Date: Mon, 30 Jan 95 15:19:43 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#012 Computer Privacy Digest Mon, 30 Jan 95 Volume 6 : Issue: 012 Today's Topics: Moderator: Leonard P. Levine Re: Requests for Home Phone Numbers Re: Requests for Home Phone Numbers Re: Requests for Home Phone Numbers Re: SSN, The Way to Your Pocket Re: The Cyber Police are Coming? Re: The Cyber Police are Coming? Privacy and HIV Re: A Small but Satisfying Victory Re: US Government Regulations and Internet Access Re: Cybersex Seattle Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: O1EVERT@VM1.CC.UAKRON.EDU (Tom Evert) Date: 27 Jan 95 20:34:00 EST Subject: Re: Requests for Home Phone Numbers Organization: The University of Akron aj027@yfn.ysu.edu (Chip Kaye) writes: I recently opened an account on CompuServe and filled in my home phone # on their online form as 555-555-5555. I then tried logging onto the account a few days later and was given an 800 number to call to complete my unverified home phone. I would prefer not to give out my phone number but was told that their policy was to require at least 1 phone number. I am wondering about the legality of this requirement. I vaguely remember a number of years ago that merchants were prohibited from requesting phone numbers when processing customer credit card purchases. Any info would be helpful. Thanks. Most likely they want your number for telemarketing purposes and/or to call you if you don't pay your bill or probably to update Phone File (so every other Compuserve subscriber can get your number, also). If their reasoning really is to update Phone File then either your name wasn't in their data base or they are unable to cross reference subscribers with Phone File. Once you get in Phone File - you never get out. ------------------------------ From: rfs@panix.com (Richard F. Strasser) Date: 28 Jan 1995 12:45:13 -0500 Subject: Re: Requests for Home Phone Numbers privacy@interramp.com said: However, several times when I used a credit card in the Fall of 1994 the clerk told me that they had a right to demand my address. When I questioned this practice, the employee pulled out a statement from the back of the store indicating that Mastercard and Visa International allow merchants to request further information (such as address) if the purchaser is deemed suspicious or in cases of purchase by mail order. I called Mastercard Internation, Visa International, Discover Card, and American Express. Apparently they allow their merchants to engage in this practice if they deem the purchaser as "suspicious." It seems to me that, in this case, someone asking for your telephone number is the least of your problems. If you really want to protect your privacy, you probably shouldn't use a credit card for your purchases. (Also, I think that is reasonable for someone selling goods to you on credit to have basic personal information.) On the other hand, I do object to those instances in which one pays cash for a purchase and the store still insists on a phone number. Richard F. Strasser ------------------------------ From: berczuk@glendower.mit.edu (Steve Berczuk) Date: 30 Jan 1995 20:32:19 GMT Subject: Re: Requests for Home Phone Numbers Organization: MIT Center for Space Research wbe@psr.com (Winston Edmond) writes: What you're vaguely remembering is that if you're in a store where the sales clerk is able to verify your in-person signature against the signature on the card, then in some states the store can't refuse to make the sale just because you don't give them yet more personal data. I think similar language is also part of the merchant agreement for MasterCard, VISA, and probably other cards. This doesn't apply to CompuServe on-line forms. If all you've done is fill out an on-line form, they don't have your signature and without an exchange of letters or the ability to call you, they have no way to verify who you are. Hmm, but when you order something mail order by phone with a credit card you don't give then a signature either, and I'm not sure that a mail order vendor would refuse a sale if you didn't give one to them. True they ask for your CC billing address so they ship the mechandise to the owner of the Credit card, but if an on line service only provided a connection to your home number you'd loose a good deal of flexibility... Is it _legal_ for them to ask you for a phone number? I think so. Well, in MA it is illegal to require this info on a credit card slip. Is an olline form a cc slip? I don't know. I has a similar experience with AOL. I called them to ask WHY they needed a phone number, and the answer I got was that they "needed the information for my record." If they had given me a legitimate sounding reason, I may have given out the number (though if they really needed to contact me, they could have sent me email or a paper letter..) At the very least they could have a box to opt out of mailings and the like (like many paper sales forms) laws not withstanding, I tend to think that any company should at least give you a reason for why they want the information. (Sort of what would be required if teh privacy act applied to private companies...) -- Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research Phone: (617) 253-3840 | NE80-6015 Fax: (617) 253-8084 | Cambridge MA 02139 ------------------------------ From: Christopher Zguris <0004854540@mcimail.com> Date: 27 Jan 95 23:53 EST Subject: Re: SSN, The Way to Your Pocket styvesan@cosricon.com wrote: Many times one may receive a check for services or a product that they would prefer to cash and just quietly put in their pocket. The problem occurs when your SSN is attached to everything. How can you cash this check in private? Many think they can simply go to there bank and cash it, without any record. WRONG! When you present the check, the first piece of information required is - Right... your account number. How? Simple. Take the check to a friendly neighborhood business that knows you, endorse it, and let them give you cash for the check. At least, that's what I've heard. And, since I have several commercial checking accounts, I know it can be done. The only danger is the business you give the check to is liable if it bounces, *that's* why you've got to be on good terms with the business owner! You could also send the checks in as payment for a utility and -probably- credit card bills, the big guys have their checks processed for them and don't bother looking at who the check is made out to. True story: a friend of mine gave two checks to her accountant, one for $825 in the accountants name, and one for $125 made out to a major insurance company. The accountant sent the $825 check to the insurance company by mistake, and they cashed it _even though_ it was NOT made out to them. More trivia, the dopes who say you can delay paying the I.R.S. by not signing the check are full of it, the I.R.S. will cash it anyway. In fact, I don't think there are any situations where the bank will say no to the I.R.S. Hope this helps! What I mentioned may be illegal (cashing checks to avoid reporting taxable income _is_ illegal). Consult a lawyer, I've got nothing to do with you and offer this info for informational purposes only. -- Christopher Zguris czguris@mcimail.com ------------------------------ From: slowdog@wookie.net (slowdog) Date: 28 Jan 1995 15:20:37 GMT Subject: Re: The Cyber Police are Coming? Organization: Wozz's Place kcerioni@clyde.ics.uci.edu wrote: The wiretapping analogy does not hold true to the Internet. Telephone lines are owned by private companies, telephone conversations are private, between two people. The internet is a public infrastructure, discussions on bulletin boards are an open public forum. Should law enforcement be banned from public places? This is contrary to their mission. Do we band police officers from the public parks? What happens when a rape occurs. Do we deny the county sheriff the right to drive on public streets? How could they catch the criminals? This is utter claptrap. The net is not a physical place where the Blues have to cruise around looking for people causing physical harm to anyone. The net is not a public place like other public places, and the use by the media and law enforcement and government and you right here of metaphors that simply don't match the true reaility of the situation is getting to be rather alarming in and of itself. The net is a loose confederation of sovereign indivduals (because, in truth, all individuals are inherently sovereign). And the "cybercops" should stay home and watch cable television. I think this whole controversy is over a misconception people have about the internet. The feel and interaction is conversing verbally in a small, intimate group of peers that share the same interest. (This would explain the existence of anarchist - type bulletin boards.) When Is the existence of "anarchist-type bulletin boards" relevant at all, or do you have another point or agenda that you're hiding here? in reality you are making a public record that any one can have access to. People are really compromising their privacy by participating on the Internet. For example, say you participate on a bulletin board for wine connoisseurs, don't be surprised when your mailbox starts to fill up with advertisements from wine retailers. The Internet is not about privacy. People do understand this, in fact. It's why we talk about and use encryption schemes. It's why we want such schemes that the government can't crack, and certainly don't want things like Clipper. -- dog ------------------------------ From: slowdog@wookie.net (slowdog) Date: 28 Jan 1995 15:23:00 GMT Subject: Re: The Cyber Police are Coming? Organization: Wozz's Place nick@global.demon.co.uk wrote: Cyberpolice says Newsweek. Is this just an ambitious Brooklyn Asst. DA? Or is it Wash DC training cybercensors? Could someone in the US post the article and any follow up? If it is a serious attempt at Cybercensorship, it needs a global solution. Any attempt to infringe upon the right of soveriegn individuals to freely communicate and control their own fate (in this case, on the net) should be met with a response from the -world's- net users. SUch things cannot be allowed to be seen as the domain of any one single nation, because the net spans physical nations. -- dog ------------------------------ From: "Prof. L. P. Levine" Date: 29 Jan 1995 08:20:56 -0600 (CST) Subject: Privacy and HIV Organization: University of Wisconsin-Milwaukee This was taken from PRIVACY Forum Digest Saturday, 28 January 1995 Volume 04 : Issue 03 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. dgh@BIX.com writes: in discussing Blood Tests and AIDS disclosure: If the Red Cross sends the name of a person who donated HIV-positive blood to the CDC, what is the CDC going to do with the information? They don't know who that person has had sex with, so how does providing the name to the CDC protect anyone? The CDC won't have a clue as to who to contact, so the only way the information could be useful is if people could use a computer to see if a prospective, or past, partner is on the list. But that means that *anybody* could access the information, which is *not* acceptable to privacy advocates. and Joebates@aol.com writes when discussing Mandatory HIV disclosure: I would suggest that we split this topic into three seperate discussions. 1) Once testing (for whatever reason) has revealed that the test subject has HIV infected blood, should it be required by law that the previous partners be found, notified (partner tracking) and be required to be tested with possible further notification and treatment for their partners? (This is currently required by law for other venereal diseases.) 2) Whether the results of HIV and/or other STD (Sexually transmitted disease) tests should be made available to persons or organizations other than the health professionals directly involved in the notification, testing and treatment procedures. If the results are disseminated, should it be in statistical form only or should some persons from government, industry, research or other fields be able to obtain the identities of those tested and the results of the individual tests? 3.) Whether blood collection agencies have the right to collect lifestyle information and test donor blood for contagious diseases of any type in an attempt to screen out potentially unacceptable donors. Additionally, are the results of these screens the property of the blood collection agency for further use as they see fit, or does the "screenee" have the right to control the use of the information (or somewhere inbetween)? ------------------------------ From: horowitz@nosc.mil (Alan M. Horowitz) Date: 29 Jan 1995 22:20:42 GMT Subject: Re: A Small but Satisfying Victory Organization: NCCOSC RDT&E Division, San Diego, CA In all fairness, if we want to deal on _our_ terms, we have to be prepared to make payment in full. If we say, "bill the insurance" for some portion, we are asking the doctor to be our creditor. He then has the right to make us comply with _his_ terms. Fair is fair. IncidentaLLy, I beleive the average MD will have more understanding and sympathy for liberty & privacy issues than the drones in the office. Don't hesitate to ask the drones to ask the doctor for a ruling. It _is_ the doctor's business operation - he can make whatever decisions he feels like. Doctors eat a lot of shit from govt and Insurance companies. They will tend to sympathize - if you get him invovled. ------------------------------ From: bear@fsl.noaa.gov (Bear Giles) Date: 30 Jan 95 05:26:24 GMT Subject: Re: US Government Regulations and Internet Access Organization: Forecast Systems Labs, NOAA, Boulder, CO USA Eric Hermanson wrote: (one of the regulations on that industry is that there cannot be more than two cellular providers in any one metropolitan area. Now SOMEONE please explain the thinking behind that restriction to me!) An informed guess is that there is a limited number of cellular phone frequencies with current technology. This is the bandwidth allocated to celphones divided by the bandwidth required for each channel. Let's say this limit is "N". For "n" cellular service providers sharing equal access, each can serve "N/n" customers. If "n" is 1, you have a monopoly. Very bad. If "n" is N, you have frequent lockouts since one customer in the cell will lock out the other customers of that service in the same cell. (Of course, the customer could often still make a connection through a neighboring cell, but this just widens the area locked out.) A reasonable compromise would be "n" of 2 or 3. Two, while low, prevents a monopoly from forming while minimizing lockouts as the cell is saturated. I suspect that regulation for the Internet is upcoming, but I would like to know when it is planned, and what the regulations might look like. Any regulation would be for other reasons. Probably content, to protect our nation's innocent 13-year-olds from learning how to make pipe bombs with an FTP request (instead of a library request). -- Bear Giles bear@fsl.noaa.gov ------------------------------ From: bear@fsl.noaa.gov (Bear Giles) Date: 30 Jan 95 05:35:39 GMT Subject: Re: Cybersex Seattle Organization: Forecast Systems Labs, NOAA, Boulder, CO USA You may not have been aware that you were communicating with a minor. Indeed, you may have been told that you were communicating with a 25-year-old. There was a local, very bizarre, case of this in Denver a few years ago. David Bath, as state representive, introduced a bill to make it a felony to videotape sex acts with minors. I know there's already a Federal "kiddie porn" law, but he introduced this bill anyway. Part of his "tough on crime!" image, I guess. A while after he was voted out of office a kiddie porn case was broken, and it had a videotape of ex-Rep Bath getting a blow job from a 17-year- old male. I think 17 is over the age of consent in Colorado, so Bath didn't face charges under statutory rape. But he did face charges under the very bill he introduced. He was convicted, but won on appeal. The conviction was based, in part, on Bath's failure to ask for proof of the guy's age. Had he asked for proof, and been deceived, charges would have probably been dropped... but he didn't ask for ID. The appeals court ruled that Bath was not under any obligation to ask for ID, since the physical difference between a 17- and 18- year old is so minor (so to speak) that he had no reasonable expectation that the guy was under 18. Needless to say, you still want to exercise caution -- going through a public wringer like that can't be fun. -- Bear Giles bear@fsl.noaa.gov ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #012 ****************************** .