Date: Sun, 26 Nov 95 09:46:51 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#045 Computer Privacy Digest Sun, 26 Nov 95 Volume 7 : Issue: 045 Today's Topics: Moderator: Leonard P. Levine Re: Phone Number Privacy Re: Phone Number Privacy Re: GE Capital Offer of Personal Information Re: The Privacy Act and SSNs Re: United Way uses SSN now Re: Telemarketing Re: Stopping Junk Mail Gary, Settle down Re: Copyright Notice Do We Need New Health Privacy Laws Re: Act Now to Stop the Religious ... Survey on Privacy in Business Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: halfbree@rapidnet.com Date: 23 Nov 1995 05:01:18 GMT Subject: Re: Phone Number Privacy Organization: Very Little night@acm.rpi.edu (Trip Martin) writes: One thing that is available in my area (518 area code) is call return blocking. It means that if I call someone, they can't call me back by using *69. I don't know if this is available in other areas, but it's worth asking about for those who are concerned about it. And do you have to PAY extra for this feature? If it's free than fine, but if you have to pay, then seems like double payment for folks who have all ready payed extra money for an unlisted number? -- The Halfbreed ------------------------------ From: Steve Mitchell Date: 23 Nov 95 13:10:46 -0800 Subject: Re: Phone Number Privacy To the best of my knowledge, *69 does not work outside of your local calling area. *67 does not prevent call back in the Mid-Atlantic area. This has been a problem for answering services who often are blamed for giving out a client's phone number. It took a while for people to realize that *69 was the culprit. You might consider having your answering "patch" these calls to you. This way, if your caller hits *69, the answering service will get the call and can relay to you again if necessay. This would be a protection for both of you. -- Steve Mitchell Regional Manager TElescan Corporation [moderator: My understanding now is that in some areas *67 forbids the use of *69 and in some areas not. I also understand that new federal rules will require that *67 will forbid *69 so that much of the concern that I first brought to this list will be cancelled. It is correct that *69 will only work for local calls, so you do not find yourself making a call to a pizza joint in Tahiti by using it.] ------------------------------ From: maillist@dazed.nol.net (Al Johnson) Date: 24 Nov 1995 11:02:58 GMT Subject: Re: GE Capital Offer of Personal Information Organization: Networks On-Line, Houston JF_Brown@pnl.gov (Jeff Brown) wrote: mod@world.std.com says... My mortgage is held by GE Capital Mortgage Services. ...snip... I recently received an offer from them whereby I'd pay $5 a month for the "privilege" of getting allegedly current reports on our credit, driving, Social Security and medical histories, including the ability to correct errors and discrepancies. ...snip... What are the risks in my subscribing to this service? What information do they request from you? Do the reports come directly to you or through them? (i.e., who gets to see the information on them) You could get all the information yourself, but the $5 you pay them might be worth saving you the time. Your choice. Also, you'll probably have to sign over the right for them to access your personal information, from where-ever your personal info might be located, such as hospitals and insurance companies. They may be planning on reselling this info after collecting it and forwarding it to you. I'll gaurantee you that they will not simply forward your personal info to you without first keeping a copy for themselves, especially since the data will most likely be in digital form. ------------------------------ From: Robert Gellman Date: 23 Nov 1995 00:58:19 -0500 (EST) Subject: Re: The Privacy Act and SSNs An earlier posting discussed the Privacy Act of 1974 and its SSN provisions. Some of the information posted was incorrect. The relevant section of law is Public Law 93-579, Section 7. You can also find this at 5 USC 552a note. The law states that it is unlawful for any federal, state, or local government agency to deny anyone any right, benefit, or privilege provided by law because of a refusal to disclose a SSN. There are exceptions for federal statutory requirements and for disclosures that were required by law or regulation in existence before January 1, 1975 (a grandfather clause). Agencies that request disclosure of the number must inform the individual whether the disclosure is mandatory or voluntary, the authority for the soliciation, and how it will be used. That is the entire provision. There is no enforcement language in the section. There have been some successful civil cases filed using this section as authority. There are other federal laws that require the disclosure of SSNs. I believe that if you engage in any transaction that results in the payment of taxable income (e.g., interest on a bank account or wages), the tax code requires you to disclose your SSN. In addition, the Selective Service is authorized to collect SSNs for draft registration, although I do not know if disclosure in mandatory. I suspect that it is. In addition, other federal law authorizes states to use SSNs for welfare, tax, and motor vehicle purposes. States can require disclosure of SSNs for these purposes. There are probably some other exceptions to the SSN provision of the Privacy Act that I don't know about. I believe that current bills in Congress will require everyone to disclose their SSN for any transaction with the federal government and to state departments of motor vehicles. I don't have the details and I cannot confirm this. Actually, I believe that the proposed motor vehicle provision will require states to collect the SSN. Maybe someone else knows and can post the bill numbers and details. Section 7 of the Privacy Act does not apply IN ANY WAY to private businesses. A business may ask for your number if it chooses. You may not be required to disclose it in all cases, but there are some statutory requirements like the tax code. Basically, except for those laws that mandate disclosure, there is no federal legislation on the disclosure of your number. If there is no law, then it is up to you and to the requester. There are NO criminal penalties that apply when SSNs are requested by government agencies in violation of section 7 of the Privacy Act. Similarly, I know of no criminal penalties that apply to requests from private businesses. Finally, while I am most sympathetic to those who try to keep their SSN secret, be aware that it is not difficult to obtain almost anyone's SSN from private, lawful information companies. Credit bureaus have SSNs for most consumers. There is at least one company that has a Web page offering SSNs for $7.50 a pop. Someone with your SSN and an attitude can do lots of damage to you. No question about this. But SSNs are not exactly secret numbers. + + + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman rgellman@cais.com + + Privacy and Information Policy Consultant + + 431 Fifth Street S.E. + + Washington, DC 20003 + + 202-543-7923 (phone) 202-547-8287 (fax) + + + + + + + + + + + + + + + + + + + + + + + + + + ------------------------------ From: fyoung@oxford.net (F Young) Date: 23 Nov 1995 18:48:10 GMT Subject: Re: United Way uses SSN now Organization: North Norwich Telephone wrf@ecse.rpi.edu (Wm. Randolph U Franklin) writes: doesn't know my SSN, unless I contribute. Gee, that's a dilemma: should I give away money and thereby spread my SSN around, or keep my money and also keep my SSN a little more secret? If the urge to give money to the United Way is so strong, then I would discard the form and send a cheque to United Way directly, or white-out your SSN, make a photocopy of the form then send it in. ------------------------------ From: fyoung@oxford.net (F Young) Date: 23 Nov 1995 18:48:13 GMT Subject: Re: Telemarketing Organization: North Norwich Telephone anonymous writes: wish to be telemarketed. Then, rather than rely on local or state law enforcement to prosecute offenders, allow the individual the ability to prosecute the offender through small claims court. Any reactions to this idea? Thanks. Sounds like a good idea. But how do we "prosecute" a telemarketer? Say my name is on the "don't call me" list, then a telemarketer calls, not once, but twice. Now what do I do? I have to prove in Court that the telemarketer has been notified with the list, then I have to establish an amount for the "damage." How do I convince the judge that I suffered $x of damage because so and so called me over the phone? I'm not a lawyer, so maybe I've missed something? Will someone care to enlighten me on this? ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 23 Nov 1995 22:14:14 -0500 Subject: Re: Stopping Junk Mail Organization: America Online, Inc. (1-800-827-6364) YES, you have the right, under federal law to prohibit any advertiser from sending you anything through via the USPS that avertises anything you consider offensive. See 39 USC sec.3008 on a happier note: Did you guys watch DateLine NBC on November 15, 1995? If you did, you'd of seen that handsome devil, Bob Bulmash, president of Private Citizen, Inc. and two members of Private Citizen who took thousands of dollars from telemarketers who called in defiance of their previously expressed will. It's easy, and joining Private Citizen help in substantially reducing your junk call burden. -- Robert Bulmash Private Citizen, Inc. 1/800-CUT-JUNK ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 23 Nov 1995 12:07:08 -0500 Subject: Gary, Settle down Organization: America Online, Inc. (1-800-827-6364) I had posted the following in comp-privacy: Private Citizen, Inc. will notify over 1400 national and local telemarketing relatred firms of your `do-not-call' request, and send you a list of the firms we notified. Also included in your notification, will be an offer to allow those firms to tele-solicit you on a `for hire' basis of $500 per call. I recieved the following response from Gary McGath: Well, now I understand your desire for laws that would allow government monitoring of E-mail in the name of "privacy"; it would be a whole new market for you. This is an official instruction, and valid according to your own interpretation of the law: DO NOT SEND ME ANY E-MAIL AT ANY TIME IN THE FUTURE. IF THE COURTS UPHOLD A LAW UNDER WHICH YOU CAN BE PROSECUTED, I WILL PROSECUTE. My response to Gary is as follows: Gary, Gary, Gary... you litigious little lad, Their is no legislation, at present, that allows you to sue me for e-mailing a simple message to you in defiance of your previously expressed will Nevertheless, I will respect your wishes... because that is your wish, and I feel no compulsion to offend you. But you still don't get it. The mechanisms Private Citizen uses to Cut Junk calls and Cut Junk snail-mail is not based solely on statute, but rather a common legal theory, in existance well before your great-great-grandparents were born. Next time, please take a moment to understand what you think you understand, before you express yourself. If you like, I will be happy to e-mail you a Private Citizen Authorization Form By reading it, you WILL understand that theory. (I hope). But you'll have to ask nice. -- Robert Bulmash Private Citizen, Inc. 1/800-CUT-JUNK ------------------------------ From: gmcgath@condes.MV.COM (Gary McGath) Date: 24 Nov 1995 12:23:06 GMT Subject: Re: Copyright Notice Organization: Conceptual Design halfbree@rapidnet.com wrote: Now that makes sense! However I believe the ownership of the actual material; ie; tape, paper, book, vidio, or so on would enter into the question as to who owns the copyright. The original author or owner of the copyright may have bartered his/her rights to the copy right away to another. Simply not true, at least under normal circumstances. Here's an example with which I have experience, and about which I have talked with professionals who understand the legal ramifications: At science-fiction conventions, various people will sing in concerts or at open singing sessions known as "filksings" (with an i). Often a recording engineer will be brought in to record these for possible later release on small-run tapes. The recording engineer does not thereby acquire the rights to the song. The recording company must obtain permission from the performer and from the author (or, in the later case, can in certain circumstances use what is called a "mechanical license," which entails paying a legally fixed amount to the copyright holder of the song). Only if there is an explicit agreement between the person creating or performing the work and the person providing the medium is there any transfer of rights. -- Gary McGath gmcgath@condes.mv.com http://www.mv.com/users/gmcgath ------------------------------ From: jwarren@well.com (Jim Warren) Date: 24 Nov 1995 14:44:34 -0800 Subject: Do We Need New Health Privacy Laws Seems like someone should answer this ... to the large FOI-L list; *not* to me, please. :-) -- jim From: BRODELLJ@MSCD.EDU Date: 24 Nov 1995 12:00:06 -0600 Sender: State and Local Freedom of Information Issues Subject: do we need new health privacy laws To: Multiple recipients of list FOI-L The long posting on health privacy legislation are welcome. However, it seems to me that the laws that alrady are in place are being violated because of need and money. Would not national privacy legislation create more federal bureaucracy that eventually would become self-serving and expansive? What is the fundamental justification for keeping health information private anyway? particularly since so much federal and state money is wrapped up in health care. Why should not health records of individuals treated with public funds and/or at public facilities be public? This is a serious question that requires a serious answer. "because you will be invading their privacy" just won't cut it. What is the fundamental (non-circular) reason we should have privacy of medical records, particulalry are they relate the the expenditure of government funds? -- Jay Brodell brodellj@mscd.edu ------------------------------ From: Paul Robinson Date: 26 Nov 1995 09:14:26 EST Subject: Re: Act Now to Stop the Religious ... Organization: Tansin A. Darcos & Company/TDR, Inc. Silver Spring, MD USA CAMPAIGN TO STOP THE EXON/COATS COMMUNICATIONS DECENCY ACT The Religious Right has proposed shutting down speech on the net more tightly than ever before. Their activities could succeed, resulting in Internet providers screening your mail, postings, and conversations to avoid criminal liability. There is a very real chance that this legislation will pass, and we will experience a period of uncertainty and chilling of speech while an appropriate test case attempts to reach the Supreme Court (should it even get there!) To me, it seems, this sort of hysteria and fear-mongering serves no useful purpose, since it apparently ignores reality. 1. There has never been an (anti) abortion law passed since _Row v. Wade_ that went into effect until a substantial amount of time after it was passed. Why? Because the courts would suspend the effect of the law until the issue was tried in court, seeing that the law would clearly be in contravention to that case. 2. What does this have to do with the above proposed law? While the courts have generally taken the stand that most laws passed by congress are constitutionally valid, when it comes to restrictions on speech and press, the courts have generally taken the exact opposite stand, that a restriction on speech is generally invalid lacking a foundation that there is some damn good reason to allow such a restriction. This would take a considerable amount of time. 3. Most laws which are created in Congress never even get very far. Mostly these laws are written for bargaining points, or for political capital, since someone can say they are attempting to be "tough on..." something the voters don't like, even if the law never gets out of committee. I would be more concerned if this was regulation to be passed which was to appear in the {Federal Register}. Most of that _does_ get passed, and, because of the Administrative Procedure Act of 1949, _has_ the force and effect of law in most cases. 4. I suspect those who are reporting the law are misstating what it actually says, either accidentally or on purpose. During protests over the motion picture "The Last Temptation of Christ," people were protesting over some issues that they claimed were degraded or defamed by the movie. My brother, who saw the film, said that some of the things that they complained about weren't even in the film. I am not saying the law isn't providing exactly what the original poster alleges that it does. I am just wondering what their biases are. 5. Why is it that it is presumed to be some organization or group called the "religious right" that wants this sort of law passed? I guess because it is "Politically Correct" to bash on that group. Or perhaps the poster didn't think "Skinhead Neo-Nazis" or "Fascists" was a strong enough term this week. I am usually very suspicious when someone blames some named group or alleged class as being responsible for something. It's an attempt to use "splinter politics" where one group is pitted against another, distracting people from more serious issues and allowing those to be passed along without people noticing or paying attention. 6. Common Carrier law has an incredibly long history - hundreds of years - the rules go back to the creation of the term in the 1400s. I find it highly unlikely that the entire system of common carrier law, which includes lack of liability for content, is going to be trashed. To hold a system operator such as AOL or Compuserve liable for the material transmitted over their facilities when they have no knowledge or awareness of this content means that AT&T could be held liable for messages in voice-mail using their "store and forward" system which is available by dialing *123 when placing a telephone call that doesn't complete. This would be ridiculous, and it would overrule hundreds of years of settled case-law as well as make a mess. 7. Further, it would not just be applicable to Prodigy, or MCI, if it applies to those who transport "message traffic" or electronic material, then it is applicable to Federal Express and UPS, too! (A CD-ROM, a diskette or a book with the above probably qualify too, if the law is written as sloppily as the writer apparently claims it is.) 8. In short, first this bill must be passed by both houses of congress, then signed by the President, then survive the inevitably certain court challenges, then, and only then - assuming there hasn't been significant public outcry to have the law repealed - is there anything to worry about, if there is at all, that is. 9. This also presumes people don't implement new ways to go around the law, such as using gateways in other countries, using ftp sites to allow people to take material, using mailing lists through remailers, and other things. Unless the sender can be identified, and traced to somewhere in the U.S., there is no means to enforce the law no matter how strict it is. 10. There are lots of ridiculous laws on the books that, if enforced at face, would effectively grind society to a halt: As it stands, now, under the Robinson-Patman antitrust laws, if a party sells something at a price higher than their competitors do, this is de-jure evidence of an illegal monopoly (or they could not get a higher price). If they sell at a price less than their competitors, this is de-jure evidence of an illegal attempt at destructive competition and/or the establishment of an illegal monopoly. If they sell at the same price, that's PRICE FIXING and it's also illegal! It is technically possible to find every single business in violation of some provision of the antitrust law. Does this mean that people live in fear of it being used against them? No. Most businesses aren't even aware of the law being applicable. The law just sits around until some bright boy decides it's easier to use the law as a club to bash a competitor that they can't beat legitimately in the marketplace. 12. I would seriously doubt that the bill, if it even becomes law, would mean much of anything, anyway, there is too much material being transmitted to have such a law be effective. It would most likely become just another law that is only enforced if someone complains, or plainly is ignored and isn't enforced at all, like the one that makes consentual oral sex between husband and wife in the privacy of the bedroom of their home, if in the Commonwealth of Virginia, a felony punishable by imprisonment exceeding three years. For both of them. -- Paul Robinson General Manager Tansin A. Darcos & Company/TDR, Inc. "An employee owned company" --- Among Other things, we sell and service ideas. Call 1-800-TDARCOS from anywhere in North America if you are interested in buying an idea to solve one of your problems. ------------------------------ From: robrienr@aol.com (ROBRIENR) Date: 22 Nov 1995 19:14:10 -0500 Subject: Survey on Privacy in Business Organization: America Online, Inc. (1-800-827-6364) Please complete survey and E-mail reults to ROBRIENR@aol.com SURVEY PRIVACY IN THE WORKPLACE PERSONAL INFORMATION Please check the statements that best describes yourself: Student _______ Part-time employee _______ Full-time employee _______ Manager or supervisor _______ Please rate the following types of employee monitoring by business to your extent of approval. Please use the comment space to elaborate on your response. 1. Business responding to outside request for information about employees. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 2. Business administering lie detector test to employees. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 3. Business testing for drug use by employees. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 4. Business testing employee for AIDS. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 5. Business using secret video surveillance cameras. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 6. Business monitoring employee phone calls. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 7. Business monitoring employee E-mail. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 8. Business requesting credit checks on employees. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 9. Business requesting preemployment mental and health screening. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ 10. Business requesting genetic testing of an employee to determine if the employee is predisposed to certain medical conditions. Approve _____ Indifferent _____ Disapprove _____ Comment:_________________________________________________________ ------------------------------ From: "Prof. L. P. Levine" Date: 22 Nov 1995 14:25:54 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #045 ****************************** .