Computer Privacy Digest Sat, 06 Aug 94 Volume 5 : Issue: 018 Today's Topics: Moderator: Leonard P. Levine Internet White Pages hacker recourse/please post Re: SSN Required by Sprint in U.S. Re: SSN Required by Sprint in U.S. Re: Fingerprinting Rules Re: Many Phone Taps are now Legal Re: Unsolicited Advertisements in the Mailbox Re: Bank Account Numbers --------------------------------------------------------------------- Housekeeping information is located at the end of this Digest. ---------------------------------------------------------------------- From: jeffrey@minerva.cis.yale.edu (Jeffrey Licht) Date: Thu, 4 Aug 1994 20:21:36 -0400 (EDT) Subject: Internet White Pages I was browsing in our local Borders yesterday, and came across a book called (as I recall) "The Internet White Pages". Purely on a lark, I looked for my name, and, to my surprise, it was there, along with my email address. Upon further research, I found that the names and addresses were obtained by searching all postings on Usenet for some period of time, which at least explained why I was in there. I know that there is a searchable list of people on-line who've posted on Usenet somewhere, but seeing the same information in print seems different. I see a few issues here: * Do people posting on Usenet know that their e-mail addresses are being recorded? (I doubt it.) * Would more people post anonymously if they knew this? * Does anyone have the right to publish this information about me. for personal gain, without contacting me first? This is currently done all the time with (snail) mailing lists - is it appropriate for the Internet? * And if this book calls itself a "White Pages", is there a provision to request an unlisted number? (There may be - I didn't look at it long enough to find out.) ------------------------------ From: pub556@idptv.idbsu.edu (Jim Arriola) Date: Fri, 5 Aug 1994 09:14:38 -0600 (MDT) Subject: hacker recourse/please post Re: Owners of computers that have been "hacked" or attacked. THIS WRITING IS NOT LEGAL ADVICE - THE WRITER IS NOT AN ATTORNEY Federal law provides for criminal penalties when any "Federal interest computer" [system] has been "hacked" or attacked or misused. If modems connect one computer to others via interstate telephone circuits, the "Federal interest computer" definition has been met. Every privately- owned computer with modem, then, may be a "Federal interest computer". This federal law has been called THE COMPUTER FRAUD AND ABUSE ACT; and it is Title 18, United States Code, section 1030. The full text is about 25,000-bytes, so it can be emailed but is bulky. If filing a criminal complaint against a "hacker" does not bring complete satisfaction, a civil suit demanding reimbursement for all monetary expenses required to "repair" the damage is always a possibility. In anticipation of filing a civil suit against a "hacker", be SURE to document (IN WRITING) all the phone and other expenses, and all the staff time, required to reconstruct, restore files, etc., preferably at the same time as the recovery effort. That documentation may be the only evidence of monetary damages usable in court to establish actual dollar damages, so all victims of "hackers" are strongly encouraged to document everything completely. The full text of this law have been placed in the library that is available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". People with gopher capability can access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Interested readers might well want to purchase the CDROM from which this text was obtained. It was extracted from a CDROM entitled: "UNITED STATES CODE CONTAINING THE GENERAL AND PERMANENT LAWS OF THE UNITED STATES, IN FORCE ON JANUARY 2, 1992" "Prepared and published under the authority of Title 2, U.S.Code, Section 285b by the Office of Law Revision Counsel of the House of Representatives" The CDROM was shipped about 10/93 from: THE UNITED STATES GOVERNMENT PRINTING OFFICE Cost then: $34.00 GPO stock number (1992 version): GPO S/N 052-001-00438-8 *** Order the most current version rather than this older stock number! -- Jim Arriola INTERNET: P.O. Box 6892 pub556@idptv.idbsu.edu Boise, ID 83707 ------------------------------ From: oppedahl@panix.com (Carl Oppedahl) Date: 5 Aug 1994 23:44:32 -0400 Subject: Re: SSN Required by Sprint in U.S. Organization: Oppedahl & Larson tenney@netcom.com (Glenn S. Tenney) writes: dunn@nlm.nih.gov (Joe Dunn) wrote: From what I remember though, there was provisions to give a number to someone who did not have a SSN. The SSN is used by the system for several reasons. To get adequate voice sample to verify your voice while at the same time not reject you because it doesn't recognize your voice. To facilitate this, the 800 number you call to gain access to the system is determined by your SSN. In that way if it misidentifies a digit, it can decide, that number should not be dialing this 800 number. You don't get billed for some- elses calls because of misidentified numbers. It seems that one simple thing would be to just have the person say the 800 number that they called. Nothing to remember, no SSN, nothing. The person has to have the 800 number to call it and it's the right number of digits plus the system knows that the number is supposed to be that you're saying. Sure seems that it would work... Just defending a legitimate use of a SSN. Well, since you began by noting that the system had provisions for any other number to be used, it's clearly NOT a legitimate use of the SSN. Mr. Tenney is right, of course. What is particularly annoying about Sprint demanding you speak your SSN to use this fancy calling card, is that from now on whenever you are standing in one of those nasty bus stations or airports where shoulder surfing is so much of a problem ... you are revealing your SSN to anyone standing near enough to hear it. -- Carl Oppedahl AA2KW Oppedahl & Larson (patent lawyers) Yorktown Heights, NY oppedahl@patents.com ------------------------------ From: faulkner@wimsey.com (Andrew Faulkner) Date: Thu, 4 Aug 1994 16:00:11 Subject: Re: SSN Required by Sprint in U.S. Organization: Forest Engineering Research Institute of Canada dwn@dwn.ccd.bnl.gov (Dave Niebuhr) writes: Sorry, but Sprint dropped the ball on this one. I am told that starting in September Sprint will be offering its services to private home subscribers in Canada. It will be interesting to see if they play "ball" by the Canadian rules (CFL?) and forgo the temptation to use our Social Insurance Number (SIN). As with the American SSN it is not well protected by law for use by private corportations. The government frowns on non-tax related use however. --- Andrew Faulkner, Data Alchemist | faulkner@wimsey.com Box 78539 University Postal Outlet | tel: (604) 224-2570 VANCOUVER, B.C. V6T 1E7 Canada | --- PGP public key available --- ------------------------------ From: "Dave Niebuhr, BNL CCD, 516-282-3093" Date: Thu, 4 Aug 1994 18:42:30 -0400 (EDT) Subject: Re: Fingerprinting Rules Prof. L. P. Levine writes: Then I got to a form that was titled Fingerprint Authorization. It read similar to the following, but this is from memory: "I voluntarily give authorization to be fingerprinted, and give permission my fingerprints to be used in a manner deemed necessary by ." "I understand that I do not have to have my fingerprints taken and this will not affect any current or future employment with ." It seems to me that the first paragraph is the key one in this issue. The operative word is voluntary and no matter what anyone says, voluntary means just that -- voluntary. The second just backs up the first. Just because someone in a business says that they have to do it but they ignore it is going to cause the bank some problems. The fact that the FDIC (mentioned later on) had someone who didn't know anything, the trick would be to go higher and higher to see just who had the authority to do something about resolving the mis-use of "voluntary." I never take "that's the way we do it" or "never heard of it" from anyone I deal with, especially telephone companies who are notorious for these words. As the person said, the job was needed so he/she relented. In a way that was too bad. Side note: I have been fingerprinted three times in my life (horrors!). once each by the United States Naval Reserve, the United States Air Force and by my employer, Brookhaven National Laboratory which is owned by the US Department of Energy but operated by Associated Universities, Inc. Each was mandatory but I would have given them anyway because, like the employee, I wanted the job. Not like the employee, I had no option and in fact was never told that fingerprinting was mandatory. -- Dave Niebuhr Internet: dwn@dwn.ccd.bnl.gov niebuhr@bnlcl6.bnl.gov (preferred) niebuhr@bnl.gov / Bitnet: niebuhr@bnl Senior Technical Specialist, Scientific Computing Facility Brookhaven National Laboratory Upton, NY 11973 1+(516) 282-3093 FAX 1+(516) 282-7688 ------------------------------ From: John Palkovic Date: Fri, 5 Aug 1994 08:31:19 GMT Subject: Re: Many Phone Taps are now Legal Chuck Weckesser <71233.677@compuserve.com> writes: One writer is mistaken when he states that "all" cordless phones are fair game. One, available from the Sharper Image (A Uniden model) operates on the 900 mghz range, making "accidential" interception impossible. The last time I looked in a Radio Shack catalog, they were listing a phone that claimed to scramble the signal between the headset and the base. This would make casual "tapping" via radio impossible. I recall the price was in the $200 range. -- palkovic@desy.de Deutsches Elektronen-Synchrotron, Relativity Engineering "I ask each of you to be intolerant of creeping bureaucracy." - Bob Wilson finger for PGP public key. MIME and PGP mail welcome ------------------------------ From: briang@access.digex.net (Brian G.) Date: 5 Aug 1994 14:33:10 -0400 Subject: Re: Unsolicited Advertisements in the Mailbox Organization: Express Access Online Communications, Greenbelt, MD USA Cristy wrote: I frequently find unsolicited advertisements in my mailbox. These advertisements are not delivered by the postman but by people that go from box to box and pop them in. I understand this is against postoffice regulations. Can anyone cite the regulation? What are my options to try to get this stopped. I consider this a privacy issue because people I do not know are going in my mailbox. I have no way of knowing whether they are in fact reading or taking any mail that may already be there... Just go to the post office serving that area, ask for a supervisor, and give them a copy of one of the ads. They will probably contact the advertiser and inform them that they can either stop or pay $.29 per ad + fines (if applicable). We were doing this as a non-profit group and the post office informed us to stop or start paying. I believe that they are entitled to bill without warning if they wish. Becuse... (drum roll, please) You do not own your mail box. The government does. Once you put it up, it becomes govt property, and having someone else put ads in it is infringing on the govt's rights to that property. -- That'll be $.29, please. Brian G. ------------------------------ From: amy young-leith Date: Fri, 5 Aug 1994 15:16:16 -0500 Subject: Re: Bank Account Numbers Organization: Computer Science, Indiana University Sherry White wrote: I never felt that I should hide my bank account number because I felt the only thing one could do with it was deposit money into my account. Then I was told that when a company direct deposit your check into the accout they have the previledge to deduct money as well. They say it's incase a mistake is made and needs correction. Could someone e-mail me and tell me what else can be done with my bank account number. I was just thinking today.... "Am I the only one bothered by this new gimick of "Have your payment deducted monthly from your checking account...." thing I'm seeing everywhere. What I want to ask is: WHEN did I give my bank authorization to allow other people to take money out of my account? How can they allow these "dedictions" with just a signature at a company (most say, "Just fill in your account number and sign below...." For instance, I hung up on a "free trial offer" for AOL because they wanted a credit card or bank account number, "just in case you go over and use additional time." Hell no! -- \ Amy Young-Leith Bloomington, Indiana Lifetime Student \ /\ (That thing to the left is a bunny!) ( ) The views expressed within represent only my opinions. .( o ). ***Please feel free to email -only-*** ------------------------------ The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". People with gopher capability can access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Archives are also held at ftp.pica.army.mil [129.139.160.133]. End of Computer Privacy Digest V5 #018 ******************************