Date:       Wed, 16 Nov 94 11:08:33 EST
Errors-To:  Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From:       Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To:         Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V5#063

Computer Privacy Digest Wed, 16 Nov 94              Volume 5 : Issue: 063

Today's Topics:			       Moderator: Leonard P. Levine

                        Re: Mother's Maiden Name
                        Re: Mother's Maiden Name
                     Re: Intrusive Supermarket Card
                     Re: Intrusive Supermarket Card
                     Re: Intrusive Supermarket Card
                     Re: Intrusive Supermarket Card
                           Re: E-mail headers
                      Re: Must I Always Carry I.D?
                      Re: Must I Always Carry I.D?
                      Re: Must I Always Carry I.D?
                           Norton's DISKREET
          Info on CPD, Contributions, Subscriptions, FTP, etc.

----------------------------------------------------------------------

From: bcn@world.std.com (Barry C Nelson)
Date: 14 Nov 1994 22:52:50 GMT
Subject: Re: Mother's Maiden Name
Organization: The World Public Access UNIX, Brookline, MA

When my friend's credit card accounts were being used fraudulently, the
secret service was nice enough to suggest that she select a new
"mother's maiden name."  That is, select a password which you'll never
forget, yet has no obvious connection to your own identity. After all,
does the credit company care that your mother's maiden name isn't
really "einstein" or "zanzibar"? I suppose some official orgs may have
a real problem with that approach, since it might thwart computer
matching.

--
BCNelson


------------------------------

From: Jon Green <jonsg@hyphen.com>
Date: 15 Nov 1994 04:47:31 -0500 (EST)
Subject: Re: Mother's Maiden Name

The discussion of mothers' maiden names seems to have got a leetle out
of hand.  The banks neither know or care whether the name you supply is
indeed your mother's maiden name.  They don't check!  Most people
haven't really had to deal with computer passwords, so, for
convenience, the banks call the password "Mother's maiden name."  A
good ploy is to use a nonsense word utterly unlike most names, but
which is personally memorable.

When I applied for a well-known charge card, in the subsequent phone
interview I was told explicitly, "That's not what it has to be; it can
be any word you can remember," without even having asked, so credit
providers are beginning to take a more sensible approach.  As posters
here have noted, someone's MMN is hardly the most secure password,
anyway.

--
jonsg@hyphen.com
Jon@sundome.demon.co.uk


------------------------------

From: millera@mcs.com (Alan Miller)
Date: 14 Nov 1994 17:57:23 -0600
Subject: Re: Intrusive Supermarket Card
Organization: Bob's Bass House; We Got Bass!

    Steve Berczuk  <berczuk@space.mit.edu> wrote: as a side note:
    >>for people who haven't figured out that if you pay with your Visa
    card you get a month's free float<< is one of the reasons I don't
    understand the idea behind the Express Check cards that banks are
    issuing: it looks like you are making a master card payment but
    your bank account gets debited when the merchant submits the credit
    slip rather than the bank issuing you a bill. Can anyone explain
    what these cards offer above what a credit card does, besides
    opening you up to problems is you lose the card (if you lose a
    credit card, no money has left your bank account....)

I think the debit cards are primarily used if you have a bad credit
history, or for kids who don't have a credit history.  Since your
(apparent) line of credit is just what you have in the bank, the bank
doesn't need to worry about defaults.

-- 
Alan Miller \\ millera@mcs.com 
<a href="http://www.mcs.net/~millera/home.html">AJM's WWW page</a>


------------------------------

From: fd@wwa.com (Glen L. Roberts)
Date: 15 Nov 1994 16:54:10 GMT
Subject: Re: Intrusive Supermarket Card
Organization: WorldWide Access - Chicago Area Internet Services 312-282-8605 708-367-1871

    John Wendt (jwendt@kosepc02.delcoelect.com) wrote: Clearly market
    research.  Answers will be used by Marsh and will no doubt go to
    manufacturers of products sddressing the maladies asked about.

Up here the Jewel stores on their "preferred" care, ask for SSN,
Drivers license number, phone and other goodies to package with the
data they collect on you.

The savings is minimal, compared to regular coupons and probably you
spend more... because of the point of sale, "special..." they get you
to buy stuff you didn't intend to when you left home...

--
Glen L. Roberts, Editor, Full Disclosure
Host Full Disclosure Live (WWCR 5,065 khz - Sundays 7pm central)
email fd@sashimi.wwa.com for catalog on privacy & surveillance.
Does 10555-1-708-356-9646 give you an "ANI" readback? With name?
email for uuencoded .TIF of T-Shirt Honoring the FBI


------------------------------

From: c23st@kocrsv01.delcoelect.com (Spiros Triantafyllopoulos)
Date: 15 Nov 1994 16:57:06 GMT
Subject: Re: Intrusive Supermarket Card
Organization: Delco Electronics Corp.

    Scott Bennett <bennett@cs.niu.edu> wrote: Sounds like Marsh
    Supermarkets is a latecomer to this sort of offensive marketing
    measure.  Jewel Tea (Jewel Foods) has been up to this nonsense for
    at least a year now.  Jewel calls it the "Preferred Card."

How hard is it to give them 'white innocent lie' answers to the
questions? 

	Kids like Ice Cream?                    NO     :-) 
        Kids like Celery?                       YES    :-) :-)

Unless they're really trying, what are they going to do about it if you
lie? Be prosecuted by the FCC (Federal Coupons Commision)?

-- 
Spiros Triantafyllopoulos                  Kokomo, IN 46904   (317) 451-0815
Software Development Tools, AD/SI          c23st@kocrsv01.delcoelect.com
Delco Electronics/GM Hughes Electronics    "Reading, 'Rithmetic, and Readnews"


------------------------------

From: johnl@iecc.com (John R Levine)
Date: 15 Nov 94 15:49 EST
Subject: Re: Intrusive Supermarket Card
Organization: I.E.C.C., Cambridge, Mass.

    I wrote: They all ask for SSN, but I've only run into one (Stop and
    Shop) who refused to give me a checks cashing card without one.

    berczuk@space.mit.edu responded I tried applying for a check
    cashing card at a "Bread & Circus" which is a store that puts forth
    a healthy food/politically correct image.  When I asked why I
    needed to give a SSN for a check cashing card I got a letter
    explaining how the SSN was the "only unique identifier" they could
    use ...

Oh, you asked the wrong question.  The true answer to "Why do you want
my SSN?" is "Because we're nosy."  You should have asked, politely, "do
you require my SSN as a condition of doing business, or would you
prefer that I shop elsewhere?"  I got a check cashing card a few years
ago at B&C without giving an SSN and I don't recall getting a big
argument.  Just remember that the best answer to "What's your SSN?" is
"Duh?"

In fact, I lost by B&C card a few years ago and never bothered to
replace it because now they take my Visa card.

    as a side note:  >>for people who haven't figured out that if you
    pay with your Visa card you get a month's free float<< is one of
    the reasons I don't understand the idea behind the Express Check
    cards that banks are issuing: it looks like you are making a master
    card payment but your bank account gets debited when the merchant
    submits the credit slip rather than the bank issuing you a bill.
    Can anyone explain what these cards offer above what a credit card
    does, besides opening you up to problems is you lose the card (if
    you lose a credit card, no money has left your bank account....)

Nothing.  You have to go through the same credit application as you
would for a real credit card, but you get no float and less protection
against bogus charges.  BayBank, the bank that issues these cards here,
used to compound the insult by charging 15 cents/transaction, but they
eventually backed off from that.  The best answers I've gotten when I
ask people why they use these things are vague comments about imposing
better financial discipline or something.  But anyone who banks at
BayBanks has already self-identified as a masochist.

--
Regards,
John Levine, johnl@iecc.com
Primary Perpetrator of "The Internet for Dummies"


------------------------------

From: wbe@psr.com (Winston Edmond)
Date: 15 Nov 1994 01:49:06 GMT
Subject: Re: E-mail headers
Organization: Panther Software and Research

    "Houston, James A." <JH2@scires.com> asks: My question is this,
    *if* a "blind" carbon copy is directed to the president of my
    company, can I see that transaction in the header, or is that type
    of thing controlled by the email application being used, e.g.,
    ccmail? I just want to know if there is a way to *detect* if my
    mail is being directed to secret places I normally would not be
    aware of.

(I assume "my mail" means mail sent TO you, not mail FROM you.)

The basic answer, for a variety of reasons is "NO", you should assume
you can't tell.  "Blind" means just that -- all recipients can see
who's on the To: and Cc: lists, but no recipient can see who's on the
blind Cc list.  This also means that replies will not automatically go
to the blind Cc recipients.

(1) If someone else is sending the mail, their application code and
      mail system have complete control over the content of the message
      (such as indicating whether there were bcc recipients for the
      message).

(2) Some mail programs will add a BCC: line to the message if YOU are a
      blind Cc recipient, to let you know why the message was delivered
      to you.

(3) All this is irrelevant.  By just Cc'ing myself, I can forward the
      copy I get back to anyone I want, without using blind Cc, and
      none of the original recipients will have any indication that
      I've done so.  Blind Cc just makes this easier.  -WBE


------------------------------

From: fd@wwa.com (Glen L. Roberts)
Date: 15 Nov 1994 16:52:28 GMT
Subject: Re: Must I Always Carry I.D?
Organization: WorldWide Access - Chicago Area Internet Services 312-282-8605 708-367-1871

    amy young-leith <alyoung@cherry.ucs.indiana.edu> wrote If you are
    pulled over and you HAVE a valid drivers license issued to you, but
    you don't have it WITH you (it's at home on the table or in your
    purse slung on the chair or...), is THAT a crime?  Will you be
    charged with something?  Will you have any chance to obtain your
    license to avoid this charge if there is one?

    Kevin Kadow (kadokev@rci.ripco.com) wrote: Well, at least in
    Illinois, the state police have all your drivers license
    information on file, so if you don't have your license with your
    they _could_ pull it up on the computer- but the computer is often
    very out of date, they told me I had a license when the most I've
    ever had was a training permit, and that expired years ago.

from listening to the police scanner, I would say that what is
IMPORTANT is what the COMPUTER says. If it says you are suspended,
revoked, have no license, or whatever, the little card in your pocket
is REALLY WORLTHLESS.

Now, it is probably a criminal offense, not to have it... but if the
computer says you are OK, and the cop is being nice and you aren't
jerking him around, you'll probably get a warning or a lecture.

The police really do love what is in their computer. They spend most of
their time running name and plates through it.... they should spend
have that time going after real criminals... not just hoping to find
someone with a warrant...

It is interesting on how discussions of whether you have to carry ID
turn into discussions of whether you have to carry your drivers license
when driving!

--
Glen L. Roberts, Editor, Full Disclosure
Host Full Disclosure Live (WWCR 5,065 khz - Sundays 7pm central)
email fd@sashimi.wwa.com for catalog on privacy & surveillance.
Does 10555-1-708-356-9646 give you an "ANI" readback? With name?
email for uuencoded .TIF of T-Shirt Honoring the FBI


------------------------------

From: sgs@access.digex.net (Steve Smith)
Date: 15 Nov 1994 16:20:43 -0500
Subject: Re: Must I Always Carry I.D?
Organization: Agincourt Computing

    amy young-leith  <alyoung@cherry.ucs.indiana.edu> wrote: On a
    related tangent, I've had an arguement with friends over the issue
    of what happens if you DO NOT carry your driver's license with
    you.  If you are pulled over and you HAVE a valid drivers license
    issued to you, but you don't have it WITH you (it's at home on the
    table or in your purse slung on the chair or...), is THAT a crime?
    Will you be charged with something?  Will you have any chance to
    obtain your license to avoid this charge if there is one?

Every place that I have driven, it is an offence not to have the
licanse (and sometimes, the registration and proof of insurance) with
you in the car.  Compared to "driving without a license", it is a realy
lightweight offence.  Driving without a license, in turn is lightweight
compared to driving on a suspended or revoked license.  You can get
jail for that one.

Check your local laws.  Vehicular laws vary all over the place.

-- 
Steve Smith                     Agincourt Computing
sgs@access.digex.net            (301) 681 7395
"Truth is stranger than fiction because fiction has to make sense."


------------------------------

From: sgs@access.digex.net (Steve Smith)
Date: 15 Nov 1994 16:29:03 -0500
Subject: Re: Must I Always Carry I.D?
Organization: Agincourt Computing

    Lawrence *The Dreamer* Chen <lawrence@combdyn.com> wrote: Along a
    similar line.....if I'm supposed to have ID, what constitutes valid
    ID?  Does it have to have a photograph?  If so, just where does one
    get one aside from their passport? Everybody seems to automatically
    ask for a driver's licence as ID, ...

All the states that I've checked have a "non driver's ID".  It looks
like a driver's license, it's issued by the same people, but it doesn't
let you drive a car.

Unfortunately, some non-drivers that I know have had problems buying
things by check, because the drelbs at the store are told to get "a
driver's license and a major credit card" as ID.  If they don't follow
the rules exactly, they can get fired.  "Driver's license" means a
driver's license and nothing else.

In a lighter vein, one time I was picking up my car after having it
repaired at the local dealer.  They required ID before they would
release a car.  One of the forms of "acceptable ID" that they would
accept is a state non-driver's ID ....

-- 
Steve Smith                     Agincourt Computing
sgs@access.digex.net            (301) 681 7395
"Truth is stranger than fiction because fiction has to make sense."


------------------------------

From: Shawn Leard <71370.2551@compuserve.com>
Date: 15 Nov 94 14:36:15 EST
Subject: Norton's DISKREET

I am doing some research on a product called DISKREET that comes with
the Norton utilities and was wondering if anyone has any information on
how secure it is?

--
Thanks,
Shawn


------------------------------

From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 26 Sep 1994 12:45:51 -0500 (CDT)
Subject: Info on CPD, Contributions, Subscriptions, FTP, etc.
Organization: University of Wisconsin-Milwaukee

The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa.  The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.

If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution.  As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.

On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute.  If you
do so, it is best to modify the "Subject:" line of your mailing.

Contributions generally are acknowledged within 24 hours of
submission.  An article is printed if it is relevant to the charter of
the digest.  If selected, it is printed within two or three days.  The
moderator reserves the right to delete extraneous quoted material.  He
may change the subject line of an article in order to make it easier
for the reader to follow a discussion.  He will not, however, alter or
edit or append to the text except for purely technical reasons.

A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite.  The archives
are in the directory "pub/comp-privacy".

People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.

Mosaic users will find it at gopher://gopher.cs.uwm.edu.

Older archives are also held at ftp.pica.army.mil [129.139.160.133].

 ---------------------------------+-----------------------------------------
Leonard P. Levine                 | Moderator of:     Computer Privacy Digest
Professor of Computer Science     |                  and comp.society.privacy
University of Wisconsin-Milwaukee | Post:                comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201       | Information: comp-privacy-request@uwm.edu
                                  | Gopher:                 gopher.cs.uwm.edu 
levine@cs.uwm.edu                 | Mosaic:        gopher://gopher.cs.uwm.edu
 ---------------------------------+-----------------------------------------


------------------------------

End of Computer Privacy Digest V5 #063
******************************
.