Computer Privacy Digest Sat, 18 Jun 94 Volume 4 : Issue: 079 Today's Topics: Moderator: Leonard P. Levine Archive Notes Credit Reports Now Sold Over the Net Misdirected Mail Re: SSNs, Drivers and Students in Kentucky Re: Social Security Number FAQ Re: Information Required by Employer Re: Information Required by Employer The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: "Prof. L. P. Levine" Date: 17 Jun 1994 10:43:29 -0500 (CDT) Subject: Archive Notes Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest (CPD) is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. CPD maintains an archive site for material of general interest that is too long to post. We also maintain all back issues of CPD for those who wish to peruse issues that have passed. These issues are ordered by Volume and Issue number. Ftp Access into ftp.cs.uwm.edu with userid 'ftp' and password 'yourid@yoursite' will open up the directory. The archives are in the directory "pub/comp-privacy". Archives are also held at the address of the former moderator, Dennis Rears, ftp.pica.army.mil [129.139.160.133]. Within the directory pub/comp-privacy a 'dir' command will show the following: drwxr-xr-x 2 levine ftp 512 Apr 11 11:15 library drwxr-xr-x 2 levine ftp 2048 Mar 8 09:53 volume1 drwxr-xr-x 2 levine ftp 1024 Mar 8 09:54 volume2 drwxr-xr-x 2 levine ftp 1536 Mar 8 09:55 volume3 drwxr-xr-x 2 levine ftp 1024 Apr 8 08:17 volume4 and within the directory pub/comp-privacy/library you will find the following: -rw-r--r-- 1 levine ftp 290932 Apr 11 11:14 hideseek.uue -rw-r--r-- 1 levine ftp 61126 Jan 19 14:17 net-privacy-part1 -rw-r--r-- 1 levine ftp 50905 Jan 19 14:17 net-privacy-part2 -rw-r--r-- 1 levine ftp 43002 Jan 19 14:17 net-privacy-part3 -rw-r--r-- 1 levine ftp 26986 Jan 7 13:32 ssn-privacy -rw-r--r-- 1 levine ftp 6090 Feb 7 08:54 ssn-structure Please come and access what you wish. If you are unfamiliar with the use of the File Transfer Protocol (ftp) the following short summary might help. On most systems the following procedure will work, if you have a local command named ftp: You type: Comment on the command: ftp ftp.cs.uwm.edu (on your system) ftp (answer to login request) your_userid@your_site (answer to password request) cd pub/comp-privacy (at ftp prompt) dir (look at what is there) cd library (at ftp prompt) dir (look at what is there) get hideseek.uue (move document to your filespace) cd .. (back to previous menu) cd volume4 (at ftp prompt) dir (look at what is there) get V4#031 (move document to your filespace) quit (back to your system) ------------------------------ From: bruce@jise.isl.melco.co.jp (Bruce Hahne) Date: 16 Jun 1994 21:15:14 -0500 Subject: Credit Reports Now Sold Over the Net Organization: UTexas Mail-to-News Gateway Below is an ad which was forwarded over eff-activists. Is this the way the system works; everybody EXCEPT me is allowed to look at my credit history?? Doesn't some provision of the Fair Credit Reporting Act require Creditel to make this information available to me? I wrote to Creditel asking for information, mostly to see if they were planning to transmit credit reports over the net unencrypted. They aren't; right now they're only accepting ORDERS via the Internet. I've put two attachments below: first, the original ad, and second, extracts from Creditel's reply to my information request. I thought people might be interested in what you really have to go through (not much) to order reports; just sign the form, fax it in, and you're set. I'll be VERY interested to see what encryption scheme they choose. Will they choose something unexportable like PGP and tell non-U.S. customers to get the sources via ftp? Will they just not sell email reports to non-U.S. customers? Will they use a poor encryption scheme which is exportable but breakable? Hmmmm. Bruce Hahne bruce@jise.isl.melco.co.jp "By hook or by crook, we will." --------------------------------------------------------------------------- From: creditel@interaccess.com (CREDITEL) Newsgroups: biz.comp.services,misc.entrepreneurs,alt.business.misc Subject: Re: Order Credit Reports over the net: CREDITEL Date: 13 Jun 1994 23:18:35 GMT Organization: InterAccess, Chicagoland's Full Service Internet Provider NNTP-Posting-Host: home.interaccess.com Brian Porter: CREDITEL June 13, 1994 CREDITEL, one of the largest credit reporting agencies in the U.S. is happy to announce its new credit reporting service over the internet. Now for the first time CREDITEL will be offering internet users the opportunity to order consumer and business credit reports directly over the internet. Businesses and organizations who require credit reports for their operations will benefit greatly by the speed and competitive rates of CREDITEL'S new internet service. Unfortunately, CREDITEL is unable to offer credit reports to individuals who are seeking a copy of their own credit history. Here is a sample of some of our services available at VERY competitive rates. *Tenant Screening Reports *Landlord Eviction Reports * Name Searches *Dunn & Bradstreet Business Reports * Residential Mortgage Credit Reports *Skip Tracing *Social Security Searches *Address Searches In celebration of our introduction on the internet we will waive all membership fees and annual dues until June 30, 1994. If you have any questions or would like more info send e-mail to: creditel@interaccess.com --------------------------------------------------------------------------- Currently, we are only offering a service to order credit reports over the net. We do plan to have an encryption program in place for transmitting reports in the near future. [snip] Thank You for your interest in CREDITEL Credit Reporting. In response to your request for additional information regarding CREDITEL, we are pleased to provide you with a list of the services we offer along with our current pricing. (All prices are in U.S. dollars) - Trans Union or TRW or CBI personal credit report $12 - All three of the above $25 - Tenant Screening Report $20 - Landlord Eviction Report $15 - Dun & Bradstreet Business Report $70 - Residential Mortgage Credit Reports $50 - Skip Tracing $10 - Social Security # search $10 - Name search $10 - Address search $10 There are no monthly minimums required to subscribe to CREDITEL. Payment can be made by VISA or Mastercard and regular users may be invoiced monthly. [snip] To start using CREDITEL'S services complete and sign the attached Service Contract Agreement and fax it back to us at 1-800-395-2435. [snip] SERVICE CONTRACT AGREEMENT The Undersigned Applicant Agrees: - To comply with all the provisions of Title VI (Fair Credit Reporting Act) of the Consumer Credit Protection Act, under Public Law 91-508, when using the reporting services of Creditel for consumer credit and employment purposes. - To certify that consumer inquires will be made, and/or consumer reports ordered only for a permissible purpose as defined in Section 604 of the Act, namely 1. intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished, and involving the extension of credit to, or review or collection of an account of, the consumer; or [some legalese cut] - That the employees of the client are forbidden to attempt to obtain reports on themselves or their associates, or on any other person except in the exercise of their official duties. [remainder of agreement cut] ------------------------------ From: "Prof. L. P. Levine" Date: 17 Jun 1994 11:39:24 -0500 (CDT) Subject: Misdirected Mail Organization: University of Wisconsin-Milwaukee from RISKS-FORUM Digest Friday 17 June 1994 (16:17) Peter G. Neumann, moderator From: jra1854@tntech.edu (Jeffrey Austen) Date: 16 Jun 1994 11:24:16 -0600 Subject: Misdirected Mail I received the following in the mail the other day. Quite amusing. I wonder if the CIA would send out a similar message if one of their secrets got out? One of IBM's electronic mail distribution nodes experienced a problem routing mail from Wednesday June 8, 1994, through approximately 7:00pm Thursday June 9, 1994. This may have resulted in your having received proprietary information that was not intended for you. If you have received such information, please return it to the Internet address: xxx@xxx.ibm.com without retaining any copies of it. If you have already destroyed or discarded the information, please confirm this by sending a note to this address stating that the information you received has been destroyed. If you are not sure whether you should have received certain information or if you have any other questions, please call xxx xxx at (xxx) xxx-xxxx. Jeffrey Austen, Tennessee Technological University, Box 5004 Cookeville Tennessee 38505 U.S.A. jra1854@tntech.edu (615) 372-3485 ------------------------------ From: lowell@bu.edu (Lowell Gilbert) Date: 17 Jun 1994 14:54:46 GMT Subject: Re: SSNs, Drivers and Students in Kentucky Organization: Boston University Poivre (poivre@netcom.com) wrote: I am happy to hear that at least one state, Kentucky, is restricting the use and disclosure of SSNs. Everyone else seems to be increasing its use and accessibility. Is this in fact the case? Can anyone confirm this statistically? Massachusetts, for one, has recently stopped assigning SSNs as driver's license numbers. But my experience is too limited to try to project in general. -- Lowell Gilbert lowell@acs.bu.edu ------------------------------ From: Paul Robinson Date: 17 Jun 1994 12:31:50 -0400 (EDT) Subject: Re: Social Security Number FAQ Organization: Tansin A. Darcos & Company, Silver Spring, MD USA Chris Hibbert , writes: The Privacy Protection Study Commission of 1977 recommended that the Executive Order be repealed after some agencies referred to it as their authorization to use SSNs. I don't know whether it was repealed, but no one seems to have cited EO 9397 as their authorization recently. I have a suspicion it has been. Recent copies of the Nuclear Regulatory Commission's Form 15, which is used by the agency to collect names, home addresses and home telephone numbers to use for connecting agency people to other agency employees at home, had a notice on the back stating that one of the two provisions of the form requesting the information was Executive Order 9397 of November 15, 1942. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: Paul Robinson Date: 17 Jun 1994 12:26:24 -0400 (EDT) Subject: Re: Information Required by Employer Organization: Tansin A. Darcos & Company, Silver Spring, MD USA Joe Dunn , writes: what would you do if someone doesn't have a SSN. there is no law requiring anyone to get a SSN. Are you going to discriminate against people who don't have one? An employer is required to pay certain taxes on behalf of the employee, and to use the employee's Taxpayer Identification Number to identify those payments. The employer is permitted to collect from the employee a portion of these taxes in reimbursement. (Some employers offer the payment of the Social Security tax directly without deducting it from the employee's pay as an additional fringe benefit.) These taxes, which include some of the social security and federal income tax payments, are what are called "trust fund taxes" meaning that even if the employer goes out of business due to bankruptcy, the individual owner of the business (or the directors of the company if a corporation) are _personally liable_ for the payment of these trust funds, and the payment obligation _cannot_ be discharged through bankruptcy. Given this kind of serious and heavy liability, an employer is going to want a social security number so that he isn't accused of not applying your trust fund taxes to your account, since name alone might not be enough. At the place I used to work, we had at least three pairs of unrelated people who had identical first and last names, in an organization of more than 3,000 people, including two women who had the same first name, last name and middle initial even though they were totally unrelated. With such a possibility, not having a social security number would be a serious problem. I am not certain, but I suspect the IRS could claim that the law requires someone who is obtaining "income" to require a Social Security number or Taxpayer Identification Number. (I have both, a TIN is not hard to get, and whenever someone asks for a number, I give them the TIN if I can.) Social Security numbers are assigned by SSA, and TINs are assigned by IRS. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush ------------------------------ From: tnyurkiw@lagrange.uwaterloo.ca (Tom Yurkiw) Date: 17 Jun 1994 20:56:20 GMT Subject: Re: Information Required by Employer Organization: University of Waterloo what would you do if someone doesn't have a SSN. there is no law requiring anyone to get a SSN. Are you going to discriminate against people who don't have one?? There are already laws on the book to protect a person's SSN. The law already states that the SSN can not be used for identification purposes. What is the purpose of the American SSN? In Canada, we have a SIN (Social Insurance Number) which is used to keep track of a person's income, as well as employment benefits (Unemployment Insurance, Canada Pension Plan) which employers are required to contribute to. So, the case you raised, would be impossible -- employers must receive the SIN's of their employees :), and send them to the government. :) ---------Tommy the Yurk ------------------------------ End of Computer Privacy Digest V4 #079 ****************************** .