Date: Tue, 15 Aug 95 10:55:13 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#013 Computer Privacy Digest Tue, 15 Aug 95 Volume 7 : Issue: 013 Today's Topics: Moderator: Leonard P. Levine Re: Caller ID Blockers Re: Caller ID Blockers Re: Caller ID Blockers Re: Information Collection at Sears Watch them Vacation Programs Re: Web Access and Mailing Lists CLI-InfoRequest Credit Reports and Identifying Information An Abuse of Individual Right to Privacy? Info on CPD [unchanged since 08/01/95] ---------------------------------------------------------------------- From: Lynne Gregg Date: 11 Aug 95 11:21:00 PDT Subject: Re: Caller ID Blockers Bill Ranck posted the following: By the way, there is another problem with the *67 sequence in many locations. If you happen to have a caller-id block on your line the *67 toggles it off. In other words, using *67 on a line that does not normally give caller-id will make it give caller-id for that call. This is true - FOR THE TIME BEING. The FCC Order on Calling Number Services will go into effect on 12/12/95. This Order requires telcos to use *67 only for blocking presentation of the Calling Party Number (CPN) and not use it as a toggle. The FCC ordered that *82 be used for unblocking (in the event that the customer has a Per Line Block). So, if a customer has Per Line Blocking and uses *67, the CPN presentation should be blocked. If a customer does not have Per Line Blocking and uses *82, then the number would be displayed. The FCC says no toggles with these star codes. I personally think that's a good move. It's hard enough for most folks to remember all the star codes that control various telco services. The other issue here is that if I use someone else's phone, I probably don't know whether that person has Per Line Blocking or not. Therefore if I pre-pend *67, I really mean, "block my number". This is why there needs to be distinct and consistently used codes among all the telcos. That's why the FCC jumped in. -- Regards, Lynne ------------------------------ From: rbgreen@comm.net (Robert Green) Date: 12 Aug 1995 06:54:39 GMT Subject: Re: Caller ID Blockers Organization: CommNet Inc. Athena Consulting (athena@communique.net) wrote: I am very new to this CALLER ID concept. I just moved to LA from California where they do not allow the masses to have CID. I have seen a device you can purchase from specialty catalogs for like $40 that claims to stop your name and number from being read. Does anyone know if these work or not? Thanks! glr@ripco.com (Glen Roberts) wrote: They work great... but you can do the same by dialing *67. All the box does is dial *67 when you pick up the line... The phone line attachments and the *67 option only work if your phone company is set up for it. In much of Louisiana, there is currently no way to block CallerID. Try the *67 - if you get a stutter then a dial tone, the gadget will work, too. If you just get busy signal, the phone company isn't accepting the blocking. ------------------------------ From: glr@ripco.com (Glen Roberts) Date: 12 Aug 1995 14:36:39 GMT Subject: Re: Caller ID Blockers Organization: Ripco Internet BBS, Chicago jmolini@inetcom.net wrote: Is there any reason why you don't just call the phone company and have your number removed from the system entirely. I did this in Houston. ranck@joesbar.cc.vt.edu wrote: Very nice. The only trouble is, this option is not available evrywhere. It varies from state to state dpending on what the local BOC could talk the PUC into. Here in GTE land... (With a DMS-100 switch)... *67 results in a busy signal... yet, when I call my Dad in Michigan, he gets my phone number... (I'm in PA). -- -------------------------------------- Glen L. Roberts, Host Full Disclosure Live (WWCR 5065 khz - Sundays 8pm eastern) (WOYL AM-1340, Oil City, PA). Tech Talk Network; Telstar 302, Ch 21, 5.8 Audio Look for articles, catalog, programs and great links on: http://pages.ripco.com:8080/~glr/glr.html ------------------------------------- ------------------------------ From: rathinam@worf.netins.net (Sethu R Rathinam) Date: 13 Aug 1995 17:36:12 GMT Subject: Re: Information Collection at Sears Organization: INS Info Services, Des Moines, Iowa, USA Frank C. Ferguson (ferguson@dma.org) wrote: No signature on paper is secure either. It can be scanned into a computer. I guess we should lock ourselfs into a room and never come out into the cruel, hostile, criminal world. The issue has been discussed in this groups a few times. What these equipment do PRESENTLY is similar to scanning a paper copy of the signature (correct me if I am wrong on that). That is not a problem for most of us. But in the future, IF/WHEN the equipment get smart enough to capture stroke, velocity, pressure ... information, they will have enough data to make a perfect duplicate of your signature. Question is, when such capability is achieved, will the companies tell you about the capability maturity - especially if you and I never asked questions when signing the "dumb" signature pads? I insist on signing the paper only copy at Sears and never had a problem so far (sometimes the person at the counter has to call someone else to learn how to do it). NOTE TO Moderator - how about an autobounce of messages on this topic with a mini-FAQ (including the UPS unauthorized duplication leading to firing an employee episode)?. After people get familiar with the issues, they can bring up related questions instead of repeating the same set of questions. -- Sethu R Rathinam N7TWL rathinam@netins.net ------------------------------ From: "Prof. L. P. Levine" Date: 13 Aug 1995 12:41:36 -0500 (CDT) Subject: Watch them Vacation Programs Organization: University of Wisconsin-Milwaukee A friend recently told me about a mailing list he subscribes to that has several hundred readers. Messages posted to this unmoderated list are automatically bounced to everyone on it. He tells me that he recently received from the list a bounce from a user who seemingly was running a vacation program that posted "I am not available till 8/20" type messages when email was addressed to him. Such systems are now fairly common with heavy email users who normally like to respond within a day to their correspondents. This time, however, the responder linked some 30 messages to the posting, including some clearly private business correspondence and one message indicating that the author misses the recipient and looked foreward eagerly to his return. Personally I do not like vacation programs, they are loaded guns waiting to go off with endless streams of unwanted mail. I am aware that they are getting better every year and have good features waiting to be used. Not by me, not right now. -- Leonard P. Levine e-mail levine@cs.uwm.edu Professor, Computer Science Office 1-414-229-5170 University of Wisconsin-Milwaukee Fax 1-414-229-6958 Box 784, Milwaukee, WI 53201 PGP Public Key: finger llevine@blatz.cs.uwm.edu ------------------------------ From: watrous@cs.rutgers.edu (Donald Watrous) Date: 13 Aug 1995 14:05:12 -0400 Subject: Re: Web Access and Mailing Lists Organization: Rutgers University LCSR gmcgath@condes.MV.COM (Gary McGath) writes: Using a log of people accessing one's Web page to build a mailing list, particularly one which will be made available to third parties, is a practice I haven't heard of before, and strikes me as distinctly annoying. Does anyone know of other sites that do this? I once tried one of those over the net security scanning services put on the web as a free come on. Sometime later I got some junk email from that company, advertising their commercial services. Haven't heard of access lists being sold, but I wouldn't be surprised. -- Donald Watrous LCSR Systems, Rutgers University watrous@cs.rutgers.edu http://www.cs.rutgers.edu/~watrous/ ------------------------------ From: Andy Simpson Date: 14 Aug 1995 14:03:51 GMT Subject: CLI-InfoRequest Organization: The University of Sydney, NSW, Australia CLI-based services presently are being trialled in Australia. I'd be very appreciative if anyone could refer me to any good material on the regulation of CLI services and the failings of that regulation. Thanks, Andy ------------------------------ From: berczuk@space.mit.edu (Steve Berczuk) Date: 15 Aug 1995 14:11:02 GMT Subject: Credit Reports and Identifying Information Organization: MIT Center for Space Research Recently we asked for my copies of our credit reports (which is a good thing to do one in a while) and noticed that my wife's report had a field "AKA ". The problem is that she uses her own last name (especially for financial transactions), so we thought it would be a good idea to ask the credit bureau to correct this... (I'm not sure how important that this really is, but it seems like a good idea to make sure that info on the credit report accurate...) when we wrote a letter asking them to change this we got a letter saying something to the effect of: "We cannot change your name w/o documentation, all of our info comes from subscribers..." (the ironic thing is that we were asking them to STOP changing her name!) Three questions come to mind: 1) Does this mean that if a "TRW Subscriber" makes a mistake reporting identifying info it stays there? (on a related note, they also had a "previous address" mispelled. When we pointed that out we got the same answer ("we only print what was reported".)) 2) Can we figure out who reported the AKA to get THEM to correct it? How? 3) Aside from esthetic considerations, how important is information like "previous addresses and "Also know as" (or relatedly spouses first name-- credit bureaus seem to not be able to handle "spouses first & last name")? Thanks for any insight.. -- Steve Berczuk -berczuk@mit.edu | MIT Center for Space Research Phone: (617) 253-3840 | 37-561 Fax: (617) 253-0861 | Cambridge MA 02139 ------------------------------ From: mwilshire@anchor.demon.co.uk (Michael Wilshire) Date: 14 Aug 1995 16:10:47 GMT Subject: An Abuse of Individual Right to Privacy? I am appending an e-mail which has appears to have been sent by a company called 'aa.net' - or someone called brett@aa.net - to my domain name. It appears to have been sent on the (incorrect) assumption that I am supplying services to other users or 'clients' within my domain. If I have understood this correctly, I am being asked to reveal what I would regard to be privileged information about those clients' names, addresses and email addresses. The message states that having obtained this information - presumably without the users' consent - they will announce the existence of a directory (perhaps for commercial gain?). From the way the message is written, they seem to realise that the manner in which they plan to obtain this information is somewhat disingenuous, since they promise not to reveal the source of their information (presumably the service or access provider). They claim to already have assembled 2 million such names and addresses. If my understanding of this is correct, I believe that any such abuse of personal information is a direct violation of personal privacy which should be stopped. I have absolutely no objection to someone assembling a directory as a public service, provided they openly ask or invite the users themselves on whether they wish to be listed in the first place. Simply allowing users to have their names deleted 'after the fact' is not - in my view - good enough. Furthermore, any covert attempt to obtain information without the users' knowledge seems to me to be reprehensible,and in breach of the philosophy of the Internet. I should be interested to hear views on my interpretation of this matter, and on how the rights of individuals to protect their privacy can be preserved. ------------ begin inclusion ---------------- Date: 13 Aug 1995 16:06:10 -0700 From: brett@aa.net Subject: International Email Directory To: root@5150.gigo.com We are compliling the most comprehensive international email directory. Currently we have more than two million addresses. This is not, and will not, be a mass downloadable file, just a directory. We request from you the following information: User name Company name City State/country Email address of all of your clients. After we receive this information, we will announce to each of your clients the existence of this WWW directory. ALSO, should they wish to be removed from the listing, they will simply need to email us with the word "remove" in the subject line. However, only those individuals who are listed will have access to the directory. WE WILL NOT explain to them where we received their address from, but simply offer to remove their name if they wish. We will update the list monthly, and wish that you send us a "delete" file and an "add" file as frequently as you can, but not more than monthly. Thank you for your assistance brett@aa.net ------------ end inclusion ---------------- ------------------------------ From: "Prof. L. P. Levine" Date: 11 Aug 1995 09:39:43 -0500 (CDT) Subject: Info on CPD [unchanged since 08/01/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #013 ****************************** .