Date: Mon, 17 Jan 94 06:23:10 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#019 Computer Privacy Digest Mon, 17 Jan 94 Volume 4 : Issue: 019 Today's Topics: Moderator: Leonard P. Levine Re: Form 1040 DES Encryption Public Hearings on Privacy Your Post About Newspaper Column Re: Autoland Credit Scam Re: FOIA and Copyright Re: INMAC using mailing list derived from internet materials The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: "Prof. L. P. Levine" Subject: Re: Form 1040 Date: Mon, 17 Jan 1994 06:02:42 -0600 (CST) Organization: University of Wisconsin-Milwaukee Oops. A half dozen readers noted that the form I had received was different from the form the rest of the United States had received :-) and that they had the same old form as 1992 with the mailing label containing their Social Security Number. Checking with a friend it became clear that I had received Pack- age 1040-5 and most people had received Package 1040-10, the same package as was used in 1992. The two booklets differ mainly in that Package 1040-5 has a hole in the cover and that the tax- payer's name and address, printed on the next sheet, show through the hole. The usual label (with the red IRS printed down the right side and the SSN included) is affixed just below this and is not visible through the hole. Us privacy freaks will be pleased with this. There is more, however, not ominous to me but interesting. Form 1040-5 has a hole in the cover. That cover consists of page 1 and 2 on the front of the booklet and unnumbered pages contain- ing the index and a page discussing major categories of income and outlays for 1992 on the back of the booklet. Between pages 2 and 3 in the front and between the index and page 2 of the instructions for form 8829 in the back is a new sheet page numbered V-1, V-2, V-3 and V-4. Pages V-2 and V-3 are otherwise blank. Pages V-1 and V-4 are a single face of computer output containing 4 distinct items. On the top of page V-1 my name appears twice, first upside down in such a way as to be visible through the hole in the cover, then right side up on the removable sticker along with my SSN. The bottom half of page V-1 discusses and contains a new form 1040-V about the size and shape of a business check preprinted with my name, address, SSN, and a coded string of text in an OCR font. The instructions tell me to include form 1040-V if I am making a payment, and to use only that form, not a photocopy. This tells me that the form is printed with magnetic ink, like the OCR text on the bottom of checks. Page V-4 at the back of the booklet is an order blank for forms and documents. The information block is just like what I have on page 31 of the 1992 Package 1040-10, however this new form has a few nice touches. First, it is correctly addressed to the Cen- tral Area Distribution Center so that I do not have to guess where to send it. Second, it is preprinted with my name and address (no SSN) and has 10 inches of bar code that I have to assume contains the same information so that a return envelope can be built from this form. I do have to pay the postage but page V-4 folds into a mailer. I strongly suspect that I was not the only one who was sent Package 1040-5 although I would be pleased if they went to all this trouble just for me. Page V-1 contains the statement that "We are providing some taxpayers in your area with..." indicating that this may be a local test. My agents in the field are check- ing on this even as we speak. I would like to thank the following people for informing me that one sample does not constitute a change in a fairly widely dis- tributed publication: ==================== Received From: gast@CS.UCLA.EDU (David Gast) Perhaps your booklet did not dispaly the SSN, but mine did, and the other booklet I saw did also. One should not make sweeping generalizations with a small or limited sample size. ==================== Received From: Dean Ridgway Its probably a fluke, the 1040EZ form still has the single press-affix label it has last year. Dean Ridgway | FidoNet 1:357/1.103 | InterNet ridgwad@kira.csos.orst.edu | CIS 73225,512 | ridgwad@csos.orst.edu ==================== Received From: shaman@cyberia.bowlgreen.oh.us (Paul Zimmerman) MINE still has SSN on the front. It is form 1040 (not 'A' or 'EZ') - are you referring to one of these? But then, mine didn't have a cover. It was just a booklet. Internet: shaman@cyberia.bowlgreen.oh.us (Paul Zimmerman) Uucp: ...!bgsuvax!cyberia.bowlgreen.oh.us!shaman ICBM: 41.23.4 N 83.37.8 W Bowling Green, Ohio ==================== Received From: oppedahl@panix.com (Carl Oppedahl) I received Package 1040-10, and there was no cover or anything like it. There on the label on the outside of the booklet was my old style exposed SSN. Carl Oppedahl AA2KW Oppedahl & Larson (patent lawyers) Yorktown Heights, NY voice 212-777-1330 ==================== Received From: rfrank@kaiwan.com (Ronald E. Frank) My 1993 1040 book still has a mailing label with the SSAN on the cover... Actually, I intended to post this... but it's too much trouble to change now :-) ==================== Received From: Carl Oppedahl I received Package 1040-10, and there was no cover or anything like it. There on the label on the outside of the booklet was my old style exposed SSN. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of Computer Privacy Digest and Professor of Computer Science | comp.society.privacy. University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu ---------------------------------+----------------------------------------- ------------------------------ From: Steven Vardy <004388v@dragon.acadiau.ca> Date: Fri, 14 Jan 1994 18:44:39 -0400 (AST) Subject: DES Encryption Hello, My name is Steven Vardy and I am a Computer Science Major at Acadia University in Wolfville, Nova Scotia, Canada and I was wondering if you have any information on DES Encryption. The type of information I need isn't how it is programmed, but how it works and what it does for the computer industry. Every source that I have tried for this project has come up dry and time is REALLY running out!! Can you help? If you can you can either give me access for a day, or send me the information I need to 004388v@dragon.acadiau.ca Thanking you in advance, Steven Vardy 004388v@dragon.acadiau.ca ------------------------------ From: "Prof. L. P. Levine" Date: Sat, 15 Jan 1994 10:20:07 -0600 (CST) Subject: Public Hearings on Privacy Organization: University of Wisconsin-Milwaukee The following was taken from the CPSR Alert, issue 3.01, Thu, 13 Jan 1994 15:42:37 EST, Dave Banisar , CPSR Washington Office The Information Infrastructure Task Force (IITF) Privacy Working Group has announced two public hearings on privacy and the NII to be held in Sacramento, Ca and Washington, DC The meetings are organized by the US Office of Consumer Affairs. They are the first meetings in nearly twenty years to be held outside Washington on privacy. The public meetings will examine privacy issues relating to such areas as law enforcement, financial services, information technology, and direct marketing. Representatives from the public, private and non-profit sectors will attend. CPSR has been asked to participate at both hearings. The California meeting, January 10th and llth, will be hosted by Jim Conran, Director, California Department of Consumer Affairs in the First Floor Hearing Room at 400 R Street in Sacramento. The Washington, DC meeting, January 26th and 27th, will be held at the U.S. Department of Commerce Auditorium, 14th & Constitution Ave. NW. Registration begins at 8:30am, meetings at 9am. The public is invited to attend, question speakers and to make brief comments, but space is limited. Concise written statements for the record should be sent to "Privacy," USOCA, 1620 L Street NW, Washington DC 20036 or faxed to (202)634-4135. For more Information, Contact Pat Faley or George Idelson at (202)634-4329. ------------------------------ From: Chuck Weckesser <71233.677@CompuServe.COM> Date: 15 Jan 94 15:48:40 EST Subject: Your Post About Newspaper Column I greatly enjoyed your recent comment about the local privacy-busting column that runs amok in your city. Here in Florida, we have similar columns. What never ceases to amaze me - obviously I am too naive - is the brazen, nonchalant manner in which they go about invading another person's privacy. It's as though they were discussing the merits of buying at K-Marvt v. Wal-Mart. ------------------------------ From: images@netcom.com (David M. Berman) Date: Sun, 16 Jan 1994 04:26:34 GMT Subject: Re: Autoland Credit Scam Organization: NETCOM On-line Communication Services (408 241-9760 guest) dwn@dwn.ccd.bnl.gov (Dave Niebuhr) writes: >One of my daughters asked me if I would co-sign a car loan for her and when the salesman called me and asked for some very basic information, one of the questions was "can I have a credit card account number?" I told him that I'd prefer not to give it due to the Autoland scam and that anyway, it would be made known during a credit check. >His reply: "Don't blame you, I'll leave it blank." >My daughter decided not to get the car due to the deal the salesman proposed so it was a moot issue (I hope). I'm rather certain that a name and address are sufficient identification to run a credit check. Your best protection at this point in time is to pay TRW or one of the other services to send you a recent report several times per year. These reports list INQUIRIES made into your credit record -- mine listed Autoland as one. Witholding your credit card number from the salesman did not hold him up at all because the TRW (or Equifax or Transunion) report lists ALL of your cards and ALL of their numbers along with credit line, payment history, balance, etc. There is no way to operate in the conventional credit world that would prevent others from impersonating you. To borrow from the Catholic church, the only truly safe behavior when it comes to credit is abstenance. ------------------------------ From: rerodd@eos.ncsu.edu (Richard Roda) Date: Sun, 16 Jan 1994 19:21:59 GMT Subject: Re: FOIA and Copyright Organization: North Carolina State University, Project Eos reed@interval.com (David P. Reed) writes: >The recent note by James Love of Nader's Taxpayer's Assets Project attempt to break West's control of the Juris database raises interesting issues related to the use of FOIA to allow one taxpayer to seize another's property. (Let me make it clear that I'm not commenting on the dispute about Juris, instead I'm extending the argument Love makes). >FOIA is apparently being used to request a free copy of the contents of West's Juris database from the gov't. Apparently the cost of purchasing it from West is considered a barrier, and FOIA is being used to get it cheaper. [The general issue of whether the gov't should make judicial opinions available through channels other than West is more complex, but the FOIA approach tries to bypass those issues] The main issue is this: something like the juris database could be used to circumvent FOIA by a company making an agreement with the government along the lines of: "We won't show this information to anyone you don't want us to", and then getting a copyright on information *created by the government*. The fact that the court cases are created by the government is the real issue. Allowing a company to copyright public information is a dangerous precedent. This is different from an FCC taping a movie to make sure it does not exceed the politically correct amount of profanity, nudity and violence because the movie was not created by the government. This is the essential distinction, not how the information is delivered. PGP 2.3 Public key by mail | Richard E. Roda Disclaimer-------------------------------------------------------------- | The opinions expressed above are those of a green alien who spoke to | | me in a vision. They do not necessarily represent the views of NCSU | | or any other person, dead or alive, or of any entity on Earth. | ------------------------------------------------------------------------ Criminals prefer unarmed victims. Oppose gun control. Drug Dealers prefer a monopoly. Support legalization of drugs. ------------------------------ From: rerodd@eos.ncsu.edu (Richard Roda) Date: Sun, 16 Jan 1994 19:32:20 GMT Subject: Re: INMAC using mailing list derived from internet materials Organization: North Carolina State University, Project Eos paul@vix.com (Paul A Vixie) writes: >my overall goal is to see to it that "commercializing the internet" does not translate to "bombarding people with electronic and physical junk mail since all of their name and address information is so easy to find." if we don't draw a line in the sand and vigorously enforce a non-junkmail culture, we will shortly see a time when "netfind" and other tools no longer operate because noone will give out any information about their users. The fact that a company should use freely available information should come as no surprise; I am surprised it took the companies this long to realise that information was out on the Internet free for the asking. The problem is that once such information is avaliable, there is really nothing you can do about it. I would be against any legal or net.cop type mentality for dealing with this "problem". Simply contacting the company and letting them know that you don't want the product should be sufficent. If everyone on the internet contacts companies that send them stuff, then the companies will catch on that using the Internet for address informaton is not profitable. Personally I've never seen "junk mail" as a big enough deal to make more rules about. Remember, that if such rules are made they will have the side effect of reducing freedom of action in the internet, and the mild benefit of reducing junk mail is not worth violating the principle that the internet is a free place to share information. PGP 2.3 Public key by mail | Richard E. Roda Disclaimer-------------------------------------------------------------- | The opinions expressed above are those of a green alien who spoke to | | me in a vision. They do not necessarily represent the views of NCSU | | or any other person, dead or alive, or of any entity on Earth. | ------------------------------------------------------------------------ Criminals prefer unarmed victims. Oppose gun control. Drug Dealers prefer a monopoly. Support legalization of drugs. ------------------------------ End of Computer Privacy Digest V4 #019 ****************************** .