Date: Mon, 08 Aug 94 07:09:40 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#020 Computer Privacy Digest Mon, 08 Aug 94 Volume 5 : Issue: 020 Today's Topics: Moderator: Leonard P. Levine Re: Fingerprinting Rules Re: Fingerprinting Rules Re: Fingerprinting Rules Re: Unsolicited Advertisements in the Mailbox Re: SSN Required by Sprint in U.S. Re: SSN Required by Sprint in U.S. Re: SSN Required by Sprint in U.S. Re: Internet White Pages Re: Internet White Pages DMV Records Available to Anyone who wants to Subscribe Are Web Servers Anonymous? Set Top Boxes Re: Privacy Research Program - Help NEEDED --------------------------------------------------------------------- Housekeeping information is located at the end of this Digest. ---------------------------------------------------------------------- From: cwp101@psu.edu (Carmine Prestia) Date: 05 Aug 1994 21:43:33 -0400 Subject: Re: Fingerprinting Rules I read you message, it was forwarded to me by a friend. I work for a municipal police department and in years past fingerprinted a LOT of bank employees. I believe that the FDIC or some Federal law, if the bank is nationally chartered, does require fingerprints or authorization for fingerprints. Consider that the FDIC wouldn't want its insureds hiring thieves to handle the money that the FDIC protects. Years ago our local banks would periodically have all their employees come in and get 'printed. They probably just got to big to keep that up. -- Carmine Prestia : Pennsylvania State University and cwp101@psu.edu : State College Pennsylvania Police WB3ADI : FBI NA 168th ------------------------------ From: tenney@netcom.com (Glenn S. Tenney) Date: 06 Aug 1994 20:05:24 -0800 Subject: Re: Fingerprinting Rules "Dave Niebuhr" wrote: It seems to me that the first paragraph is the key one in this issue. The operative word is voluntary and no matter what anyone says, voluntary means just that -- voluntary. It would seem that in this case it was voluntary (not that I like it, but)... if you didn't do it then you would almost certainly not get the job because the prints were a part of the "evaluation" process. In other words... the prints were voluntary because you could choose to apply or not apply for the job --- your choice, no one is forcing you. -- Glenn Tenney tenney@netcom.com Amateur radio: AA6ER (415) 574-3420 Fax: (415) 574-0546 ------------------------------ From: JBWOOD@CHEMICAL.watstar.uwaterloo.ca (JB Wood) Date: 08 Aug 1994 00:24:20 -0400 Subject: Re: Fingerprinting Rules Organization: University of Waterloo "Dave Niebuhr" writes: Then I got to a form that was titled Fingerprint Authorization. It read similar to the following, but this is from memory: It seems to me that the first paragraph is the key one in this issue. The operative word is voluntary and no matter what anyone says, voluntary means just that -- voluntary. The second just backs up the first. On a similar note, in Alberta, Canada, I applied for a job and was asked if I would help speed things up by taking a lie detector test. It was explained to me that it was optional, but it was hinted that they would like me more if I made them feel better about my past. I had no objections, and I actually had a little experiment in mind, as I always wondered if I could fool the lie detector. As a side note, I did fool the machine, and on something pretty serious too. Anyway, I was interested in this concept and called a few people who knew about this sort of thing. This is definitely an area in which you can file a lawsuit if you feel you should have been hired based on abilities, but you think you weren't based on your refusal to participate in something they call "voluntary". On the company's part, its a great way to see who will work for them and never complain about anything, but they must be able to defend their choice in a civil rights suit. But that shouldn't be a difficult thing to do. All in all, I felt the whole situation stunk (but I got the job! I told the lie detector dude I was planning on making a career in the industry when I knew I was going to school in Ontario in 3 months). Fingerprinting is a lot more serious and I would NEVER submit to any gov't agency retaining my prints (voluntarily). About 8 years ago, my mom thought it was a good idea when the police offered the free service one weekend at the mall. They said it was to help find missing children, but in my mind they just wanted to be able to use future technologies to I.D. anybody by computer. I said I had a date that night and didn't want ink all over my fingers... worked like a charm. -- "They say that these are not the best of times, But they're the only times I've ever known." - Billy Joel jbwood@undergrad.uwaterloo.ca jbwood@chemical.watstar.uwaterloo.ca "I'd start a revolution but I don't have time" - Billy Joel ------------------------------ From: es@crl.com (Eric Smith) Date: 08 Aug 1994 10:07:49 -0700 Subject: Re: Unsolicited Advertisements in the Mailbox Brian G. wrote: Just go to the post office serving that area, ask for a supervisor, and give them a copy of one of the ads. They will probably contact the advertiser and inform them that they can either stop or pay $.29 per ad + fines (if applicable). When I was a kid I delivered newspapers before dawn and put them in people's mailboxes. This was in a rural area where the mailboxes are big enough to hold newspapers. One kid on my route was a practical joker. One morning when I opened his mailbox to put the newspaper in, BANG! He had put a kind of fireworks thing in the mailbox, which operated by pulling a string from it, and he had tied the string to the mailbox door in such a way that it would pull out and go off when I opened it. I wonder if those are still available. What were they called? It seems like they would be good to help train various delivery people to remember to skip your mailbox. ------------------------------ From: poivre@netcom.com (Poivre) Date: 06 Aug 1994 21:30:11 GMT Subject: Re: SSN Required by Sprint in U.S. Organization: NETCOM On-line Communication Services (408 261-4700 guest) Dave Niebuhr (dwn@dwn.ccd.bnl.gov) wrote: Oh there isn't? There are many privacy issues here: income, drivers liscenses, credit cards held, etc. Sprint really sees nothing as a privacy issue. First they've got the Friends and Family program which they use to annoy your friends and family, and now this! Sprint doesn't seem to know what privacy is, or care. I would never use Sprint. -- . . . . . . . . . . . . . . . . . . . . . . . . . . poivre@netcom.com : #include : . . . . . . . . . . . . . . . . . . . . . . . . . . ------------------------------ From: robert.heuman@rose.com (robert heuman) Date: 07 Aug 1994 09:35:22 GMT Subject: Re: SSN Required by Sprint in U.S. Organization: Rose Media Inc, Toronto, Ontario. From: dunn@nlm.nih.gov (Joe Dunn) The number has to be easily remember by you. When you receive your calling card from Sprint, it tells you to speak a digit plus your SSN. In that way you can carry around your calling card and not worry about losing it and being usable by someone who finds it. If Sprint were to assign you a number, rather than your SSN, you would carry around that card until you memorized the number or to remember the 800 number to dial. Using your SSN protects you and Sprint from someone using your card to make calls that they can't bill you for. The card does not have your SSN printed on it. I for one do NOT remember my SSN (SIN here in Canada, but I have BOTH) and carry it in my wallet, where I would also carry my calling card if I had one, so I cannot see how this use of the SSN would possibly be a legitimate use of the SSN. As far as I am concerned any use of SSN or SIN that is not required by LAW is NOT a legitimate use of that number. Joe is welcome to feel it is legitimate, but it is NOT required by any legal regulation that I know of, so I will have to disagree.... -- R.S. (Bob) Heuman |My opinions are my own, and only my own! rn.1886@rose.com |They are NOT those of my employer....... RoseReader 2.50 P001886 Entered at [ROSE] RoseMail 2.50 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285 ------------------------------ From: "anonymous" Date: 07 Aug 94 20:41:34 Subject: Re: SSN Required by Sprint in U.S. ========= IMPORTANT: COULD YOU MAKE THIS POSTING ANONYMOUS ? THANKS ! ========= Surely sendmail reeled when thusly spake Carl Oppedahl: What is particularly annoying about Sprint demanding you speak your SSN to use this fancy calling card, is that from now on whenever you are standing in one of those nasty bus stations or airports where shoulder surfing is so much of a problem ... you are revealing your SSN to anyone standing near enough to hear it. I admit to once having dealt with the people who hang around public phones, observing and memorizing other people's long distance calling card access numbers, and then selling them. In this case, I "bought" a code after it was demonstrated to me that this code did indeed work for overseas calls. By the time I set out to seriously (ab)use this code, three hours or so later, the long distance company was wise to what had happened, and an operator came on-line to quiz me. (I hung up at once.) Doubtlessly astronomical charges had been rung up on this particular account quite quickly. Abuse of a social security number would presumably be detected much more slowly. What in fact might the possibilities for abuse be if one's social security number becomes known to one of these shady characters ? ------------------------------ From: hedlund@teleport.com (M. Hedlund) Date: 06 Aug 1994 18:23:50 -0700 Subject: Re: Internet White Pages Organization: Teleport - Portland's Public Access (503) 220-1016 jeffrey@minerva.cis.yale.edu (Jeffrey Licht) wrote: I was browsing in our local Borders yesterday, and came across a book called (as I recall) "The Internet White Pages"[...] * And if this book calls itself a "White Pages", is there a provision to request an unlisted number? (There may be - I didn't look at it long enough to find out.) There is -- send email *from all of your accounts* to 'delete@whitepages.com'. (There is an 'add@whitepages.com' as well, if you're into that sort of thing.) They accept rants at 'comments@whitepages.com'. I have two serious problems with this: (1) neither the 'delete' nor the 'add' address was advertised *before the first edition*, nor have they been effectively advertised online since the first edition; and (2) their setup requires the user to take an active role in deleting themselves from the "White Pages," rather than requiring users to request a listing if they want one. The "authors" would surely respond by stating that they have made an effort to allow for unlisted addresses in future editions, and that there is no expectation of privacy when posting a news message. The first response is obviously inadequate, as very little effort has been made to advertise the 'delete' address *online*, where it matters -- it does not follow that everyone using Usenet also browses computer book sections. Further, the entire project is wrapped in an analogy to directory listings put out by phone companies, and that analogy is misleading. My listing in any phone directory is directly linked to my purchase of service from the publisher of that directory -- if I don't like the way they deal with their "unlisted" clients, I can change services or bring a complaint before the State Public Utility Commission. There is no such connection between my purchase of service from 'teleport.com' and my listed address in the Internet White Pages. No matter what effort they make to advertise the 'delete' address, it will always be inappropriate to compare their publication to phone directories (unless, of course, they sell directory publication services to individual Internet providers). The second response, that there is no expectation of privacy in the news distribution system, is more convincing. It is not reasonable to think of a news message as private when it is copied to every news carrier on the net; especially as, by grepping the news spool, a user would not even have to read the group carrying the posting to get an address from it. Until recently, however, this meant a poster was giving up a degree of privacy in the realm of net users; which is different than giving up that degree of privacy in bookstores. Usenet itself, grep, news spools, netfind, whois, and so on, have been -- and certainly were during the time the "White Pages" was collecting addresses -- more obscure tools than a book in a bookstore. However much that may have changed and may still change, there is a difference in scale. The publishers of the "White Pages" took addresses, freely given on the net, and gave them out (for a price) in an area of society largely unrelated to Usenet. If we did give up the privacy of our email addresses by posting news messages, we gave up privacy *in that forum*, which should be distinct from surrendering that privacy entirely. To turn their analogy against them: if a Regional Bell Operating Company (US West, Ameritech, etc.) were to use 'finger' to collect net users' phone numbers, and then were to add those numbers into their phone directories, the unlisted net users would be most upset. The phone companies would be mistaken to say that the users had surrendered all privacy for their phone numbers by listing them in their 'finger' information. I can always change my 'finger' listing. It is much more difficult to change a printed listing such as the "White Pages." I would suggest that the publishers, at the very least, post a monthly message to 'news.announce.important' advertising the 'delete' address and informing users of their actions. I would be much happier to see the "White Pages" exist as a voluntary service only -- users who wish to be listed must actively request such a listing. I would also like to see an option, similar to that in *real* phone books, for a marking next to listed addresses that forbids commercial solicitations. ------------------------------ From: jgd@dixie.com (John De Armond) Date: 07 Aug 94 01:08:35 GMT Subject: Re: Internet White Pages Organization: Dixie Communications Public Access. The Mouth of the South. jeffrey@minerva.cis.yale.edu (Jeffrey Licht) writes: * Do people posting on Usenet know that their e-mail addresses are being recorded? (I doubt it.) If a person speaks in public to an audience of thousands, does he know that someone may have written down his name for future use? If he didn't, he should have. * Would more people post anonymously if they knew this? No. What good is building up a presence on the net if that presence is "an12345"? * Does anyone have the right to publish this information about me. for personal gain, without contacting me first? This is currently done all the time with (snail) mailing lists - is it appropriate for the Internet? You mean "is it appropriate for the Usenet." Of course. * And if this book calls itself a "White Pages", is there a provision to request an unlisted number? (There may be - I didn't look at it long enough to find out.) Most people on Usenet are accomodating. I'm sure if you asked nicely.... -- John De Armond, WD4OQC, Marietta, GA jgd@dixie.com Performance Engineering Mag. Unsolicited email published at my sole discretion The government has 3 new savings bonds: The Steffie bond with no maturity, the Gore bond with no interest and the Clinton bond with no principle. ------------------------------ From: richburr@netcom.com (Richard Burroughs) Date: 07 Aug 1994 01:23:42 GMT Subject: DMV Records Available to Anyone who wants to Subscribe Organization: NETCOM On-line Communication Services (408 261-4700 guest) Bfolensbee (bfolensbee@aol.com) wrote: There are a number of commercial "information providers" which can be subscribed to and the ones I have seen include not only DMV records but info on your property, neighbors, any type of publicly filed information such as bankruptcies, tax liens, judgements against you, whatever. It always amazes me what is available on most people in this country that they have no idea I have recently seen ads in local newspapers here in Portland, OR, for CD-Roms of the Oregon DMV records. I've seen them advertised for sale at least twice now. I'm not sure if it was only one, or if the person was selling multiple copies. Is this legal? -- Rich Burroughs richburr@netcom.com ------------------------------ From: mlaroque@aol.com (MLaroque) Date: 08 Aug 1994 04:36:02 -0400 Subject: Are Web Servers Anonymous? Organization: America Online, Inc. (1-800-827-6364) A web question: I understand that the administrator of a web server has access to a log of connections made. How do the logs for the server work ? As a server administrator, can one determine the [1] { } users who web to the server [2] { } sites of the users who web to the server [3] { } sites from which the most adjacent connection was made An example of the third option is as follows: user on netcom webs to ucla.edu user chooses cs.bu.edu from a menu on ucla Under [3] above, the cs.bu.edu administrator would know that there had been a web connection from ucla, but would not know the the client was on netcom. Essentially, I am wondering about the anonymity of the users connecting to a server. Martin Laroque ------------------------------ From: Marc Thibault Date: 07 Aug 1994 20:59:45 -0400 Subject: Set Top Boxes Organization: Tanda and Associates Jeremy D. Allaire writes: IMHO, the bottom line is that all of this technology will continue to be advertiser driven, and, hence, the advertiser will shape the contents of your box more than you shape the contents of your box. Although there is a privacy issue here, there are also some benefits (which is why we routinely give up bits of privacy). (1) If you had to pay the full cost of delivering television programming to your home, you would spend more time in theatres. A lot of people would choose to do without TV. Advertisers pick up the tab and make TV cheap for us to watch. It is appropriate that they get some compensation in the form of viewer attention. (2) Smarter marketing as a result of effective use of consumer databases means that the time you do spend watching ads will more likely be useful. No advertiser is going to waste selling dollars trying to sell you something you don't want or need if they can help it. You'll get ads for stuff you are actually interested in buying. In the end, you do in fact shape the contents of your box; effortlessly. (3) Smarter marketing will also make it cost effective to advertise niche products, so you won't have to dig all over the place for that special item - the producer will find you. -- Marc Thibault | Information Systems Architect Oxford Mills, Ontario, Canada | End-User-Powered Systems 613-724-9442 | Design, Development, Project Management ------------------------------ From: es@crl.com (Eric Smith) Date: 07 Aug 1994 10:02:05 -0700 Subject: Re: Privacy Research Program - Help NEEDED Organization: wrote: 9. While using computer data-bases by the government to maintain central records on the health, employment and income/tax records is appropriate, exchange/matching of such information between government data-bases is dangerous to individual privacy 1 2 3 4 5 6 7 People who really care about privacy can't answer such questions the way they are worded, because they know, and have known all along, that the government's use of such databases is not appropriate and never has been. The survey is requiring them to contradict their own beliefs in order to give any of the available answers to the question. ------------------------------ The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". People with gopher capability can access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Archives are also held at ftp.pica.army.mil [129.139.160.133]. End of Computer Privacy Digest V5 #020 ****************************** .