Date: Mon, 28 Nov 94 11:44:54 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V5#067 Computer Privacy Digest Mon, 28 Nov 94 Volume 5 : Issue: 067 Today's Topics: Moderator: Leonard P. Levine Story on Privacy Abuses & Stalking Re: Essay: The Right to Privacy Re: Debit Cards Re: Debit Cards [Booklet] Authors Wanted! Lotus CD DMV Records Quebec Private Sector Privacy Law-Bill 68(1993, Ch 17) Clarifying answers to TEN QUESTIONS ... Info on CPD, Contributions, Sub... (new material) ---------------------------------------------------------------------- From: Willie_Raye@macnexus.org (Willie Raye) Date: 24 Nov 1994 11:39:57 -0800 Subject: Story on Privacy Abuses & Stalking We are a television news crew working on a two part series that details victims of electronic stalking and other invasions of their privacy. We're also interested in what software and hardware is available to the general public to harass, stalk or rip-off others throught their computer. This is typical negative junk from the commercial information superhighway. I truly hope people who read this digest do not respond to this. I make the assumption that people who read this digest are concerned about privacy, freedom, and the 1st Ammendment. Internet users do not need more reporting on the miniscule amount of fraud, crime, etc. that happens here. I am tired of hearing stories about how someone romanced a 12 yr old via AOL. Or stories about how the Internet is used to transport sexually explicit GIF's to unsuspecting innocents in BumFarm, Utah. If anything will drive politicians and the FCC (the people responsible for handing radio and TV technology over to the higest bidders) to enforce (someone's) standards on the electronic community, it will be this kind of reporting - presented on television, to those already under it's spell. There will be many who will respond to this opportunity to be talked about or even quoted on the 6:00 news. Please don't add to the list. I challenge this or any other TV 'crew' to solicit responses about positive aspects of the evolving virtual global community that exist because of the egalitarian make-up of the Internet. ------------------------------ From: John Medeiros <71604.710@compuserve.com> Date: 25 Nov 94 22:55:37 EST Subject: Re: Essay: The Right to Privacy gmcgath@condes.MV.COM (Gary McGath) wrote: It is primarily victimless crimes whose prosecution is aided by the denial of the right to privacy. I wonder what privacy rights are being referenced. Are we talking about the use of electronic surveillance? And "victimless crimes" means homosexual acts between consenting adults, drug offenses, abortion, and prostitution. If so, is it really true that electronic surveillance is used more often in the investigation of "victimless crimes"? And were that all to be true, is our cash strapped government really inclined to expend resources to monitor the consentual conduct of citizens in their own homes? I always wonder about these statements when I see them used as the premise for claims of unrestricted government intrusion into the everyday life of the average citizen. If this is going to happen, I sure want to know about it. On the other hand, I don't want to be told that the government will be watching what kind of shaving cream I use, or for that matter that the world as we know it would be gone in 1984, if its not true. I believe that we do ourselves a great disservice when we needlessly call the people to arms. It reminds me of the axiom of "not crying wolf". I fully agree with McGath that use of encryption is a part of the right to privacy, and therefore should be available to all. I just disagree with his means of persuasion. If we are going to do the right thing, then we too, must do it the right way. ------------------------------ From: thwong@cs.cornell.edu (Ted Wong) Date: 26 Nov 1994 19:35:24 GMT Subject: Re: Debit Cards Organization: Cornell Univ. CS Dept, Ithaca NY 14853 robert heuman (robert.heuman) wrote: Do not, for one moment, believe that the debit card is to your advantage. When compared to a credit card, unless you have problems handling your money, there is NO benefit to you. The card is for the Bank's purposes. Eventually the banks would like to see the end of credit cards and the exclusive use of debit cards - no float - loans carrying high interest if you overdraw, and eliminate credit card fraud. For the banks I have dealt with in the past, the granting of an overdraft facility is NOT automatic, but requires the approval of a credit officer and an explicit application from the account holder. Thus, although banks charge an extortionate rate of interest on overdrafts, this is done with the full knowledge of the holder. Debit cards are also just about the only way for some people to obtain something remotely resembling credit - as a foreign national in the UK a Barclays Connect card was the only form of 'credit' available to me as a student. Credit cards are a billion-dollar industry. Why would the companies that control these empires wish to shut them down? A reality check is called for here (no pun intended). -- Ted Wong |DISCLAIMER: |Cornell's opinions are its own, Computer Science |and do not necessarily reflect Cornell University |those of the author. ------------------------------ From: c23st@kocrsv01.delcoelect.com (Spiros Triantafyllopoulos) Date: 28 Nov 1994 16:59:50 GMT Subject: Re: Debit Cards Organization: Delco Electronics Corp. robert heuman wrote: Do not, for one moment, believe that the debit card is to your advantage. When compared to a credit card, unless you have problems handling your money, there is NO benefit to you. The card is for the For me the benefit is getting in and out of the checkout register really fast without a dumb clerk asking me to pronounce my last name for their amusement (Walmart RULES in this aspect :-)). Or asking me for the 100th time which address is the right one, the one in the check or the one in the driver's licence, or, or, or. Try writing a check while carrying a 2 year old throwing a tantrum sometimes :-). Bank's purposes. Eventually the banks would like to see the end of credit cards and the exclusive use of debit cards - no float - loans carrying high interest if you overdraw, and eliminate credit card fraud. Just be sure you can: Funny, my 'debit card' in reality is my ATM card (which requires a PIN) and overdrafts go to my (very low) VISA card... I don't care for 'float'. Credit card fraud elimination as well; if I lose my ATM card it's useless to anyone without my PIN. I wouldn't say this for a credit card. It is accepted in a limited number of stores for now but expanding. 1. select your own PIN Yes. 2. change your PIN at any time, day or night, on YOUR demand Yes. -- Spiros Triantafyllopoulos Kokomo, IN 46904 (317) 451-0815 Software Development Tools, AD/SI c23st@kocrsv01.delcoelect.com Delco Electronics/GM Hughes Electronics "Reading, 'Rithmetic, and Readnews" ------------------------------ From: fd@wwa.com (Glen L. Roberts) Date: 27 Nov 1994 22:28:02 GMT Subject: [Booklet] Authors Wanted! Organization: WorldWide Access - Chicago Area Internet Services 312-282-8605 708-367-1871 We're looking to expand the selection of booklets in our catalog. If you have something to say... something people want to hear... and would like it published in booklet form (40-60 pages, saddle stiched, with a two-color cover), and the topic is in the area of privacy, surveillance, computer security, technology, hacking, or government... Email me an outline. There is absolutely no cost to you, and you'd be paid a percentage of each sale. We'd prefer that your original be in plain ascii (emailable). Questions, comments, submissions... fd@wwa.com -- Glen L. Roberts, Editor, Full Disclosure Host Full Disclosure Live (WWCR 5,065 khz - Sundays 7pm central) email fd@wwa.com for catalog on privacy & surveillance. Does 10555-1-708-356-9646 give you an "ANI" readback? With name? ------------------------------ From: Jay Wood Date: 27 Nov 1994 21:02:02 -0500 Subject: Lotus CD Organization: Mordor International BBS Can anyone give me pointers to information about the Lotus CD that inspired such outrage a few years ago? If I recall correctly, it was ultiately dumbed-down after much expression of public outrage. The original idea was to produce on disk credit report-like information about a wide sampling of American households. Thanks in advance. -- Jay Wood jwood@mordor.com ------------------------------ From: John Medeiros <71604.710@compuserve.com> Date: 27 Nov 94 22:20:48 EST Subject: DMV Records The following article was printed in the "Orange County Register", Tuesday, November 22, 1994, news section, page 2: Car-rental firms checking on drivers by Ricky Young As the busiest travel weekend of the year draws nigh, more rental-car companies are taking advantage of a California system to allow instantaneous access to drivers' records. The companies turn down about 8 percent of drivers for accidents, tickets and other telltale signs that a driver might wreck their car. More than 1 million drivers have had their records checked in the first year of the Department of Motor Vehicles program. Alamo, Avis, budget, Dollar, Hertz and Thrifty rental companies are the major ones tapped into California driver records. Enterprise and National are not. The companies contract with credit-check firms to addess a driver's record within five seconds. No one combs through records; a computer makes a pass-fail determination in five to six seconds. People who are turned down are given a toll-free number they can callto plead their case. Companies look two to six years back, and drivers are generally turned down for any drunken-driving offense, two or three moving violations, two or more accidents, or failure to report an accident. "Renting a vehicle is not a constitutional right," said Joseph Willoughby of Dateq Information Network in Georgia. "It's a privilege. You're talking about a $20,000 asset being placed in the hands of someone who might be an unsafe driver." Some clients have seen a 50 percent reduction in accidents since starting the screening, Willoughby said. "It;'s their car," said Joe Pollheim of Cincinnati, renting a car at John Wayne Airport on Monday. "They laid out the bucks for it." A Laguna Beach doctor on trial this week for a fatal head-on collision in July 1993 on Santiago Canyon Road was driving a rented Chevrolet Lumina. A check of Ronald Allen's record would have shown two druken-driving arrests. "If you're in the business of renting cars, you'd better do your homework," said Rebecca Rodriguez, whose two daughters were injured in the crash. "For them not to do that, that's irresponsible." ------------------------------ From: ua602@freenet.Victoria.BC.CA (Kelly Bert Manning) Date: 24 Nov 1994 19:38:16 -0800 Subject: Quebec Private Sector Privacy Law-Bill 68(1993, Ch 17) "An Act respecting the protection of personal information in the private sector" This has been in effect since early in 1994, giving legislative teeth to privacy rights identified by Chapter III of Quebec's Civil Code. Copies are available from the Quebec Official Publisher in either english or french. Section 9, at the end of Division II, reads: "No person may refuse to respond to a request for goods or services or to a request relating to employment by reason of the applicant's refusal to disclose personal information except where (1) collection of that information is neccessary for the conclusion or performance of a contract; (2) collection of that information is authorized by law; or (3) there are reasonable grounds to belive that the request is not lawful. In case of doubt, personal information is considered to be non- neccessary." Which would put an interesting spin on someone who tried to insist that a customer calling by phone not use caller ID blocking, or give them a true name, address, or other unneccessary information. Section 17, in Division III, reads: "Every person carrying on an enterprise in Quebec who communicates, outside Quebec, information relating to persons residing in Quebec or entrusts a person outside Quebec with the task of holding, using or communicating such information on his behalf must take all reasonable steps to ensure (1) that the information will not be used for purposes not relevant to the object of the file or communicated to third persons, except in cases similar to those decsribed in sections 18 and 23; (2) in the case of nominative lists, that the persons concerned have a valid opportunity to refuse that personal information concerning them be usef for purposes of commercial or philanthropic prospection and, if need be, to have such information deleted from the list." Section 22 also deals with release of personal information for soliciting and essentially prohibits it unless prior consent is obtained. Consent can also be withdrawn at any time(sec. 5). Section 24 makes it mandatory for enterprises using nominative lists to identify themselves and to inform their targets of their right to have personal information about them deleted from the list. The penal provisions escalate from a $1,000-$10,000 fine for the first offence to $10,000-$20,000 for subsequent offences(sec. 91). Personal Information agents are liable to a $6,000-$12,000 fine. I'm not familiar with Quebec legal terminology as translated into english, but if "legal person" translates as corporation then section 93 makes individuals who authorize or commit offences personally liable for the penal fines, not simply the enterprise they work for or head. ------------------------------ From: "Prof. L. P. Levine" Date: 24 Nov 1994 08:15:28 -0600 (CST) Subject: Clarifying answers to TEN QUESTIONS ... Organization: University of Wisconsin-Milwaukee Taken from RISKS-LIST: RISKS-FORUM Digest Tuesday 22 November 1994 Volume 16 : Issue 57 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Date: 15 Nov 1994 12:12:15 (xST) From: [A well-known but suitably anonymized contributor] Subject: Clarifying answers to TEN QUESTIONS PARENTS SHOULD ASK THEIR CHILDREN Where are the manuals, boxes, license agreements for the programs you have or use? They don't have manuals or boxes. Should I not use them? Where did you get that game? (program?, floppy?, software?) Usually over the net - how do I tell if it's legitimate? When programs first start running on your computer, whose name comes on the screen as the "owner" or "licensed-to." Very few have this feature. Did you write/create/author what you're passing off as your own work? I resent the use of 'passing off'. Almost all modern works are collaborative in nature - the selection of citations is not a trivial issue. Where did you get these questions? Are you passing off some of it as your work when in fact others first came up with some of these ideas? Where are your citations? Where did you get the text and images you're using? Many of them come from on-line sources. Does that make them legitimate or illegitimate? If you copied text and images from another source, did you have permission? Rarely - in most cases, fair use allows you to use them without getting formal permission. Kind of like these questions of yours. If you didn't need permission from the "owners" of the information you're using, did you credit them for the material? Only if I republish it. I have lots of on-line information without citations attached to it. But I see the author of this questionnaire thinks it's legitimate to do this without citation. I guess I should stop giving as much credit where due as I do. 3. Do you ever use other people's computer, disk-space or processing capability, or look at or copy their files or information, without their knowledge or permission? I almost never get permission to look at each file I view. I go under the assumption that I may view anything that allows read access by me without going outside of the normal methods in use to read files. If it is interesting, I copy it for future reference. I hope they do not know any details about my use. After all, I want to retain my privacy and they should not be watching what I do. 4. Do you have any prank programs, computer viruses, worms, trojan horse programs, bombs, or other malicious software? Several thousand of them. What's wrong with that? Don't you have some too? Do you use bulletin boards or systems that contain these things, or have friends or acquaintances who do? Certainly. The Internet has lots of these things, and I use it. The telephone system is used for abusive phone calls and I use it too. I don't really know what my friends do when they use computers. They have privacy rights too, and we rarely talk about what information service we use. Do you write or create any software like this or deal with people who do? All the time. I deal with Microsoft, Lotus, and many other companies that have widely distributed this sort of thing. I also know and deal with individuals who have done this, and I do it all the time. Is there something wrong with that? Are they things you would be comfortable showing me? Showing your grandmother? I would not show either you or my grandmother my files, but it has nothing to do with embarrassment. It is called privacy. Do you have any pictures, video clips, sound clips, articles, text, or other software or files which contain pornography, violence, dangerous instructions other distasteful material? Lots of them. It this wrong for some reason? Do you access or view any of these kinds of things when using the net? All the time. In fact, if you know of any, I would be happy if you would forward information on them to me. 6. Do you have any newsletters, plans, guidelines, or "how-to" documents or files that you would not be comfortable showing to your mother? Same answer as above. I value my privacy. Making Bombs, breaking into systems, stealing telephone access, stealing computer access, stealing passwords, pornographic or violent text, guides, descriptions, ...... Do you create, contribute to or receive anything like this? All the time. In fact, the Risks Forum is one of my best sources for this information. Should you stop making it available to me? 7. Do you ever connect your computer to a telephone, use a modem, or otherwise use a network? All the time. 8. Who do you associate with when you use the Net? Lots of different people. How do I know who they really are anyway? If you claimed to be John Smith at the West Hannover Institute, how could I tell this was true, and why would I bother? ... so should you attempt to discern the character of their cyber-friends How? We have congress-people that seem to lie all the time, and yet the majority of voters vote for them and they have a lot of power, are on TV all the time, and are supposed to be highly respected. Does this mean that lying is good or bad? Judge not - lest you shall be judged! Who shall cast the first stone? Do you attempt to discern the character of everyone on the net you communicate with? How about the thousands who read your postings to Risks? The nature of the net is that it provides anonymity and open forums for discussion. Why would I want to stifle free speech by asking character questions. The statements people make should stand on their own regardless of who states them. That is the best feature of the nets. A high school kid can shine and a Ph.D. can look like an idiot - based on what they say, not who they are. 9. Do you ever use an assumed name, a handle, or an alias instead of your real name? Sure. I have asked this posting to be made anonymously in order to allow it to be judged based on its content rather than it's source. It's kind of like the referee process is supposed to be on professional papers. Maybe we would all be better off if all postings were anonymous (with a return address that permits response without identity). Do supply a false information about yourself when using a bulletin board, a news group, a message group, or forum, any part of the net, or when using e-mail or when otherwise communicating? At times. Especially when bbs systems ask extensive questions about who I am, my SSN, credit information, or other information that I don't think they have a right to have. I have also lied when connecting to hacker BBS systems because I don't think they have a right to know who I am when they all use handles instead of names anyway. I have also used telnet (25) into SMTP sites to forge e-mail as if I were Captain Kirk from the enterprise in order to have fun when communicating with friends. Is there something wrong with having fun in this way, or is the Internet only for serious work and not for having fun or playing around. If so, why are there thousands of fun and games forums in the Internet? Do you use your real age & sex when communicating with your computer? I rarely use either. Nobody has ever asked my sex (my name is probably a giveaway on that one) or my age. Besides, I think that discrimination based on age and sex are wrong, are against the law, and that forging a sex or age in order to have equal access is fair, reasonable, and appropriate in the network environment. Do you use any false information like addresses, or phone numbers or use someone else's credit card number when using your computer? Yes, yes, and no respectively. Theft (by deception) is very different than not telling someone where you live or what your phone number is. These are privacy issues, and privacy is a very important thing to have. Privacy through deception is not wrong. Even becoming someone's friend by lying to them about having something in common is not particularly wrong. Certainly giving a salesperson a polite wrong number and address is a reasonable privacy precaution against getting on mailing lists. It is probably even good to lie if you think someone is stalking you over the net. I think we have a right to lie, perhaps even a social responsibility to do so under certain circumstances. Do you ever send messages or e-mail in such a way that the recipient cannot tell that you sent it? In what sense? I have certainly sent e-mail that never got through - the intended recipient didn't know I sent it. I have sent e-mail from group accounts where the individual was not identified, but the group was. This is quite common in customer support. I have also forged e-mail addresses so that I could remain anonymous. Is that supposed to be wrong? Why? If I sent you a seasons greeting card from a false identity would you be upset and try to find me and have me arrested? There is a difference between malice and fun. Have you ever modified data, text, messages, or other computer information so that it looks like someone other than you created it or made the changes? Certainly. I had to make a change to the TeX sources once to get them to compile right, and I used the TeX user ID to do so in order to allow the compilation to work right. This is often called for in systems administration. What are you trying to hide by not using your real name? My identity. It's called privacy and anonymity. It's one of the basic principles of a free society - that's why we have anonymous voting - to protect anonymity and be certain that I can think and do what I feel are right without someone like you being able to seek retribution. I believe that a free society requires privacy and anonymity. Otherwise, someone like you who perhaps thinks that these ideas are too radical might try to black ball me. Anonymity in pre-war Germany could have saved millions of lives. Many in the US are trying to eliminate anonymity by such practices as federal ID cards, and I think that is very dangerous. Are you trying to pretend you are something or someone you are not? I have a right to be whatever I want to be. If I claim to be an expert in business consulting, you use my services, and I do a good job, what does it matter that I don't even have a high school diploma. If you hire an MBA and they do a bad job, does that make it OK? There is nothing wrong with pretending, as long as you don't lie in order to take advantage of someone else. Theft by deception requires theft. If I knock on your door and claim to be a Jehova's witness when I am not, why should that offend you more than if I were a real one? 10. Do use telephone, video, cable-TV, computer network, bulletin board, or other network services without paying for them? All the time. When I am at a friend's house and I make a phone call, I don't pay for it. I don't pay for Internet access, it is given to me. I use Freenets and other bulletin boards without paying for them too. I have even used friend's accounts to access the network on occasions when I didn't have any local access. I also used free compu-serv, America-Online, and Delphi services when they had free offers. The vast majority of people using the Internet until only a few years ago did not pay for their usage either. Their company, the federal government, or someone else paid for their usage. The bottom line: Are these things also true for my children? Yes, I think they are. I hope that they learn how to do the same things I have learned how to do in order to protect themselves from the tyranny of the majority - or is it the vocal minority? I hope they keep things private from me when appropriate, and if they look at some dirty pictures once in a while, it won't greatly offend me. Please consider that most issues of right and wrong are matters of degree and circumstance. Given more choice and less control, I think more people will make better decisions. Illegalize dirty pictures, and you will have a much larger audience. That's why so many motion pictures add nudity or violence if they don't get an R rating with the first cut. After all, an R picture on average sells a lot more tickets than a PG picture. ------------------------------ From: "Prof. L. P. Levine" Date: 28 Nov 1994 08:46:14 -0600 (CST) Subject: Info on CPD, Contributions, Sub... (new material) Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. | new material: | This digest is a forum with information contributed via Internet | eMail. Those who understand the technology also understand the ease of | forgery in this very free medium. Statements, therefore, should be | taken with a grain of salt and it should be clear that the actual | contributor might not be the person whose email address is posted at | the top. Any user who openly wishes to post anonymously should inform | the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions generally are acknowledged within 24 hours of submission. An article is printed if it is relevant to the charter of the digest and is not redundant or insulting. If selected, it is printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the subject line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V5 #067 ****************************** .