Date: Sat, 07 Jan 95 10:00:15 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#003 Computer Privacy Digest Sat, 07 Jan 95 Volume 6 : Issue: 003 Today's Topics: Moderator: Leonard P. Levine Opening Mail Postal Inspections Postal Inspections Re: Credit Reporting Canadian Government Computer Abuse CallerID Opinion Signature Digitizers Regulation of Collection Agencies' Activities Who's Looking You Up Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: travis@netrix.com (Travis Low) Date: 04 Jan 1995 18:18:20 GMT Subject: Opening Mail Organization: Netrix Corporation mea@intgp1.att.com (Mark E Anderson) writes: I receive the so called pre-approved credit cards and credit in the mail about once a week and rip them up without bothering to open the envelope... IMHO, it is better to open them and look for a postage-paid return envelope. If there is one, just stuff it full and pop it in the mail. That way, the mailers subsidize the post office, saving taxpayer dollars. And the mailers will have to spend money processing the bogus envelopes, hopefully to their fatal detriment. I get a six inch stack of mail every day, much of it addressed to my father who died in 5/93 and his wife who died in 4/92. I'm sick of it and I consider it an invasion of privacy, as I do not wish to receive it. Worse yet, sometimes finding the important mail is like finding a needle in a haystack -- I've had to dig through the trash more than once. Damn irritating. -- Travis travis@netrix.com ------------------------------ From: fd@wwa.com (Glen L. Roberts) Date: 04 Jan 95 16:31 CST Subject: Postal Inspections Organization: WorldWide Access - Chicago Area Internet Services Bill Ranck (ranck@earn.net) wrote: To be honest, I don't know exactly what powers the Postal Inspection Service has in this regard. They *are* federal agents, with badges and guns. They can open mail under some circumstances. They may require a warrant to do so, but they don't necessarily have to tell you about the warrant ahead of time. With the exception of some international mail. ALL FIRST CLASS MAIL is sealed against inspection. They have to have a warrant to open it. Third, fouth, second class mail is all open for inspection (at least for ensuring that the content qualifies for the rate of mail). They CAN read/record the OUTSIDE of first clas mail without a warrant. In Chicago, a few years ago(when I looked at ALL the search warrants at the federal court in chicago). The postal inspection servcie was opening about one package (express mail) a day in Chicago, pursuant to a warrant. It was a three step process: 1) the parcel matched a "address profile" 2) the Chicago Police drug dog reacted to it. 3) A federal judge signed a warrant upon 1 & 2 I'm not in the USA at the moment, but anyone should be able to go ask at the post office. The postmaster will certainly know who and what the Postal Inspectors are, and probably what they can/can't do. -- Glen L. Roberts, Editor, Full Disclosure Host Full Disclosure Live (WWCR 5,065 khz - Sundays 7pm central) email fd@wwa.com for catalog on privacy & surveillance. Does 10555-1-708-356-9646 give you an "ANI" readback? With name? email for uuencoded .TIF of T-Shirt Honoring the FBI ------------------------------ From: Robert Ellis Smith <0005101719@mcimail.com> Date: 05 Jan 95 13:11 EST Subject: Postal Inspections On Jan 3 Bill Ranck asked about opening of mail. U.S. postal personnel may open any non-first class piece of mail. They are supposed to INSPECT the contents not read the text. To open and read first-class mail is supposed to require a court-approved wa rrant based on probable cause of criminal activity. Roughly 500 warrants are issued a year. CUSTOMS officials, on the other hand, may open first-class mail from overseas without a warrant. They, too, are supposed to inspect the contents not read the text. They open about half a million pieces a year, based on country of origin, suspicions abou t the outside of the envelope, or reactions of sniffing dogs. However, there were several instances in the 1970s of the CIA, FBI and other agencies reading first-class mail without warrants. CIA people even copied some letters and distributed them to other federal agencies. (The CIA claims to have the capability t o read the contents of an envelope without opening it.) A "mail cover" does not require a warrant. Under this procedure, postal inspectors intercept mail addressed to a target (or from a target) and copy down the information on the outside of the envelope, send the piece on its way, and send the copied inform ation to whatever federal investigator requested it. This, of course, may give a clue as to the whereabouts of a fugitive or at least his or her friends, and it helps identify victims of scams conducted by mail. This information is from PRIVACY; HOW TO PROTECT WHAT'S LEFT OF IT (1979), available from Privacy Journal for $15. Robert Ellis Smith 0005101719@mcimail.com, 401.274-7861. ------------------------------ From: genghis@ilces.ag.uiuc.edu (Scott Coleman) Date: 05 Jan 95 20:52:08 GMT Subject: Re: Credit Reporting Organization: University of Illinois at Urbana mea@intgp1.att.com (Mark E Anderson +1 708 979 4716) writes: I receive the so called pre-approved credit cards and credit in the mail about once a week and rip them up without bothering to open the envelope. None of these outfits have touched my credit report from what I've seen. Interesting choice of phrase, that last. Your use of the singular implies that you believe that there is only ONE credit report for each person which may be checked by banks and other parties. My understanding is that each of us has MULTIPLE credit reports, one with each of several credit bureaus (the big three certainly, and probably some smaller regional and local ones, as well). These reports can differ, depending on which financial institutions report to which bureaus. Thus, by checking "your credit report" (singular) from only one bureau, you may be missing inquiries made for your report at another bureau. As an example, I know my local credit union checks my credit report at some regional credit bureau, but doesn't ask TRW, Trans Union, et. al. You might wish to obtain copies of ALL your credit reports - I'm afraid you may be in for a rather rude awakening. -- Scott Coleman, President ASRE (American Society of Reverse Engineers) asre@uiuc.edu Life is temporally limited - drive velocitously!! ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 06 Jan 1995 05:35:15 GMT Subject: Canadian Government Computer Abuse Organization: The National Capital FreeNet, Ottawa, Ontario, Canada Staff working at Vancouver abortion Clinics exercised their Freedom of Information rights to see if anyone had been checking their vehicle registrations. An audit by the Insurance Corp. of BC revealed that the licence numbers of several workers had been checked through the the Canadian Police Information Computer in quick succession from a Vancouver detachment of the RCMP. An investigation is underway to see if this was an appropriate use of the system. The requests for an access audit were made after Gordon Watson, whose violent attacks on workers have been broadcast repeatedly, claimed to be paying $70 to $100 per licence number to obtain vehicle registration details from "private detectives". Mr. Watson was convicted of 1 assault. ICBC says that it has provisions for concealing the registration details of victims of violence that can be applied to abortion workers if they ask for it. This discloure occurs just 2 months after Garcon Romalis, a doctor who provided abortions, was shot while eating breakfast in his kitchen. Gordon Watson was broadcast describing this as "good shooting". The involvement of CPIC in this puts an interesting light on claims that BC's proposed mandatory central registry of prescriptions would have "CPIC type access controls to protect privacy". ------------------------------ From: carmen@infi.net (Carmen C. Richberg) Date: 06 Jan 1995 03:17:03 GMT Subject: CallerID Opinion Organization: InfiNet The Caller ID Service in North Carolina is now in many calling areas and it continues to grow. It was extremely upsetting when I learned that Caller ID could only be offered with the provision of free universal perline and percall blocking. It was ruled by the Utilities Commission that the service could only be offered to Southern Bell customers, only if blocking options were offered free of charge. Blocking would prevent the display of a telephone number of the calling party. PerCall Block is available automatically with out special request. To activate,just dial *67 before dialing the number. At that time the calling number would display as Private. By request only, a customer could have their line blocked permanently without additional charge. Any calls from the number would display as Private. This blocking takes away from the full capabilities of the CallerID Service that customers must pay for. I subscribed to the service, because I felt that it would provide added security for my home and family. I do not view Caller ID as an invasion of privacy for the caller, as some have expressed that oppose Caller ID. In fact, it provides security and privacy. I pay for my telephone service, not the caller. I do not let people enter my home without first asking who is it? Nor, do I want to answer my phone without knowing who is calling. If a person can call my home knowing my telephone number, then it is my right to know what number is calling me. If a person is honest, then they should not have anything to hide. As far as unlisted telephone numbers, I used to pay for that service too, until Caller ID was made available. That is also a joke. Computers dial telephone numbers all day long. Unpublished telephone numbers are called too. So, the argument of not wanting an unpublished number displayed on a Caller ID Display, for the purpose of security and privacy is not a reality today. Unpublished numbers have been obtained by unauthorized people long before the invention of Caller ID. Full Caller ID service would provide a better security for those with unpublished numbers, because it gives you the option of answering that call or not. In New Jersey, Atlantic Bell is now offering Caller ID with free percall Blocking and Anonymous Call Rejection (*77) at no additional charge. This lets Caller ID subscribers reject blocked calls. The phone will not ring and the caller will hear a short message that blocked calls are not being accepted. Then that caller also has the option of calling back with out the block or not to call at all. I feel that if call Blocking options must be offered,let it be PerCall Blocking along with Anonymous Call Rejection. I would like to see the service be updated with the following: PerCall Blocking only, Anonymous Call Rejection, and Number and Name Delivery in and out of state. ------------------------------ From: Moodperson@aol.com Date: 06 Jan 1995 10:43:07 -0500 Subject: Signature Digitizers I recently opened a Sears charge account. Part of the process required me to digitize my signature as I signed through the credit request. I was told this was to prevent forgery. Well, I later used my card to make a purchase. This time my wife used my card and signed my name. She had never had her signature digitized before, yet the computer accepted her signature on my card. I feel the explanation about forgery was bogus, and I wonder what Sears is doing with my digitized signatures. Any comments about this? I can be reached at moodperson@aol.com. I'll also check into this forum again. I really think this is an important issue. ------------------------------ From: jcp@escher (John C. Peterson) Date: 06 Jan 1995 19:40:36 GMT Subject: Regulation of Collection Agencies' Activities Organization: SAIC Technology Research Group, San Diego, CA I'm curious to know what fed/state regulations apply to the activities of Collection Agencies (firms that try to collect on bad debts.) To put my interest in perspective, I have a common enough name. It seems there is someone else in the general area where I live with a similar or perhaps identical name, *and* some bad debts. Over the past year or so, I've been receiving phone calls from stores, banks, and collection agencies asking me to "pay up". I guess "this other guy" has moved or whatever, and they try my name from the phone book. It usually hasn't been a problem, I just tell them that I don't have an account with them, give them the last few digits of my social security number or something, they apologize for the confusion, and thats the end of it. However, a few weeks back I received a call from someone trying to collect on a bad student loan. The guy was rather impolite and borderline abusive when I told him that I wasn't the person he was looking for. What are my rights in such a situation, and what legal restrictions apply to such Collection Agencies? Any pointers appreciated. -- John C. Peterson KD6EKQ | + 1 619 546 6539 | Disclaimer: The opinions Science Applications Intl Corp | jcp@trg.saic.com | expressed are mine alone, 10260 Campus Point Drive MS-C6 | Microsoft - | and do not reflect those San Diego, CA 92121 | Just say NO!!! | of SAIC. ------------------------------ From: djones@cim.mcgill.ca (David Jones) Date: 07 Jan 1995 01:34:05 -0500 Subject: Who's Looking You Up Organization: Centre For Intelligent Machines, McGill University [repost from efc-talk] * Good Cop, Bad Cop * * Who's got access to your personal data? * "If we, just by fluke at guessing the dates to check, found three records called up in an unauthorized manner, just how much more is there? It's very scary." --- Kim Sander What happens when a police officer abuses his ability to access sensitive personal information stored in the nation's law enforcement computers? Perhaps we'll find out soon, in Delta, B.C. This tale raises issues of electronic privacy, demonstrates the utility of the utility of our freedom-of-information legislation, and finally, the influence of the media. I spoke with Kim Sander, spokesperson for "Every Woman's Health Centre" (an abortion clinic in Vancouver, BC) who filled me in on some background for the story that was on every news broadcast last night [Thursday, Jan 5]. Last August, several of the clinic staff received phone calls or mail from anti-abortion activists. They found this was rather unsettling, because they'd made a point of trying to keep personal information like address or telephone numbers private. This concern led them to the police, to whom they explained that anti-abortion activists were recording license plate numbers outside the clinic and apparently using them to track down personal information ... but the police didn't seem to do much. In September, Gordon Watson, a prominent local anti-abortion activist, stated while on the stand in a court hearing that he had gathered license plate numbers in order to "follow up on them" and he "paid good money" to get personal information about the car owners. When clinic staff asked the Crown council and police to investigate, they were told, "Give us two weeks." After two months of hearing nothing, the women filed a freedom-of-information request on November 15th with the Insurance Corporation of British Columbia (ICBC maintains all auto insurance and registration) seeking to find out who had been accessing their personal records. They provided 8 of their license plate numbers to be checked. The ICBC information officer explained that while daily access logs were kept, accesses were not recorded in the personal records themselves. Without specific dates to check, finding out who accessed their records would be next to impossible. So the women just guessed, based on when they'd been contacted. Those were lucky guesses. On December 6th, the information officer said that 3 out of 8 records had been accessed, and those accesses were suspicious, so he'd contacted the RCMP. The accesses originated in the Delta police department, in a suburb of Vancouver. Any cheers for the power of the FOI legislation must be tempered by the fact that the RCMP apparently sat on this issue for another month until, frustrated after what was now four months with no signs of an investigation, the women contacted the media. Apparently, it was media inquiries that sparked some action. On January 5th, the RCMP informed the Delta police that potentially inappropriate computer accesses were coming from their department. Constable Steve Parker, whose anti-abortion views were well known, was now under a cloud of suspicion. The very same day, all Canadian TV networks ran news stories on the situation. Stay tuned - it's not over yet. ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #003 ****************************** .