Date: Wed, 25 Jan 95 12:55:16 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#009 Computer Privacy Digest Wed, 25 Jan 95 Volume 6 : Issue: 009 Today's Topics: Moderator: Leonard P. Levine Re: Radio Shack Respects My Privacy Re: Radio Shack Respects My Privacy Re: Radio Shack Respects My Privacy The Cyber Police are Coming? The Cyber Police are Coming? Total Surveillance Re: DOJ Computer Seizure Guidelines Protect Privacy Via CC to Individuals Re: Mail Marked "Refused" Requests for Home Phone Numbers Re: Is the Post Office Subsidized? Re: Is the Post Office Subsidized? Cybersex Seattle Re: Tax Forms Display SSN on Mailing Label Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: seebaugh@ix.netcom.com (David Seebaugh) Date: 24 Jan 1995 04:05:44 GMT Subject: Re: Radio Shack Respects My Privacy Organization: Netcom "Prof. L. P. Levine" writes: In a recent visit to a local Radio Shack I saw, for the first time, a poster on the cash register with a picture of the big boss saying that Radio Shack Respects Your Privacy. He then goes on to discuss their long standing policy of asking for phone numbers. Seems that they might be getting the point, let's watch. They may respect your privacy, but make lots of room for your new collection of RS sales flyers! :-) ------------------------------ From: Bill Hefley Date: 24 Jan 95 09:25:42 EST Subject: Re: Radio Shack Respects My Privacy you write: In a recent visit to a local Radio Shack I saw, for the first time, a poster on the cash register with a picture of the big boss saying that Radio Shack Respects Your Privacy. He then goes on to discuss their long standing policy of asking for phone numbers. Seems that they might be getting the point, let's watch. I doubt it, as on my last visit (my second in as many days, trying to fix a severed TV cable), I just refused to give the phone number and address stuff. I had my handicapped son with me and he was quite restless and I just wanted out of the store after my $3 purchase. I got no end of grief from the salesman, as he even claimed that his loss prevention people had been there that very same day, and he could get in trouble for making a sale without the ID. I finally told him that he could have the sale or not, I didn't care, but he wwasn't getting any information. He grumped the whole way through about how he could make my life easier if I'd make his easier and not get him in trouble. But, in the end, he finally did take my money and tell me I wasn't entitled to a refund or exchange. -- Bill Hefley - Senior Member of the Technical Staff Software Engineering Institute, Carnegie Mellon Univ. Pittsburgh, PA 15213 Office: +1-412-268-7793, Fax: +1-412-268-5758, internet: weh@sei.cmu.edu ------------------------------ From: jsivier@ux1.cso.uiuc.edu (Jonathan Sivier ) Date: 25 Jan 1995 16:29:46 GMT Subject: Re: Radio Shack Respects My Privacy Organization: University of Illinois at Urbana "Prof. L. P. Levine" writes: In a recent visit to a local Radio Shack I saw, for the first time, a poster on the cash register with a picture of the big boss saying that Radio Shack Respects Your Privacy. He then goes on to discuss their long standing policy of asking for phone numbers. Seems that they might be getting the point, let's watch. The last couple of times I went to one of the local Radio Shacks (within the past month), I wasn't asked for my phone number. It certainly made for a more pleasant experience. ------------------------------------------------------------------- | Jonathan Sivier | Ballo ergo sum. | | jsivier@ux1.cso.uiuc.edu | (I dance therefore I am.) | | Flight Simulation Lab | - des Cartwright | | Beckman Institute | | | 405 N. Mathews | SWMDG - Single White Male | | Urbana, IL 61801 | Dance Gypsy | | Work: 217/244-1923 | | | Home: 217/359-8225 | Have shoes, will dance. | ------------------------------------------------------------------- ------------------------------ From: Kim Cerioni Date: 24 Jan 95 07:05:02 GMT Subject: The Cyber Police are Coming? I have read articles alarming the general public that the FBI (Federal Bureau of Investigation) is monitoring bulletin boards across the network. Typically the articles start out with FBI agents at the doorway of users, asking questions about their online messages. Given the past history of law enforcement and their practice of wire-tapping telephone lines, one can extrapolate this practice to the Internet, transforming the "Super Information Highway" into the "Super Snooper Highway". The wiretapping analogy does not hold true to the Internet. Telephone lines are owned by private companies, telephone conversations are private, between two people. The internet is a public infrastructure, discussions on bulletin boards are an open public forum. Should law enforcement be banned from public places? This is contrary to their mission. Do we band police officers from the public parks? What happens when a rape occurs. Do we deny the county sheriff the right to drive on public streets? How could they catch the criminals? I think this whole controversy is over a misconception people have about the internet. The feel and interaction is conversing verbally in a small, intimate group of peers that share the same interest. (This would explain the existence of anarchist - type bulletin boards.) When in reality you are making a public record that any one can have access to. People are really compromising their privacy by participating on the Internet. For example, say you participate on a bulletin board for wine connoisseurs, don't be surprised when your mailbox starts to fill up with advertisements from wine retailers. The Internet is not about privacy. -- Waddayathink?--K. Cerioni ------------------------------ From: Nick Rosen Date: 24 Jan 1995 09:10:21 +0000 Subject: The Cyber Police are Coming? Cyberpolice says Newsweek. Is this just an ambitious Brooklyn Asst. DA? Or is it Wash DC training cybercensors? Could someone in the US post the article and any follow up? If it is a serious attempt at Cybercensorship, it needs a global solution. -- Nick Rosen, London. Tel: 44-71-497-8179 http://www.intervid.co.uk/intervid/ email: nick@intervid.co.uk ------------------------------ From: too much caffeine Date: 24 Jan 1995 10:57:11 -0500 Subject: Total Surveillance I am preparing a presentation on the topic of the loss of personal privacy resulting from the possibility for total, automated, surveillance of our lives. I am not taking sides, rather describing the technologies available and presenting the issues. The technologies to which I refer are universal encryption chips, intelligent video, satellite surveillance, neural nets, AI, biometrics, robot spies, massivelt parallel computers, optical storage, voice recognition, clipper chips, etc. The issues under discussion include the loss of privacy; the ability of automated systems to invade our privacy without search warrants, or blame; the possibility for an Orweillian type of society to develop, etc I would appreciete any thoughts and ideas on this topic. -- Neil Brewster -- Eng Sci 9T8 (hopefully!) "The whole of Nature is Chaos : A Fract all should know" ------------------------------ From: bear@fsl.noaa.gov (Bear Giles) Date: 25 Jan 95 00:54:54 GMT Subject: Re: DOJ Computer Seizure Guidelines Organization: Forecast Systems Labs, NOAA, Boulder, CO USA you write: EPIC Analysis of New Justice Department Draft Guidelines on Searching and Seizing Computers The guidelines suggest that users do not have an expectation of privacy on commercial services and large mainframe systems because users should know that system operators have the technical ability to read all files on such systems. That is absurd and directly contradicts existing law. Telephone company employees not only have the technical ability to eavesdrop on my (telephone) conversations, but my understanding is that it is standard practice to randomly sample some connections to ensure line quality. However my expectation of privacy is well recognized. Many radio receivers have the technical ability to eavesdrop on cellular phone conversations, but under current law I still have an expectation of privacy. (e.g., if I discuss a murder the police and someone overhears the conversation and reports it to the police, they must obtain independent evidence before a search warrant can be issued.) A postal inspector has the technical ability to read my mail (it only becomes more complex if he tries to do so without me becoming aware of it) -- all he has to do is open the envelope. However the expectation of privacy in the mail is a long-standing right. Most contracts for computer services clearly state that an operator will not "snoop" around user areas without a compelling technical reason. For instance, if the file system is full and he's checking for any multi-megabyte files which may be the symptom of a run-away process. Operators who get caught violating these conditions tend to be dismissed. In a non-communications example, residential landlords invariably keep a master key or duplicate key to all property they rent out. They have the technical ability to enter an occupied unit at will, but the tenant still has a reasonable right to privacy. Even if you consider an apartment whose lease does not contain language requiring the landlord give written prior notice (except in some well-defined emergency conditions), the landlord *cannot* give permission for the police to enter and search the premises. Those Constitutional rights belong to the occupant, not the owner. It's ludicrous that they even suggested this; I hope some LEA gets a very bloody nose in court over it! They recommend that the most prudent course is to obtain a warrant, but suggest that in the absence of a warrant prosecutors should argue that "reasonable users will also expect system administrators [to be able] to access all data on the system." Take out the phrase in brackets and you'll find very few experienced and reasonable users who agree with this statement. Leave the words in, and I have no reasonable expectation of privacy in my own home because I can't prevent burglars from entering it. I can take reasonable precautions (using locks, keeping windows closed and lock when I'm away), but I expect a determined burglar could still enter at will. BTW, I agree that someone on a public system who keeps his accounts world-readable doesn't have a reasonable expectation of privacy. But I, and many others, routinely remove all permissions for other users on all files and directories in personal accounts. -- Bear Giles bear@fsl.noaa.gov ------------------------------ From: rj.mills@pti-us.com (Dick Mills) Date: 24 Jan 1995 08:05:26 -0500 Subject: Protect Privacy Via CC to Individuals I once lived in Sweden. They don't respect individual rights a whole lot there, but they did have an innovation that impressed me. They have a law which mandates that the individual be sent a copy of any credit reports sent out. Thus I got to see who asked for information on me, when, and what they were told. Not bad. If there were any inaccuracies in the report, I could act in a timely manner to correct it. That leads me to wonder if we couldn't form privacy rights legislation on the same principle. Instead of attepting to stop digitized signatures, sales records, video rental info, and the thousands of other data gathering activities, we could require that the individual be cc'd whenever this information was transmitted to third parties. The idea may be practical or not depending on the scale. If someone pays 5 dollars for my credit report, he can afford a stamp to send me a copy. If a magazine sells 100,000 names from their subscriber list for 1 cent per name, they can't afford to notify everyone. The cost of notification could be reduced by condensing all the notifications into a monthy report by some clearing house. Liable bureaus would report electronicly to the clearning house, and a printed rerport sent to the individual once per month. On the other hand, the clearning house itself and the condensed reports themselves could grow to become the biggest security risks. For sure, there would be problems in formulating and enforcing such a law. Nevertheless, it sounds to me less dificult than protecting the gathering of raw information or assuring the accuracy of stored information. Has this been proposed before? -- Dick Mills rj.mills@pti-us.com Power Technologies, Inc. phone +1(518)395-5154 P.O. Box 1058 fax +1(518)346-2777 Schenectady, NY 12301-1058 ------------------------------ From: jesse@oes.amdahl.com (Jesse Mundis) Date: 24 Jan 1995 09:37:38 -0800 (PST) Subject: Re: Mail Marked "Refused" "Virginia Matzek" writes: The last time UPS came by our door, my boyfriend decided to scribble something unrecognizable. The UPS guy looked at it, said he couldn't read the signature, and asked him to try again. After three (totally different and thoroughly unconvincing) scribbled tries, the UPS guy gave up and punched my boyfriend's first and last name in on the manual punchpad. A small victory for privacy... Heh, I did the same thing last time UPS came around with their pad. I just clearly wrote my first initial followed by a squiggly line, then my last initial followed by an other squiggly line. I've seen enough signatures that look like that before. Apparently, so had the UPS guy who just entered the name on the pad. ;-) I think I'll have fun with a different signature each time. -- Any opinions expressed above are mine and do not necessarily represent the opinions policies of Amdahl Corporation. Jesse Mundis | Amdahl Corporation | Remember: jesse@oes.amdahl.com | 1250 East Arques Ave M/S 338 | Quality is job 1.1 (408) 746-4796 | Sunnyvale, CA 94088-3470 | -Heard from Maintenance ------------------------------ From: aj027@yfn.ysu.edu (Chip Kaye) Date: 24 Jan 1995 20:44:04 GMT Subject: Requests for Home Phone Numbers Organization: St. Elizabeth Hospital, Youngstown, OH I recently opened an account on CompuServe and filled in my home phone # on their online form as 555-555-5555. I then tried logging onto the account a few days later and was given an 800 number to call to complete my unverified home phone. I would prefer not to give out my phone number but was told that their policy was to require at least 1 phone number. I am wondering about the legality of this requirement. I vaguely remember a number of years ago that merchants were prohibited from requesting phone numbers when processing customer credit card purchases. Any info would be helpful. Thanks. -- _______c_____h_____i_____p_____________k_____a_____y_____e_____________ ------------------------------ From: bear@fsl.noaa.gov (Bear Giles) Date: 25 Jan 95 00:21:27 GMT Subject: Re: Is the Post Office Subsidized? Organization: Forecast Systems Labs, NOAA, Boulder, CO USA you write: Does the Post Office make money or lose it on those post-paid blow in cards commonly seen in magazines? Would the Post Office reap a bonanza if everyone just dropped all those annoying blow in cards into the mail box with no information filled in? It's because of people like you that there are laws permitting the Post Office to promptly deliver such mail to the trash can. This also applies to postage paid envelopes attached to bricks, etc. I'm not saying that guerrilla tactics aren't occasionally called for, but use your head. E.g., _Byte_ magazine was absolutely convinced that the fact I subscribed to a couple computer magazines meant I wanted, nay needed, to subscribe to _Byte_. So it kept sending me mail. I ignored them for six months or so, but _Byte_ was totally clueless. So I grabbed the convenient response card which already had my name and address printed on it and a red marker and wrote in big letters across the card "LEAVE ME ALONE!" The mail stopped. :-) -- Bear Giles bear@fsl.noaa.gov ------------------------------ From: pgfelker@aol.com (PGFelker) Date: 24 Jan 1995 20:35:23 -0500 Subject: Re: Is the Post Office Subsidized? Organization: America Online, Inc. (1-800-827-6364) According to insiders (persons that I know that have spent their career in the Post Office), yes, the Post Office considers that for every piece of junk mail they deliver, they make several cents on each due to returns. Even though those little blow-in irratants only cost one and a fraction cents to the sponsoring business, the Post Offices reaps a tidy little sum in the aggregate. I have often wondered if every single piece of prepaid business mail were to be returned with nothing in the envelope or the card left blank, if it would be enough to cause the business to cease and desist from the use of such advertisements. I have been told that the practice does have an effect. ------------------------------ From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com> Date: 24 Jan 95 14:27:06 EST Subject: Cybersex Seattle From the Associated Press newswire (95.01.11 @ 08:38 EST) via CompuServe's Executive News Service: Cybersex. By DAVID BAUDER Associated Press Writer ALBANY, N.Y. (AP) -- After several sexually graphic chats by computer, a 51-year-old Seattle man traveled to New York last year to meet his cyberspace partner: a 14-year-old girl. By chance, they ran into her mother at a shopping mall. She called authorities and the man, Alan Paul Barlow, was arrested and charged with a misdemeanor for sending sexually explicit photographs of himself to teen-agers. The author explains that because of similar incidents, legislators are proposing special laws making "sexual communications with minors on computer" a felony. Experts question the need for such laws, saying that existing laws against pedophilia easily cover such cases of computer-based communications. -- M.E.Kabay,Ph.D. Director of Education, NCSA (Carlisle, PA) Mgmt Consultant, LGS Group Inc. (Montreal, QC) ------------------------------ From: bobleigh@world.std.com (Bob Leigh) Date: 24 Jan 1995 19:47:35 GMT Subject: Re: Tax Forms Display SSN on Mailing Label Organization: The World Public Access UNIX, Brookline, MA I just got my IRS package, and just the name and address are on the outside! Bound into the middle is a piece of mailing-label stock with the actual label to be used on my tax return. The package isn't sealed in any way -- it's just a stapled booklet. So it's better this year: my SSN isn't visible from the outside of the package, but anybody could've checked my mailbox, found the package, turned to the middle, and copied my SSN. -- Bob Leigh bobleigh@world.std.com [MODERATOR: Beginning last year with the 1993 tax forms the IRS has begun to "hide" the SSN in the way described above. If you had filled in a Schedule C in 1993 the form you received did not show the SSN. At the time they told me that as new forms were worked over this practice would spread to other mailings. There are a dozen different forms all called form 1040 to the outsider, they will all ultimately be modified.] ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #009 ****************************** .