Date: Tue, 05 Sep 95 11:17:02 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#019 Computer Privacy Digest Tue, 05 Sep 95 Volume 7 : Issue: 019 Today's Topics: Moderator: Leonard P. Levine Re: Fair Credit Reporting Social Security Number Linking Find People Fast Signatures Re: Credit Reports and Identifying Information Telcos and Privacy Re: Computer Privacy Digest Outrage Re: Computer Privacy Digest Outrage Re: Computer Privacy Digest Outrage Re: PharmaNet - Abortion Drugs Info on CPD [unchanged since 08/01/95] ---------------------------------------------------------------------- From: "L. Jean Camp" Date: 31 Aug 1995 13:49:46 -0400 (EDT) Subject: Re: Fair Credit Reporting Here is my understanding: The Fair Credit Reporting Act codifies the principles of the Code of Fair Information Practice to apply to credit reporting agencies. Unfortunately, the courts have determined that this act applies only to those agencies which provide credit reports as their primary business function . This means that financial information given to credit card companies, banks and other institutions can be freely traded without consumer knowledge or consent. The Fair Credit Reporting Act has prevented the proliferation of private credit guides which contain information on individuals; and has allowed only a bad-check list which contains encoded information such as address and last name whereby identifying the individual without their check is not feasible. And for your friend's case: In fact , the courts have ruled that, "The Act clearly does not provide a remedy for an illicit or abusive use of information about consumers" (Henry v. Forbes). This ruling has almost been destroyed by later decisions; however, the law still reads that if one obtains a report with frankly illegitimate reasons the Fair Credit Reporting Act would not apply. I believe this part of the ruling still stands: if some one lies to a credit agency the agency has no repsonsibility. -- Jean ------------------------------ From: Maryjo Bruce Date: 31 Aug 1995 18:57:52 -0700 (PDT) Subject: Social Security Number Linking I phoned the number in a customer service rep job ad in the paper to get info for a friend. The phone was answered electronically, and I was asked to enter a SSN. If you didn't you were cut off at the pass. I called back and used my own SSN. A rep came online. He began a spiel that included all sorts of personal info about me including my name, address, phono, current job, and such like, which he needed to "verify." He seemed amazed that I was upset. He said he had taken hundreds of calls that day, and nobody else cared. I asked where he got the information about me, given that I had no relationship with his firm. He hung up on me. -- Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com ------------------------------ From: schbbs!PHSSMPC2!shourc@uunet.uu.net (Robert C. Shouse) Date: 01 Sep 1995 13:17:48 GMT Subject: Find People Fast Organization: MOTOROLA There's a service out of California called Find People Fast. They have an 800 number that you can get from directory assistance (800 555 1212). If you have someones ssn they can find them literally in a matter of seconds. They also do searches based upon last name last address etc. -- Robert C. Shouse ------------------------------ From: Maryjo Bruce Date: 02 Sep 1995 20:02:59 -0700 (PDT) Subject: Signatures Recently I went on a trip. In a small town, I bought a used laptop, paying with my credit card. I was surprised when I was led into a small room to a signature capturing device - what is the proper name for them? The space allotted to me for my signature was too small for me. I created a signature entirely different from my real one and waited for trouble. A couple of minutes later the machine began to purr and the authorization for the charge went through. I asked the store owner if anybody ever was rejected on the basis of his/her signature. He said they were not ready to do that yet, but he had been told it was the next step. From what he said, I gathered that credit card companies are now collecting signatures from members for analysis. He seemed fascinated by the equipment and believed it would eventually protect him - from people like me (strangers). He thinks it will shift responsibility from him to the credit card company. -- Mary Jo Bruce, M.S., M.L.S. Sunshine@netcom.com ------------------------------ From: Nightwolf Date: 03 Sep 1995 11:45:46 -0400 (EDT) Subject: Re: Credit Reports and Identifying Information Organization: Concentric Internet Services Steve Berczuk wrote: 3) Aside from esthetic considerations, how important is information like "previous addresses and "Also know as" (or relatedly spouses first name-- credit bureaus seem to not be able to handle "spouses first & last name")? One other detail which all three of the credit bureaus appear totally unable to handle, is a person with more than one valid current address. I prefer to use a post office box for as much of my mail as I can. Even my utility bills and my car registration are mailed to me at that address. As a direct result of this, I have noticed that all three of the credit reporting services list my current home address as being my former home address. How any of them think that I am able to live at a post office is a fascinating question! -- Nightwolf N-wolf@cris.com ------------------------------ From: Peter Marshall Date: 04 Sep 1995 21:17:44 GMT Subject: Telcos and Privacy Organization: Eskimo North (206) For-Ever ---------- Forwarded message ---------- From: Barry Orton Date: 04 Sep 1995 16:09:19 -0500 To: Multiple recipients of list Subject: Re: Telcos and Privacy reposted for CYBEROID@U.WASHINGTON.EDU I'm not a regular member of this list, but via the WA Information Activists list, I read Jack Bryar's comments regarding the collec- tion of local calling information by the RBOCs. I have an uncomfortable admission to make: in 1985, I helped to draft and manage to passage CA's Telephone Privacy Act. This law made it a crime to pass information out of the local tele- phone company to any third party, for any purpose. This law, at the time, seemed well-advised, as it prohibited third party's from gaining access to calling information accumulated by our state's telephone companies (primarily, Pacific Bell and GTE-CA). Now I have second thoughts about this. It puts the telcos in a position of power that is quite exceptional relative to the capacities of other information-service providers, IXCs included. There is nothing to compel the telcos to share their information, if it becomes necessary to craft an egalitarian competitive en- vironment. At the same time, the telcos are uninhibited in the ways that they can employ this information -- a potent tool. It may be that the law has accomplished its principal purpose well and prevented a flood of personal information out of the telcos and to third parties. But times change, and perhaps it's time to revisit CA's Telephone Privacy Act. Perhaps it should apply to the telcos' new info subsidiaries just as it does to other third parties. I'm not with the CA legislature any longer; it's a much wilder, more pro-utility enterprise these days. I wonder what can and should be done. -- Bob Jacobson Former Principal Consultant Assembly Utilities and Commerce Committee, CA Legislature, 1981-9 ------------------------------ From: Robert Jacobson Date: 31 Aug 95 13:22:35 -0700 Subject: Re: Computer Privacy Digest Outrage I would vouch for the quality of Robert Ellis Smith's PRIVACY NEWSLETTER. While I was working on privacy issues in the CA legislature, in the "dark" years during the Reagan Administration, PN was my main source of news about privacy developments nationwide. He deserves to be noted, praised, and (if he's willing), drawn upon to provide news for this Digest. Thanks. Bob Jacobson ------------------------------ From: Robert Gellman Date: 01 Sep 1995 09:37:51 -0400 (EDT) Subject: Re: Computer Privacy Digest Outrage This is a response to a posting from Robert Ellis Smith about his newsletter, the Privacy Journal. I won't comment on his dispute about the policies of this Digest because I don't know all the details. The Privacy Journal is a monthly newsletter on privacy that has been published for years. During my 17 years working on Capitol Hill, I always read the Privacy Journal. Bob Smith is one of the nation's leading authorities on privacy and one of the best journalists covering the territory. The Privacy Journal has provided more coverage, including investigative pieces, on the credit reporting industry, the Medical Information Bureau, and other major and minor institutions that affect privacy rights and interests. In addition, Bob Smith is the author of several useful books on privacy as well as several basic reference works. His compilation of privacy laws is the only publication of its type. Bob has also written a compilation of privacy horror stories and a directory of privacy professionals and advocates. Bob Smith has been a privacy advocate/author longer than almost anyone else in the United States or in the world. He is a regular speaker on the privacy circuit. He is a valuable resource to the privacy community. + + + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman rgellman@cais.com + + Privacy and Information Policy Consultant + + 431 Fifth Street S.E. + + Washington, DC 20003 + + 202-543-7923 (phone) 202-547-8287 (fax) + + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 01 Sep 1995 23:41:24 -0400 Subject: Re: Computer Privacy Digest Outrage Organization: America Online, Inc. (1-800-827-6364) I have been a Privacy Journal subscriber for over 6 years, and have found it to be accurate, insightful, and informative concerning the future directions that privacy issues will take. I see no reason why the contents of this well respected and and often cited newsletter is being denied to readers of this group. -- Bob Bulmash, President - Private Citizen, Inc. [moderator: I have posted everything that Mr. Smith has submitted except his requests to post the table of contents of his journal. I indicated that these had insufficient content to be posted repeatedly. He hs in fact posted more that half a dozen times with good content. I have no problem with that. I regularly post announcements of new journals and that seems to be the trigger for his complaint. I will continue to post everything with content that he submits and will be glad to give him the last word on this issue if he wishes to respond.] ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 02 Sep 1995 20:42:38 GMT Subject: Re: PharmaNet - Abortion Drugs Organization: The National Capital FreeNet, Ottawa, Ontario, Canada This came up in BC.GENERAL so I thought I'd cross post to related groups. John Maxwell (jmax@wimsey.com) writes: So this morning, listening to good old Hal Wake on CBC AM, two news stories caught my ear in how much they seem to have to do with one another, yet so seemingly unconnected. Item 1: An article is published in the New England Journal of medicine saying that two regular presription drugs, having little or nothing to do with contraception, when taken in combination, produce an abortion-inducing effect hat works as well or better than RU234. Item 2: PharmaNet goes online. Hal has a little back-and-forth with the head guy from PharmaCare and the province's privacy watchdog. They talk about the issues of safety and privacy. It is explained that one of the greatest benefits of the pharmanet system is that it will catch dangerous combinations of drugs. Hmmmm. Given that we've already seen personal-records databases abused by anti-abortion protesters (last year's licence plate search by that cop), doesn't this all sound rather worrisome? I didn't hear the head to head discussion between Privacy Commissioner David Flaherty and Mike Corbeil of Pharmanet, but someone who did told me that the Commissioner predicted he and Mr. Corbeil would be talking to each other and the media within a year about a "how could this have happened" incident. He also pointed out to Mr. Corbeil the difference between confidentiality and privacy, something that staff in the Information and Privacy Branch (independent of Privacy Commission office) have also commented on in public. I have the impression that this initiative is not highly thought of elsewhere in the BC Government. Commissioner Flaherty has also pointed out that he has dealt with more than a six pack of medical records related privacy invasions in the past year. No end seems to be in sight. The justification for the program seems to rest on a claim that $30 million in fraud could be avoided each year. The BC Civil Liberties Association looked into that claim in detail and found out that there was already a "triplicate presription system" that very effectively dealt with the problem of people going to multiple doctors and getting prescriptions for drugs that could be resold illegally. On a related topic, another aspect is that the BC government program has adopted something called reference based pricing, where they will only pay for the cheapest drug in each category that they consider medically effective. There was a promise that individuals who don't respond optimally to the discount drugs can have their doctor write a letter to the program and get more expensive drugs covered. An angina patient who tried this went to the news media after he got rejected. They stuck the letter in front of the camera long enough for his name, address, and Personal Health Number to be read by viewers. Somehow I doubt that either the reporter or the patient considered that this is enough data for someone to get medical service and some no cost prescriptions. Paying for your own prescriptions is not an option for avoiding this big brother at the pharmacy scheme. In fact there has been some discussion that people should be happy with it because it will automatically check for employment health benefit coverage for people who haven't reached their deductible limit on the universal plan. Ie. you go to the pharmacy, and the pharmacist gets information about your employment status and the related benefits at the same time that he passes the prescription data along to the benefits administration. I haven't had a personal opportunity to see this in action myself. I'm also slightly disappointed that I won't be needing the oral surgery my dentist has been trying to talk me into for the past 5 years. There is no requirement for giving a PHN, address, birthdate or Medical Practitioner number in that case. Twenty plus years of dental records should provide all the ID the dentist needs on me. He'd wanted me to get "crown lengthening" so he could do a crown before what was left of a tooth split off. When it finally went he had a look and decided I don't need it. Things just never seem to work out right for me.:-) ------------------------------ From: "Prof. L. P. Levine" Date: 11 Aug 1995 09:39:43 -0500 (CDT) Subject: Info on CPD [unchanged since 08/01/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the SUBJECT: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit or append to the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Mosaic users will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #019 ****************************** .