Date: Thu, 14 Apr 94 18:40:04 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#052 Computer Privacy Digest Thu, 14 Apr 94 Volume 4 : Issue: 052 Today's Topics: Moderator: Leonard P. Levine ***Help*** Regulation E and Banking Internet Surfers K-12 Schools & SSNs Backfinger Program from FAQ Every Move You Make...I'll Be Watching You K12 Personal Security Re: Computer Databases of Information Re: Getting Social-Security Numbers Re: Let your Fingers do the Walking on the Internet Re: SSN#: How Could Someone Find Out Mine Re: Credit check only with Permission Granted Re: Let your Fingers do the Walking on the Internet Re: Credit Check only with Permission Granted Re: Neat Tricks! Re: Neat Tricks! Re: Neat Tricks! Re: CNID vs. ANI Re: CNID vs. ANI Re: Telemarketing The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: darlene.r.huber@uwrf.edu Date: 12 Apr 1994 16:22:49 -0500 (CDT) Subject: ***Help*** Regulation E and Banking Organization: University of Wisconsin - River Falls I am trying to find information on Regulation E this has to do with the Banking Industry. Do you know what year it came into effect or where to find info on this. Many libraries do not have info on this subject. Any help would be great my paper is due Friday. Thanks! -- DARLENE.R.HUBER@UWRF.EDU ------------------------------ From: ids0179@ucssun1.sdsu.edu (Brian Abernethy) Date: 13 Apr 1994 00:03:33 GMT Subject: Internet Surfers Organization: San Diego State University Computing Services Hey all you internet surfers! I am a student in San Diego, CA that is conducting a survey on how internet use affects society. Please, please, PLEASE help me through this research project by answering 15 easy questions. When you are done, please leave your initials and internet address for research purposes. Thanks! 1. On the average, how much time do you spend on the Internet? 2. On what forums do you hang out? 3. What kind of information do you seek out on the "net"? 4. Do you feel that the info you get from the net gives you an advantage over colleagues who do not have net access? 5. If so, why? 6. Has being on the net informed you about the issues/topics that you previously knew little about? 7. If so, what were these issues/topics and how do you use them? 8. Approximately, how much time/money do you spend subscribing to the net? 9. Do you read newspapers? Daily? Weekly? Whenever you can? 10. If so, which ones? 11. What do you look for when you read a newspaper? 12. Do you watch t.v. newscasts? How often? 13. Afterwards, do you feel properly or adequately informed on the world's happenings? 14. What does having access to the "net" mean to you? 15. Do you find that the information you get from the net applies to your life? Again, thanks for your participation. Don't forget to leave your name and internet address. [Moderator: This, after all is a board concerned with Privacy. Any user who wants to respond to this and maintain privacy can send the response to comp-privacy-request@uwm.edu and I will forward the information anonymously.] ------------------------------ From: glr@rci.ripco.com (Glen Roberts) Date: 13 Apr 1994 15:55:52 GMT Subject: K-12 Schools & SSNs Organization: RCI, Chicago, IL Please contact me, if your school (K-12) has asked for your kid social security numbers. Whether this is a regular part of the registration process, or a special request. This would be a request by the School, not auxiliary programs, such as the federal or state government, relative to a free or subsidized lunch program. If, you have it available, please include the School's address and name of the superintendent or principal. Did you supply the social security numbers? Did they threaten you if you refused? Did the application form have a Privacy Act notice on it? -- Glen L. Roberts, author, How To Spy On Anyone Without Getting Caught Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central) Box 734, Antioch, Illinois 60002. Fax: (708) 838-0316 Call the Surveillance Hotline: (708) 356-9646 ------------------------------ From: kyrouz@student.umass.edu (Bill Kyrouz) Date: 13 Apr 1994 13:38:51 -0400 Subject: Backfinger Program from FAQ Organization: University of Massachusetts, Amherst (forgive me if this is slightly off topic but...) I've ftp'd the backfinger file from quartz.rutgers.edu mentioned in this newsgroup's FAQ, de-compiled and de-tar'd it and all, but the instructions are not for the UNIX-impaired. Could someone fill me in on exactly what I have to do to get this thing going? I don't want to tinker too much with it for fear of screwing something up in my account... -- William J. Kyrouz III CASIAC Student Coordinator, University of Massachusetts at Amherst ------------------------------ From: "Paul W. Robinson" Date: 14 Apr 1994 02:43:17 -0400 (EDT) Subject: Every Move You Make...I'll Be Watching You "Paul W. Robinson" stated: Here's something which might be of interest to you. A large Educational Instuitution's computer is watching everything sent in newsgroups and possibly in some mailing lists. I am using a modified address of PAULW@TDR.COM instead of PAUL because that computer has already sent me a message to PAUL@TDR.COM. I want to try to see what it does this time. In one list I mentioned that the Massachusetts Institute of Technology (you know what the 3 letter abbreviation is) has a system that collects E-Mail addresses of people who post to newsgroups. That site used to be called "pit-manager". I am writing this message in this way to see what happens. Apparently, any time one of the Institute's computers sees a reference to "pit-manager" it mails a message to the sender telling them that the site was changed to the address "rtfm". I am not referencing the internet address that ends in .EDU here for that educational Institution because I want to see if the Massachusetts Institute of Technology's computer is checking based upon someone using the name "pit-manager" or is it because of reference to the Institute's domain name with that term used within the message? I don't know if a program that is sending out messages based on it scanning the contents of messages that it saw is a good idea. Consider a program that checked for spelling errors and criticized people who misspelled words by telling them of all the words they misspelled. (Considering how bad some people's writing is, that might not be a bad idea.) This sort of practice could be prostituted into to all sorts of interesting political correctness tactics by having automated programs that watch for comments someone doesn't like and mailing the writer complaints. --- Paul Robinson - Paul@TDR.COM ------------------------------ From: turet@u.washington.edu (Philip Turet) Date: 14 Apr 1994 18:50:23 GMT Subject: K12 Personal Security Organization: University of Washington, Seattle Dear Netters: I recently have become involved in a project to implement Internet feeds to some elementary/high schools. Actually, they already have the feeds and the hardware, we're putting together a science/math curriculum, also using Mosaic. I recently (re-)started looking at the k12 newsgroups, which I haven't done in a few years, since my kids were small. It struck me that there could be a possibility for abuse of the system, for example in the 'chat' or 'pen-pals' groups and access to names/addresses/phone #'s by those with less than salutory intentions. Does anyone else have any thoughts or experiences with this, and is this an appropriate newgroup for this discussion? I hope I'm simply being parental (fatherly) and not paranoid. I would like something like this to be a long thread, since I want to explore this aspect of things before we just go head-long into the network with the little kids and expose them to potential problems later on. --Phil Turet >> turet@pmel.noaa.gov ------------------------------ From: fielden@rintintin.Colorado.EDU (jeanette fielden) Date: 12 Apr 1994 18:28:44 GMT Subject: Re: Computer Databases of Information Organization: University of Colorado, Boulder I also seem to remember that there was a way to find out if someone owned property in a given state through LEXIS or NEXUS. Anyone know if this is true? Does anyone know if this is actually true. I know you can get such info by going to court houses or wherever deeds are recorded. Other databases of info -- voter registration records, DMV records in most states many universities sell lists of students w majors and grad dates A number of universities are starting to use debit cards and smart cards to track student buying habits and reselling info to marketers. it all just mkes me shudder. ------------------------------ From: fielden@rintintin.Colorado.EDU (jeanette fielden) Date: 12 Apr 1994 18:31:29 GMT Subject: Re: Getting Social-Security Numbers Organization: University of Colorado, Boulder John A. Thomas wrote: Tony Austin wonders how easy it would be to get ones' social-security number. Pretty east, actually. First, it is indeed on your credit report. Second, many governmental agencies ask for it for documents that will become public records. In Texas, for example, it is requested for voter-registration certificates (first place I go if backgrounding someone), divorce petitions, and probate applications (both the applicant and the deceased!). I understand some states use the SSN as a driver's license number. As of Septemeber Texas now requires you to have your social security card(you must have the actual card) in order to replace, renew or get a driver's license. ------------------------------ From: kec@stubbs.ucop.edu Date: 13 Apr 94 09:34:58 PDT Subject: Re: Let your Fingers do the Walking on the Internet Organization: University of California, Berkeley writes: Some people seem to have gotten upset over the collection of E-Mail addresses for advertising. Now, here, someone has generally collected everyone's address off public messages, and published them in a book that is sold over the counter in a computer store. I wonder how people feel about this issue. I feel about it the same way I feel about the phone company selling my phone number, and the magazine companies selling my name and address: I didn't agree to it. When I give someone my address so that they can send me something, I am not giving them the right to give or sell that address to anyone else for any other purpose. Yet, the current assumption in our world is that information about who you are and where you can be reached is public unless otherwise protected (medical info, SSNs in some instances). I think that my name, address, phone number and email are *mine* for *me* to use, to give out, etc. Posting on a news group should not result in your email address becoming a commodity! Karen Coyle CPSR/Berkeley ------------------------------ From: pmacghee@motown.ge.com (Peter F. MacGhee, x 2266) Date: 13 Apr 1994 18:01:57 GMT Subject: Re: SSN#: How Could Someone Find Out Mine Organization: Martin Marietta Corp, Moorestown NJ austin@netcom.com (Tony Austin) wrote: I read the SSN# FAQ and it was a wonderfully written article. What I can't understand is how an individual, like a detective or such, could find out what my SSN# is. Is my SSN# so vulnerable that someone could do a credit check on me and find out what my SSN# is? Yes, they could. I've seen credit reports run without SSN's before. Cross reference with name, address, phone, age, or employment, and pickup the person's SSN off the report. --- Pete MacGhee Jr. pmacghee@motown.ge.com ------------------------------ From: johnl@iecc.com (John R Levine) Date: 13 Apr 94 23:33 EDT Subject: Re: Credit check only with Permission Granted Organization: I.E.C.C., Cambridge, Mass. I called TRW in Orange County, California today. I asked how safe my credit information and social security number is. They told me that noone can look at your credit report unless you grant them permission. This is a swell theory. Unfortunately, the practice seems to be that TRW (and any other credit bureau) will provide any of their credit reports to any of their clients, on the impressively optimistic theory that no client would dream of asking for your report if you hadn't already granted them permission to do so. If you feel like it, call TRW back and ask what they do to verify that the people to whom they provide a report do in fact have permission to request it. Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ From: kbarger@ACC.HAVERFORD.EDU (Kyle Barger) Date: 14 Apr 1994 14:17:07 -0400 Subject: Re: Let your Fingers do the Walking on the Internet Organization: Haverford College Academic Computing Paul Robinson wrote: Apparently the compiler of the book collected some 100,000 people's names and printed them up. This book is fairly recent but not that much. As with most people, I looked myself up. While it does have my address on access.net and MCI Mail, it does not have my address here on TDR.COM, which implies that it stopped collecting before I started using it almost exclusively, which would be before December 5, 1993, which is when the TDR.COM domain is listed as last updated via WHOIS. I was very interested to finally see this book in print. Several months ago I saw a notice from the author (forget his name), saying that he had collected *demographic information* about people, along with their email addresses. So I immediately emailed him and asked for a copy of any information he had on me. He wrote back within a day saying he would be happy to send it to me, but was busy and it would be a few days before he could get to it. I never heard from him again via email, but a week later he posted a second note saying that he had taken so much flak for this project that he decided to chop out all the demographic info and just do a listing of email addresses. Presumably he still has all this "extra" information, even though he didn't publish it. I wonder what he plans to do with it? -- Kyle Barger Haverford College kbarger@haverford.edu Academic Computing ------------------------------ From: cntrspy@netcom.com (Executive Protection Assoc) Date: 13 Apr 1994 01:30:59 GMT Subject: Re: Credit Check only with Permission Granted Organization: NETCOM On-line Communication Services (408 241-9760 guest) Tony Austin (austin@netcom.com) wrote: I called TRW in Orange County, California today. I asked how safe my credit information and social security number is. They told me that noone can look at your credit report unless you grant them permission. A fine and a civil lawsuit was mentioned as well. Subsequently I feel a lot safer. Is this a false feeling of security? Yes credit info is confidential and not available without a release but there is a loophole called "credit header" information that is NOT regulated and includes name, ssn, most recent address, most recent employers and sometimes other "lifestyle" information. Don't kid yourself, I have also heard of places that can run a check and not leave a "fingerprint" on your record... Scary stuff... -- Chris Hall Operations Director Executive Protection Associates, Inc. ------------------------------ From: lvc@cbvox1.att.com Date: 12 Apr 94 14:37:49 EDT Subject: Re: Neat Tricks! Organization: Idaho City University glr@rci.ripco.com (Glen Roberts) writes: Well, my delight in phoning the back to express my displeasure with them, quickly turned to frustration! Try it... 1-312-670-4113. It won't cost you anything. The familiar reorder tones followed by the number 670-4113 "is not in service for incoming calls!" The ultimate Caller-ID block. This is done for pay phones, prisoner phones, among others. I found out what the phone number for a prisoner phone was and out of curiosity called it. The prisoner phone didn't have reorder tones play back, just some strange "equipment test" message. This was for a New Jersey prison which served as a beta site for a product I worked on, although the prisoners didn't know it ... -- Larry Cipriani lawrence.v.cipriani@att.com or attmail!lcipriani "Singapore scientists discover new treatment for attention deficit disorder." -- USA Today ------------------------------ From: kyrouz@student.umass.edu (Bill Kyrouz) Date: 12 Apr 1994 19:13:10 -0400 Subject: Re: Neat Tricks! Organization: University of Massachusetts, Amherst Glen Roberts wrote: PROTECT YOURSELF WITH THE CHICAGO TRIBUNE'S TELEMARKETING TRICK the irritating telemarketing call comes in... it's the middle of dinner and some lady wants to know if we get the Chicago Tribune... I tell them, just when it comes free a couple times a week... well, my delight in phoning the back to express my displeasure with them, quickly turned to frustration! Try it... 1-312-670-4113. It won't cost you anything. The familiar reorder tones followed by the number 670-4113 "is not in service for incoming calls!" The ultimate Caller-ID block. As a former telemarkter, I can tell you the cause; WATTS lines. Most telemarketing operations have them to be better equiped to handle making thousands of calls an hour. The trick is they don't allow inbound calls. The telemarketing firm I worked for even went as far to have a line that by-passed the local phone company, giving an extra second or two each time a call was made. -- William J. Kyrouz III kyrouz@student.umass.edu or wkyrouz@nyx.cs.du.edu CASIAC Student Coordinator, University of Massachusetts at Amherst ------------------------------ From: wbe@psr.com (Winston Edmond) Date: 14 Apr 1994 20:30:10 GMT Subject: Re: Neat Tricks! Organization: Panther Software and Research glr@rci.ripco.com (Glen Roberts) wrote: Yet, if I dial "10288356-9646" it comes in as out of area 10-288 is simply the AT&T access code. 10-222 is MCI's access number, and other 10xxx numbers use other long distance companies. The trick of using a LD carrier to defeat Caller ID will stop working at some point since the FCC has now approved interstate passing of Caller ID information. -WBE ------------------------------ From: lvc@cbvox1.att.com Date: 12 Apr 94 14:54:46 EDT Subject: Re: CNID vs. ANI Organization: Idaho City University gibbs@husc4.harvard.edu (James Gibbs) writes: And if you don't want your phone number to be given by ANI to the owner of an 800 number, call the operator and ask him/her to dial the 800-number for you. They can still get your number, but they probably won't go through the extra hassle to get it. Call from a pay phone... It is my understanding that 800 lines are actually an aliasing scheme for regular (non-800 area code) numbers. The aliasing can depend on time of day, originating phone number, among other things. There is not necessarily a one-to-one mapping between 800 numbers and regular numbers. If you can discover the regular number associated with an 800 number and dial that instead, does that deny the ANI information to the 800 supplier? I believe that is correct. Is it possible to find out what non-800 number is associated with an 800 line? Not unless you know someone who can dig it up at a phone company. A guy I know found out the non-800 number for ticket sales to a Rolling Stones concert by calling a friend at a phone company. He got though on the non-800 number but not the 800 number. This worked because the 800 numbers also go though different network controls than regular numbers. -- Larry Cipriani lawrence.v.cipriani@att.com or attmail!lcipriani "Singapore scientists discover new treatment for attention deficit disorder." -- USA Today ------------------------------ From: johnl@iecc.com (John R Levine) Date: 14 Apr 94 00:07 EDT Subject: Re: CNID vs. ANI Organization: I.E.C.C., Cambridge, Mass. It is my understanding that 800 lines are actually an aliasing scheme for regular (non-800 area code) numbers. Sometimes yes, sometimes no. Low volume 800 numbers are forwarded to regular phone numbers. High volume 800 numbers are more often delivered on high-volume trunks connected directly from the long distance company to the customer. Those high volume lines are the ones most likely to get real-time ANI. If you can discover the regular number associated with an 800 number and dial that instead, does that deny the ANI information to the 800 supplier? Maybe. There are some regular phone numbers that get ANI. Speedway, a low-cost Internet provider in Oregon, has direct trunks from AT&T for their modem phone number 503-520-2222. AT&T pays them a per-minute amount for incoming calls, which lets Speedway provide their service at no charge above the cost of the phone call. (On a normal connection, AT&T would pay the per-minute amount to the local telephone company in that area to complete the call.) Speedway makes no secret of the fact that they get and record the ANI on incoming AT&T calls. If you call other than via AT&T, you get a busy signal, so there's no way to call them without them getting ANI. Regards, John Levine, johnl@iecc.com, jlevine@delphi.com, 1037498@mcimail.com ------------------------------ From: seth@wucs1.wustl.edu (Seth Golub) Date: 13 Apr 1994 14:26:07 GMT Subject: Re: Telemarketing Organization: Washington University, St. Louis MO Chris Call 908-946-1133 (rccall@babel.ho.att.com) wrote:There are laws governing the behavior of telemarketers; in particular, there was a discussion of a law that requires telemarketers to supply their company name and address, and to remove people from their mailing list if they have called those people twice and the people ask to be "de-listed." But what do you do when the telemarketer is just a recorded message? -- Seth Golub seth@cs.wustl.edu seth@hilco.com ------------------------------ End of Computer Privacy Digest V4 #052 ****************************** .