Date: Tue, 17 May 94 14:32:11 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V4#067 Computer Privacy Digest Tue, 17 May 94 Volume 4 : Issue: 067 Today's Topics: Moderator: Leonard P. Levine Re: UPENN and SSN Re: Credit Check only with Permission Granted Electronic Coupons Re: IRS "Privacy Principles" Article 21 of the Japanese Consitution Telemugging the Constitution ATI(FOI) Act and CAR in Canada The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: John Medeiros <71604.710@CompuServe.COM> Date: 16 May 94 23:46:33 EDT Subject: Re: UPENN and SSN michael.feeley@dscmail.com (Michael Feeley) asked: I...received the Pennflex Confirmation Statement from another PENN employee (a professor in the medical school). This single sheet includes the home address, name (with middle initial), DOB, sex, disability status, and SSN for this man, *AND* the same information for his wife and his two children (as well as his choices for medical, dental, and life insurance coverage). I would appreciate posts or email about said dangers ... That information is sufficient to successfully masquerade as the medical school professor. With it you could obtain his credit reports (available to each of us on ourselves), then you could open new credit accounts (you have all existing accounts listed on the reports), close existing accounts, obtain copies of tax returns,and obtain duplicate driver's license (in those states basing driver's license on social security numbers)(possibly with your picture). There is a great deal more possible with some additional information and depending on the boldness of the individual. Having said that, I also have received similar, but not as revealing requests for verification from insurance companies. ------------------------------ From: nzook@fireant.ma.utexas.edu (Nathan Zook) Date: 17 May 1994 10:51:59 -0500 Subject: Re: Credit Check only with Permission Granted Organization: University Of Texas, Austin Well, folks, here in not-really-so-terribly-liberal-after-all Austin ;-), we test drove at one dealership & purchased at another w/ no credit checks. In both cases, a sales rep was with us. Both did want my d/l #, but neither did anything with it before we drove. (Probably insurance). As for rich kids buying w/ cash, I'm a graduate student, my wife a secretary for the univ, and WE bought a new Tracer w/ cash, so it's not just the rich... Nathan Zook UT Austin, Dept of Mathematics ------------------------------ From: "Prof. L. P. Levine" Date: 16 May 1994 11:13:19 -0500 (CDT) Subject: Electronic Coupons Organization: University of Wisconsin-Milwaukee In the Milwaukee Sentinel's 5/16/94 Monday Business Section is an article about the introduction of electronic coupons in the local Pick and Save stores. Mega Mart Incorporated, the owner, will allow shoppers to wand their VIP Advantage Plus (discount) Cards through a reader as they enter the store and get a list of coupons printed based on their buying history. A representative of Mega Marts indicated that this history would be otherwise used only in a statistical manner and that the consumer's name would never be divulged to an outsider. The representative said that "any customer who signs up for VIP signs their permission to be involved." Representative Marlin D. Schneider (Democrat from Wisconsin Rapids in the State Legislature) indicated that the State might be interested in seeing to it that this privacy becomes a part of state law, rather than just a good idea on the part of Mega Mart. He indicated that "while the guarantees are there today, they could be gone tomorrow." The company could change its policy against selling personal shopping lists if they were offered enough money, or the systems that the information was kept on could be broken into. He was looking for a contract describing this privacy protection. End of newspaper report. My personal take on this is that people will become increasingly upset about their loss of privacy when the system goes into operation. A discount coupon on a bottle of beer, indicating that this is just for you, will be an indication that they are being watched. I think they will know and will care when it hits them. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 ------------------------------ From: milles@fi.gs.com (Stevens Miller) Date: 17 May 1994 13:02:21 GMT Subject: Re: IRS "Privacy Principles" Organization: Fixed Income Division - Goldman, Sachs & Co. "Prof. L. P. Levine" writes: "Employee guide on protecting taxpayers' privacy planned." The gist of the story is that the IRS plans to provide formal rules for protecting personal information about individual taxpayers. Can one assume that the IRS feels the need to put this in writing because of serious problems with employees violating taxpayers privacy and with accepting non-validated information? One might so assume, but I hope one won't without more evidence, because to do so would create a reason for all agencies to be reluctant to codify such things: "Hey boss, shouldn't we, you know, have some written guidelines or something about protecting peoples rights and stuff?" "Good idea, but it'll look like we're admitting something; forget it." --- Stevens R. Miller |"I think that, as a litigant, I should (212) 227-1594 | dread the prospect of a lawsuit worse sharp@echonyc.com | than any other." New York, New York | - Judge Learned Hand ------------------------------ From: mech@eff.org (Stanton McCandlish) Date: 14 May 1994 00:13:46 -0500 Subject: Article 21 of the Japanese Consitution Organization: UTexas Mail-to-News Gateway Forwarded message: From: farber@central.cis.upenn.edu (David Farber) Article 21: Freedom of assembly and association as well as speech, press and all other forms of expression are guaranteed. 2) No censorship shall be maintained, nor shall the secrecy of any means of communication be violated. -- Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." ------------------------------ From: "Prof. L. P. Levine" Date: 17 May 1994 10:06:53 -0500 (CDT) Subject: Telemugging the Constitution Organization: University of Wisconsin-Milwaukee Taken from alt.privacy: slvrmn@netcom.com (Albert Silverman) May 9, 1994 In late March of this year, I received Public Notice DA 92-1716 (released on January 11, 1993) from the FCC (Federal Communications Commission) in response to my request for information about the Telephone Consumer Protection Act (TCPA), Section 227 of Title 47 of the U.S. Code. The legal information about this law which I had prior to this time was not up to date, due to budget cuts in San Diego County, which maintains the law library that I use for my legal research. At that time, updated information was scheduled to be received by the county in early April. As I stated in my recent post entitled "Nailing the Telemuggers," this FCC Public Notice contains a footnote stating that the FCC has been enjoined from enforcing Section 227(b)(1)(B) of this law, pending a judicial decision by an Oregon District Court on its constitutionality. This section of the law FORBIDS the use of automatic dialing equipment to send prerecorded messages to residential subscribers and names the FCC as the federal enforcement agency. Additionally, it gives an individual the right to sue for the sum of $500 in a private action; i.e., without relying upon filing a complaint with the FCC. Several days ago I checked with the law library and found that their information on the TCPA has now been updated with a 1994 insert (WestLaw). In the update is a note that, on June 1, 1993, the Oregon District Court, in response to a suit filed by the NATIONAL ASSOCIATION OF TELECOMPUTER OPERATORS (Moser v. FCC, D.Or.1983, 826 F.Supp. 360, found this particular section of the law to be unconstitutional. As a result, the FCC has now been PERMANENTLY enjoined from enforcing this section of the law, unless the decision is overturned on a future appeal. The basis of the finding of "unconstitutionality" by the Oregon District Court is that the law forbids "free speech" in violation of the First Amendment, _on the basis of content_. This finding comes from the fact that the law does not ban nonprofit (i.e., non-commercial) organizations from using automated dialing equipment and/or prerecorded messages, which are every bit as much of an intrusion upon privacy as are commercial messages using such equipment. The court found that banning commercial messages via such equipment while permitting non-commercial messages was unlikely to lead to any significant reduction in privacy intrusion for residential telephone subscribers. The bottom line The direct effect of this ruling (the federal District Courts have jurisdiction over the FCC) is that a residential telephone subscriber who receives an _out-of-state_ call from a telemugger using a prerecorded message cannot file a complaint with the FCC to prevent such calls in the future. Yet the fact that this avenue is now closed (at least temporarily) is of little consequence, since the law that is still on the books permits an individual to file a private (non-FCC-assisted) action _in STATE court_ to collect $500 (or $1500 in special cases). If the suit is filed in a state Small Claims Court, the "judge" may well (and probably will) decide to follow the federal law that is now on the books, despite the fact that this section of the law has been declared unconstitutional in an Oregon federal court, thus preventing FCC enforcement. As it happens, Small Claims Court (at least in California) is not a "real" court, with regard to the appeals process. In California, a defendant who loses a case in Small Claims Court may file an appeal to the next higher level (Superior Court), _but that is the end of it_. Hence, the Superior Court judge who hears the case (from scratch, since the original case proceedings are not recorded) can decide whatever he/she feels is "proper," without there being any danger that the decision will be overturned on further appeal. Although _not REQUIRED to do so_, because of this freedom from being overturned on appeal, the judge will probably base his decision upon the federal law passed by the Congress, without regard to its being overturned because of a question of constitutionality. On the other hand, if the lawsuit is filed in "regular" court (not in Small Claims Court), the judge will then be required to follow the legal precedent established by a higher level court (with proper jurisdiction), since the appeals process is not restricted as it is in Small Claims Court. However, for only $500, it is impractical for an individual to file a suit in a court other than Small Claims Court, due to the prohibitive cost. Furthermore, the District Court in Oregon (while being able to enjoin the FCC from enforcing the law)_has jurisdiction only in Oregon_. Hence a court in some other state need not follow the precedent established in Oregon. For these reasons, an individual who has received an IN-STATE call using a prerecorded message will still probably find it worthwhile to file suit in Small Claims Court in the state where the call originated, citing the section of the TCPA which outlaws such calls and permits a private action to be filed for damages from violation. And finally, some states (such as California) have their own laws which may place restrictions upon the use of prerecorded messages. In such a case, the receipt of an IN-STATE call in violation of a state law can still serve as the source of a private lawsuit; i.e., without having to rely upon the federal TCPA. There is no reason why this suit cannot be pursued in Small Claims Court, although the "judge" is not bound to rule in favor of the plaintiff, for reasons stated above, relating to the lack of the normal appeals system. Albert Silverman ------------------------------ From: "Prof. L. P. Levine" Date: 17 May 1994 10:33:13 -0500 (CDT) Subject: ATI(FOI) Act and CAR in Canada Organization: University of Wisconsin-Milwaukee This was taken from , The Computer-assisted Reporting & Research mailing list. From: Robin Rowland Date: 14 May 1994 10:56:10 -0500 Subject: Changes to ATI(FOI) Act and CAR in Canada X-To: Computer-assisted Reporting & Research Copy of a relevant news release about a Canadian Member of Parliament's new campagin to bring the Access to Information Act into the next century: ------------------------------------------------------------ On Monday, May 9, Hamilton Wentworth Liberal MP John Bryden led a delegation before Justice Minister Alan Rock to request that the government undertake a study into the feasibility of completely overhauling the Access to Information Act and the Privacy Act. Mr. Bryden explained that both acts have evolved into signicant barriers to the free flow of government information, both current and historical. Indeed, both acts have created bureaucracies that are now working to withhold information , or slow its release, rather than making it accessible. He explained to the Justice Minister that the problem had become especially urgent with the rapid expansion of information technology and systems like Internet. He pointed out that the so-called information super-highway would not be able to function effectively unless new protocols were designed that would allow most government information to be accessed promptly. Otherwise, he said, Canada stands to lose significantly economic and industrial benefits which will acrue to trading partners such as the United States and Mexico. Mr. Rock expressed interest in the proposal and promised to come back to Mr. Bryden with his reply as soon as possible. The other participants in the meeting were: Mary Calamai Access to Information researcher Southham News Peter Calamai Editiorial Page editor, Ottawa Citizen, and representative for "The Campaign for Open Government." Norman Hillmer Historian John Starnes Former Director General of the RCMP Security Services John English MP Liberal Kitchener _______________________________________________________ Robin Rowland Eridani Productions Writer/Producer/Researcher Toronto, Ontario, Canada Internet eridani@io.org Compuserve 70471,336 ________________________________________________________ ------------------------------ End of Computer Privacy Digest V4 #067 ****************************** .