Date: Wed, 20 Dec 95 10:42:02 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V7#052 Computer Privacy Digest Wed, 20 Dec 95 Volume 7 : Issue: 052 Today's Topics: Moderator: Leonard P. Levine Re: Avrami Case Why Internet don't really work in France? French Authorisation puts People into a Secret File Re: BC Commissioner Upholds Severing of Voter Addresses Re: Employer Abuse of Private Voicemail Re: Privacy Issues and Java Re: Unsolicited email Advertising Re: Unsolicited email Advertising SSN Shown On Payments by Intuit's Banking Service Re: Copyright Notice Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: prvtctzn@aol.com (Prvt Ctzn) Date: 16 Dec 1995 01:11:43 -0500 Subject: Re: Avrami Case Organization: America Online, Inc. (1-800-827-6364) On November 27 Ram Avrahami appeared in Arlington district court to pursue his claim against US News & World Report. Mr. Avrahami is charging that the magazine violated his property rights when it sold his personal information to another publication without his permission. I wonder if the `respected' US News & World Report, will report the news of its hammer blows against those who seek to protect their privacy. -- Robert Bulmash Private Citizen, Inc. 1/800-CUT-JUNK ------------------------------ From: JeanBernard_Condat@eMail.FranceNet.fr (JeanBernard Condat) Date: 18 Dec 1995 11:11:05 GMT Subject: Why Internet don't really work in France? Organization: FranceNet Why Internet don't really work in France? December 14th, France Telecom try to explain why all the Internet links in France are all busy. If you own an email address, you can use a Minitel terminal (X.25 gateway like 3616 ALTERN, 3617 EMAIL or 3619 USNET), an X-Windows terminal (Atlass X.400 messaging service from France Cables & Radio) or a poor little micro-computer (TCP-IP accesses via one of the 84 national Internet Service Providers [ISP]) to put a message to another email throughout the world. All the strikes were too hard and Internet become in some days the only way to transmit a document without any delay. Choosing an ISP doesn't be an easy operation. The difference of quality and price are unpossible, it's the same Internet service: THE France Telecom's one. But the user have some uncredible way to choose between the CompuServe, AOL, FranceNet, WorldNet, Imaginet, InternetWay, Mnet, Xon-Xoff, Attmail or Simplenet access. The most use method is funny, crually funny. Imagine a teen looking for an Internet connection via the Minitel terminal offer with the parents phone line. He try with Minitel to access to the best ISP. If you use the 3615 basic videotex access on the Minitel, the INTERNET service is a joke. A joke, because Mr. Valentin Lacambre, a lucky 29-years old business man, possess the 'Internet' trademark for all the French industry. When France Telecom try to use it, Valentin receive some money. When some journalists writte on the Internet media, Valentin note an increasing number of connections on the 3615 INTERNET service (= postmaster@altern.com). Valentin is one of my best friend, the only that really DO business with Internet in my country. Imagine the same teen looking for a micro-computer connection to Internet. If this teen live out of Paris, he generally try to find the correct phone number for the connection. The first available in a teen head will be the transcription of the word INTERNET in a real phone number. In France, the transcription with ABC is 1, DEF is 3, GHI is 4, JKL is 5, MN is 6, PRS is 7, TUV is 8, WXY is 9 and OQZ is zero... permit to have for INTERNET, the phone number: 46837638. If you dial this phone number out of Paris, you never have an answer. My poor teen, dont have any chance... the phone line dont be an ISP, but a private one. The owner is Mr. Francois PERIGNON, living in an little village called La Beaupiniere in Bords, an Charente-Maritines nice place. He receive some hundreds of modem tunes pro days... and never answer! Imagine the same teen living in Paris. The owner of the 46837638 phone line is a student on the Ecole Centrale campus in Chatenay-Malabry. This room have a credit-phone... but the owner of this room dont have money and forget to credit the #638 account. Half of the time, the credit expire and when you call the line, never answer because of the null-credit account. My poor teen (and all the journalist trying to do a connection on the INTERNET number) said all the time: I cannot have a connection. MM. Valentin Lacambre, Francois Perignon and the student of room #638 of the Ecole Centrales campus are the three most influent and lucky persons in France that (dont) permit the unexperiment users to experiment Internet connections. Its the only reason why Internet dont really work in France... -- Jean-Bernard Condat Computer fraud and security consultant (Paris, France) JeanBernard_Condat@FranceNet.FR ------------------------------ From: JeanBernard_Condat@eMail.FranceNet.fr (JeanBernard Condat) Date: 18 Dec 1995 11:11:05 GMT Subject: French Authorisation puts People into a Secret File Organization: FranceNet New official authorisation to put all people in a secret file... November 16th, 1995: In middle of the strike period in France, the Ministry of the Army publish a text dated November 9th giving the authorisation to the Army to put all available data in local files for future uses. The available data mind political, philosophical, religion... opinions of a person called "terrorist" or "victim of a terrorist." :-|] After some hard reactions of certain kinds of persons in France, the French Governmement announce Decembre 16th the complete suppression of this text. Note that the CNIL (Commission Nationale Infortique et Libertes) formed to look at abusive use of laws... have given a positive authorisation to publish the following text... UNCREDIBLE ! Decret n95-1211 du 9 novembre 1995 portant application des dispositions de l'article 31 de la loi n78-17 du 6 janvier 1978 aux fichiers mis en oeuvre par la direction generale de la gendarmerie nationale. Le Premier Ministre, Sur le rapport du ministre de la defense, (...) Vu l'avis conforme de la Commission nationale de l'informatique et des libertes en date du 25 avril 1995 ; Le Conseil d'Etat (Section des finances) entendu, Decrete : Art. 1er. - Pour l'exercice de sa mission, la gendarmerie nationale est autorisee a collecter, conserver et traiter, dans les fichiers regionaux, les informations nominatives qui, etant relatives aux personnes majeures enumerees a l'alinea ci-apres, mentionnent les signes physiques particuliers, objectifs et inalterables comme elements de signalement, ou font apparaitre, directement ou indirectement, les opinions politiques, philosophiques ou religieuses ainsi que les appartenances syndicales de ces personnes. La collecte, la conservation et le traitement des informations enoncees a l'alinea precedent ne peuvent concerner que : 1-- Les personnes qui peuvent, en raison de leur activite individuelle et collective, porter atteinte a la surete de l'Etat ou a la securite publique par le recours ou le soutien actif apporte a des actes de terrorisme definis aux articles 421-1 et 421-2 du Code Penal ; 2-- Celles qui entretiennent ou sont entretenu avec elles des relations durables et non fortuites ; 3-- Les personnes qui sont victimes d'actes de terrorisme ou paraissent etre particulierement exposees a de tels actes. (...) Fait a Paris, le 9 novembre 1995 Par le Premier Ministr ALAIN JUPPE Le ministre de la defense, CHARLES MILLON -- Jean-Bernard Condat Computer fraud and security consultant (Paris, France) JeanBernard_Condat@FranceNet.FR Private phone number: +33 1 41238807 ------------------------------ From: afaulkne@bclands.crl.gov.bc.ca Date: 18 Dec 1995 10:19:26 -0800 (PST) Subject: Re: BC Commissioner Upholds Severing of Voter Addresses Organization: BC Systems Corporation 8. Order I find that the provisions of the Municipal Act apply to authorize the District of Squamish to refuse access to the records in dispute. I also find, under section 22(1) of the Act, that it would be an unreasonable invasion of personal privacy of third parties for the District to disclose the records in dispute to the applicant, and that the District was required to refuse access. Under section 58(2)(b) of the Act, I confirm the decision of the District of Squamish to refuse access under section 63 of the Municipal Act. Under section 58(2)(c) of the Act, I require the District of Squamish to refuse access to the records in dispute to the applicant under section 22. This may have interesting ramifications for the up coming provincial election. The voters list is provided to political parties for their use. Usually that involves merging the name, address, occupation fields with telephone data bought from BCTel. This becomes a very powerful campaign tool, especially when coupled with occupation directed campaigning (e.g. teachers, doctors) and ethnic sub-listing based on last name. I wonder if this usage will still be allowed? -- Andrew Faulkner Applications Analyst, BC Lands Ministry of Environment, Lands and Parks 387-1146 Internet address: afaulkne@bclands.crl.gov.bc.ca ------------------------------ From: fyoung@oxford.net (F Young) Date: 18 Dec 95 14:21:04 EST Subject: Re: Employer Abuse of Private Voicemail There is a homepage for the IPC office in Ontario. I don't have the address within reach, but it should be easy to surf to it. The URL for accessing Ontario government information is http://www.gov.on.ca/mbs/english/index.html OR http://www.gov.on.ca/mbs/french/index.html ------------------------------ From: jeffg@ptp.hp.com (Jeff Gruszynski) Date: 18 Dec 1995 22:29:42 GMT Subject: Re: Privacy Issues and Java Organization: Hewlett Packard Jim Gindling (gindling@cs.colorado.edu) wrote: I had a question concerning privacy issues in relation to Java. Currently, the security model for Java applets has the following limitations enforced by the browser: 1. an applet can only create client socket connections back to the source host of the applet 2. an applet cannot create a server socket connection on client machine 3. an applet cannot read or write local file system at all The intent is to prevent viral problems, but it also impacts privacy in general. Some of these restrictions caused some grumbling at WWW4, since it prevents you from doing some cool things, but in a less than benign network enviroment these restrictions seem prudent. -- Jeff Gruszynski Any Standard Disclaimers Apply Test & Measurement Webmaster Hewlett-Packard Company jeffg@ptp.hp.com http://www.tmo.hp.com/ ------------------------------ From: jcr@mcs.com (John C. Rivard) Date: 19 Dec 1995 12:08:54 -0600 Subject: Re: Unsolicited email Advertising Organization: very little tswalton@aol.com (TSWalton) wrote: I would suggest that the net begin to charge the spammers a per piece handling charge......just like the USPS. It would be too costly to spam if they are not hitting their target audience and would be self limiting in the long run. Yeah, this would work.....just like the USPS. You sure don't see any USPS junk mail anymore. ;^) -- John C. Rivard  Opinions expressed yadda yadda--you know the drill ------------------------------ From: herwin@osf1.gmu.edu (HARRY R. ERWIN) Date: 20 Dec 1995 12:46:44 GMT Subject: Re: Unsolicited email Advertising Organization: George Mason University, Fairfax, Virginia, USA I have been receiving 'junk email' from a commercial advertiser, netnet@access1.soundcity.net. I have politely asked them to put me on their 'do not contact' list, but I continue to find my mailbox filled with their stuff. What have people found to be the most effective recourse? -- Harry Erwin Internet: herwin@gmu.edu Home Page: http://osf1.gmu.edu/~herwin PhD student in comp neurosci: "Glitches happen" & "Meaning is emotional" ------------------------------ From: michael@piglet.amscons.com (Michael Bryan) Date: 18 Dec 1995 19:10:07 -0800 Subject: SSN Shown On Payments by Intuit's Banking Service Organization: none Another user (Robert Mayo) discovered, and I confirmed, that Intuit's online bill payment service sends your payees a printout containing your social security number. This applies to any person who is using Quicken for Windows or Microsoft Money for Windows to send payment requests electronically, using Intuit's service. It specifically does -not- apply to using Quicken with the Checkfree service, as the Checkfree service does not supply anybody with your SSN. The details: When the Intuit service sends a payment to a merchant, it will do one of three things. First, it will try to perform an EFT directly from your account into the merchant's. Most merchant's are still not setup for this, however. Second, if your payment is the only payment going to a given merchant on a given day, then they will print a check, drawn against your account, and mail it to the merchant. Both of these methods are ok, and do not result in your merchant receiving your SSN. However, if there are multiple payments going to a single merchant on a given day (i.e., more than one customer has requested a payment to the given merchang), all of these payments are sent in a single envelope, and a summary sheet is enclosed. This summary sheet will have a field called "Control Number", which consists of your SSN, followed by two other digits. This summary also lists your checking account number, in addition to your name, account with the merchant, and the amount of your payment. (In my opinion, only these last three fields are called for. There is no need for the checking account number to be listed, even though it -is- printed on your check as part of the MICR encoding.) I have contacted Intuit regarding this matter, and they have been decidedly less than helpful. I know at least three other people who have called them, and we have all been told the same thing: 1) "Most of your merchants already have your SSN". Perhaps this is true for some people, but it is not the case with me. 2) "The SSN is encrypted on the printout". Absolutely not true. It is printed under the label "Control Number", and has two extra digits appended, but this does not "encrypt" the number. Anybody who knows what the field contains has instant knowledge of your SSN. Intuit is currently refusing to address this issue. Furthormore, when I called in, they tried to tell me I was the only person who was complaining. I immediately gave them the names of three other people who had called in, one of whom I knew had talked to this particular individual. So that little "divide-and-conquer" trick backfired. Also, when I said that I would be forced to go to the media if they didn't address this issue, I was told that by doing so, I would be responsible for broadcasting this information to those who might then illegally use the information. I found this two-faced attitude particularly annoying. On the one hand, they are claiming it's not a problem, yet on the other they tried to keep me from going to the media because it might give criminals information they could then exploit. Anyway, I've done all I can with talking to Intuit, so I am now pursuing other avenues. My bank (Union Bank) was particularly concerned that the SSN was being printed out and mailed with potentially every payment, and vowed to look into it and work with Intuit on my behalf to get this behaviour stopped. Also, I and a few others have contacted various media representatives, in an attempt to get them to focus a spotlight on Intuit, and let people know that Intuit is broadcasting their SSN, without their knowledge. And of course, I'm posting Usenet articles in the privacy newsgroups, as well as the newsgroup where most Quicken discussion occurs, comp.os.ms-windows.apps.financial. If you are using Intuit's Online Bill Payment service, and are concerned about this, please call Intuit and express your displeasure. The number for the Online Bill Payment service is 708-585-8500. Also, call your bank, and inform them as to what's going on. Finally, write to your local (or national) newspaper, let them know about this, and ask them to cover this in their paper. It appears that the only way Intuit is going to address this is by getting some negative publicity, since customer complaints don't seem to carry enough weight. I wish they were more reasonable, but that just doesn't seem to be happening here. So be it --- they want a fight, they've got one. ------------------------------ From: jcr@mcs.com (John C. Rivard) Date: 19 Dec 1995 12:36:42 -0600 Subject: Re: Copyright Notice Organization: very little michaelm@nairobi.eecs.umich.edu (Michael McClennen) writes: the intent is that copyright is automatically granted to a work as soon as it appears in a form such that everyone can agree upon the exact content. Thus, a verbal utterance *snip* recorded on a magnetic tape, written down, or typed into a computer, *snip* is an unambiguous record of the content and thus an automatic copyright to the author. *snip* The exact ownership of the computer (or the tape recorder, the pen, etc.) does not enter into the question. halfbree@rapidnet.com wrote: Now that makes sense! However I believe the ownership of the actual material; ie; tape, paper, book, vidio, or so on would enter into the question as to who owns the copyright. The original author or owner of the copyright may have bartered his/her rights to the copy right away to another. I'm sorry, but you are wrong. Ownership of the recording material has NOTHING to do with copyright. Read the law. The author of a work (as copyright holder) may, of course, sell or barter the copyright after the work is fixed, but you can only sell something you first own, obviously. The author may also elect to place something in the public domain, which is to rescind all copyright on the work. Then no one owns the copyright. The ONLY time that an author is not the automatic owner of the copyright is when it is a "Work for Hire," in which the author creates the work as part of their job. For example, when an artist working at an advertising agency paints a picture for an advertisement, that may be a Work for Hire. If you look at many ads, you will see that the copyright notice indicates that the ad belongs to the advertiser, not the author. The author knows in advance that they are creating a work for hire; usually this is specifically spelled out in the terms of the employment or freelance contract. -- John C. Rivard  Opinions expressed yadda yadda--you know the drill ------------------------------ From: "Prof. L. P. Levine" Date: 22 Nov 1995 14:25:54 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V7 #052 ****************************** .