Date: Sat, 16 Apr 94 08:18:41 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#053 Computer Privacy Digest Sat, 16 Apr 94 Volume 4 : Issue: 053 Today's Topics: Moderator: Leonard P. Levine Re: Credit check only with Permission Granted Re: Credit check only with Permission Granted Re: Credit Check only with Permission Granted Re: Let your Fingers do the Walking on the Internet Re: Let your Fingers do the Walking on the Internet Re: Let your Fingers do the Walking on the Internet Re: Let your Fingers do the Walking on the Internet Re: K12 Personal Security FCC Issues Decision on Caller ID (Finally) Medical Privacy Bill Introduced in Congress The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: glr@rci.ripco.com (Glen Roberts) Date: 15 Apr 1994 01:29:20 GMT Subject: Re: Credit check only with Permission Granted Organization: RCI, Chicago, IL Tony Austin (austin@netcom.com) wrote: I called TRW in Orange County, California today. I asked how safe my credit information and social security number is. They told me that noone can look at your credit report unless you grant them permission. You asked the wrong question. Ask them what information they collect about you, and of that information what is protected by law, and what they sell. You name, address, social security number, spouse, date of birth, possibly income and other information WILL BE SOLD TO ANYONE FOR ANY REASON. They consider ONLY your payment history to be protected by the Fair Credit Reporting Act. -- Glen L. Roberts, author, How To Spy On Anyone Without Getting Caught Host Full Disclosure Live (WWCR 5,810 khz - Sundays 7pm central) Box 734, Antioch, Illinois 60002. Fax: (708) 838-0316 Call the Surveillance Hotline: (708) 356-9646 ------------------------------ From: jgreene@nyx10.cs.du.edu (Justin Greene) Date: 15 Apr 94 17:54:20 GMT Subject: Re: Credit check only with Permission Granted Organization: Nyx, Public Access Unix at U. of Denver Math/CS dept. Tony Austin wrote: A fine and a civil lawsuit was mentioned as well. Subsequently I feel a lot safer. Is this a false feeling of security? YES -- Justin Greene Finger for PGP 2.x public key ------------------------------ From: poivre@netcom.com (Poivre) Date: 16 Apr 1994 04:28:07 GMT Subject: Re: Credit Check only with Permission Granted Organization: NETCOM On-line Communication Services (408 241-9760 guest) Executive Protection Assoc (cntrspy@netcom.com) wrote: Yes credit info is confidential and not available without a release but there is a loophole called "credit header" information that is NOT regulated and includes name, ssn, most recent address, most recent employers and sometimes other "lifestyle" information. Hmmm, how about companies that do checks on people without their permission to see if they can be good potential customers?? I also got a copy of my own credit file and i saw that some companies have looked at me. Heh, i found out that Citibank Gold card looked at me but i guess they didn't like me since i didn't get any preapproved invitations from them :( . Don't kid yourself, I have also heard of places that can run a check and not leave a "fingerprint" on your record... Yes, and there are smaller credit bureaus who don't adhere to the same strict guidelines that the "big 3" do and let just about anyone with the money look at you. Scary stuff... Indeed!! -- poivre@netcom.com : #include lychees@marble.bu.edu : ------------------------------ From: mea@intgp1.att.com (Mark E Anderson +1 708 979 4716) Date: 15 Apr 94 00:39:00 GMT Subject: Re: Let your Fingers do the Walking on the Internet kbarger@ACC.HAVERFORD.EDU (Kyle Barger) stated: I was very interested to finally see this book in print. It would also be kind of interesting to see someone scan all of this information and post it electronically in the public domain. I wonder what kind of copywrite protection he has on the information he took? Also, there probably wouldn't be a way for him to sue since by making some additions to the list, the two lists would not be the same and whose to say someone else couldn't do the same thing. I think this list would be very hard to copyright leaving the door open for anyone to publish a competing book. from a privacy perspective, I have no objections to this kind of data collection. You have to realize that anything you do on the net can be monitored by someone. That's just a fact of the net. I protect my privacy by keeping informed of the subject as much as possible. Knowledge is the greatest asset against any adversity. Mark Anderson mea@intgp1.att.com ------------------------------ From: stanwong@kaiwan.com (Stan Wong) Date: 14 Apr 1994 20:19:51 -0700 Subject: Re: Let your Fingers do the Walking on the Internet Organization: KAIWAN Internet (310/527-4279,818/756-0180,714/741-2920) Paul Robinson wrote: Some people seem to have gotten upset over the collection of E-Mail addresses for advertising. Now, here, someone has generally collected everyone's address off public messages, and published them in a book that is sold over the counter in a computer store. I wonder how people feel about this issue. I don't like it. At least the phone company gives me the option of being listed, or not, in the public telephone directory as well as the street directory listing. I don't equate my email address to my street address. It's more like my telephone number. It's another way for someone to access me (albeit on a non-interrupt basis). Currently I use email as a means of focused communication among a group of people with whom I want to exchange information. I don't want to get the equivalent of electronic junk mail. It's only annoying in the time that I would have to spend weeding through the stuff. Here's some questions to think about: What do you think about the practice? Is it right or wrong and why? Does this impact people's security? Are there risks involved if your E-Mail address becomes well known or if it is misprinted in a published "white pages"? Are there other considerations to think about? As far as I can tell there's nothing illegal about this. It may be borderline unethical since the other and others are making a buck with this information (of course, I suppose it's much like selling mailing lists). Clever idea, though. -- Stan Wong | Current Email : stanwong@kaiwan.com | Space for rent. Permanent Email : s.wong@ieee.org | ------------------------------ From: andy@autodesk.com (Andrew Purshottam) Date: 15 Apr 1994 21:14:28 GMT Subject: Re: Let your Fingers do the Walking on the Internet Organization: Autodesk Inc. When your usenet posting flows though _my_ computer, I'll do what I like with the info. Trying to regulate this will only give us ridiculous laws like th swedish data protection act discussed recently. If you want privacy in a usenet posting, use an anonmous posting technology, or get a provider that supposrts handles. -- Andrew V. Purshottam /\ | andy@autodesk.com ...!fernwood!acad!andy Autodesk, Inc. //\\ | (415)289-4423 FAX (415) 331-8093 2320 Marinship Way ///\\\ | Sausalito CA 94965 "The views expressed are those of the speaker." ------------------------------ From: higgins@dorsai.dorsai.org (John Higgins) Date: 16 Apr 1994 00:29:02 GMT Subject: Re: Let your Fingers do the Walking on the Internet Organization: The Dorsai Embassy, New York, NY God love Mr. White Pages for being innovative. What's the big deal? The info's floating around out there. I have a .sig, so I like to advertise. -- John M. Higgins higgins@dorsai.dorsai.org Multichannel News CIS:75266,3353 FINGER broken, V)212-887-8390/F)212-887-8384 E-mail me for the Cable Regulation Digest ------------------------------ From: poivre@netcom.com (Poivre) Date: 16 Apr 1994 04:41:32 GMT Subject: Re: K12 Personal Security Organization: NETCOM On-line Communication Services (408 241-9760 guest) Just tell the kids not to give out their physical address/phone numbers. The FAQs on the k12 newsgroups cover this. -- poivre@netcom.com : #include lychees@marble.bu.edu : ------------------------------ From: "Prof. L. P. Levine" Date: 15 Apr 1994 20:15:27 -0500 (CDT) Subject: FCC Issues Decision on Caller ID (Finally) Organization: University of Wisconsin-Milwaukee Taken from the CPSR Alert 3.06: After three years of deliberation, the FCC in April finally issued its rules on Caller Number Identification. The FCC mandated that telephone companies that use Signaling System 7 offer Caller ID for interstate calls and that interstate carriers carry the signals at no charge. The FCC ruled that telephone companies provide free per call blocking for interstate calls, preempting the decisions of over 30 states public utility commissions, many of which have opted for greater privacy protections. It adopted a controversial brief by the Department of Justice brief, which decided that Caller ID does not violate the Electronic Communications Privacy Act prohibition of "Trap and Trace Devices," which capture the numbers of incoming telephone calls. Previously, the Congressional Research Service and several states found that Caller ID was a trap and trace device. The FCC rules also require that users of ANI services, such as 800 and 900 number services, which do not currently have a blocking capability, obtain consent from callers before passing on the information. Telephone companies must institute public education campaigns about ANI and Caller ID. A copy of CPSR and the US Privacy Council's brief to the FCC and other materials from CPSR on Caller ID are available at the CPSR Internet Library. ------------------------------ From: "Prof. L. P. Levine" Date: 15 Apr 1994 20:15:27 -0500 (CDT) Subject: Medical Privacy Bill Introduced in Congress Organization: University of Wisconsin-Milwaukee Taken from the CPSR Alert 3.06: Congressmen Gary Condit (D-CA), has introduced a comprehensive bill protecting the privacy of medical records in the House of Representatives. HR 4077, the Fair Health Information Practices Act of 1994, is a free standing bill but is intended to be an amendment to HR 3600, the Clinton Administration's health reform bill and other bills currently pending in Congress. The bill creates fair information practices for the collection and use of personal medical information. It mandates that holders of health information keep that information confidential unless there is authorization for its release by the patient or other limited exceptions. Each person who obtains private medical information becomes a trustee. Patients will also have the right to access, and correct their own personal files. The bill also creates criminal and civil penalties for improper access or disclosure of records. For criminal access, penalties are up to a $250,000 fine and 10 years in jail. Civil penalties are available against any private company, individual or state or local government for damages, including punitive damages in some cases, and attorney fees. One area that has caused some concern is the law enforcement access to medical records. As currently written the bill allows law enforcement access to patient records with only a written certification by a supervisor that access is being obtained for a lawful purpose. Privacy advocates are concerned that a low threshold for obtaining records will encourage "fishing expeditions" for information by law enforcement officials. HR 4077 was also cosponsored by John Conyers (D-MI) and Maria Velazquez (D-NY). Congressional hearings will be held on April 20, 27 and 28. CPSR has been asked to testify on April 28. HR 4077 and supporting materials are available from the CPSR Internet Library. (See below for details). HR 4077. Fair Health Information Practices of 1994 /cpsr/privacy/medical/ hr4077 - text of bill hr4077.faq - Frequently Asked Questions hr4077.int - Questions and Answers hr4077.pr - Press Release hr4077.sum - Summary Transcripts of the CFP94 panel "Who holds the Keys?" and Bruce Sterling's Speech /privacy/crypto/cfp94_who_holds_keys_discussion.txt /privacy/crpyto/cfp94_sterling.txt The CPSR Internet Library is a free service available via FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from Privacy International, the Taxpayers Assets Project and the Cypherpunks are also archived. For more information, contact ftp-admin@cpsr.org. ------------------------------ End of Computer Privacy Digest V4 #053 ****************************** .