Date: Fri, 01 Dec 95 15:39:02 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#047 Computer Privacy Digest Fri, 01 Dec 95 Volume 7 : Issue: 047 Today's Topics: Moderator: Leonard P. Levine Re: SSN for CA DL renewal Re: SSN for CA DL renewal Re: SSN for CA DL renewal Re: SSN for CA DL renewal Re: SSN for CA DL renewal Privacy and Police Computers Small Errata Re: Act Now to Stop the Religious ... Re: Act Now to Stop the Religious ... Re: Telemarketing Re: Telemarketing Re: Telemarketing Re: First Interstate Bank's Inkless Fingerprint Program Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: morris@grian.cps.altadena.ca.us (Mike Morris) Date: 29 Nov 1995 00:37:12 GMT Subject: Re: SSN for CA DL renewal Organization: College Park Software, Altadena, CA Ron Richter writes: I was wondering if anyone knows what the deal is regarding the Social Security Number that was required to be disclosed to the Department of Motor Vehicles for the state of California... I had to disclose mine when I got my license renewed, but now it seems that all they can do is have you show some form of verification instead of requiring one to give it... My impression was like where you write a check somewhere and they can no longer write your credit card number down on the check, but can ask and accept the viewing of it as an additional form of ID As for name and signature and possibly, implied creditworthyness... The story that I was given by a L.A. County Sheriff Deputy who is a family friend is that they are crosschecking with other states to find drivers with multiple drivers licenses. Apparently there are drivers (especailly long-haul interstate truck drivers) who have had their licenses yanked in state "A" due to drubkeness, drugs, accidents, failure to appear notices, etc. then go to state "B", use a slightly different form of their name ("Dave Smith" vs "David J. Smith", for example) and get a new license. The deadbeat dads line was used as a political ploy to get federal approval. -- Mike Morris morris@grian.cps.altadena.ca.us #include I have others, but this works the best. This message assembled from 100% recycled electrons (and pixels). ------------------------------ From: Robert Ellis Smith <0005101719@mcimail.com> Date: 28 Nov 95 15:25 EST Subject: Re: SSN for CA DL renewal I am supplementing Robert Gellman's explanation of requirements concerning Social Security numbers. As he said, current federal law (it's an amendment to the 1974 Privacy Act) PERMITS state motor vehicle departments to demand it. The welfare reform bill passed by both houses (but stymied in an impasse with President Clinton's plan to veto it) (Sec. 517 of HR 4) will REQUIRE DMVs to demand the SSN. It will not necessarily require that DMVs display the number on the license but this is permitted in most states (California is an exception). The same welfare reform bill will require SSNs on marriage and divorce papers, and on applications for any professional or other license issued by a state. The immigration bill (HR 2202) and the Senate equivalent, both in the judiciary committees, would require employers to call a toll-free number to verify the validity of a SSN presented by any applicant for employment. (A one-percent error rate in that da tabase will deprive 650,000 Americans of jobs they otherwise qualify for.) Readers of the Digest should write or call their Members of Congress and comment on these proposals. A 1993 law in effect will require you to provide SSNs for everyone in your household to your employer next January; your employer will report this to a new Medicaid database in Washington. The rationale for the welfare reform provision is catching deadbeat parents; the rationale for the immigration bill is barring undocumented immigrants from working; the rationale for the 1993 law is to catch people filing Medicare claims that should prope rly be paid by their private health insurance. As Bob Gellman said, no law prohibits private businesses from demanding SSNs, except in PRIVACY JOURNAL's home state of Rhode Island. And no law says that you must provide an SSN to a private business. The best way to stay up to date on all of this is to get PRIVACY JOURNAL's monthly electronic edition. It's available at a special discount to Computer Digest readers. So are our books telling you what your privacy rights are. Robert Ellis Smith Privacy Journal 0005101719@mcimail.com 401/274-7861 ------------------------------ From: mitcht@alaska.net (Mitch Thompson) Date: 30 Nov 1995 16:22:41 GMT Subject: Re: SSN for CA DL renewal Organization: Internet Alaska Inc. halfbree@rapidnet.com had the following to say about That is an intresting statement as South Dakota and several other states use your SSAN as the Drivers License #. When I was a resident of Arkansas, I even had to pay for the changeover from unique DL number to my SSN as my DL number. My current Alaska DL has a unique license number, as well as my SSN printed on it. Being a member of the military, it gets pretty laughable when they keep reminding you of the Privacy Act of 1974 regarding SSNs, then you have to give your SSN out almost everywhere you go. Of course, you can refuse, but there's also the statement regarding refusal of service in return. -- Mitch Thompson, Anchorage, Alaska USA|| In memory of Yukla 27 My public PGP key is available From: pgp-public-keys@pgp.iastate.edu Subject: GET mitcht@alaska.net PGP Key fingerprint = 1C 4E 12 29 4C 6D 29 90 8F B6 0B 2F 42 71 B6 4E A2000/GForce030/40MHz/8M/121M/ZIP/PicassoII/A2320 sooper-screamer Amiga! "Christians aren't perfect, just forgiven!" ------------------------------ From: Bill McClatchie Date: 20 Nov 1995 08:39:04 -0500 Subject: Re: SSN for CA DL renewal halfbree@rapidnet.com writes: That is an intresting statement as South Dakota and several other states use your SSAN as the Drivers License #. I just recieved my notice that its time to renew my Drivers License in VA. When I first got my license I took the option of getting a seperate DL Number than my SS#. My renewal card includes the option of not showing your SS# on the DL. -- Bill McClatchie wmcclatc@nox.cs.du.edu http://nox.cs.du.edu:8001/~wmcclatc ------------------------------ From: ruthann@mitre.org (Ruth Ann Brasie Valentine) Date: 30 Nov 1995 13:44:20 -0500 Subject: Re: SSN for CA DL renewal Organization: MITRE halfbree@rapidnet.com wrote: That is an intresting statement as South Dakota and several other states use your SSAN as the Drivers License #. When I renewed my Mass. DL two years ago, they had a sign that strongly suggested requesting a new non-SSAN. I was already going to ask for another number anyway. The clerk told me that eventually no one in MA would have SSAN as DL number, that the new "random" numbers would be issued in all cases. -- All opinions and ideas were generated independently by me. ------------------------------ From: taxhaven@ix.netcom.com (Adam Starchild ) Date: 28 Nov 1995 23:26:39 GMT Subject: Privacy and Police Computers Organization: Netcom When the police in West Windsor, New Jersey arrested Mauro I. Donis last January, it was not because they observed Mr. Donis violating any laws, but because a patrol car computer scanner determined that he had a suspended driver's license. Now, the scanners have become the focus of a novel lawsuit in which Mr. Donis argues that the police singled him out arbitrarily without reasonable suspicion or probable cause, and that the subsequent computer inquiry into his driving and criminal records amount to an illegal search. The case, which is winding its way through the Appellate Division of the New Jersey Superior Court is the latest of a small but growing number of legal actions challenging police use of computer scanners, or mobile data terminals. It is yet another chapter in the larger debate over just how far high-tech policing can go without trampling over people's constitutional rights. Some of these machines are marvels of technology: long-range eavesdropping devices that placed in a briefcase, pick up conversations a football field away, or infrared radar monitors that, mounted on a car, can detect weapons on a person a half-mile away. For law enforcement officials, they are new-generation weapons in the war on crime that enable the police to better protect the public, even at the expense of a little privacy. But for civil libertarians, they conjure up new Orwelloian images of Big Brother armed with technologies that are subject to abuse and prone to error. The availability of modern technology to law enforcement may require some rethinking of the Fourth Amendment rules governing the police. Where the mobile data terminals fit into this debate is just starting to unfold in the courts. Last year, the Arizona Supreme Court ruled that a clerk's failure to delete an expired warrant for Isaac Evans which led to Mr. Evan's arrest and the subsequent discovery of marijuana in his car required the suppression of the marijuana evidence. In March, the United States Supreme Court reversed that decision in Arizona v. Evans, concluding that computer mistakes should not hamper the good-faith efforts of police. But in July, the Florida Supreme Court ruled in a separate case that a computer error made by the police, not a clerk, necessitated the suppression of evidence. In New Jersey, there have been at least three cases in which motorists who were not observed to be violating any laws were nonetheless arrested based on information obtained through computer scanners. In one, State v. Lovenguth, a plea bargain was struck; the other two, State v. Donis and State v. Lewis, are expected to be argued before the state's appellate division in the next month or so. Law enforcement officials rave about the computers. Instead of communicating via radio, officers can type license plate numbers into their car computers and gain instant access to the appropriate records. Perhaps only 10 percent of the nation's police departments have the computers, which cost $15,000 each, but more will likely follow as that cost declines. The technology is ripe for abuse. Terminals may contain erroneous information or may be compromised by computer hackers. The police could discriminate against minorities, the poor or those whose appearance they do not like by singling out neighborhoods or people. Adam Starchild has written over 20 books, and hundreds of articles, on financial privacy and legal matters, over the past twenty years. Sample chapters of some of his current works on financial privacy are available on the Worldwide Web at http://www.catalog.com/corner/taxhaven ------------------------------ From: Scott_Wyant@loop.com (Scott Wyant) Date: 28 Nov 1995 14:29:16 -0800 Subject: Small Errata I just wanted to point out a couple of minor errors in V7#046. First, it's not Microsoft that's buying up the electronic rights to works of art worldwide -- it's Gates himself through a holding company that is entirely separate from MS. Whether this is a more or less sinister scenario, I leave to you. Secondly, regarding the identity of those who ask us for our "opinions" -- Rob Reiner is Carl Reiner's son, the movie director (and one-time Meathead)who is responsible for, among other things, "This is Spinal Tap" and the current "president" movie with Michael Douglas/Annette Bening. As to whether THESE surveys are "sinister" and should be included here -- I am capable of ignoring them on my own. My objection to the two most recent postings (about the Clipper chip and data encryption) is more that they appear to be attempts to avoid spending time to do basic research. But I'm capable of ignoring them, too. -- Scott Wyant Spinoza Ltd. ------------------------------ From: peter@nmti.com (Peter da Silva) Date: 28 Nov 1995 17:11:00 GMT Subject: Re: Act Now to Stop the Religious ... Organization: Network/development platform support, NMTI Paul Robinson wrote a bunch of stuff saying, basically, "calm down, the government isn't going to come after you...", then he pretty much blows his argument out of the water with: It is technically possible to find every single business in violation of some provision of the antitrust law. Does this mean that people live in fear of it being used against them? No. Most businesses aren't even aware of the law being applicable. The law just sits around until some bright boy decides it's easier to use the law as a club to bash a competitor that they can't beat legitimately in the marketplace. Exactly. And people *will* use these laws to bash folks, silence their opposition on the net, settle grudges, and so on. People abuse bad laws all the time, and saying "this is a bad law, so it's not going to be enforced" just doesn't mesh with the way bad laws are applied and enforced every day. In fact, if you read news.admin.misc you'll see a perfect example of this sort of thing going on right now. -- Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard Bailey Network Management 'U` Sugar Land, TX 77487-5013 +1 713 274 5180 "Har du kramat din varg idag?" USA Bailey pays for my technical expertise. My opinions probably scare them ------------------------------ From: "James Brady" Date: 29 Nov 1995 17:53:35 -0500 Subject: Re: Act Now to Stop the Religious ... Please allow me to comment on a few of the items in this thread: On Shabbir J. Safdar's comments about Paul Robinson's comments: Most of the Internet Service Providers I've spoken to are not afraid of being arrested and sent to jail. That, they can handle. They're more afraid of having their equipment seized and being dragged into a long legal battle which they don't have the money for. In that case, it doesn't help you any if you're right. This is definitely something to be concerned about. Scare tactics won't work with everyone, but they will work with many. This is, exactly, what the law enables. One of the proposals being negotiated right now would give the FCC the power to determine what is "decent" and "indecent" speech in cyberspace. They would then be able to make these decisions through administrative regulations. Putting the FCC in charge of defining speech standards in cyberspace is generally viewed as a bad thing. I whole-heartedly agree. Too many regulations are passed "in entirety" to allow such definitions of basic freedoms to be mixed into the text. The "bad legislation" has been passed by both houses of Congress. It's currently in conference, and if it survives, it will almost surely be signed by the President, since it's attached to the Telecommunications Deregulation bill. Who is on this committee and what are their Internet addresses? Time is wasting... Can the Net as we know it survive the court challenges and the LONG regulatory change process? (When's the last time congress acted quickly on anything outside of National Security?) Kevin Kadow writes: As I've stated in other forums, the question isn't HOW to make the Internet safe for children (one proposed goal of this bill) but WHETHER it should be done at all. The Internet is no longer a publicly funded resource, if the politician's want their own safe and censored network, let them start one for that purpose. I object to _ANY_ governmental censorship of the Net, even though I have a 9-year-old who I'm introducing to cyberspace, and a 5-year-old who I'm sure will not be far behind. Censorship should not replace responsibile behavior, though it is often used for that purpose. And responsible use of the Net and the information gathered from it begins at home with the examples taught by parents. If sexually-curious children are resorting to the Net to get access to porn and other sexual information, then censorship will simply drive them back to the tried and true methods all of us pre-net kids used. Perhaps all this effort would be better spent on getting parents to talk with their children about important matters like sex. This entire argument over censorship seems like just another attempt to legislate-away the symptoms of bigger problems. Bigger problems like: why are parents allowing children unrestricted and, apparently unlimited, access to the Net in the first place? Has the Net taken over the position TV has held for so many years of being the babysitter, particularly for latch-key children? Are these the same parents who complain about the content of TV programming and do nothing to regulate what and how much their children watch? Last I checked, parents were still responsible for raising their children. Let's not delegate that responsibility to the FCC, or even the Congress. Let's stop debating the issue and stop the law instead! -- Jim Brady email: jlbc@qmgate.eci-esyst.com ------------------------------ From: prvtctzn@aol.com (Prvt Ctzn) Date: 28 Nov 1995 19:46:50 -0500 Subject: Re: Telemarketing Organization: America Online, Inc. (1-800-827-6364) Michael Shreeve wrote: My parents have been going on and on about a deal in Florida, under the Department of Agriculture. If you give them your name, a startup fee of $10, and $5 per year, you are off-limits to the lists of the telemarketers. If you get unsolicited marketing calls, you can complain, and the company will lose their license. (Sigh, I would rather have $500 ;-) ) There are certain exemptions for non-profit organizations and others. I am basing this off memory of conversations a couple months old, just reminded of by this thread. I _DO_ like the idea though. Wish it were in my state. Has anyone else heard of this program, and has more details? Michael, You are about right on target concerning the Florida Telemarketing Law. It went into effect (in its current form) on October 1, 1990, and requires all entities which make sales solicitation telephone calls in the state to refrain from calling those Florida residents listed with the state's Dept of Ag. Florida charges residents $10 for the 1st year's listing, and $5 every year thereafter. Some of the differences between the federal Telephone Consumer Protection Act of 1991 and the Florida law are that: 1) Residents have no private right of action against violators 2) Newspapers are exempt because (as I heard from a Florida legislator) the newspapers threatened to "bury" any politician who voted for a bill without the exemption. 3) It does not allow (in theory) even a first junk call from a firm. For more information write the: Consumer Sevices Div. Florida Dept. of Ag Mayo Bldg 2nd floor Tallahassee, FL 32399-0800 Florida has taken some violators to court, and then taken their money. I beleive the last tally was over $40,000; some came from a well known long distance service. -- Robert Bulmash Private Citizen, Inc. 1/800-CUT-JUNK ------------------------------ From: morris@grian.cps.altadena.ca.us (Mike Morris) Date: 29 Nov 1995 00:29:38 GMT Subject: Re: Telemarketing Organization: College Park Software, Altadena, CA fyoung@oxford.net (F Young) writes: Sounds like a good idea. But how do we "prosecute" a telemarketer? Say my name is on the "don't call me" list, then a telemarketer calls, not once, but twice. Now what do I do? I have to prove in Court that the telemarketer has been notified with the list, then I have to establish an amount for the "damage." How do I convince the judge that I suffered $x of damage because so and so called me over the phone? I'm not a lawyer, so maybe I've missed something? Will someone care to enlighten me on this? Slightly off topic, but ... I don't know all the details of this story, and I have no way to contact the person who told me (he's deceased), but I was told a story by an acquaintance who was getting called about once every 4 to 8 weeks by his local paper to subscribe. He had a completely legal computer and network consulting business, which he operated out of his house. He had several 24 hour accounts who could call at any hour, and his business line was forwarded to his cellphone when he wasn't home. He got tired of receiving calls from various telemarketers but the local paper was his pet peeve. He tried asking them politely to add his name to the "don't call" list, he sent letters, etc. Still, he'd get calls from them. He one day decided that enough was enough, and went down to the local public library and looked up the name of the employee at the paper who was authorized to receive legal notices (yes, there's a term for it, but I forget what it is). He sent that person a letter, on his company letterhead, with a return receipt requested, stating that due to the frequent calls he ahd received from their company requesting answers to their problems that he had created an open account for them, at a special reduced hourly rate (with a 2 hour minimum, at $50 per hour) and would they be kind enough to provide him with the address to send the invoices? The story goes that the newspaper employee didn't read the letter sufficiently and send back a canned letter on letterhead, providing the vendor billing address, contact name, etc. My acquaintance rubbed his hands with glee, and waited for the next call.... It came. He sent an invoice listing the date, time, name of the person he talked to, and a request for $100, offering a 2% discount for payment within 10 days, and 18% per annum on unpaid invoices. All strictly legal and per his companys standard practices and billing. Needless to say he got their attention. But he also collected. Once. No more calls. -- Mike Morris morris@grian.cps.altadena.ca.us #include I have others, but this works the best. This message assembled from 100% recycled electrons (and pixels). ------------------------------ From: fyoung@oxford.net (F Young) Date: 28 Nov 95 20:43:28 EST Subject: Re: Telemarketing Michael Shreeve writes: My parents have been going on and on about a deal in Florida, under the Department of Agriculture. If you give them your name, a startup fee of $10, and $5 per year, you are off-limits to the lists of the I've heard of something like that here in Ontario. It could have been just a rumour and I had no interested in researching it further at the time. It does sound like a good idea, but why do we have to pay so we won't get bothered, and why are non-profit organizations exempted? IMO, the telemarketing associations should volunteer to pay for maintaining such lists. ------------------------------ From: "John E. Bredehoft" <72604.2235@CompuServe.COM> Date: 29 Nov 1995 07:13:38 GMT Subject: Re: First Interstate Bank's Inkless Fingerprint Program Organization: CompuServe, Inc. (1-800-689-0736) jdav@mcs.com (Jim Davis) writes: federally-mandated program, this would open the way for a national welfare database. I'm not sure of the status re: FBI standards for digital fingerprinting, but once those are in place, I should think we will see vendors supporting those standards, so we might/probably will see a convergence in storage techniques, and merging of databases. Regarding standards: there is an ANSI/NIST standard dated 1993 for the exchange of fingerprint data, which generally defines the types of records (descriptive information, binary images, grayscale images, etc.) for fingerprint storage. For criminal applications, the FBI has developed an Electronic Fingerprint Transmission Specification, based upon the ANSI/NIST standards. However, this is especially targeted toward criminal work. Speaking on my own here (and not for my employer), I don't forsee any welfare standards any time soon. Such a standard-setting would need to be driven by an external force, in the same way that the FBI is setting standards for criminal fingerprinting. The companies are not going to set standards on their own... -- John E. Bredehoft 72604.2235@compuserve.com ------------------------------ From: "Prof. L. P. Levine" Date: 22 Nov 1995 14:25:54 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #047 ****************************** .