Date: Tue, 11 Jan 94 08:27:11 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#016 Computer Privacy Digest Tue, 11 Jan 94 Volume 4 : Issue: 016 Today's Topics: Moderator: Leonard P. Levine Credit Card Fraud What happened to VA driver's license changes? Re: Privacy with Credit Card Transactions Freedom and Privacy Conference Ask Rat Dog Re: Access to privacy information Re: SSN reqd by public schools; DL reqd with credit card Re: Maryland to introduce high-tech drivers' license Re: SSN reqd by public schools; DL reqd with credit card Anonymous Posting and Remailing (long) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: agrosso@world.std.com (Andrew Grosso) Subject: Credit Card Fraud Organization: The World Public Access UNIX, Brookline, MA Date: Sat, 8 Jan 1994 15:05:34 GMT With regard to the credit card fraud problem, law enforcement *is* interested in these types of crimes, even where the amount of money is under $10,000 for one victim. Often the loss to all victims, in the aggregate, exceeds this. Different agencies, and jurisdictions of those agencies, have different work loads and priorities, and some will take the case while others won't. In the instance where the perpetrator is in Houston and his victims are in other states, I would contact, in writing, with copies of relevant documents enclosed, the following agencies in Houston, Texas: the FBI, the Secret Service, and the Postal Inspectors for the Postal Service. The Sercret Service has explicit co-jurisdiction, with the FBI, over credit card and computer fraud. The Postal Service investigates any fraud where the mails are used. As a federal prosecutor, I have handled at least two credit card fraud cases, and the amount in one was less than $10,000, while in the other it was not much higher. People like these need to be stopped, because you are not the only victim they are abusing. ------------------------------ From: "Michael T. Palmer" Date: 8 Jan 1994 15:21:55 GMT Subject: What happened to VA driver's license changes? Organization: Georgia Institute of Technology Whatever happened to the effort to change VA driver's licenses to remove the SSN as the DL number? I believe it was almost two years ago that initial hearings were held. What is going on? What committees are involved? Who should I send letters to? Are any *bills* out there to make this change into law? Thanks for any info you can provide. Michael T. Palmer (palmer@chmsr.gatech.edu) RIPEM Public Key available Center for Human-Machine Systems Research, Dept of Industrial & Systems Eng Georgia Institute of Technology, Atlanta, Georgia 30332-0205 ------------------------------ From: ygoland@hurricane.seas.ucla.edu (The Jester) Date: Sun, 9 Jan 1994 06:59:09 GMT Subject: Re: Privacy with Credit Card Transactions Organization: School of Engineering & Applied Science, UCLA. Do the rules regarding visa and mastercard usage hold for international customers? Further what if the customer is not a resident of the country in which the card is being used? I am currently living in Israel for the year and whwnever I use my credit cards I am asked for a phone number. Just curious. ------------------------------ From: "Prof. L. P. Levine" Date: Mon, 10 Jan 1994 07:41:38 -0600 (CST) Subject: Freedom and Privacy Conference Dave Banisar has announced a conference, "CFP '94 THE FOURTH CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY", MARCH 23-26, 1994 CHICAGO PALMER HOUSE HILTON "CYBERSPACE SUPERHIGHWAYS: ACCESS, ETHICS and CONTROL" The description of the conference includes the following: Cyberspace, Information Superhighway, National Information Infrastructure, Open Platforms, Computer and Communications Revolution, Electronic Networks, Digital Data Bases and Information Society are words and phrases common to the rhetoric of our modern era. The relationships between and among individuals, society, nations, government entities and business organizations are in constant flux as new stresses and alliances change the old "rules of the game." Today's challenges are to define what is the "game," who owns the "franchises," who can play, what are the rules and who calls the shots. Information and communications technology raise new issues for freedom and privacy in this new era. Such questions are on the agenda as the participants in CFP'94 consider the alternatives and seek some solutions. Come, join in the dialogue that will help to shape the world's future! A copy of the complete document (about 860 lines long) is available via ftp by the following process: ftp ftp.cs.uwm.edu (on your system) ftp (answer to login request) your_userid@your_site (answer to password request) cd pub/comp-privacy/library (at ftp prompt) get cfp94 (move document to your filespace) quit (back to your system) or if ftp is unavailable or difficult to use, send a request for cfp94 to: comp-privacy-request@uwm.edu ----------------------------------+------------------------------------------ Leonard P. Levine | Moderator of Computer Privacy Digest and Professor of Computer Science | comp.society.privacy. University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu ----------------------------------+------------------------------------------ ------------------------------ From: "Prof. L. P. Levine" Date: Tue, 11 Jan 1994 07:57:47 -0600 (CST) Subject: Ask Rat Dog My local newspaper, The Milwaukee Journal, carries a syndicated column called "Ask Rat Dog" which addresses various means of searching for people who have been lost. The January 10, 1994 issue discusses a person from Anchorage Alaska who is looking for her father who left home with his dental assistant in 1961. Rat dog discusses using the Massachusetts Dental Board, Motor Vehicles Department records, Social Security records and the like. Her articles generally deal with techniques for finding people who, for whatever reason, want to maintain their privacy. In the current number is one item of some special interest. She says: "Without your father's birthdate, or even age, we could not make use of the national death index, nor whatever Motor Vehicle Department licensing records are still available to the public." It seems like this people searcher is beginning to have problems with states closing down their MVD records for open searching. It is, after all, a zero sum game, and her difficulties are linked with the privacy needs of someone else. I recommend that, if your local paper carries the feature, you read it. Its level is good, she discusses her technique, and lets me see the holes in the system. Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: elisheva@access.netaxs.com (Jon Held) Date: 11 Jan 1994 00:19:53 GMT Subject: Re: Access to privacy information Organization: Net Access - Philadelphia's Internet Connection Christian ALT (catcim@eig.unige.ch) wrote: : Hi flk, : I read in a french magazine called "Actuel", that in the US any body : could request information on anybody at certain center. That is to say : that all information available on a person could be accessed through : the net or requested. The information can be details on the person like : birthday, insurances, incomes, credits, taxes ... : This seems to me incredible, to know that a service exists where I can : request information on any of you. : I would like to if this is true and then how to access it. I want to : know what you think about violation of your privacy. : We had enormous debat in Germany about the simple fact that with ISDN : you could know in advance who is calling you. So it seems to me : terrible debat in perspective if we want to allow such a general : service in Europe. : All feedbacks are appreciated : Christian ALT SOME information can be legally obtained on most people, thru the "Freedom of Information Act" - like address, phone number. Alot of other more personal information can be obtained semi-legally or illegally, through snooping or by hiring a private investigator. o__ Jon Held _.>/ _ elisheva@netaxs.com (_) \(_) (don't eat flowers) ------------------------------ From: kelly@nashua.hp.com (Kelly Hoffman) Date: 7 Jan 1994 21:47:14 GMT Subject: Re: SSN reqd by public schools; DL reqd with credit card Organization: Hewlett-Packard In article , Wm. Randolph U Franklin wrote: >The local Service Merchandise requires the driver's licence for some >people paying by credit card, like those who refuse to give an >address ... Then they write the DL number on the slip. I see that you're posting from Troy, NY... I thought it was against New York State law to require an address or phone number for a credit card purchase, and I seem to recall that the law allowed for corroborating identification, but that the vendor couldn't copy info from the ID. Perhaps you should notify the state attorney general's office? Of course, my memory's not what it used to be, so I may simply be confused. :-) Kelly K. Hoffman kelly@nashua.hp.com Learning Products Engineer Hewlett-Packard, Network Test Division "Reading the manual is One Tara Blvd., Nashua, NH USA 03062 admitting defeat." ------------------------------ From: chi@netcom.com (Curt Hagenlocher) Date: Sat, 8 Jan 1994 04:38:22 GMT Subject: Re: Maryland to introduce high-tech drivers' license Organization: NETCOM On-line Communication Services (408 241-9760 guest) tale@ten.uu.net (David C Lawrence) writes: >I hope they do it a little better than Virginia. VDOT still succeeded >in wasting an hour of my day for taking another picture and getting >another signature when I went for a replacement license after my wallet >had been stolen. >... >Security-wise, I don't recall what ID I had to provide to get the >replacement, but as I recall it wasn't anything that would have been >hard to forge. I recently lost my wallet here in California, including my driver's license, which was the old paper type. When I went to get a replacement, I was not asked for ANY id. I came prepared with a birth certificate (admittedly pictureless and worthless as a "real" id), an expired American passport and a current European one. They took my name, my address, my license number and my $10. They then took my picture and my fingerprints. Regardless of who the state of California thought that Curt Hagenlocher was before this; now, they think I'm him. ------------------------------ From: dwn@dwn.ccd.bnl.gov (Dave Niebuhr) Date: Sat, 8 Jan 94 08:12:10 EST Subject: Re: SSN reqd by public schools; DL reqd with credit card wrf@ecse.rpi.edu (Wm. Randolph U Franklin) writes: >The local grade schools are now advertising the times the new parents >in the district can register their kids. The required documentation >includes in addition to the medical record etc, the kid's SSN. > >Not having kids, I've not tried to see how hard it is to waive that, >but it sounds illegal. > > ---------------- > >The local Service Merchandise requires the driver's licence for some >people paying by credit card, like those who refuse to give an >address. (They're tougher than Radio Shack at wanting addresses and >phones.) Then they write the DL number on the slip. I called them >later, and this is their policy when the card is not signed or they >suspect fraud. Apparently not giving your address is a badge of >criminality to them. I'd check with the Attorney General's Office if I were you. I seem to remember that a few years back, the State passed a law that said that nothing can appear on a credit card receipt except a signature; no driver's liscense, nothing. As for a check, no credit card info can be required but a driver's liscense can since it is a public record. Visa and MasterCard regs state that once the transaction is given an approval code, nothing more is needed to complete the sale. Discover, on the other hand, is an "anything goes" type of card unless prohibited by state law. AMEX follows the procedure of doing whatever other cards do which raises the question when a merchant accepts all four. Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov (preferred) niebuhr@bnl.gov / Bitnet: niebuhr@bnl Senior Technical Specialist, Scientific Computing Facility Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093 ------------------------------ From: hh@soda.berkeley.edu (Eric Hollander) Date: 9 Jan 1994 10:40:57 GMT Subject: Anonymous Posting and Remailing (long) Organization: University of California, Berkeley How to use the hh@soda.berkeley.edu Usenet poster and Anonymous Remailer by Eric Hollander This document describes some of the special features of the hh@soda.berkeley.edu remailer. Because this remailer is essentially just a modification of the standard Cypherpunk's Remailer, I recomend that you also read soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. = What does this remailer do? This remailer allows anyone who can send mail to post to Usenet newsgroups, and also to send mail to anyone else on the Internet. Both of these functions can be anonymous (the identity of the sender is hidden from the recipient) or non-anonymous (the identity of the sender is known to the recipient). = Why is this remailer different from the standard Cypherpunks remailers? The main difference between this remailer and the other Cypherpunk remailers is that this remailer allows posting to all Usenet newsgroups, either anonymously, or non-anonymously. It also has the regular remailer functions of forwarding mail, either anonymously or non-anonymously (nonymously?). The other minor difference is that this remailer adds a random time delay for anonymous mail and posting. = A note about header fields This remailer/poster looks at the header of the mail you send it to decide what to do. Some mail programs don't allow easy editting of the header. If your program doesn't allow editting of the header, you can still use the remailer. To do this, send mail in the normal way, but start your message like this: :: Anon-Post-To: rec.fish leaving no blank lines before the :: and a blank line after the header field to be inserted. The remailer will consider the line after the :: to be a part of the header. All of the instructions bellow can be used with actual header fields or the :: format. = How do I use this remailer to anonymously post to Usenet? Send mail to hh@soda.berkeley.edu with a header like this: To: hh@soda.berkeley.edu Anon-Post-To: rec.fish Subject: I flushed a fish on Friday On Friday, I did a terrible thing, so I'm posting this anonymously... This message will be posted to rec.fish, with nothing to indicate who was the original sender. Only the Subject field will be retained; everything else in the header will be discarded. = How do I post non-anonymously? Send mail like this: To: hh@soda.berkeley.edu Post-To: rec.fish Subject: flushing fish How despicable of you to flush a fish! This will be posted to rec.fish non-anonymously; the From and Subject fields will be retained in the post. = Crossposting To crosspost, simply list the newsgroups, separated by commas, with no spaces, like this: Anon-Post-To: rec.fish,alt.ketchup Note that excessive crossposting is an abuse of the net. Some people have to pay for their news, and they don't want to read "how to make money fast" in rec.fish. = Testing I recomend that you post test messages to make sure you are using the remailer properly. Please post these messages to the appropriate test groups (alt.test, rec.test, etc). Also, if you post non-anonymously to a test group, many sites will send you mail confirming that they have received the post. To avoid this, put the word "ignore" in the subject line. = Anonymous mail This remailer is capable of sending anonymous mail. To send mail to foo@bar.com, send a message like this: To: hh@soda.berkeley.edu Anon-Send-To: foo@bar.com Subject: Ronald Sukenick I think you should read something by Ronald Sukenick. and foo@bar.com will recieve the message, without knowing who sent it. = Non-anonymous mail forwarding This remailer supports non-anonymous mail forwarding. To use this feature, send mail like this: To: hh@soda.berkeley.edu Send-To: foo@bar.com Subject: you know who I am This mail is from me! = Testing mail Please test the anonymous remailer functions before you use it "for real" by sending mail to yourself or a friend. = Chaining, encryption, and other issues These features are discussed in detail in soda.berkeley.edu:/pub/cypherpunks/remailer/hal's.remailer.gz. While you're looking at that file, you might also want to check out PGP in /pub/cypherpunks/pgp. If you haven't installed PGP on your machine yet, you should try it out. This remailer doesn't yet support encryption, but it's coming soon. = Remailer abuse This remailer has been abused in the past, mostly by users hiding behind anonymity to harass other users. I will take steps to squish users who do this. Let's keep the net a friendly and productive place. = A note to ucb users This remailer allows posting to ucb.* newsgroups. = If you have other questions or problems send normal mail (without any of the above headers) to hh@soda.berkeley.edu. = Disclaimer This remailer is not endorsed in any way by the University of California. I, Eric Hollander, take no responsibility for the content of posts or messages, and I take no responsibility for the consequences of using my remailer. For example, if you post anonymously, and someone manages to trace it back to you, I am not responsible. = Copyright This file is copyright 1994 Eric Hollander, all rights reserved. You are free to distribute this information in electronic format provided that the contents are unchanged and this copyright notice remains attached. Welcome to the Computer Privacy Digest. This forum is gatewayed into the USENET news group comp.society.privacy. This forum was set up to discuss the effect that technology has on privacy. The forum is sent out in a digest format. Submissions to the digest should be sent to comp-privacy@uwm.edu and trivia to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp from ftp.cs.uwm.edu (129.89.9.18). login as "ftp" with yourname-siteid as a password. Files are in directory "pub/comp-privacy". Come in and look around. Archives are also held at ftp.pica.army.mil [129.139.160.133]. ------------------------------ End of Computer Privacy Digest V4 #016 ****************************** .