feet away in the winter darkness and later finding them inside a building and ordering them off the station. The physicist also pointed out the electronic monitors that seemed quite ineffective at alterting the guards to people who simply climbed over the fences instead of trying to dig under them or cut through them. ------------------------------ From: Lane Lenard <72621.2241@CompuServe.COM> Date: 01 Jan 94 17:50:36 EST Subject: Interested in Privacy experiences I am working on a book on privacy issues, especially as they relate to electronic communications and abuse of personal information in databases. If you have had any personal experiences in these areas or have knowledge of such experiences by others, including various forms of eavesdropping, prying by government or private agencies, etc, I'd be interested in hearing them. Please contact me via e-mail or leave a message on the forum. Thanks for your help. Virtually yours, Lane Lenard ------------------------------ End of Computer Privacy Digest V4 #012 ****************************** .