Date: Sun, 26 Mar 95 16:34:28 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V6#029 Computer Privacy Digest Sun, 26 Mar 95 Volume 6 : Issue: 029 Today's Topics: Moderator: Leonard P. Levine Re: First Bank of Internet Opens Re: First Bank of Internet Opens Transcript of Barlow-Baker Debate Now Available Big Modem is Watching Drug Testing and Privacy Re: Can My Neighbor Peruse My Medical Records? Re: Can My Neighbor Peruse My Medical Records? Is Reading E-Mail Legal? Getting Your Credit Report Privacy of Newsgroups Re: FCC Caller ID Order Stayed Re: Abolishing the IRS Can a LAN Supervisor watch Me? Re: Proving your Citizenship Re: Proving your Citizenship FCC Backs Off on Caller ID Ruling Re: FTC Alert "Communications Decency Act" Update Crypto 101: Chapter I: Mail Info on CPD [unchanged since 12/29/94] ---------------------------------------------------------------------- From: Date: 22 Mar 1995 06:53:48 -0700 Subject: Re: First Bank of Internet Opens Organization: Netcom ___/\___ _|_()_|_ A N N O U C E M E N T For immediate release: Contact: fboi@netcom.com Monday, March 20, 1995 Subject of 'info' for details Direct questions to Vinn K. Beigh The First Bank of Internet, FBOI, is announcing the initiation of transaction processing services for Internet electronic commerce. Purchases over the Internet can now be made without exposing personal credit card information. Vendors can now sell products on the Internet without the restrictions imposed by credit card use. Is this appropriate for the Computer Privacy Digest? I don't think so. This is nothing more than an ad. Why did you let this through? FBOI are the latest Usenet spammers, having hit several moderated and unmoderated groups. Please keep the Computer Privacy Digest spam-free. Eric De Mund [moderator reply:] I was/am aware that this was an ad. It is however appropriate to the CPD mandate as the ability to handle anonymous transactions is an important privacy aid. I will post your response with my comment unless you wish your name suppressed. The concepts contained in the ad are meat and drink for us. [Eric De Mund reply:] Thanks for your reply. IMHO, the post *did* contain a *small* amount of information of interest to Computer Privacy Digest subscribers, but only incidentally. I would prefer not to see ads like this in the future but rather some tiny blurb by you, the moderator, in its place. I wonder how many other subscribers feel this way? Can you post my previous comments and the above anonymously? Also, maybe a few words by you about ads in the digest might be in order. Thanks very much. And keep up the good work. [moderator reply:] glad to post your concerns, you are the only one to show such concerns so far. I will post this also, and let's get a conversation going about the internet and funds transfer. ------------------------------ From: "Prof. L. P. Levine" Date: 22 Mar 1995 15:16:08 -0600 (CST) Subject: Re: First Bank of Internet Opens Organization: University of Wisconsin-Milwaukee Taken from RISKS-LIST: RISKS-FORUM Digest Tuesday 21 March 1995 Volume 16 : Issue 94 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator From: Steve Holzworth Date: 21 Mar 1995 16:23:44 -0500 Subject: Re: First "Bank" of Internet (Beigh, RISKS-16.93) This "announcement" is so full of holes as to be ludicrous. 1) According to the NC Banking Commission, use of the term "bank", with a very few limited exceptions, is illegal for anyone but an organization that is a federally (FDIC) or state chartered, regulated entity. The NC Banking Commission has taken an interest in this announcement, and is forwarding the info to the FDIC... 2) "The alternative to personal credit cards for electronic commerce is based on an FBOI procured Visa (tm) Automated Teller Machine (ATM) card. The card is prepaid, PIN protected, replaceable, disposable, and good at over 200,000 Visa/PLUS (tm) ATMs in 83 countries. " Translation: 'you send us $x.xx to keep on account (with no interest accrued to you). We deduct purchases from this balance'. What happens if we disagree on the balance and/or dispute transactions? Because this an ATM card as opposed to a credit card, normal fraud liability limitations ($50.00 US) and disputed charge reversals are not in effect. If someone fraudulently charges against your ATM account, you potentially bear the full loss. Also, the "vendor" info, sent in response to the specified E-mail request, indicates that the ATM cards are not "rechargeable". When you run your balance down, you must buy a new one. FBOI charges a 5% commission to establish a new card for you (ie - the "setup" fee is 5% of the balance you wish to put on account; when that runs out, you pay another 5% for a new card). Since they charge vendors a 5% commission per transaction, FBOI is keeping 10% of all funds that move through their system. 3) "The safety of FBOI is ensured because access to ATM funds without possession of both the ATM card and the Personal Identification Number (PIN) is not possible. ATM cards are also better than credit cards because their purchase does not require the personal, financial, and employment background of the consumer." Here is how a transaction is instigated (from FBOI info): "*FBOI procedures for creating a vendor E-mail invoice* FBOI E-mail invoices are a two line message created by a FBOI vendor. Line one of the message contains the customer Internet E-mail address. Line two contains the transaction amount in US dollars. This message must then be encrypted, signed, in ASCII, and in Text using the PGP command "PGP -seat invoice fboi". The "invoice.asc" is then ready to be E-mailed to fboi@netcom.com with subject "invoice". FBOI will issue an E-mail transaction receipt." "*FBOI procedures for creating a customer E-mail check* FBOI E-mail checks are a two line message created by a FBOI customer. Line one of the message contains the vendor Internet E-mail address. Line two contains the transaction amount in US dollars. This message must then be encrypted, signed, in ASCII, and in Text using the PGP command "PGP -seat check fboi". The "check.asc" is then ready to be E-mailed to fboi@netcom.com with subject "check". FBOI will issue an E-mail transaction receipt." FBOI then reconciles the above transactions and sends payment to the vendor (or credits the vendor's ATM card). Note that FBOI recommends product pricing at around ONE US DOLLAR for items! (Almost-Freeware, anyone?) 4) "...In addition, consumers can reclaim their funds at any time using an ATM." At what service charge per transaction? What limitations on withdrawal amounts (how many transactions will it take to empty my account)? Any yearly fees for this privilege? FBOI info is rather vague in this regard. The only pertinent comment I saw was (pertaining to vendor payment): "... While the Visa ATM card as a payment method has many advantages (portable, anonymous, and cash in any country of the world), your ATM may not dispense the entire payment due to the exchange rate and possible ATM fees." 5) "...Those services will collect the consumers credit card information in advance because of Internet security problems." Since those are still credit card transactions, the consumer has much better dispute resolution abilities. 6) "FBOI transmits no sensitive information over the Internet and prevents forgery and impersonation by using Pretty Good Privacy, PGP (tm), software for all transactions. This freeware provides excellent authentication and anti-alteration security." The description of transactions as in (3) above may or may not be subject to spoofing. I'm not up enough on crypto to comment. 7) "In addition to the unsecured nature of the Internet, consumers should be hesitant giving out their credit card information to vendors of unknown credibility." You mean like FBOI?? Based out of a Netcom account (instead of a .com domain)? 8) "...since U.S. Postal Service and Federal Trade Commission mail order laws do not apply to the Internet." The laws may not apply to the Internet per se, but credit card transactions are still subject to all of the controls of typical "mail order" as is normally practiced via telephone. 9) "The First Bank of Internet (tm) is not a lending institution, and is not chartered." This says volumes.... (see (1), above). And finally: "When FBOI procures a Visa ATM card for vendor customers the card becomes their money. FBOI will be granted access to their funds through the FBOI customer agreement allowing FBOI to possess a duplicate card." ^^^^^^^^^^^^^^^^^^ ------------------------------ From: mccap@swarm.cs.wustl.edu (Peter J. McCann) Date: 22 Mar 1995 03:33:20 GMT Subject: Transcript of Barlow-Baker Debate Now Available Organization: Washington University A transcript and audio recordings of a recent debate between John Perry Barlow, of the EFF, and Stewart Baker, former general counsel to the NSA, is now available through the WWWeb: http://swarm.cs.wustl.edu/~mccap/debate/debate.html The two discussed a variety of issues relating to freedom, privacy, and law enforcement brought up by recent advances in computer encryption technology. The debate was held here at Washington University on February 7 as part of the Washington University Assembly Series Lectures. -- Pete McCann Department of Computer Science Washington University in St. Louis ------------------------------ From: /DD.ID=OVMAIL1.WZR014/G=DANIEL/S=STICKA/@EDS.DIAMONDNET.sprint.com Date: 22 Mar 1995 09:06:29 -0500 Subject: Big Modem is Watching I caught an article in Forbes (Feb13,1995;pg:186) titled "Big Modem is Watching". The jisk of the article describes the practice of online services doing a check of your system and writing some files on your hard drive to give quicker and flashier access. The author then explores the possibility of the online service doing more, such as checking out the type of software you have loaded, or browsing your Quicken files for financial info, all without you knowing it. The big three (Prodigy, AOL, CompuServe) all deny looking at the subscriber's information other than available disk space, but the article describes some product registration software that did in fact snoop at software and update their database during the online registration process. The logical conclusion of this is while you may trust your friendly online service provider, who knows what lurks out in the big bad Internet. "While you are scanning one (WWW page), the operator could be scanning you." -- Dan Sticka OVMAIL1.WZR014@EDS.COM ------------------------------ From: wjwinn@kocrsv01.delcoelect.com (Bill Winn) Date: 22 Mar 1995 14:40:23 GMT Subject: Drug Testing and Privacy Organization: Analysts International Corporation As a condition for employment, my current contract employer required a drug screening. This is not unusual. It was how the hospital wanted to track my urine sample that I found unusual. Upon arriving at the hospital I was asked to fill out a form. I did so, intentionally leaving the space for my Social Security Number (SSN) blank (since my employer had already paid for the test there was no credit or insurance involved). I gave the completed form to a nurse and returned to my seat. A few minutes later, the nurse called for me and said that she needed my SSN. I asked why, and she said that urine samples could not be marked using names, so the hospital used the patients' SSNs to track samples. I enlightened the nurse as to the dangers of using one's SSN for tracking (as well as to the "proper" uses for one's SSN), and noted that using that number did not confer anonymity. I suggested using a randomly generated number, known only to my physician, to track the sample. Alas, my argument fell on deaf ears. The nurse insisted that she needed my SSN because hospital policy required it. I asked for a copy of the *written* policy, but she said that it was not in writing. I again refused to divulge my SSN. It was at this point that a doctor stepped forward and suggested that my concerns were valid and had the nurse assign me a random number. Has anyone else had this particular problem when having a drug screen? -- Bill Winn Software Engineer - Analysts International Corporation ------------------------------- wjwinn@kocrsv01.delcoelect.com wwinn@klingon.iupucs.iupui.edu My views do not express the views of anyone except my alter-ego. ------------------------------ From: burns006@maroon.tc.umn.edu (Sean Burns) Date: 22 Mar 1995 16:25:53 GMT Subject: Re: Can My Neighbor Peruse My Medical Records? Organization: College of Human Ecology Robert Gellman writes: What to do about the possibility of a nosey insider? You might bring the problem to the attention of the administrator of the hospital. The possibility of a lawsuit should be readily apparent to the administrator. But you have to be careful. If you bring specific charges against an identifiable person, you run the risk of being sued by that person for defamation. If you name a person, you had better have your facts straight and provable. Depending on the record system in use at the hospital there may be an audit trail available to the administrator. For example, at the University of Minnesota a monthly report is generated for every person who has electronic access to student records. These reports record who accessed a particular student's record and which part of the record was accessed. The reports are sent to supervisory staff who are supposed to review them for any improprieties. Some institutions use similar audit devices for paper records. If the hospital has such controls in place (and it should) it would be a simple matter to check and if the trail supports your claim I would hope the adminstrator takes quick action. Your neighbor seems to be a first-class creep. ------------------------------ From: kyoung@iptcorp.com (Ken Young) Date: 22 Mar 95 10:05:51 PST Subject: Re: Can My Neighbor Peruse My Medical Records? Organization: IPT Corporation kingsmill@esdsdf.dnet.ge.com (Harry Kingsmill) writes: We have a neighbor who we have done our absolute best to avoid because she tends to be very snoopy and free with personal information that she has gathered on the other neighbors. As a result of our avoiding her, she has naturally taken a keen dislike for my wife and I. During the past year, this person has taken a part time job in the admissions [...] This gossip is now liable for lawsuit, prosecution, and loss of job for divulging psichiatric records. Sorry about the spelling - can't find dictionary. -- Ken Young ------------------------------ From: ahoffman@li.net (Hoffman) Date: 24 Mar 1995 09:25:47 -0500 Subject: Is Reading E-Mail Legal? Organization: LI Net (Long Island Network) Can someone give me a definitive authoritative answer regarding the exact status of if it is legal for system admins to read mail. Is e-mail covered in any law such as the electronic communicatiosn privacy act or the omni-bus crime bill? (I'm specifially referring to Internet providers). ------------------------------ From: "Virginia Matzek" Date: 24 Mar 1995 11:04:18 PACIFIC Subject: Getting Your Credit Report Organization: California Alumni Assoc. Someone on this list helped me find this information and I thought it would be of interest to many people on the list, particularly newcomers. My understanding of the law is that consumers are entitled to a free copy of their credit report ONLY IF they have been turned down for credit due to a negative report from the agency in question. (This may be different in other states; it fits my experience in California.) TRW, the major credit reporting agency, does give consumers one free credit report per year as a courtesy. Equifax and TransUnion charge $8 (in California; others may pay less) for credit reports if you can't show that you have been turned down for credit. The information you need to report to TRW is as follows: name, any aliases, birth date, SSN, current address, and previous address. You also need to sign your permission, I think. Addresses are as follows: TRW Box 2350 Chatsworth CA 91313 Equifax Box 740241 Atlanta GA 30374 TransUnion Box 7000 North Olmstead, OH 44070 +----------------------------------------------------------------+ | Virginia Matzek "I love being a writer. | | Associate Editor What I can't stand is the | | California Monthly paperwork." -- Peter De Vries | | | | vmatzek@alumni.berkeley.edu | | phone: 510/642-5781 fax: 510/642-6252 | +----------------------------------------------------------------+ ------------------------------ From: "Richard Schroeppel" Date: 23 Mar 1995 14:55:39 MST Subject: Privacy of Newsgroups Ronald Dietz <74315.1546@CompuServe.COM> writes: Who or where or how, as the case may be, is the suscriber list to the various newsgroups maintained? Is there a keeper of the list(s)? Is it private or not? Are ones activities or participation in a news group monitored/recorded by anyone? The moderator might have added the following information: His reply is mainly relevant to *mailing-lists*, where you subscribe by sending a note to the moderator, and he sends you email regularly with the latest goodies. There are also mailing lists with automated subscriber-services; usually you contect them by sending email to a special "user" called Listserv or Majordomo. For these servers, you can send a "help" command that tells you how to get a list of all the subscribers, and (sometimes) how to have a concealed subscription. If you read newsgroups (with names like alt.foo.bar, sci.math, etc.), then there is usually a file on your local machine that keeps track of which groups you have subscribed to, and which articles you have read within each group. (This is so the news reading program won't offer you the articles you have already read, the next time you start it up.) In the last case, the fact that you are reading a newsgroup is relatively private (kept locally); but there's a periodic "Nielsen report" that looks around the net and reports how many people read each group, so your reading habits must be indirectly available to this program. In all cases, since the mailing lists must be on machines connected to the net, and since your local machine is connected to the net, a determined cracker can get the information if he wants it. Usually, your local sysadmin can read your email and look at your newsgroup file. And usually this information is backed up regularly on magnetic tape, often stored off-site. Never put any information on the net that you would be embarassed to find on the front page of the New York Times. -- Rich Schroeppel rcs@cs.arizona.edu ------------------------------ From: Privacy Rights Clearinghouse Date: 24 Mar 1995 21:18:35 -0800 (PST) Subject: Re: FCC Caller ID Order Stayed We have just received notice that the FCC has stayed implementation of its rules requiring that the calling party's number be transmitted on all interstate calls (i.e. Caller ID). I haven't had time to read the document carefully, but it appeared that there was pressure from both the Baby Bells and several state Public Utility Commissions to get the FCC to reconsider these rules. One problem is the impossibility or impracticability of holding the Bells to a double standard for interstate and intrastate calls. I'll try to get more info to CPD concerning this issue asap. -- Barry D. Fraser fraser@acusd.edu Online Legal Research Associate Privacy Rights Clearinghouse prc@acusd.edu Center for Public Interest Law Gopher gopher.acusd.edu University of San Diego Select "USD Campus-Wide Info" Privacy Hotline: 619-298-3396 BBS: 619-260-4789 In California: 800-773-7748 host: teetot login: privacy ------------------------------ From: poivre@netcom.com (Serrano) Date: 25 Mar 1995 23:46:22 GMT Subject: Re: Abolishing the IRS Organization: NETCOM On-line Communication Services (408 261-4700 guest) GOODWYN@delphi.com wrote: Regarding the various problems with the IRS snooping into people's private, does anyone know anything about a proposal in Congress to abolish income tax and the IRS? I think I saw something about this recently, and would like to know more. The idea was to replace income tax with a national sales tax, and the express purpose, if I remember correctly, was to get the IRS out of people's private lives by abolishing it. Doesn't the IRS collect other taxes besides income?? If a sales tax were to be in place, the govt might still need to use the IRS to collect the sales tax. In that case, the IRS won't have a need to snoop since the tax will be collected from merchants etc, and not from individuals. -- poivre@netcom.com : #include ------------------------------ From: jdemarco@netcom.com (John M. DeMarco) Date: 26 Mar 1995 18:56:16 GMT Subject: Can a LAN Supervisor watch Me? Organization: NETCOM On-line Communication Services (408 261-4700 guest) Please excuse a question from the paranoid: Our workstations are networked, running NetWare - 250 user (I don't know the version No.) On boot-up, we (naturally) need to login with passwords, etc. If a user answers "no" to the login request, the workstation reverts to the "local" mode (the "C:\" prompt). BUT, it's still possible to type "F:" and receive the following: "F:\LOGIN". This means (to me) that although I'm _not_ "logged in", I'm still "attached" to the network in some fashion. My suspicion is that as long as the network interface card (NIC) is plugged into the workstation, and the cable from the NIC is plugged into the wall socket labled "DATA", there *always* remains a possibility that _someone_ , _somewhere_ can (using the network supervisory utilites, Intel's LanSight or "Satan" or _something_) read my hard drive, monitor my screen output or keyboard input. This is a particularly sensitive issue because as part of some of the work we do, certain data are explicity _restricted_ to viewing by certain _specific_ persons, and the mere ability that _anybody_ else (including the trusted LAN Supervisor) could have a peek at it would have significant legal ramifications. So, (1) what _are_ the strengths/limitations of the NetWare supervisor's abilities when I'm "attached" but not "logged in" to the LAN, (2) do I need to move all sensitive work to a physically isolated machine to be _assured_ of _total_ freedom from unauthorized access by others? (pulling the network connection plug is frowned upon) (3) any other suggestions? Thanks *very* much to those who have a moment to reply to this paranoid. -- jdemarco@netcom.com ------------------------------ From: lane@wsgs07.lngs.infn.it (Charles Lane) Date: 22 Mar 95 10:02:49 EST Subject: Re: Proving your Citizenship dpbsmith@world.std.com (Daniel P. B. Smith) writes: The concept that I have to "prove my citizenship" disturbs me greatly. The current situation is that I don't think I have any difficulty "proving my citizenship," but that's only because nobody is seriously interested in challenging it. [...] The basic question I have is: I have a "birth certificate," but how do I "prove" that that birth certificate is actually _my_ birth certificate if anybody decides to challenge it? The piece of paper I currently present as my birth certificate was obtained by placing an order over the telephone with the City of New And some people don't even have that. My mother doesn't have a birth certificate; she was born at home (a farm in Kansas). I don't know whether it was a problem of not having a doctor in attendance, or the county courthouse burnt down, but when she went to get a passport she had to have family members swear affidavits that she actually was born on such-and-such a date at such-and-such a place. According to the constitution, you're a citizen if you're born in the US. Period. And unless there's manditory imprisonment for pregnant women to make sure that the child has the right "papers", there will always be undocumented births. -- Chuck Lane "I wish to God these calculations Drexel Univ. Particle Physics had been accomplished by steam." lane@duphy4.physics.drexel.edu --C. Babbage ------------------------------ From: msmithn@129.174.1.13 (Mara Smith) Date: 23 Mar 1995 15:40:11 -0500 Subject: Re: Proving your Citizenship John Stanley wrote: There are millions of Americans who cannot prove US citizenship. They were born in Canada, Mexico, Chile, Brazil ... In fact, any {North|South} American country that wasn't the USA. It doesn't even take being born in a foreign country; all it takes is a little ignorance. I was born in Puerto Rico, a U.S. commonwealth whose citizens are U.S citizens, to U.S. citizen parents who were in the U.S. military assigned at a U.S. military base in Puerto Rico. That wasn't good enough to prove my citizenship at a SSN office. So I handed over my military I.D. card--I was active duty at the time. THAT wasn't good enough--the SSN office employee did not know you had to be a citizen to serve in our military and I had no luck trying to convince her. She insisted on a passport--those are easily forged--or a birth certificate. Yes, unfortunately, a little ignorance goes a long way in hindering someone trying to prove their citizenship. Perhaps my maiden name of Garcia added to her confusion--I'd hate to believe that one. No, I prefer to believe she was ignorant and stupid since she didn't even know enough to perform her job satisfactorily. ------------------------------ From: arobson@Gateway.Uswnvg.COM (Andrew Robson) Date: 23 Mar 1995 00:04:18 GMT Subject: FCC Backs Off on Caller ID Ruling Organization: U S WEST NewVector Group, Inc. The following item appeared in the 3/17/95 "Daily_Summary" on the FCC's server at fcc.gov: CALLER ID. Effective March 17, stayed effectiveness of Sections 64.1601 and 64.1603 of the Commission's rules in the matter of Rules and Policies Regarding Calling Number identification Service -- Caller ID. (CC Docket 91- 281 by Order [FCC 95-119] adopted March 17 by the Commission) It would appear that they are backing away from their agressive positions on transport and blocking of Calling Line IDentification information. The full text of the order was not yet posted. -- Andy ------------------------------ From: gordon@sneaky.lonestar.org (Gordon Burditt) Date: 23 Mar 95 23:55 CST Subject: Re: FTC Alert Organization: /usr/lib/news/organi[sz]ation Would effectively kill the rapidly growing "checks by phone" industry, The "checks by phone" industry, and related electronic funds transfers, deserves to be killed if it doesn't clean up its act. I rate it slightly better than the "airplane" pyramid scam or posting plaintext credit card numbers on the net in consumer-friendliness. I'd have problems with trusting in a vendor who asks for payment this way even if I was paying under the terms: cash 5 years after warranty expires. >From misc.consumers, the effect of many automatic withdrawl or even *DEPOSIT* setups is to give the company a permanent hook into the account. If the consumer wants to terminate the agreement and the company doesn't, often the only practical recourse the consumer has is to close the account. The bank just says "talk to the company". Even automatic deposit isn't safe. It has happened several times, as reported on misc.consumers, that a company decides to fire a consultant, takes the last several payments back as a "mistake", and then notifies the consultant he's fired. He's out pay for a couple of months work that he actually performed and was paid for. If there is a dispute over the quality of work and the company was stupid enough to pay for work not performed, it should have to sue the consultant, not vice versa. Another danger of automatic deposit I have personally experienced several times is that the company makes a REAL mistake, say, in the tax schedules, or insurance deductions, gives employees a paycheck stub, and the employees record this in their checkbooks. Then they write checks. The company figures out its mistake, withdraws $100, and then TWO DAYS LATER notifies the employees. Meanwhile, checks are bouncing. Not any of mine, but only through luck. I think the company should either ask for $100 back, or make the correction on the next paycheck. Fraud associated with checks by phone is less than with credit cards. How do you measure this? Does it adequately count instances where the consumer simply gave up trying to dispute one of these checks, particularly one that comes in a month after the service involved was supposed to be shut off, and they run out of options. Some industries have a lot of venders who (health clubs in particular are mentioned a lot, and increasingly, Internet Services Providers and online services) simply don't process cancellations, or perhaps they expect the unborn offspring of their pregnant employees to deal with them. These probably get classified as "clerical error" but it's obvious the companies aren't doing much to stop it. Any consumer can take a check to his or her bank and, since consumer's signature is not on check, have the check kicked back to the bank it was originally deposited in and have their account credited. If this is the current law, someone needs to inform the banks. Otherwise, it needs to be the law. What is the magic incantation required to get them to kick back the check? Please post this to misc.consumers. A consumer should be able to have the check kicked back to the bank within a reasonable time (my bank seems to allow 60 days after sending your statement to protest errors; this seems reasonable) if they didn't sign it. Excuses like "you authorized it", even if true, should be irrelevant. Of course, if you really owe the money, the company can sue or try to collect directly or through a collection agency, but that's not the bank's problem. Settle it through negotiation, arbitration or in court. It should also be a very easy procedure to tell the bank "even though I authorized automatic periodic withdrawls (or deposits) from this company, (even if it was in writing) I want to cancel this authorization". The bank should not be able to say NO. They can insist on having the cancellation in writing if they want. The consumer should not have to go through a monthly ritual of begging and pleading to get a check kicked back, with the bank and the company each saying to talk to the other. The FTC must demonstrate why checks over the phone must require prior written authorization from consumers [which would effectively negate its usefulness] while allowing credit card purchases by phone without prior written authorization. Prior written authorization is a bit strong, but if the consumer's absolute right to kick back unsigned checks and cancel authorizations for automatic transfers can't be enforced, it's needed. It shouldn't have to come to that, though. -- Gordon L. Burditt sneaky.lonestar.org!gordon ------------------------------ From: ACLU Information Date: 23 Mar 1995 14:45:05 -0500 Subject: "Communications Decency Act" Update Senate Committee Backs Cyber Censorship, and Imposes Criminal Penalties WHAT JUST HAPPENED The Senate Commerce Committee adopted late this morning a modified version of the Exon bill, the so-called "Communications Decency Act" (originally introduced as Senate Bill 314). Senator Slade Gorton (R-WA), who had cosponsored S. 314 with Senator James Exon (D-NE), proposed the amendment in Exon's absence. It was adopted on voice vote as an amendment to the Telecommunications Competition and Deregulation Act of 1995. The amendment would subject on-line users to scrutiny and criminal penalties if their messages were deemed to be indecent, lewd, lascivious or filthy -- all communications that are protected by the Free Speech Guarantees of the First Amendment to the United States Constitution. Although protecting children from pornography is its most often cited rationale, this is really a "bait and switch" with your rights at stake. Note that the amendment in fact goes way beyond child pornorgaphy. It's like the opponents of TV violence who first said children should be protected and then made "Murder She Wrote" with Angela Landsbury their number one target. Or like the censors who banned "Huckleberry Finn," "Where's Waldo?" and even Webster's Dictionary (it has "bad" words in it, after all). The Exon/Gorton Amendment would invite active interference in the basic speech of everyone using any telecommunication device -- simply because some government bureaucrat somewhere thought the speech was indecent or lascivious. All senators on the committee had been informed that the Exon/Gorton amendment would violate the Constitution, assault the liberties of net users, stifle development of new technologies (many of which offer greater choice and control by all users -- including parents), and spawn expensive litigation -- while not succeeding at reducing access by children to pornography. A coalition of civil liberties organizations -- including the ACLU -- and numerous commercial companies warned against adopting the Exon/Gorton amendment, which originally would also have made all online service providers (in fact, anyone transmitting an offensive message) criminally liable. Some commercial companies offered Exon and Gorton language exempting themselves from liability while still letting their subscribers be prosecuted. Today Senator Gorton said that the amendment had been modified to exempt those merely "transmitting" the message. The amendment would, however, still cover anyone who originates a message deemed indecent, lascivious etc. WHAT YOU CAN DO 1. Contact the senators from your state, and all senators on the Commerce Commitee expressing your disappointment with this morning's action. Thank Senate Commerce Committee Chairman Larry Pressler (R-SD) for not including the Exon/Gorton amendment in his proposed bill, and urge him to support action on the Senate floor to remove the anti-cyber amendment. 2. Contact your online service providers and ask them what they have been doing about this Exon/Gorton assault on your liberties. Some providers are still standing up for your rights; others may not have.Urge them, not to support any legislation that protects them, but violates your free speech rights. Urge them to oppose the modified Exon/Gorton amendment. 3. Contact all the other senators and urge them to support deletion of the Exon/Gorton amendment when the bill comes to the Senate floor. 4. Stay tuned for further information and action items for both House and Senate. The American Civil Liberties Union is a nationwide, nonpartisan organization of over 275,000 members. Now in its 75th year, the ACLU is devoted exclusively to protecting the civil liberties guaranteed by the Constitution and the Bill of Rights, whereever these liberties are at risk--in a bookstore, in school, on the street, in cyberspace, wherever. The ACLU does this through legislative action, public education and litigation. Send your letter by e-mail, fax, or snail mail to: Senator Larry Pressler, S.D. Chairman, Committee on Commerce, Science, and Transportation SR-254 Russell Senate Office Building Washington, DC 20510-6125 (202) 224-5842 (phone) (202) 224-1259 (fax of Commerce Committee) e-mail: larry_pressler@pressler.senate.gov To maximize the impact of your letter, you should also write to the members of the Senate Commerce Committee and to your own Senators. Majority Members of the Senate Commerce Committee Senator Bob Packwood, Ore. SR-259 Russell Senate Office Building Washington, DC 20510-3702 (202) 224-5244 (phone) (202) 228-3576 (fax) Senator Ted Stevens, Alaska SH-522 Hart Senate Office Building Washington, DC 20510-0201 (202) 224-3004 (phone) (202) 224-1044 (fax) Senator John McCain, Ariz. SR-111 Russell Senate Office Building Washington, DC 20510-0303 (202) 224-2235 (phone) (202) 228-2862 (fax) Senator Conrad Burns, Mont. SD-183 Dirksen Senate Office Building Washington, DC 20510-2603 (202) 224-2644 (phone) (202) 224-8594 (fax) Senator Slade Gorton, Wash. SH-730 Hart Senate Office Building Washington, DC 20510-4701 (202) 224-3441 (phone) (202) 224-9393 (fax) e-mail: senator_gorton@gorton.senate.gov Senator Trent Lott, Miss. SR-487 Russell Senate Office Building Washington, DC 20510-2403 (202) 224-6253 (phone) (202) 224-2262 (fax) Senator Kay Bailey Hutchison, Tex. SH-703 Hart Senate Office Building Washington, DC 20510-4303 (202) 224-5922 (phone) (202) 224-0776 (fax) e-mail: senator@hutchison.senate.gov Senator Olympia J. Snowe, Maine SR-174 Russell Senate Office Building Washington, DC 20510-1903 (202) 224-5344 (phone) (202) 224-6853 (fax) Senator John Ashcroft, Mo. SH-705 Hart Senate Office Building Washington, DC 20510-2504 (202) 224-6154 (phone) (202) 224-7615 Minority Members of the Senate Commerce Committee Senator Ernest F. Hollings, S.C. SR-125 Russell Senate Office Building Washington, DC 20510-4002 (202) 224-6121 (phone) (202) 224-4293 (fax) Senator Daniel K. Inouye, Hawaii SH-772 Hart Senate Office Building Washington, DC 20510-1102 (202) 224-3934 (phone) (202) 224-6747 (fax) Senator Wendell H. Ford, Ky. SR-173A Russell Senate Office Building Washington, DC 20510-1701 (202) 224-4343 (phone) (202) 224-0046 (fax) e-mail: wendell_ford@ford.senate.gov Senator J. James Exon, Neb. SH-528 Hart Senate Office Building Washington, DC 20510-2702 (202) 224-4224 (phone) (202) 224-5213 (fax) Senator John D. (Jay) Rockefeller IV, W. Va. SH-109 Hart Senate Office Building Washington, DC 20510-4802 (202) 224-6472 (phone) (202) 224-1689 (fax) Senator John F. Kerry, Mass. SR-421 Russell Senate Office Building Washington, DC 20510-2102 (202) 224-2742 (phone) (202) 224-8525 (fax) Senator John B. Breaux, La SH-516 Hart Senate Office Building Washington, DC 20510-1803 (202) 224-4623 (phone) (202) 224-2435 (fax) Senator Richard H. Bryan, Nev. SR-364 Russell Senate Office Building Washington, DC 20510-2804 (202) 224-6244 (phone) (202) 224-1867 (fax) Senator Byron L. Dorgan, N.D. SH-713 Hart Senate Office Building Washington, DC 20510-3405 (202) 224-2551 (phone) (202) 224-1193 (fax) You can also write or fax your own Senator at: The Honorable ______________________ U.S. Senate Washington, D.C. 20510 Senate directories including fax numbers may be found at: gopher://ftp.senate.gov:70 gopher://una.hh.lib.umich.edu:70/0/socsci/polscilaw/uslegi Additional information about the ACLU's position on this issue and others affecting civil liberties online and elsewhere may be found at: gopher:\\aclu.org:6601 OR request our FAQ at infoaclu@aclu.org -- ACLU Free Reading Room | American Civil Liberties Union gopher://aclu.org:6601 | 132 W. 43rd Street, NY, NY 10036 mailto:infoaclu@aclu.org| "Eternal vigilance is the ftp://ftp.pipeline.com | price of liberty" ------------------------------ From: gitm@netcom.com (Ghost in the Machine) Date: 22 Mar 1995 18:40:16 GMT Subject: Crypto 101: Chapter I: Mail Organization: NETCOM On-line Communication Services (408 261-4700 guest) This is a file I wrote for an e-zine of mine, and a friend suggested it was good enough for mass dissemination, so here it is. Note, this is very long (60k) and since I know that will bother some of you, I am warning you ahead of time. [...] [moderator, this file is too long to post here, it can be found in the CPD archive. It is worth reading for those who are interested in the material.] ------------------------------ From: "Prof. L. P. Levine" Date: 29 Dec 1994 10:50:22 -0600 (CST) Subject: Info on CPD [unchanged since 12/29/94] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. Older archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V6 #029 ****************************** .