Date: Fri, 14 Oct 94 15:34:24 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#049 Computer Privacy Digest Fri, 14 Oct 94 Volume 5 : Issue: 049 Today's Topics: Moderator: Leonard P. Levine Re: SSN on driver's license in MO Re: SSN on driver's license in MO Re: Skip Tracer Finds Old Friends Re: AOL Sells its Subscriber List Re: AOL Sells its Subscriber List Re: AOL Sells its Subscriber List Re: AOL Sells its Subscriber List How Direct Mail Works Fingerprint Systems? Re: Shareware Campaign Tool Computers, Freedom and Privacy Conference 3/95 Social Responsibility Conference 7/95 Info on CPD, Contributions, Subscriptions, FTP, etc. ---------------------------------------------------------------------- From: gmcgath@condes.mv.com (Gary McGath) Date: 13 Oct 1994 07:14:48 -0400 Subject: Re: SSN on driver's license in MO Organization: Conceptual Design Here's my contribution to the state-by-state information on SSN's on driver's licenses: In New Hampshire, you can simply request not to have your SSN included on your driver's license. No hassle. It's nice living in a reactionary, uncaring state like New Hampshire. -- Gary McGath gmcgath@condes.mv.com ------------------------------ From: Bill Parker Date: 13 Oct 1994 09:58:31 -0700 Subject: Re: SSN on driver's license in MO Organization: @wizard.com - Las Vegas Access Seth Golub (seth@cs.wustl.edu) wrote: heard that it was possible to avoid this, so when I went down to get my license I was prepared to deal with ignorant drones as long as was necessary to get a different number. You can do this in Nevada as well... check a box on a form if I objected to using my SSN as my license number. I checked the box, and I got a different number. No hassle. Here is the catch. The 12 digit number I have on my license can be converted to my social security number by a simple math formula. It may be this was in your state as well. Legislation is being introduced in Nevada next year to make the alternative number TRULY random, with no ties to your SSN. -- Bill ------------------------------ From: haynes@cats.ucsc.edu (James H. Haynes) Date: 13 Oct 1994 17:14:10 GMT Subject: Re: Skip Tracer Finds Old Friends Organization: University of California, Santa Cruz Hmm, maybe some of those 60s radicals who have come out of hiding after 20 years or more should go into business as consultants, teaching people how to not be found. -- haynes@cats.ucsc.edu ------------------------------ From: millera@mcs.com (Alan Miller) Date: 13 Oct 1994 09:43:43 -0500 Subject: Re: AOL Sells its Subscriber List Organization: Bob's Bass House; We Got Bass! Mark E Anderson +1 708 979 4716 wrote: Here's some of the things I found on AOL on the MARKETING PREFS window. The main mechanism for taking your name off the list was rather confusing and required you to put an X in one of the boxes. It appeared that marking this box only stopped them from "renting" your address to a specific list of products and services. This means I have to write a letter, find a couple of envelopes and stamps, walk to the mailbox, and hope the letter doesn't get "lost in the mail." No, see the explanations below. MAIL PREFERENCE SERVICE This doesn't relate to AOL at all, it's a separate service by the Direct Marketing Association. Basically, they build a list of people who don't want to receive unsolicited ads in the mail. Companies that rent out lists can then compare the list(s) that they rent out to this one and remove names that are on the "don't send me ads" list from theirs. This actually makes their list more valuable, as it no longer contains the people with the lowest chances of buying. As a side note, I heard a rumor recently that this list is actually also used as a listing of people more likely to be interested in personal security and privacy products. AMERICA ONLINE MAILING LIST POLICY This should be the only thing you need to check relating to AOL mailings. This will remove you from their list, but won't have any effect on other mailings that you get from other companies' lists. TELEPHONE PREFERENCE SERVICE This is the same as the Mail preference service above, but for those "I'd like to talk to you about your insurance" calls instead of for mailings. -- Alan Miller \\ millera@mcs.com AJM's WWW page ------------------------------ From: PHILS@RELAY.RELAY.COM (Philip H. Smith III, (703) 506-0500) Date: 14 Oct 94 09:40:46 EDT Subject: Re: AOL Sells its Subscriber List mea@intgp1.att.com (Mark E Anderson) said (re AOL selling or renting its subscriber list): What's the difference between selling and renting a customer list? There's a big difference. Selling means "Hi, here's a tape with the info, give me a big check". Renting means (at least, in my experience) "Hi, here's a set of mailing labels, give me a smaller check". Yes, the renter could sit down and enter all the data on all the labels; but they're (a) expressly forbidden to do so, and (b) it's hardly cost-effective. nowakp@hfsi.hfsi.com (Paul Nowak) said (re security clearances): Actually they are more concerned with your character and lying about the kind of company you keep is very indicative ... as is telling the truth. They don't so much care that you smoked pot 30 years ago as they are that you're trying ot hide that fact ... and could face extortion because of it. I hope that's true today. It wasn't 40 years ago, when my father worked for a subsidiary of the CIA as a translator: they were told explicitly that being openly homosexual somehow made you MORE subject to extortion than being secretly gay. He (nor I) could never make sense of that alleged logic, but it was policy. Perhaps sanity has won in the last 40 years in at least that area. ------------------------------ From: jyoull@tuba.bgsu.edu (Jim Youll) Date: 14 Oct 1994 17:07:17 GMT Subject: Re: AOL Sells its Subscriber List Organization: Bowling Green State University mea@intgp1.att.com (Mark E Anderson) writes: Here's some of the things I found on AOL on the MARKETING PREFS window. The main mechanism for taking your name off the list was rather confusing and required you to put an X in one of the boxes. It... Ditto on the confusion. It was pretty strange having to TYPE the letter X into a little box on the screen. That should be a button. Maybe it's a software thing? In any case my impression was that now AOL will not release my name to anyone... i hope. MAIL PREFERENCE SERVICE For many people, advertising mail is informative and provides value, convenience and fun. However, direct marketing companies recognize that some people do not like to receive advertising mail. If you want to reduce the amount of national advertising mail you receive at home, send your name and address to the Direct Marketing Association's Mail Preference Service (MPS): This stuff helps limit ALL the junk mail you receive, not just things that originated at AOL... so in that respect it was sort of nice of them to leave instructions around if you want to curb even more junk mail. I didn't have any problem with that. Not everyone knows what the mail preference service is all about... does it work? I wouldn't count on it being absolute, but maybe it won't hurt.... someone once suggested that sending your name to the mail preference service could make you an attractive target for junk mail, because your mailbox wouldn't be nearly as cluttered as your neighbor's... :) What's the bit about junk mail providing "fun"? Am I missing something? ------------------------------ From: Bruce Steinberg Date: 14 Oct 94 12:32:33 PDT Subject: Re: AOL Sells its Subscriber List Concerned about the recent posting I read on comp.risk (and subsequently picked up on comp.society.privacy) regarding AOL selling its subscriber list, I forwarded it last night without comment to a number of friends who use AOL themselves. One respondent in particular provided the following opinions and information. (I have edited all headers and interpolated messages for reasons of privacy and ease of reading the basic flow of the complete dialogue.) I haven't looked into the issue any further than this, but simply wanted to share this exchange with the original newsgroups. FYI, Bruce //////////////// Subject: Re: AOL Sells its Subscriber List Anybody who has read Steve Case's recent letter on this subject would know that most of this information will *not* be included - the San Jose Mercury published false information. In any case, everyone can easily have their name completely excluded from the list. I know I've already done so. ........ Thanks for the quick response; I was hoping for some reaction from my aol.com pals. If this is really benign stuff, I'd suggest it might be advisable for AOL to get some presence lurking and responding on a few of the relevant and widely read newsgroups (e.g., this originally appeared on comp.risks, and was subsequently picked up on comp.society.privacy, both sober and seriously moderated groups). ........ Subject: Re: AOL Sells its Subscriber List It might be. In the meantime, here's what I've got. Take it for whatever you feel it's worth. ------------------------------ From: Mike Crawford Date: 13 Oct 1994 12:06:06 -0700 Subject: How Direct Mail Works I used to be in the direct mail business... or rather I was a programmer for a software company that was in essence a company that sold software via direct mail. Perhaps I can shed a little light on the AOL business with the following article I originally posted on misc.legal. (someone asked if it was legal to use business reply mail envelopes to complain to direct mailers) richardb50@aol.com (RichardB50) writes: None that I'm aware of. It may give you some satisfaction, but it probably won't stop anyone from sending you junk mail since in most cases the senders are working from purchased lists and they don't have the time or resources to edit them. In fact, lists are almost always rented, and the senders of the mail do not get to keep your name. They sign contracts to forbid them from reusing the names. This is enforced by planting "seed names" in the list - one friend of mine has his mother in his list. Whenever mom gets a letter sent to a certain name, she forwards it to my friend who checks out whether the mailing was authorized. The big mailers use mail verification services that have PO boxes scattered about the country, both to catch cheats and to verify that the mailings have been sent and not dumped in a landfill. A great deal of the direct mail you receive is meant less to actually sell you something than it is meant to "acquire" your name. A mailing is sent selling some inexpensive and attractive thing. If you respond, the mailer can legitimately keep your name for his own list. He saves future rental costs - ten cents per name per use - and he has identified you as a "direct mail buyer", someone who opens your mail and buys from the offers therein. The mailer will then concentrate his offers on the captured names to sell more expensive items, or perhaps look up the phone numbers to call you directly. Further, the mailer can now rent your name to others, making ten cents per each use. Doesn't it make you feel good, knowing that people you've never even met are making a dime per mailing by selling your good name? The more they know about you, the more they make. Usually the small house lists are more valuable, as they have more narrowly specified sorts of people on them. My friend above sold a list of inexpensive Macintosh software utilities, and made a substantial fraction of his businesses gross receipts from renting the list. America Online has recently revealed that they sell (probably really rent... they're not so stupid as to give away the family jewels) lists of subscribers, with info about buying habits, etc. (Now, AOL says that they do not divulge user's online activity, and I am sure they do not supply details of buyer's incomes with their lists. What list suppliers usually do, though, is supply "selections". One can specify that one wants a list of people in a particular income range, or people that are at business addresses, or home addresses, or people whose zip codes match particular criteria. "90210" might be a good zip code for Rolls Royce ads, while 95060 (Santa Cruz) would be good for selling surfboards. It is possible to rent lists from various sources, which allow one to select various criteria, and pick out just names that occur on all the lists, in order to select prospects with very exacting specifications. For example, using AOL and the voter registration lists - available for just $200 in Santa Cruz, one could select all the registered republican Macintosh Users, or registered Democratic Windows users). If you write to a mailer to say "Take me off your mailing list," well, I have to say, you're usually out of luck. Most likely you're not on their mailing list, and you'll be ignored. If you're lucky, you're on their "house" list and they will usually take you off (it increases the value of the list to remove people who aren't "buyers"). But if you never buy anything direct mail, you'll never be on the house lists of the people who mail to you. They might just be obnoxious and _put_ you on their list You're one hope is to write to the Mail Preference Service at the Direct Marketing Association. You'll be put in a list which is used to filter the mailing lists. Some work and expense is required to actually do this filtering, so it will take some time for your name to drop off the lists, and it will only be removed from those lists who go to the trouble of filtering. Worse, your name will still be used for mailing. The mail preference list is one of the most lucrative lists in the business! The people one are _buyers_! How can this be, you ask incredulously. The list gets high responses to offers of security and privacy products, the sort of things that are purchased by people who don't wish to be bothered. What can you do? Support legislation to require the kinds of controls over computer information that they have in Europe. In the US, you can at best ask to be removed from the databases, and they don't have to accede to your request. My understanding is that in Europe you cannot be put into such a marketing list without your prior consent. There have been efforts to bring this to the US, but the Direct Marketing Association has squashed it, hard. I remember reading about one particularly frustrated fellow who taped junk mail business reply envelopes to bricks and mailed them back. Good luck. This won't work. The post office just trashes them. They will send envelopes containing bits of metal, though. My friend's got a little display on the wall of his office of all the wierd stuff people have sent in his BRE's - spent bullets, brass hinges, rambling letters written by mentally ill folk, virulently racist literature and cartoons. I have another friend who used to save the lead foil that was placed over wine bottle corks - she put the lead foil into BRE's. I've always contemplated the idea of printing a BRE label with a laser printer and using it to make a convincing "business reply box". One would just have to enter the business' address and permit number into a template. Perhaps if it was done well enough the post office would send such a box. But this would probably be a violation of postal laws. -- Mike Crawford | Call Congress toll free at 1-800-768-2221. When the crawford@scipp.ucsc.edu | operator answers, ask for your Senator or Rep. ------------------------------ From: kerberr@news.latimes.com (Ross Kerber) Date: 13 Oct 1994 20:28:13 -0500 Subject: Fingerprint Systems? Organization: UTexas Mail-to-News Gateway Hello -- I'm a reporter for the LA Times and I'm doing a story on companies involved with fingerprint ID systems. I would appreciate any comments and/or thoughts on the issues associated with such systems. For example, would it be easier to build and manage a system for welfare recipients, gun permits, etc., than it would be to build a database for criminal ID by police on the street? (Since clients of a gov. agency would be entered into a single database, and would be supplying their (presumably real) names along with the print, would that make it easier to search the database than it would be to run a cold search on a print against a database of, say, wanted felons?) I'm also curious if anybody knows of automated fingerprint ID systems being used or considered by government agencies, or business firms. I'm interested in both technical and social issues related to the development of these systems. I'd prefer that replies be sent to my email address, as it's difficult for me to access newsgroups. -- Ross Kerber Staff Writer / Los Angeles Times voice: 714 966 7830 fax : 714 966 7711 kerberr@news.latimes.com ------------------------------ From: Bill Parker Date: 14 Oct 1994 09:00:08 -0700 Subject: Re: Shareware Campaign Tool Organization: @wizard.com - Las Vegas Access Gordon Burditt (gordon@sneaky.lonestar.org) wrote: I found this little tidbit interesting. Is it really possible to go to the polls and determine, in the middle of an ongoing election, who has voted and who hasn't? Why? How does one do this without disrupting the process of voting? (In areas where I vote, this information is kept manually in several large computer-printed list of eligible voters, divided alphabetically by last name. It may be computerized In Nevada the answer is yes. Before 1994 pollwatchers (people authorized by a candidate, incumbent, or political party to keep an eye on things) had access to the roster books a total of 4 times during election hours (7AM to 7PM) and could take down the name, party, etc. of any information in the roster book. After problems with elections in Clark County in 1993, the legislature passed election reform measures which now require election workers to update a list once an hour of all the people who have voted in a given polling center. The pollwatchers (or any other person) may examine this list and take whatever they like from it. Pollwatchers are no longer allowed to examine the roster books in Clark County. ballots isn't done, but there's not supposed to be a one-to-one correspondence between voter and ballot to keep individual votes private. Taking the lists away from the election workers during the election will definitely bog down the voting process.) Individuual votes are indeed private, and looking at the list of people who voted will not tell you HOW they voted, but if they did or not. FYI, where I was at, we did not have one person examine the list of people who voted in the primary election (Sept 6). However, you can use the information to develop how much of a part. party voted. -- | email: billp@wizard.com | | (or snark.wizard.com) | | RIME: route to ->383 | ------------------------------ From: email list server Date: 12 Oct 1994 23:21:11 -0700 Subject: Computers, Freedom and Privacy Conference 3/95 The following note summarizes a Call for Papers which may be of some interest for people on this Forum. The entire document may be found using gopher in: gopher.cs.uwm.edu/computer-privacy/z-library/freedom-privacy-3-95 Call for Participation - CFP'95 The Fifth Conference on Computers, Freedom and Privacy Sponsored by the ACM SIGCOMM, SIGCAS, SIGSAC and Stanford Law School 28 - 31 March 1995 San Francisco Airport Marriott Hotel, Burlingame, California INVITATION This is an invitation to submit session and topic proposals for inclusion in the program of the Fifth Conference on Computers, Freedom and Privacy. Proposals may be for individual talks, panel discussions, debates, or other presentations in appropriate formats. Proposed topics should be within the general scope of the conference, as outlined below. SCOPE The advance of computer and telecommunications technologies holds great promise for individuals and society. From convenience for consumers and efficiency in commerce to improved public health and safety and increased participation in democratic institutions, these technologies can fundamentally transform our lives. New computer and telecommunications technologies are bringing new meanings to our freedoms to speak, associate, be left alone, learn, and exercise political power. At the same time these technologies pose threats to the ideals of a just, free, and open society. Personal privacy is increasingly at risk from invasion by high-tech surveillance and eavesdropping. The myriad databases containing personal information maintained in the public and private sectors expose private life to constant scrutiny. Political, social, and economic fairness may hinge on ensuring equal access to these technologies, but how, at what cost, and who will pay? Technological advances also enable new forms of illegal activity, posing new problems for legal and law enforcement officials and challenging the very definitions of crime and civil liberties. But technologies used to combat these crimes can threaten the traditional barriers between the individual and the state. Even such fundamental notions as speech, assembly and property are being transformed by these technologies, throwing into question the basic Constitutional protections that have guarded them. Similarly, information knows no borders; as the scope of economies becomes global and as networked communities transcend international boundaries, ways must be found to reconcile competing political, social, and economic interests in the digital domain. The Fifth Conference on Computers, Freedom and Privacy will assemble experts, advocates and interested people from a broad spectrum of disciplines and backgrounds in a balanced public forum to explore and better understand how computer and telecommunications technologies are affecting freedom and privacy in society. Participants will include people from the fields of computer science, law, business, research, information, library science, health, public policy, government, law enforcement, public advocacy, and many others. The entire document may be found using gopher in: gopher.cs.uwm.edu/computer-privacy/z-library/freedom-privacy-3-95 ------------------------------ From: nolod@ccr.jussieu.fr Date: 13 Oct 1994 14:48:28 +0000 Subject: Social Responsibility Conference 7/95 The following note summarizes a Call for Papers which may be of some interest for people on this Forum. The entire document may be found using gopher in: gopher.cs.uwm.edu/computer-privacy/z-library/social-responsibility . CALL FOR PAPERS KEY PLAYERS IN THE INTRODUCTION OF INFORMATION TECHNOLOGY : THEIR SOCIAL RESPONSIBILITY AND PROFESSIONAL TRAINING COMPUTER PROFESSIONALS, USERS, DECISION MAKERS NAMUR (Belgium) - 5-6-7 Juillet 1995 INTRODUCTION The advances and diversification of techniques in information Technology (IT) together with the progressive changes in the social, economic and cultural context, raise questions, from a new perspective, of identity and responsibility among the different groups involved in the development of IT and the spread of its application in society. How may the roles and functions of members of the IT professions be defined ? Today, Computer Scientists recognise that the nature and responsibilities of their profession are constantly becoming more diverse. However these responsibilities can only be defined taking account of those exercised by other key players concerned with computerisation ; managers and decision makers (politicians, economists, financiers), users of IT systems, educators, trainers and ergonomists. There is a growing consensus that teaching at school and university level is still too focused upon technical education and specialisation. Education or training, particularly that for computer professionals, must recognise the social and human dimensions of their professional activity. Such preparation, which will allow computer scientists and other professionnal users of IT systems to fully discharge their responsibilities, raises new questions in terms of its content and pedagogical approach. "Identity", "Responsibility" and Training" will be the three themes to be addressed in the course of the colloquium. The entire document may be found using gopher in: gopher.cs.uwm.edu/computer-privacy/z-library/social-responsibility . ------------------------------ From: "Prof. L. P. Levine" Date: 26 Sep 1994 12:45:51 -0500 (CDT) Subject: Info on CPD, Contributions, Subscriptions, FTP, etc. Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #049 ****************************** .