Date: Mon, 07 Feb 94 15:43:41 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#027 Computer Privacy Digest Mon, 07 Feb 94 Volume 4 : Issue: 027 Today's Topics: Moderator: Leonard P. Levine Re: SSN on Payroll Checks Re: SSN on Payroll Checks Re: SSN on Payroll Checks Re: SSN on Payroll Checks SSN on Payroll Checks Re: SSN other concerns WIRED Magazine Report Re: Electronic Cross-Checking Re: INMAC and lists for sale Winter Consumer Electronics Show Keynote Speech The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: close@lunch.asd.sgi.com (Diane Barlow Close) Date: 3 Feb 1994 20:57:52 GMT Subject: Re: SSN on Payroll Checks Organization: Self employed, eh. Todd Jonz writes: With an account number and the last four digits of the account holder's SSN, Bank of America provides an automated telphone account inquiry service via which you can get detailed information about his account balance, recent deposit amounts, cleared check number and amounts, etc. I wonder if one can request that this "service" *not* be provided for a specified account? Yes, and I was instrumental in getting this "service" replaced/refined. After my husband's SSN was usurped by unscrupulous individuals who used it to obtain credit cards and defraud banks of over $25,000 I went to B of A about providing further protection for our bank accounts. In conjunction with Don Owen, Senior Vice President and Manager of Item Processing at the Glendale, CA main office, we developed a password system and a SSN lockout system that bank customers can use on their accounts instead of the SSN. What you do is request that your account be locked out of the automatic-phone-in system. Now you'll have to go through a live operator to get any information on your account. An inconvenience, but worth it, imho. Next, get a password assigned to your account (you choose it). >From now on the phone-teller will as for you password instead of your SSN. Usually she also asks for some other collaborative ID, like account activity stuff. I was very happy with this solution to a sensitive problem and to B of A's response. Mr. Owen also instituted a random call-in check of the system to make SURE that tellers follow the correct procedures and don't rely on the SSN for identification. Just FYI, I eventually left banking at B of A for other reasons. I must say that they did take my security and privacy concerns very seriously and it was most rewarding to be involved in the planning and implementation of a more secure process. It seems that private citizens CAN make a difference, at least some of the time! -- Diane Barlow Close close@lunch.asd.sgi.com I'm at lunch today. :-) ------------------------------ From: news@zeus.aix.calpoly.edu Date: Thu, 3 Feb 94 21:08:55 GMT Subject: Re: SSN on Payroll Checks Organization: California Polytechnic State University, San Luis Obispo P. B. Hutson. (poivre@netcom.com) wrote: I mean, for such an important number as the SSN is, you'd think people would be more careful with it. Instead, this all important number is so insecure, its laughable. I'd like to get rid of the SSN completely but if society insists on using it, then i'd like to see more security features for the number and tamper-proof must-show cards. I agree with the posters who advocate being more careful with their SSN. But *how*? Can you give us a few options/techniques/etc. when people are being quite demanding about it? -- Vincent J. Abella |"We men of study, whose heads are in (vabella@oboe.aix.calpoly.edu) | our books, have need to be straitly Cal Poly, San Luis Obispo, CA | looked after! We dream in our waking | moments, and walk in our sleep." ------------------------------ From: rick@CRICK.SSCTR.BCM.TMC.EDU (Richard H. Miller) Date: Fri, 4 Feb 1994 16:40:16 -0600 Subject: Re: SSN on Payroll Checks On 30 Jan 1994 poivre@netcom.com (P. B. Hutson.) wrote: John R Levine (johnl@iecc.com) wrote: The basic problem is that far too many organizations assume that anyone who presents your name and SSN must be you, making it easy to impersonate you for credit theft and other fraudulent purposes. This is very true. Think of the last time someone who needed your SSN required you to show them the card to prove its really yours. The only people who wants to see the cards are employers and gov't welfare agencies. When you apply for credit cards, open bank accounts, rent an apartment, get utilities, etc etc etc, they never ask to see the card so its easy for the bad guys to impersonate you. Actually, some mortgage companies require the original card when you apply for a mortage. (Not all, ours did not) but many of the FAQ types of guides warn people to make sure they have the original gov't issued card when applying. Also, to get back to the origan of this thread; the person who started this thread was asking if there was any way to not have his SSN printed on his paycheck. Since then the thread has diverged but no-one has addressed his question. In my opinion, the appearance of his SSN or his paycheck is one case where there should be no question about its use. Since the SSN number is the taxpayer ID number, it should appear on the check as a sanity check and a verification that his earnings would be reported under the correct ID. By the same token, ADP would have to know his SSN since they would be reporting his earnings to both the IRS and SSA (as well as any local and state agencies) This is also why it is required for interest bearing accounts, mortgages and other entities which can generate tax events. -- Richard H. Miller Email: rick@bcm.tmc.edu Asst. Dir. for Technical Support Voice: (713)798-3532 Baylor College of Medicine US Mail: One Baylor Plaza, 302H Houston, Texas 77030 ------------------------------ From: palbert@netcom.com (Phil Albert) Date: Sat, 5 Feb 1994 03:42:46 GMT Subject: Re: SSN on Payroll Checks Organization: Disorganized tcj@netcom.com (Todd Jonz) writes: With an account number and the last four digits of the account holder's SSN, Bank of America provides an automated telphone account inquiry service via which you can get detailed information about his account balance, recent deposit amounts, cleared check number and amounts, etc. Joe's pay stub or direct deposit notification contains all of the information required to make the telephone robot spill its guts. Until very recently, this information also appeared on BofA's ATM receipts as well. I wonder if one can request that this "service" *not* be provided for a specified account? With Great Western (California), you can ask that the service be turned off. Kudos to Wells Fargo: they will assign you a PIN for telephone inquiries. For either bank, you have to ask. -- Phil Albert, full-time patent attorney and philosopher, part-time car thief Voicenet: (415) 543-9600 bizcardnet: Townsend & Townsend Internet: palbert@netcom.com or palbert@cco.caltech.edu ICBMnet: 37 53 00 N, 122 17 30 W, Alt 760' ------------------------------ From: bj@herbison.com (B.J. Herbison) Date: Sun, 06 Feb 1994 21:07:27 EST Subject: SSN on Payroll Checks Organization: Herbison Consulting, Leominster, MA 01453-523218 +1 508 534-1050 In article rerodd@eos.ncsu.edu writes: I am not a lawyer, but sometimes I play one on the Internet :-). Isn't it true that if the credit report is not true and you are able to prove it is not true that you could sue for liable or commercial slander? In general that isn't true. Credit reporting bureaus have some protection because they don't generate the information, they just `report what they are told'. They also have some explicit protection in U.S. Federal law. It is very hard to sue a credit agency, although I have heard more talk about trying to change this in the last few years. --- B.J. Herbison Herbison Consulting Another Asylum bj@herbison.com +1 508 534-1050 18 Drummer Lane 42 29 30 N / 071 44 10 W Leominster, MA 01453 USA ------------------------------ From: kfl@access.digex.net (Keith F. Lynch) Date: 3 Feb 1994 21:11:21 -0500 Subject: Re: SSN other concerns Organization: Express Access Public Access UNIX, Greenbelt, Maryland USA David Finan wrote: He stated that there is a new requirement from the Fed health folks (i can give dept names but this is being done on the fly) that ALL blood doners MUST provide the blood bank with the SSN or their blood won't be taken. I donated blood today, and left the SSN field on the form blank, as I always do, and nobody hassled me about it. In the past I've been asked if I meant to leave it blank or just overlooked it, but they've never hassled me about it or turned me down. This is at a blood drive run by Fairfax (Virginia) Hospital, not affiliated with the Red Cross. -- Keith Lynch, kfl@access.digex.com f p=2,3:2 s q=1 x "f f=3:2 q:f*f>p!'q s q=p#f" w:q p,?$x\8+1*8 ------------------------------ From: abacard@well.sf.ca.us (Andre Bacard) Date: 4 Feb 1994 11:13:21 -0600 Subject: WIRED Magazine Report Organization: UTexas Mail-to-News Gateway Robert Jacobson and Bernie Cosell have raised interesting questions about a recent article in WIRED magazine -- regarding government actions to track all financial transactions. I've treated this subject from many angles in "A Cash- Free Society: Nirvana or Nightmare?" which is published in the January 1994 issue of HUMANIST magazine -- now on newsstands and in libraries. See you in the future, Andre ------------------------------------------------------- Scientist Andre Bacard authored the book "Hunger for Power: Who Rules the World and How". He writes the "Technology and Society" column in "Humanist" magazine and has been interviewed on hundreds of radio talk shows. He writes a monthly interview column for Computer Professionals for Social Responsibility.) From: Andre Bacard P.O. Box 3009 Stanford, California 94309-3009 abacard@well.sf.ca.us ------------------------------ From: barmar@Think.COM (Barry Margolin) Date: 4 Feb 1994 20:53:00 GMT Subject: Re: Electronic Cross-Checking Organization: Thinking Machines Corporation, Cambridge MA, USA erwin@trwacs.fp.trw.com (Harry Erwin) writes: The IRS is getting into cross-checking of 1099s. I think they've been doing this for years. They've sent me notices a couple of times in the past when their dividend total didn't agree with mine. -- Barry Margolin System Manager, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar ------------------------------ From: dsulit@panix.com (Daniel Sulit) Date: 6 Feb 1994 15:32:57 -0500 Subject: Re: INMAC and lists for sale Organization: PANIX Public Access Internet and Unix, NYC mike@camphq.fidonet.org (Mike Bray) writes: Recently Paul Vixie posted a note about INMAC... today i got three copies of the INMAC catalogue, sent to myself and two others at my address. the others do not live here, but one of them has an account on my internet- connected computer and posts a fair number of netnews articles. Are you sitting down? Get this... from the November 22nd issue of DM News, page 41... PC Operator List Names Electronic Bulletin Users BETHEL, CT -- The new Electronic Bulletin Board Posters/Usenet file is available from . someone had to cross-reference "From:" field information against the NIC's "whois" domain database to get the particular combination of company name, street address, and user full name that was used on this mailing label. Some one? Nah... some program. :) The next step is to cross-reference the names & addresses with the newgroups we post to. Or even the words we use. Subcribe to: rec.toys.lego comp.sys.os2 alt.sex Get junk mail for: Snap-together, OS/2 compatible Orgasmatron. -- Danny Sulit "Giving money and power to government is like giving whiskey and car keys to teen-age boys" -- P.J. O'Rourke ------------------------------ From: "Prof. L. P. Levine" Date: Mon, 7 Feb 1994 15:24:12 -0600 (CST) Subject: Winter Consumer Electronics Show Keynote Speech Organization: University of Wisconsin-Milwaukee This short note is a description of the keynote speech given at the Winter Consumer Electronics Show on Thursday, 6 January 1994 by Robert Kavner, Executive Vice President and Chief Executive Officer for Multimedia Products and Services, AT&T. The entire speech is archived in ftp.cs.uwm.edu and has been placed in file pub/comp-privacy/library/ConsumerShow.keynote. The speech, delivered by a VP at AT$T, deals primarily with the economic and social differnces that will result if one or the other of two main plans for developing the "new network world" is carried out. His talk deals mainly with questions about who will own and control the economics, but deal somewhat with information paths, who controls them, and, through that, privacy considerations. The file is 25,000 bytes long, which I judge is too large for this digest, but some of us might find it of interest. A short quote: "There are two opposing business models for interactive multimedia. One model -- a customer-focused model to which AT&T subscribes -- sees an open access, competitive marketplace that promotes people connecting with people. "A prototype for thinking about this "open access" model is the enormous success generated by today's communications networks. When the new interactive networks enable anybody to reach any content and anyone else, anywhere in the world, it will stimulate a bigger artistic, scientific, and economic revolution for the 21st century than the industrial revolution did for the 20th century. "But there is another business model. "We call it the "gatekeeping" model: a closed access, non-competitive marketplace that looks an awful lot like the model prevailing today in the cable industry." ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of Computer Privacy Digest and Professor of Computer Science | comp.society.privacy. University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu ---------------------------------+----------------------------------------- [Copies of the file can be downloaded by the following procedure. Come in and browse] ftp ftp.cs.uwm.edu (on your system) ftp (answer to login request) your_userid@your_site (answer to password request) cd pub/comp-privacy/library (at ftp prompt) dir (look at what is there) get ConsumerShow.keynote (move document to your filespace) quit (back to your system) In addition to the "library" subdirectory there are other subdirectories named "volume1" - "volume4" that you are free to examine and copy from. If ftp is unavailable or difficult to use, send a request for ConsumerShow.keynote to: comp-privacy-request@uwm.edu ------------------------------ End of Computer Privacy Digest V4 #027 ****************************** .