Date: Thu, 13 Jan 94 14:44:32 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#017 Computer Privacy Digest Thu, 13 Jan 94 Volume 4 : Issue: 017 Today's Topics: Moderator: Leonard P. Levine ISO corporate privacy policy guidelines Online comments to U.S. Social Security Administration TAP Appeal On Juris FOIA RE: What happened to VA driver's license changes? Re: Driver Protection Act Re: Driver Protection Act Re: Maryland to introduce high-tech drivers' license Re: Phone company selling forwarding addresses Re: Ask Rat Dog Re: Privacy with Credit Card Transactions Re: Autoland Credit Scam Re: Autoland Credit Scam Re: SSN reqd by public schools; DL reqd with credit card Re: SSN reqd by public schools; DL reqd with credit card The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: salomon@seas.gwu.edu (A. Lee Salomon) Subject: ISO corporate privacy policy guidelines Date: 11 Jan 1994 15:25:42 GMT Organization: George Washington University in Infoworld, Nov29, 1993, the article "IS Managers Balance Privacy Rights and Risks," the Electronic Messaging Association (EMA) publishes an e-mail privacy toolkit with guidelines and sample policies for corporations. i would like to get a hold of these (i don't know whether it's free or not), as well as any info on recently proposed fed legislation on such issues. i understand that there is a group Computer Professionals for Social Responsibility: i would also like to get in touch with them. any pointers would be greatly appreciated. thank you. ------------------------------ From: ao944@yfn.ysu.edu (Jack Decker) Subject: Online comments to U.S. Social Security Administration Date: 12 Jan 1994 05:03:29 GMT Organization: Youngstown State/Youngstown Free-Net When I logged on to Youngstown Freenet tonight, I was greeted by the login message (I guess this is called the "Message Of The Day" in Unix circles) which contained the following blurb: > UNCLE SAM WANTS YOU: The Congressional Office of Technology Assessment is con- ducting a multi-city "Teleforum" in which they are seeking your thoughts on the Social Security Administration for a study they are doing. Senior citizens (and those who someday expect to BE senior citizens) are invited to participate. > Access the OTA TELEFORUM off the NPTN Special Projects on the main menu and join in this rather interesting application of teledemocracy at work I entered the forum and was able to pull the following "about" paragraphs. Two things to note: Apparently the "teleforums" are available on five popular Freenet systems (the ones in Buffalo, NY; Cleveland, OH; Denver, CO; Tallahassee, FL; and Youngstown, OH) and I would assume you need to have an account on one of those systems in order to participate (Internet users can telnet to all these systems, and they are accessible from many Gopher systems as well). Also, it appears that the Social Security Administration is considering making some or all of their services available via the Internet. This could be good or bad depending on whether proper attention is paid to privacy. However, one thing that personally disturbs me is that they are apparently at least considering elimination of mailing of checks to individuals, in favor of disbursements via "Electronic Fund Transfers or Electronic Benefit Transfers." My initial gut reaction to that is that this could have some real negative effects on privacy and individual liberty, because it would in effect force people to have an account at some financial institution in order to receive benefits. I won't comment further on that now because I haven't really thought about all the implications of this yet. Anyway, here's what I was able to pull off of Youngstown Freenet: ABOUT THE OTA TELEFORUMS Over the next five years the Social Security Administration (SSA) intends to spend about $1.1 billion on information systems procurement and modernization. Critics of SSA--most notably the General Accounting Office--say that SSA does not have a solid justification for this huge investment. That they have not shown that it will result in improved service delivery, or an improved work environment. To help settle this dispute both agencies turned to the Congressional Office of Technology Assessment (OTA) to do a study of the issue. The OTA, in turn, has asked the National Public Telecomputing Network (NPTN) to set-up an electronic forum which would allow YOU to express your opinions on the matter. Here's how it works... When you enter the TeleForums you will be able to select any (or all) of four issues to comment upon. The issues have to do with: 1) SOCIAL SECURITY AND CUSTOMER INTERACTION 2) NETWORK ACCESS TO BENEFIT FILING SERVICES 3) DISTRIBUTION OF BENEFITS 4) YOUR GENERAL SATISFACTION WITH THE SSA You then choose the issue you want to examine and READ THE FILE CALLED "README." This file will contain a summary of the issue and the kind of things we would like the discussions to focus on. Each of these forums will be running simultaneously on NPTN affiliates in five cities: Buffalo, NY; Cleveland, OH; Denver, CO; Tallahassee, FL; and Youngstown, OH. Thus, a comment from someone in Cleveland might be intermixed with something from a user in Tallahassee, followed by someone in Youngstown, or Denver, or Buffalo. PLEASE NOTE: IF YOU POST A COMMENT TO ANY OF THESE BOARDS IT WILL NOT APPEAR IMMEDIATELY. Your posting will first be routed to the NPTN machine in Cleveland for distribution to all five systems--including back to the system of origin. Thus, it might be several hours before it is cleared for the network. In summary... You are looking at one of the first attempts BY CONGRESS to use this medium on a national scale to hold discussions on the policy issues that are before it. Use it well. If you have any questions about this project, please feel free to contact Tom Grundner at: tmg@nptn.org or William Beasley at: wab@nptn.org <<< ISSUE #1: SOCIAL SECURITY AND CUSTOMER INTERACTION >>> The general question in this area is: How can the Social Security Administration improve customer interactions by utilizing telecomputing technology? You are free, of course, to comment on anything you'd like, but some specific questions or issues might include: * Should routine requests for such things as replacement Social Security cards be made available via the telecom- puting networks in addition to the present methods. * Should informational materials such as explanations of benefits be made available via the telecomputing networks. * Should earnings record be available utilizing the tele- computing networks. * If any of the above were done, specifically how do you think your life would be improved (or not-improved) by it? * Are there issues of confidentiality, data security, and privacy that bother you? <<< ISSUE #2: NETWORK ACCESS TO BENEFIT FILING SERVICES >>> The general question in this area is: Could this new technology help the Social Security Administration improve the process of filing for benefits? You are free, of course, to comment on anything you'd like, but some specific questions or issues might include: * Should the Social Security Administration allow for the filing of benefits via the telecomputing networks? * Should the Social Security Administration utilize the electronic networks to file for appeals and transfer records and supporting documents in regard to the substantiation of claims. * If any of the above were done, specifically how do you think your life would be improved (or not-improved) by it? * Are there issues of confidentiality, data security, and privacy that bother you? <<< ISSUE #3: DISTRIBUTION OF BENEFITS >>> The general question in this area is: What do you think is the best way for the SSA to distribute monthly benefits? You are free, of course, to comment on anything you'd like, but some specific questions or issues might include: * Should the Social Security Administration continue to mail checks to individuals or should all disbursements be made via Electronic Fund Transfers or Electronic Benefit Transfers? * In order to spread the workload of the Social Security Administration there is talk of changing the disbursement of benefits from the first of the month to a staggered payment date, i.e. 1st, 10th, 20th of the month. How would this effect you? Would you find it acceptable? * Should the Social Security Administration expand the use of the EBT (Electronic Benefit Transfer) in co-operation with other agencies. * Should the Social Security Administration work toward combining use of the EBT (Electronic Benefit Transfer) with various State government benefit programs? * If any of the above were done, specifically how do you think your life would be improved (or not-improved) by it? * Are there issues of confidentiality, data security, and privacy that bother you? <<< ISSUE #4: GENERAL SATISFACTION WITH THE SSA >>> The general question in this area is: To what extent have you been satisfied with your interactions with the Social Security Administration? You are free, of course, to comment on anything you'd like, but some specific questions or issues might include: * In the past year did you have occasion to contact the Social Security Administration? If so, tell us about that experience. * How did you contact them - In person visit to Social Security Administration Office - Telephone Call to local Social Security Administration - Telephone Call to 800 number of Social Security Admin. - Postal Mail - Community meeting with Field Representative of the - Social Security Administration - Other * On a scale of 0 to 5 with 5 being the highest rating, how would you rate your experience. * How long did it take for you to receive a satisfactory answer from the Social Security Administration? * If you visited the local office in person how long did you have to wait before you were seen? * If you telephoned, did you have any problems getting to talk to someone. * If you mailed a letter, how long did you wait before you received an answer? * Was the information provided to you understandable? * Would you be willing to utilize a telecomputing network to contact the Social Security Administration? * From your experience, how would you suggest the Social Security Administration improve their service to you? [End of information from Youngstown Freenet] As of tonight (January 10, 1993) there were no messages yet in any of the four forums, so I assume this is brand new. Remember, if you want to send comments on any of these issues, you need to log onto one of the five Freenet systems listed above. If you cannot do that for some reason, I suggest contacting one of the two NPTN people mentioned (Tom Grundner at: tmg@nptn.org or William Beasley at: wab@nptn.org) and asking for advice. Whatever you do, don't send your comments to me, because they will go nowhere from here! ------------------------------ From: James Love Date: Wed, 12 Jan 94 00:16:12 EST Subject: TAP Appeal On Juris FOIA Taxapayer Assets Project Crown Jeweles Campaign - JURIS January 11, 1993 The following is the text of the TAP administrative appeal on our FOIA request for elements of the JURIS database. On a related front, West Publishing has told DOJ (in a letter dated January 7) that West is willing to have DOJ retain a copy of the data it provided for JURIS until the Tax Analysts FOIA case is resolved. ---------------- December 28, 1993 Mr. Richard L. Huff Mr. Daniel J. Metcalfe Office of Information and Privacy United States Department of Justice 10th and Constitution Avenue, N.W. Room 7238 Washington, DC 20530 RE: Freedom of Information Act Appeal Dear Mr. Huff and Mr. Metcalfe: This letter is an appeal of the Department of Justice (DOJ) denial of my October 12, 1993 FOIA request for certain materials stored in the JURIS database, dated December 2, 1993, in a letter signed by Stephen Colgate. The denial of my FOIA request was based upon three factors. First, Mr. Colgate asserted that the records that I requested were not agency records because they were not under the legal control of the Department. Second, Mr. Colgate asserted that the records were not agency records because they were "library materials." Third, Mr.Colgate asserted that the records were exempt from disclosure under FOIA exemption 4. I will respond to each of these points. 1. The records are under the legal control of DOJ. According to the DOJ/WEST contract that was provided to us under an earlier FOIA request, DOJ has the rights to provide JURIS records under FOIA, so long as DOJ includes a statement which indicates that West may claim a copyright of the data. More generally, however, we argue that DOJ cannot "contract away" the public's rights under FOIA. We have requested copies of the text of judicial opinions. Judicial opinions have been collected and stored in JURIS since 1971, years before West ever became a subcontractor on JURIS. The information is used by DOJ to carry out its official duties, and is not subject to copyright, - not by West, not by DOJ, not by anyone. Regardless of promises that DOJ asserts that it has made West, it cannot abrogate the public's rights under FOIA. The consequences of DOJ's assertion that it can contract away the public's rights under FOIA is startlingly broad. Suppose, for example, that Oliver North had given General Secord the "commercial rights" to the Iran/Contra computer records. Would these records have then been off limits to FOIA? As federal agencies increasingly use private contractors to gather and store data, it is extremely important to establish that FOIA gives the public unconditional rights to receive agency records, regardless of how the data is obtained. This is particularly true here, where the records themselves are clearly public documents -- the text of federal judicial opinions. For most of these records, there is no other government source of the data in electronic formats. The federal courts that do disseminate judicial opinions electronically due not provide access to historical records. Most courts only provide access to records for one year or less, and electronic dissemination programs are relatively new, given the body of historical records. Moreover, in jurisdictions where West Publishing is the "official" reporter of published opinions, it is often impossible to obtain versions of the corrected versions of the opinions directly from the Courts themselves. Thus, JURIS represents the only government source of the corrected copies of many federal judicial opinions, and to deny access to JURIS is to deny the public access to public documents which are fundamental to a democracy. 2. The Records are not library materials. It is ludicrous for DOJ to assert that the JURIS records are "library materials." I have requested the JURIS records which are the text of federal judicial opinions. There are no libraries which we have access to which have this database available to the general public in electronic formats. While it is true that West Publishing and Mead Data Central sell access to these materials, and often have vendor relationships with libraries, the commercial sales of these public records does not satisfy the public's right and need to obtain access to this important government information which is the law of the land. 3. The JURIS judicial opinions do not qualify for exemption 4. DOJ asserts that if it provided public access to JURIS under FOIA it could not obtain the records from contractors. In fact, DOJ obtained the same records itself before it entered into a relationship with West Publishing. Moreover, DOJ was recently provided at least one unsolicited proposal by a contractor who offered to provide DOJ with free and clear title to the electronic versions of federal judicial opinions. The source of these records isn't West, but the federal judiciary, a public agency that is funded by the taxpayers. DOJ cannot argue that public access to judicial opinions will deprive the government access to these public records. DOJ is only arguing that it should be allowed to "barter" the public's right to know against the price it pays for data processing services. We do not believe the agency has the legal right to trade our rights under FOIA for lower cost data processing services, any more than DOJ would have the right to sell the public's civil or criminal rights to the highest bidders. DOJ says that release of the records would cause West competitive harm, but that alone does not justify withholding the records. Exemption 4 is designed to limit the release of proprietary company data. The records in JURIS are available to 15,000 federal employees, published widely by West and LEXIS, and are public records in federal court houses. West may indeed benefit from a lack of ready public access to these public records, but that does not justify a denial of public access under FOIA. West does not "own" the words written by federal judges in deciding the public's business in the federal courthouses. West has no legal monopoly on the law of the land, and West has no right to be shielded from competition from companies who seek to broaden public access to the these most public of public documents. Thank you very much for considering this appeal of the DOJ denial of our FOIA request. Sincerely, James Love Taxpayer Assets Project --------------------------------------------------------------------- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. tap-info is archived at ftp.cpsr.org; gopher.cpsr.org and wais.cpsr.org Subscription requests to tap-info to listserver@essential.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap@essential.org --------------------------------------------------------------------- ------------------------------ From: "Bayardo Alvarez" Date: Tue, 11 Jan 1994 19:28:00 -0500 (EST) Subject: RE: What happened to VA driver's license changes? Michael T. Palmer writes: > Whatever happened to the effort to change VA driver's licenses to remove the SSN as the DL number? I believe it was almost two years ago that initial hearings were held. > What is going on? What committees are involved? Who should I send letters to? Are any *bills* out there to make this change into law? > Thanks for any info you can provide. > From: Christian ALT > SOME information can be legally obtained on most people, thru the "Freedom of Information Act" - like address, phone number. Alot of other more personal information can be obtained semi-legally or illegally, through snooping or by hiring a private investigator. I live in Virginia and recently had my license renewed. Not only is the SSN still the DL number, but know it has a magnetic strip. I didn't have a chance to ask the attendant what is stored in that strip. Does someone have any information? || Bayardo Alvarez George Mason University || || balvarez@gmu.edu Telecommunications Program || ------------------------------ From: sulak@blkbox.COM (John M. Sulak) Date: 12 Jan 1994 03:56:08 GMT Subject: Re: Driver Protection Act Organization: NeoSoft Internet Services +1 713 684 5969 "Prof. L. P. Levine" writes: > "(a) IN GENERAL.-It shall be unlawful for any person or other entity to disclose personal information derived from an individu- al's motor vehicle records to any other person or entity, other than to the individual, except as permitted under this chapter. > "(b) EXCEPTIONS.-Personal information referred to in subsection (a) of this section may be disclosed for any of the following uses: > "(1) For use by any Federal or State court in carrying out its functions. > "(2) For use by any Federal or State agency in carrying out its functions. Basically, anyone with a government badge (30-40% of employed people in the USA) can get the information by simply requesting it, and the people who the government required to provide the data for the 'privledge' of being a functioning member of society will not have an opportunity to consent, or even be informed that the request took place. Good law! :-( ------------------------------ From: sulak@blkbox.COM (John M. Sulak) Subject: Re: Driver Protection Act Date: 12 Jan 1994 03:59:05 GMT Organization: NeoSoft Internet Services +1 713 684 5969 Sean Donelan writes: >Why does a state sell copies of driver records? > - The information is given voluntarily with no reasonable expectation of confidentiality. Really? Voluntary? How do you get a job otherwise? ------------------------------ From: sulak@blkbox.COM (John M. Sulak) Subject: Re: Maryland to introduce high-tech drivers' license Date: 12 Jan 1994 04:03:14 GMT Organization: NeoSoft Internet Services +1 713 684 5969 tale@ten.uu.net (David C Lawrence) writes: >I hope they do it a little better than Virginia. VDOT still succeeded in wasting an hour of my day for taking another picture and getting another signature when I went for a replacement license after my wallet had been stolen. I thought it quite odd that they didn't simply print a new license since they had everything they needed digitized and supposedly floating around in their system. I still had to have a new photograph and give a new signature sample. Can't wait till the governemt prohibits private health care: I really love the way they run the post office lines at lunch hour and the driver's license people work longer hours than my 24 hour local supermarket! :-) ------------------------------ From: sulak@blkbox.COM (John M. Sulak) Subject: Re: Phone company selling forwarding addresses Date: 12 Jan 1994 04:17:13 GMT Organization: NeoSoft Internet Services +1 713 684 5969 rmg3@access.digex.net (Robert Grumbine) writes: >Ditto for the Bell company in central Pennsylvania. I didn't have an identifiable name error/combination, though, to tip me off. The mail came to Mr. Phone Hooked Up. What a sexist phone company!!! :-) ------------------------------ From: Dave Gomberg Date: Tue, 11 Jan 94 23:26:52 PST Subject: Re: Ask Rat Dog Prof. L. P. Levine writes: >My local newspaper, The Milwaukee Journal, carries a syndicated .... much deleted ... >if your local paper carries the feature, you read it. Its level >is good, she discusses her technique, and lets me see the holes >in the system. On top of everything else, Rat Dog is also extremely good looking. I would find it hard to keep a secret from her if she were intent on wheedling it out of me. Dave Dave Gomberg, role model for those who don't ask much in their fantasy lives. Ask me about WestCoast LIVE! <<<-------- GOMBERG@UCSFVM Internet node UCSFVM.UCSF.EDU fax-> (415)731-7797 ------------------------------ From: VSLARRY@weizmann.weizmann.ac.il (Larry Israel) Date: Wed, 12 Jan 1994 20:55:56 GMT Subject: Re: Privacy with Credit Card Transactions Organization: Weizmann Institute of Science I have also noticed that merchants often ask for a phone number on a credit card transaction (in my case, a local card) in Israel. Depending on my mood I give my number, refuse, give a fake number, or give an obviously fake number. The transaction has never been held up because of choices 2 or 4. I once asked a cashier why it is done. She said that it is not really a requirement, but that if there is some problem such as the slip not being properly signed, or, as once happened, a customer forgetting the card at the cashier, it is much easier to clear up than going through the company. I don't know if she was telling the truth or maybe she did not know why either. Maybe it's because they think that someone working with a stolen card would be dumb enough to give his real phone number. ------------------------------ From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Date: Wed, 12 Jan 94 22:28 EST Subject: Re: Autoland Credit Scam Organization: Tansin A. Darcos & Company, Silver Spring MD USA In a message from "Jeremy Epstein -C2 PROJECT" , he writes: > I discovered something was wrong when I received a letter from Fifth Third Bank (that's the real name) informing me that they had rejected my credit card application. After checking with MasterCard that that is a real bank (I thought it was a prank), I once received an application for a credit card from "The Bank of New York". Their application is sent to their headquarters, which, as you would expect, is in Newark, Delaware. In fine print, it says "The Bank of New York (Delaware), Inc." ------------------------------ From: news@cbnewsh.cb.att.com (NetNews Administrator) Date: Thu, 13 Jan 94 04:18:18 GMT Subject: Re: Autoland Credit Scam Organization: NCR, an AT&T Company, Pleasanton CA In article jepstein@cordant.com (Jeremy Epstein -C2 PROJECT) writes: > Amusing note: the bad guy isn't too smarrt. Instead of a PO box, he listed a street address including an apartment number. Of course I have no idea if that building actually exists. More to the point, are you sure it isn't the street address of the local mail-box company? Most of them are perfectly happy to take mail with addresses like 123 Main St. #432 and the post office will deliver them. # Bill Stewart NCR Corp, 6870 Koll Center Pkwy, Pleasanton CA 94566 # Email: bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # Phone: 1-510-484-6204 Beeper: 1-510-224-7043 # If people were required to *know* all the laws, and not just to obey them, # the government would be overthrown tomorrow! (From a button by Nancy Lebovitz) ------------------------------ From: sulak@blkbox.COM (John M. Sulak) Subject: Re: SSN reqd by public schools; DL reqd with credit card Date: 12 Jan 1994 04:24:19 GMT Organization: NeoSoft Internet Services +1 713 684 5969 wrf@ecse.rpi.edu (Wm. Randolph U Franklin) writes: >Note: A "badge of criminality" is an act, that is legal in itself, but that is considered by the legal system so illogical that only a criminal would do it, and if you do, you've demonstrated criminal intent, and are guilty until proven innocent. An example is opening a safe-deposit box under another name. Another is carrying a lot of cash. Local police will confiscate it from you because you could only be doing it in order to buy [or because you have just sold] illegal drugs. You must hire a lawyer, initiate a lawsuit, and pay 10% of what was confiscated as court costs in order to g=have your chance to prove that your money was not guilty of a drug transaction. Any mathmatecian knows how easy it is to prove a negative. If you lived in central Europe half a century ago, could you prove that you were not part Jewish? ------------------------------ From: news@cbnewsh.cb.att.com (NetNews Administrator) Date: Thu, 13 Jan 94 04:23:09 GMT Subject: Re: SSN reqd by public schools; DL reqd with credit card Organization: NCR, an AT&T Company, Pleasanton CA wrf@ecse.rpi.edu (Wm. Randolph U Franklin) writes: >The local Service Merchandise requires the driver's licence for some people paying by credit card, like those who refuse to give an address. Apparently, Visa allows them to ask for other id when the credit card isn't signed on the back. # Bill Stewart NCR Corp, 6870 Koll Center Pkwy, Pleasanton CA 94566 # Email: bill.stewart@pleasantonca.ncr.com billstewart@attmail.com # Phone: 1-510-484-6204 Beeper: 1-510-224-7043 # If people were required to *know* all the laws, and not just to obey them, # the government would be overthrown tomorrow! (From a button by Nancy Lebovitz) ------------------------------ End of Computer Privacy Digest V4 #017 ****************************** .