Date: Mon, 14 Nov 94 15:35:05 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#062 Computer Privacy Digest Mon, 14 Nov 94 Volume 5 : Issue: 062 Today's Topics: Moderator: Leonard P. Levine Error Correction Re: Intrusive Supermarket Card Re: Intrusive Supermarket Card Re: E-mail headers Re: E-mail headers Re: Must I Always Carry I.D? Re: Must I Always Carry I.D? Other People's E-mail Re: Mother's Maiden Name Help on a Student Reaserch Project Clipper History & Current Status Needed Re: Corporate Electronic Communications Policy Info on WWW Browsers & Privacy Ohio Supreme Court Upholds Privacy of SSNs Info on CPD, Contributions, Subscriptions, FTP, etc. ---------------------------------------------------------------------- From: Robert Ellis Smith <0005101719@mcimail.com> Date: 11 Nov 94 12:04 EST Subject: Error Correction In my last message to you, concerning the FBI Telephony law: It should be Public Law 103-414. Thanks. Bob Smith ------------------------------ From: Steve Berczuk Date: 14 Nov 1994 09:31:25 -0500 (EST) Subject: Re: Intrusive Supermarket Card regarding check cashing cards: From: johnl@iecc.com (John R Levine) They're compiling prospect lists for junk mail, of course. On most of those cards all you really need to fill out is name and address, and you don't even have to do that truthfully. In may cases the card doubles as a check cashing card (for people who haven't figured out that if you pay with your Visa card you get a month's free float) so in that case the name, address, and bank reference had better match. They all ask for SSN, but I've only run into one (Stop and Shop) who refused to give me a checks cashing card without one. I tried applying for a check cashing card at a "Bread & Circus" which is a store that puts forth a healthy food/politically correct image. When I asked why I needed to give a SSN for a check cashing card I got a letter explaining how the SSN was the "only unique identifier" they could use to track someone down in case they bounced a check, etc.... (of course they never ask to see any identifying information to prove that the SSN you give is yours - it seems that a drivers license number would serve the purpose better. ) The thing that disturbes me a bit about the SSNs being permissible for check cashing cards is that Massachusetts law requiring Social Security Numbers on *checks* is illegal (unless the SSN is your drivers lic number - which it does not have to be) I think courtesy cards get around this by allowing you to write checks above the amount of your bill (which is in effect extending credit), so asking for an SSN for a check cashing card IS legal. I dealt with Bread & Circus by just getting the check approved each time i go shopping; fortunately there is rarely a line at the courtesy desk :) as a side note: >>for people who haven't figured out that if you pay with your Visa card you get a month's free float<< is one of the reasons I don't understand the idea behind the Express Check cards that banks are issuing: it looks like you are making a master card payment but your bank account gets debited when the merchant submits the credit slip rather than the bank issuing you a bill. Can anyone explain what these cards offer above what a credit card does, besides opening you up to problems is you lose the card (if you lose a credit card, no money has left your bank account....) -- Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research NE80-6015 Phone: (617) 253-3840 | Fax: (617) 253-8084 ------------------------------ From: jwendt@kosepc02.delcoelect.com (John Wendt) Date: 11 Nov 1994 19:33:58 GMT Subject: Re: Intrusive Supermarket Card Organization: Delco Electronics Corp. Winn Bill writes: There is a supermarket chain in Indiana, Marsh Supermarkets, that has a [ many questions deleted] The questionnaire closes with a place for a validation signature, social security number, driver's licence number, and home address and phone number. The owner/CEO of the chain has been sent a letter inquiring as to why all of this information is needed for a coupon card, but thus far there has been no reply. Clearly market research. Answers will be used by Marsh and will no doubt go to manufacturers of products sddressing the maladies asked about. ======================================================================== John M. Wendt | Ah, but a man's reach should Software Engineer | exceed his grasp, Service Test Equipment Engineering | Else what's a metaphor? Delco Electronics Corp., Kokomo IN, USA | | -- Marshall McCluhan (Standard Disclaimers Apply) ------------------------------ From: Barry Margolin Date: 13 Nov 1994 01:20:57 -0500 Subject: Re: E-mail headers Organization: NEARnet, Cambridge, MA Houston, James A. writes: My question is this, *if* a "blind" carbon copy is directed to the president of my company, can I see that transaction in the header, or is that type of thing controlled by the email application being used, e.g., ccmail? Most mail systems will not leave any indication in your copy of the message that a blind copy was sent to other addresses. -- Barry Margolin BBN Internet Services Corp. barmar@near.net ------------------------------ From: "Dennis G. Rears" Date: 14 Nov 1994 16:29:23 GMT Subject: Re: E-mail headers Organization: U.S Army ARDEC, Picatinny Arsenal, NJ Houston, James A. wrote: be read. My question is this, *if* a "blind" carbon copy is directed to the president of my company, can I see that transaction in the header, or is that type of thing controlled by the email application being used, e.g., ccmail? Normally, you can not see that a bcc was sent. That's part of the purpose of a blind carbon copy. If fact, it is only the MTA (mail transport agent) of the sender and the bcc's reciever's that will know of it. I just want to know if there is a way to *detect* if my mail is being directed to secret places I normally would not be aware of. No. Even if there were all a person would have to do is resend the original message. -- dennis ------------------------------ From: kadokev@rci.ripco.com (Kevin Kadow) Date: 11 Nov 1994 15:48:57 -0600 (CST) Subject: Re: Must I Always Carry I.D? From: amy young-leith If you are pulled over and you HAVE a valid drivers license issued to you, but you don't have it WITH you (it's at home on the table or in your purse slung on the chair or...), is THAT a crime? Will you be charged with something? Will you have any chance to obtain your license to avoid this charge if there is one? Well, at least in Illinois, the state police have all your drivers license information on file, so if you don't have your license with your they _could_ pull it up on the computer- but the computer is often very out of date, they told me I had a license when the most I've ever had was a training permit, and that expired years ago. -- kadokev@ripco.com Kevin Kadow FREE Usenet/Mail, inexpensive Internet - Ripco... Wearing white hats since 1983 Dialup:(312) 665-0065|Gopher:gopher.ripco.com|Telnet:foley.ripco.com ('info') ------------------------------ From: bernie@fantasyfarm.com (Bernie Cosell) Date: 13 Nov 1994 15:46:44 GMT Subject: Re: Must I Always Carry I.D? Organization: Fantasy Farm, Pearisburg, VA amy young-leith writes: If you are pulled over and you HAVE a valid drivers license issued to you, but you don't have it WITH you (it's at home on the table or in your purse slung on the chair or...), is THAT a crime? Will you be charged with something? Will you have any chance to obtain your license to avoid this charge if there is one? Well, this is the wrong newsgroup for the inquiry --- it'd be more proper [and surely get a better-informed response] on misc.legal.moderated. The simple answer is that it is almost *certainly* an offense, although the precise nature of the offense is subject to your state's laws. Around here [VA}, you will receive a fine if you operate a vehicle without: a driver's license and the registration *in*your*possession*. Some states also require that you carry proof of insurance. In no case that I know of is it a "crime" [i.e. "go directly to jail, do not pass GO, do not...]... in fact, as a rule almost NOTHING to do with operating a motor vehicle generally involves criminal sanctions. -- Bernie Cosell bernie@fantasyfarm.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 --->>> Too many people; too few sheep <<<--- ------------------------------ From: robert.heuman@rose.com (robert heuman) Date: 11 Nov 1994 23:53:16 -0500 Subject: Other People's E-mail Organization: Rose Media Inc, Toronto, Ontario. Prof. L. P. Levine writes: THE ECPA. The principal law protecting the privacy of e-mail is the Electronic Communications Privacy Act of 1986 (the "ECPA" for short). ECPA is a 1986 federal law that expanded to e-mail the protections long afforded telephones conversations. The ECPA makes it a serious crime to read, use or disclose another person's electronic communications without justification. The ECPA sets the basic "don't read without permission" rule, along with some exceptions. Please remember that this law applies in the United States ONLY. It is NOT the law anywhere else in the world. Would someone care to cover the situation, legally, in Canada? Also would appreciate coverage of the legal situation in the EEC, Japan, Singapore, Israel, to name a few other jurisdictions. -- RoseReader 2.52 P001886 Entered at [ROSE] RoseMail 2.60 : RoseNet<=>Usenet Gateway : Rose Media 416-733-2285 ------------------------------ From: dklein@pluto.njcc.com (Dorothy Klein) Date: 12 Nov 1994 12:01:13 -0500 Subject: Re: Mother's Maiden Name Organization: New Jersey Computer Connection, Lawrenceville, NJ Mother's maiden name might have been a great personal codeword a generation ago, but consider the newer naming schemes. If your mother hyphenated her name upon marriage (Doris Doe marries Joe Jones and becomes Doris Doe-Jones, which keeps her professional identity intact and all her citations together) or kept her own name (such a pain to change monograms! and IDs..), you'd better not put her name on your next-of-kin wallet card. Hm, I wonder what the operator says when someone answers, "My mother never married. Her name is the same as mine." The techno-cynic in me suspects that the database isn't set up to accept that answer. -- Dorothy Klein dklein@pluto.njcc.com ------------------------------ From: HFHH02C@prodigy.com (MISS ELLEN A FALBO) Date: 12 Nov 1994 16:57:35 -0600 Subject: Help on a Student Reaserch Project Organization: UTexas Mail-to-News Gateway I'm a senior in high school and I am writing my senior paper/thesis on: The ability of governmental antitrust regulatory agencies-- such as the FTC and the antitrust division of the DoJ-- to regulate the computer industry in a timely and effective manner. I'm using the recent Microsoft antitrust lawsuit as a case in study because it was handled by both the FTC and the DoJ. I am attempting to get the views of as many people as possible concerning this topic and I would appreciate any comments or information concerning the FTC's and/or the DoJ's performance or effectiveness in dealing with the computer industry. I also need information on the following questions. Any information would be greatly appreciated. 1) How does the FTC fit into the political scheme of things? 2)How does a change in administration affect FTC funding, personnel, etc.? 3)Was the FTC downsized during the Reagan and Bush administrations, like the Antitrust division of the DoJ was? 4)Has the FTC had many cases that have dealt with high tech industries like the computer industry? 5)If so what were they and what were the outcomes? 6)Within the last 2 years have there been any antitrust cases (other than the one against Microsoft) brought against the computer industry? 7)If so, who were they against and who brought them up (the FTC or the DoJ) and what were the results? -- Thank you for your time and help. please send replies to: HFHH02C@PRODIGY.COM Thanks again, Ellen ------------------------------ From: uabpa!egutierrez@uunet.uu.net (Noel G) Date: 13 Nov 94 14:15:15 MST Subject: Clipper History & Current Status Needed Organization: College of Business and Public Administration, Univ. of Ariz. Can anyone tell me where the FAQ is? I'm trying to find out more on how the Clipper chip came into being (i.e. its "history") and its current status. Thank you for your time. -- Noel Gutierrez ------------------------------ From: bernie@fantasyfarm.com (Bernie Cosell) Date: 13 Nov 1994 15:20:38 GMT Subject: Re: Corporate Electronic Communications Policy Organization: Fantasy Farm, Pearisburg, VA Dick Mills writes: The following is a corporate policy proposed for adoption at my company. The purpose of the policy is to protect the company from lawsuits. The fear of lawsuits was prompted by press reports of workers in California who sued because their company had inspected their "private" email records. What do followers of comp-privacy have to say about this policy as written? Regardless of the reason for the policy, which may or may not be valid, the policy seems fine to me. _Electronic Communication Policy_ Electronic communications, including electronic mail, voice mail, facsimile and all other forms of electronic media are company-owned resources, and are provided as business communication tools. Regardless of the motive, I can't see on what basis one could object to a statement like the above. Employees who use the electronic media for personal use do so at their own risk and expense. This, too, seems pretty much on the mark. ... [Company] will share no responsibility for incidents of harassment, sexual harassment, slander, malice, defamation of character or other civil or criminal actions which occur or are alleged to have occurred through the personal use of [company] electronic communications. The responsibility for and the defense against such actions or claims is solely that of the individual. Again, I'm not sure what else one would expect: should the *company* end up with responsibility for the unauthorized and improper use of their equipment? [Company] reserves the right to review all electronic records and communications, although it not the intent to do so except for legitimate business reasons. The message originator's department manager and corporate officers are the only individuals authorized to review these messages except with specific written permission from the president. The message originator will be notified as soon as possible if messages are reviewed. This seems more than fair. As many of you know, I am much more of a curmudgeon about matters like this and I wouldn't even have been inclined to put in all the disclaimers --- I'd have ended the paragraph after the first sentence. Electronic messages should be drafted with the same thought and concern devoted to written or verbal communications, and there can be no guarantee of privacy for electronic communications. Please exercise good judgment when using these media. Sounds 100% perfect to me. There is a similar naivete, I suspect, about things sent through the interoffice mail. Improper use of [company] electronic communications may result in disciplinary action up to and including discharge from employment. Indeed, and such could be said [and should be made clear] about improper use of *ANY* company equipment, be it a photocopier or the forklift in the warehouse... -- Bernie Cosell bernie@fantasyfarm.com Fantasy Farm Fibers, Pearisburg, VA (703) 921-2358 --->>> Too many people; too few sheep <<<--- ------------------------------ From: "Prof. L. P. Levine" Date: 14 Nov 1994 11:24:11 -0600 (CST) Subject: Info on WWW Browsers & Privacy Organization: University of Wisconsin-Milwaukee Taken from Discussion of Global CPSR Issues John Schmitz posted this to me and I am posting it on to you: You WWW browser may be telling the http servers you visit more than you think. For more information, see http://www.uiuc.edu/~ejk/WWW-privacy.html Ed Kubaitis (ejk@uiuc.edu) Computing & Communications Services Office - University of Illinois, Urbana Some users may have noticed that some WWW browsers allow configuring an email address. We have recently discovered that some browsers use this information not only for mail or news posting purposes, but also provide it to every http server you visit. Further, some Unix browsers provide your username even if an email address is not configured. since even experienced WWW users here were surprised to learn this, we decided to pass the information on. Silent delivery of a user's email address or username (other than for email or news posting purposes which most users would expect) seems to open a door to potential abuse -- junk email, for example ------------------------------ From: David Banisar Date: 12 Nov 1994 13:56:25 -0500 Subject: Ohio Supreme Court Upholds Privacy of SSNs In a decision handed down on October 26, the Ohio Supreme Court has ruled that governmental disclosure of Social Security numbers (SSNs) violates individuals' constitutional right to privacy. At issue was a request by the Akron Beacon Journal for release of computer tape records of the City of Akron's year-end employee master files. The payroll files contain various information including employees' names, addresses, telephone numbers, SSNs, birth dates, education, employment status and positions, pay rates, service ratings, annual and sick leave information, overtime hours and pay, and year-to-date employee earnings. The City had provided the records to the newspaper, but deleted the SSNs on privacy grounds. EPIC staff, on behalf of Computer Professionals for Social Responsibility, joined with the Public Citizen Litigation Group in filing a "friend of the court" brief in the case. The CPSR/Public Citizen brief highlighted the privacy implications of SSN disclosures and argued in support of the City's decision to withhold the numbers. The brief urged the Ohio Supreme Court to follow the lead of the U.S. Court of Appeals for the Fourth Circuit in the case of Greidinger v. Davis, where Virginia's practice of requiring SSNs for voter registration purposes was held unconstitutional. EPIC staff had similarly participated in the Greidinger litigation as friends of the court. Significant excerpts from the Ohio Supreme Court decision: The city's refusal to release its employees' SSNs does not significantly interfere with the public's right to monitor governmental conduct. The numbers by themselves reveal little information about the city's employees. ... While the release of all city employees' SSNs would provide inquirers with little useful information about the organization of their government, the release of the numbers could allow an inquirer to discover the intimate, personal details of each city employee's life, which are completely irrelevant to the operations of government. As the Greidinger court warned, a person's SSN is a device which can quickly be used by the unscrupulous to acquire a tremendous amount of information about a person. ... Thanks to the abundance of data bases in the private sector that include the SSNs of persons listed in their files, an intruder using an SSN can quietly discover the intimate details of a victim's personal life without the victim ever knowing of the intrusion. Coming a year after the Greidinger decision, the Akron Beacon Journal case continues a trend toward judicial recognition of the privacy implications of SSNs. EPIC will continue to participate in related litigation in an attempt to establish a body of caselaw protecting the confidentiality of SSNs and other personal information. David Sobel (Sobel@epic.org) Legal Counsel Electronic Privacy Information Center [moderator: lengthy court transcript is avilable in archive or via email from moderator] ------------------------------ From: "Prof. L. P. Levine" Date: 26 Sep 1994 12:45:51 -0500 (CDT) Subject: Info on CPD, Contributions, Subscriptions, FTP, etc. Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #062 ****************************** .