Date: Thu, 06 Jan 94 08:58:03 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#014 Computer Privacy Digest Thu, 06 Jan 94 Volume 4 : Issue: 014 Today's Topics: Moderator: Leonard P. Levine Phone company selling forwarding addresses. Autoland Credit Scam RE: Horror Stories Meeting with Gore and Brown Access to privacy information Postal Privacy Re: Maryland to introduce high-tech drivers' license Re: CBC Newsworld Documentary - US Communication Interception The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Dave Ptasnik Date: Tue, 4 Jan 1994 09:59:03 -0800 (PST) Subject: Phone company selling forwarding addresses. This comes as no great surprise to me, but was a little irritating. About four months ago my mother-in-law moved in with us (believe it or not this is not the irritating part) in Seattle. Before she moved, we had her name listed in the local phone directory (Lincoln, IL) as Del Murphy, short for Delores Murphy. We figured that this masculine contraction of her name would discourage prank callers and other miscreants who pick on ladies names in the phone book. The phone company (GTE what a surprise) was the only place she used this contraction. When she moved in with us, we decided to give GTE our business PO box as a forwarding address. It seemed safer to us than giving our home address. (We are paranoid about break ins. Telling someone in Lincoln that we were moving a household to Seattle implies that the household in Seattle is vacant at that moment. Using the PO box would not allow Normal low lifes to call Seattle burglers for a quick raid on our place.) Sure enough, we are getting mail bombed by insurance agencies, siding sales reps, etc, looking for Del Murphy at the PO Box address (Welcome to town...). The only way they could have gotten that name/place combination would have been if GTE had sold it. At least we recycle. All of the above is nothing more than the personal opinion of - Dave Ptasnik davep@u.washington.edu ------------------------------ From: szabo@netcom.com (Nick Szabo) Date: Thu, 23 Dec 1993 16:04:09 -0800 Subject: Autoland Credit Scam Forwarded from Usenet: Early this month, Secret Service agents descended upon Autoland, a large auto dealership in Springfield New Jersey, and arrested 15 salesman who had been ilegally accessing thousands of credit histories on the dealership's computers. Credit information, including credit lines, account numbers, and balances were distributed to accomplices of these salesmen and used to fraudulently obtain home-equity loans, cash advances, and merchandise worth well over US$300,000. Wary consumers and an unusually conscientious manager at Autoland cooperated to bring these theives to the attention of the Secret Service. Individuals in Alaska and Washington State called Autoland to question credit report requests they noticed on their credit reports. (My guess is that these people subscribed to one of those pay-for-our-secret-info-about-you extortion services like TRW's CreditWatch). The manager at Autoland, instead of quietly dismissing the offending employees and upgrading security procedures, notified Springfield police who in turn notified the Secret Service. The Secret Service came in and set up video cameras surveilling one of the many computer terminals at the dealer. They also installed a software system to monitor which salesmen inquired about which individuals. Currently the SS is supposedly notifying every person living outside of NY and NJ whose credit history was accessed by Autoland. Interestingly enough, an Autoland credit inquiry appeared on my recent TRW report which I requested after I found out that someone, who knew my social security number, mother's maiden name, and other intimate details of my personal and financial life. I had not lost my wallet or been robbed in several years and so could not figure out what was going on. I'm a graduate student and my wife is a low-paid professional, so I couldn't think of anything about us that would warrant such extravagant attention by a thief. On my second round of frantic phone calls to all of my credit card issuers, after finding out that people were changing my address, asking for PIN's and new cards, one of the larger Visa/MC providers called me back and told me that my case sounded a lot like an "Autoland" case. She explained to me some of what I explained above (mostly, it comes from the NY Times, 12/9/93, p. A18). Since then, I have had to redirect several card issuers to change my address back to the original, to replace missent invoices, to wave late fees and interest charges, etc. The only loss I know of resulting from these people's work is one charge for about $800.00 in a New York area clothing store. Yet they have messed with at least 6 of my cards and applied for at least four more. I have been reassured by the card issuers that I am not responsible for fraudulent charges. Despite the lack of financial impact, this experience has been chilling. It underscores the extortionist nature of the entire credit/banking/financial establishment in this country. In order to use a credit card in our society, (or to carry a student loan, a mortgage, or to use any other source of credit), one must display sensitive information for ANY merchant or enterprising thief to peruse. Why the hell are the account numbers of my credit cards on a report that details my creditworthiness and goes out to anyone who wants to pay TRW, TransUnion, or Equifax the small fee? How can anyone prevent such things from happening again except to cancel one's cards and go to a paper cash only economy? Should I then go to the 7-11 every month with a few hundred dollars in cash to buy money orders to send to my landlord and the utility companies? Even this wouldn't prevent others from impersonating me and applying for new cards. The only way I can think of to alleviate the current tyranny of the TRWs is to develop the digital tools that will allow the individual to protect his identity and his property. If I had digital cash or credit that required TRULY SECRET passwords (known ONLY to me) to use, then impersonation would cease to be a worry. Ultimately, I would like anonymity in my financial transactions as well. Why should any hacker with a modem be able to track my financial dealings? In the meantime, I see no alternative but to pay one of these monster extortion machines the $15.00 or so per year to get a list of everyone who accesses my credit report and then call each inquirer and tell them to cut it out. Do they have to listen? I don't think so... David M. Berman ------------------------------ From: Robert Ellis Smith <0005101719@mcimail.com> Date: Tue, 4 Jan 94 16:45 EST Subject: RE: Horror Stories Lane Leonard on Jan 2 asked about sources of personal experiences, or privacy "horror stories." PRIVACY JOURNAL newsletter publishes such a compilation, called "WAR STORIES." The book describes more than 500 verified instances of privacy invasions, alon g with the source of the story. The accounts are categorized by Employment, Credit, Electronic Communications, Drug Testing, etc. The price is $17.50, from PRIVACY JOURNAL, PO Box 28577, Providence RI 02908. You may order by credit card, by phone, 401/ 274-7861, or by e-mail, rsmith, MCI Mail 510-1719. There is a 20 percent discount on all our publications for people who mention Computer Privacy Digest. Robert Ellis Smith, Publisher, Privacy Journal ------------------------------ From: Marc Rotenberg Date: Tue, 4 Jan 1994 15:00:56 -0800 Subject: Meeting with Gore and Brown Meeting with Gore and Brown We just received an invitation to meet tomorrow with Vice President Gore and Secretary Brown at the Old Executive Office Building to discuss the NII. There will be about 20 industry CEOs and a couple of public interest people. I am bringing copies of the CPSR NII report and the most recent CPSR Newsletter. ------------------------------ From: Christian ALT Date: Thu, 6 Jan 1994 09:38:31 +0100 Subject: Access to privacy information Organization: University of Geneva, Switzerland Hi flk, I read in a french magazine called "Actuel", that in the US any body could request information on anybody at certain center. That is to say that all information available on a person could be accessed through the net or requested. The information can be details on the person like birthday, insurances, incomes, credits, taxes ... This seems to me incredible, to know that a service exists where I can request information on any of you. I would like to if this is true and then how to access it. I want to know what you think about violation of your privacy. We had enormous debat in Germany about the simple fact that with ISDN you could know in advance who is calling you. So it seems to me terrible debat in perspective if we want to allow such a general service in Europe. All feedbacks are appreciated Christian ALT ------------------------------ From: "Prof. L. P. Levine" Date: Wed, 5 Jan 1994 11:22:15 -0600 (CST) Subject: Postal Privacy According to an AP story quoted in the Milwaukee Sentinel (1/5/94), the Post Office is changing the mail forwarding system to help protect people who are under court protection, such as battered women. Presently, for $3, a person can go to the post office of someone who has moved and obtain that person's new address. By sometime in the spring changes in the rules will permit forwarding of mail, but not address correction services for protected people. Postmaster General Marvin Runyon is asking for comments and suggestions from the public. He stated that the changes will require new computer programs which would take up to 6 months to implement. [This story was a part of the story about the postal rate change and might not have been headlined. My personal comments follow.] Not covered in the story, but of interest to this forum might be the question as to why only people protected by a court order should have their right to privacy protected. Why are the rest of us not so served? If I want to leave no trail, why not require a court order to get my new address, if I have left as a deadbeat. I have heard that missing persons bureaus of police departments sometimes report back that the person (of age and in good mental health) is not in danger and does not wish to be found. Is that the norm or just an artifact of TV programs like "Missing Persons"? -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: tale@ten.uu.net (David C Lawrence) Date: 5 Jan 1994 00:38:53 GMT Subject: Re: Maryland to introduce high-tech drivers' license Organization: UUNET Communications In article Paul Robinson writes: > The signature and photo will be digitized and stored on a computer > data base. This is in response to a 1992 incident in which a man > murdered another, then had the license of the man he killed reissued > with his face on it, even though the murderer was not even the same > race as the decedent. I hope they do it a little better than Virginia. VDOT still succeeded in wasting an hour of my day for taking another picture and getting another signature when I went for a replacement license after my wallet had been stolen. I thought it quite odd that they didn't simply print a new license since they had everything they needed digitized and supposedly floating around in their system. I still had to have a new photograph and give a new signature sample. Security-wise, I don't recall what ID I had to provide to get the replacement, but as I recall it wasn't anything that would have been hard to forge. ------------------------------ From: ua602@freenet.victoria.bc.ca (Kelly Bert Manning) Date: Wed, 5 Jan 94 21:31:34 PST Subject: Re: CBC Newsworld Documentary - US Communication Interception In a previous article, charlesv@aupair.cs.athabascau.ca (Charles van Duren) says: >About two weeks ago CBC Prime Time did a feature on war crimes in Bosnia, specifically on the possibility of prosecuting the higher-ups who gave the orders. The interviewer confronted Serbian leader Slobodan Milosevic with verbatim evidence, implicating Serbian leadership in war crimes committed by Serbian irregulars, which he said came from satellite transmission intercepts. >I believe from what I've read that the US gov't also had very reliable knowledge about the August attempted coup in Moscow. >No electronic communication is safe from prying eyes, Get used to it. I'm not sure what you mean. Are you saying that using private non-shared fiber and encryption is not going to make any difference? It seems to me that the use of broadcast technology(radio phone/cellular, long distance via microwave relay, or satellite) or going through an enencrypted shared network introduces a lot of exposure. Here in the provincial capital the government has an enclusive non-shared metropolitan area network on private fiber. It also has a province wide network to regional network centers SPAN/BC which again is implemented on private non shared fiber. At a recent meeting of IEEE Victoria Section a BC Tel spokesman talked about how the Vancouver Island fiber ring connects the BC mainland with a transatlantic Y connection on the west coast that goes south to San Franciso and across the straight to Vancouver. How is this going to be intercepted? BC Tel uses modified dispersion fiber and has no trouble running 100 km links without having to put in a signal regenerator. This cuts down on the number of locations at which someone could snoop at the traffic as it gets digitally regenerated or switched. It was interesting to hear that Teleglobe Canada, nominally a satellite communications company, was a partner with BC Tel in building this link because it is also heavily involved in transoceanic fiber. One thing I didn't mention in the earlier post was that Menwith Hill and similar stations do more than just listen to geo synchronous communication satelites. They also pick up the intelligence gathered from low orbiting satellites specifically designed to snoop on radio communications, such as walkie talkies, military and civilian radio, microwave telephone system links, and cellular and similar wireless phones. These satellites pass over most of the earth, including the US. I doubt that the agencies involved bother to stop listening when they are out of range of the USSR, China or other nominal enemies of the US. They probably just listen to whatever else is in range, even if it originates in the US. ------------------------------ End of Computer Privacy Digest V4 #014 ****************************** .