Date: Sat, 02 Mar 96 11:27:15 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#020 Computer Privacy Digest Sat, 02 Mar 96 Volume 8 : Issue: 020 Today's Topics: Moderator: Leonard P. Levine Re: Caller ID: Ameritech -> MCI Re: Caller ID: Ameritech -> MCI International Billing for 800's Re: ANI Information Cannot Be Used for Marketing Purposes Re: Access to DMV Records by Rental Car Companies Caller ID is not 800# ANI US Right to Anonymous Publication Re: Your Computer Is Watching You A Far-Reaching Privacy Bill Re: KING Radio Checks out Bill Gates Info on CPD [unchanged since 11/22/95] ---------------------------------------------------------------------- From: jacob@mayhem.com (Jacob DeGlopper) Date: 28 Feb 1996 19:47:13 -0500 (EST) Subject: Re: Caller ID: Ameritech -> MCI Organization: Mayhem Communications you write: Just another data point for those interested in Caller ID interoperability. I phoned an 800 number from my private residence line (Ameritech) and preceded the call with *67. The 800 number was able to determine my phone number (this was an automated system I was 800 numbers don't use Caller ID. The owner of an 800 number gets ANI (Automated Number Identification) information on the lines that call his 800 number, since he's paying for the call. The ANI delivery can vary from just having the numbers printed on your bill the next month to getting real-time ANI, which is what this automated system is doing. ANI can't be blocked with *67. ------------------------------ From: page-usa@ix.netcom.com (Ken Mezger) Date: 29 Feb 1996 08:14:08 GMT Subject: Re: Caller ID: Ameritech -> MCI Organization: Netcom References: writes: First the "right" to know who is calling on an 800 number is not the same as having sufficient information to audit the bill. For years telephone companies would not provide this information, and the business community got along without it just fine. Users could still be given sufficient information to indicate the general area of the call (NPA, NNX), but even this is may be too much information _for billing purposes_ when you consider that 800 services are increasingly being offered on a flat per minute basis. **ANOTHER PROBLEM NOBODY HAS MENTIONED...I HAVE NOTICED WITHIN THE PAST YEAR ALL OF THE POLICE DEPARTMENT TIPSTER/CRIMESOLVER NUMBERS ARE NOW AN (800) NUMBER! THEY ALWAYS ASSURE YOU THAT IT'S NOT NECESSARY TO GIVE YOUR NAME...THAT'S BECAUSE THEY ALREADY KNOW WHERE YOU ARE CALLING FROM! I THINK ALL CALLERS TO THESE POLICE TIPSTER LINES SHOULD BE MADE AWARE THAT THEY ARE NOT BEING AFFORDED ANY PRIVACY WHEN THEY CALL TO GIVE INFORMATION TO THE POLICE. IT'S ONLY FAIR, ISN'T IT?? [moderator: Good point, but no need to shout.] ------------------------------ From: "Peter M. Weiss +1 814 863 1843" Date: 29 Feb 96 09:23 EST Subject: International Billing for 800's What happens if the 800/880 # is terminated in Canada but initiated in the USA? Who calls the shots then? -- Pete Weiss at Penn State [moderator: with the new 888 numbers (second set of free calls) we can expect a new set of problems. TV yesterday told me that 1/3 of ALL calls were to 800 numbers.] ------------------------------ From: glr@ripco.com (Glen L. Roberts) Date: 28 Feb 1996 20:57:02 GMT Subject: Re: ANI Information Cannot Be Used for Marketing Purposes Organization: Full Disclosure References: privacy@interramp.com (Privacy Newsletter) wrote: Several participants in this newsgroup have recently discussed how 800-number-owners have the capacity to collect ANI information. This is very true. However, the nationwide Caller ID rules -- which went into effect December 1, 1995 -- make it illegal for an 800-number-owner to use ANI information for marketing purposes. ANI is allowed only for routing purposes or for account retrieval; under the FCC's rules, no other behavior is tolerated. A strict reading of the rule means that should an individual call a business with an 800 number, and the individual becomes disconnected, then the business cannot call the individual back. Generally speaking, unless the individual gives permission to associate his/her telephone with his/her name, the business cannot call back. Period! Ironically, such a provision does not apply to numbers captured under Caller ID -- only under ANI. For more information, you can check the complete rule under the FCC's homepage or contact Privacy Newsletter. Where is the oversight / enforcement? How do you prove they used your number from ANI? ------ Links, Downloadable Programs, Catalog, Real Audio & More on Web Full Disclosure [Live] -- Privacy, Surveillance, Technology! (Over 150 weeks on the Air!) The Net Connection -- Listen in Real Audio on the Web! http://pages.ripco.com:8080/~glr/glr.html ------ ------------------------------ From: horowitz@nosc.mil (Alan M. Horowitz) Date: 28 Feb 1996 22:29:59 GMT Subject: Re: Access to DMV Records by Rental Car Companies Organization: NCCOSC RDT&E Division, San Diego, CA References: "Milton C. Hubbard" writes: Did you offer to use a Gold VISA, MC or AMEX as security? They offer complete car insurance automatically even when the renter has no comprehensive coverage on his own policy. I don't see how the rental agency could lose in this situation. Comments anybody? Read your CC insurance contract, more closely..... ------------------------------ From: Richard_Lee@ssw.mclean.sterling.com (Richard A Lee) Date: 29 Feb 1996 00:59:55 GMT Subject: Caller ID is not 800# ANI Organization: Sterling Software ITD, McLean, VA References: Christopher L Barnard writes: Yet another reason to never assume that caller ID blocking will actually block anything... *Sigh*. One more time: 800 numbers use ANI (Automatic Number Identification, I think), which existed well before Caller ID and is quite unrelated to it. Using Caller ID blocking will not -- repeat, _not_ -- prevent ANI from working. The fact that the 800 number belonged to a different provider in your case is _completely_ irrelevant. -- Richard Lee rlee@mclean.sterling.com Sterling Software, McLean VA "Don't take life so serious, son... It ain't NOHOW permanent." ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 01 Mar 1996 06:41:13 GMT Subject: US Right to Anonymous Publication Organization: The National Capital FreeNet, Ottawa, Ontario, Canada The thread on remailers seems to have turned to the likelyhood of interception. Without checking an archive my recollection is that the poster who started the thread felt that the US was somehow threatened by anonymous posting. It brought me back recollections of a CBC interview with a communist chinese official who got quite exercised about the suggestion that people should be able to put up posters "without put down name". I'm sure he sounds much more eloquent in his own language. I was actually quite impressed by his ability to debate with the reporter in English, or at least in Canayjun. While anonymous remailers, usenet and e-mail provide a computer context to this particular discussion the root issues go back centuries, if not millenia, and a wide body of literature exists about them. Discussion of Privacy issues might be improved by building on the work of the many people who have spent a lot of time and energy considering them already. In Ch. 13 "Privacy and American Law" of "Privacy and Freedom", Alan Westin writes of "The First Era of Technological Challenge, 1880s-1950". On page 331, he writes "The First Amendment and its state counterparts also protected individuals in the practice of anonymous publication. Contrary to the principle of seventeenth-century English Licensing laws, which had required books and pamphlets to bear the name of the author and printer, the First Amendment's right of free press protected both anonymous and pseudonymous expressions. One historian has estimated that between 1789 and 1809 six Presidents, fifteen Cabinet members, twenty Senators, and thirty-four Congressmen published unsigned political writings or writings under pen names." refering to a citation in a 1961 issue of Yale Law Journal. On page 334 Westin writes "The Constitution of 1787, of course, had itself been written behind closed doors; no reports were published, and all participants were sworn to secrecy, 'to preserve the fullest freedom of discussion.' Though opponents of the Constitution denounced the 'secret conclave,' historians agree that a constitution would probably never have been issued if the convention's work had been publicized at the time." Another timely/timeless issue mentioned in Westin's 1967 book is law cases resulting in computer searches of electronic repositories for items containing combinations of keywords. Another I find ironic is his description of being personaly assured by the head of a federal agency that it had a written policy of a total ban on phone taps, when in fact it used them extensively, sent staff to phone tap courses, and purchased equipment and vehicles to perform taps. This is an interesting precedent to consider in light of the claims that Clipper keys will be escrowed and not accessed without a warrant, and otherwise used only in accordance with a published written policy. -- notice: by sending advertising/solicitations to this account you will be indicating your consent to paying me $70/hour for a minimum of 2 hours for my time spent dealing with it ------------------------------ From: glr@ripco.com (Glen L. Roberts) Date: 28 Feb 1996 20:56:57 GMT Subject: Re: Your Computer Is Watching You Organization: Full Disclosure References: gordon@sneaky.lerctr.org (Gordon Burditt) wrote: Deleting the cookies file will prevent the cookies from persisting over sessions (I hope), but it is not at all obvious to me that you won't be "re-infected" with cookies each time you visit a site that uses them (especially if Netscape is still set to show one of Netscape's pages on startup - I recommend changing this). I expect that the cookies file is cached in memory and that updates use the memory copy (no, I didn't trace the code to prove this). This will allow Netscape to track your travels in their pages in any one session, but it won't allow correlations between sessions (except by IP address, which might be dynamic or correspond to several different users) if you keep deleting or prevent creation of the cookie file. Why not update, alter, or amended the cookies file to provide bogus information to whoever snoops... MCOM-HTTP-Cookie-file-1 .infoseek.com TRUE / FALSE 826157028 InfoseekUserId 3393C369AEB848A45615C6081EAE685E .infoseek.com TRUE / FALSE 826157028 InfoseekCookieVersion 1 What secrets have I told the world by incluing my cookie file here? ------ Links, Downloadable Programs, Catalog, Real Audio & More on Web Full Disclosure [Live] -- Privacy, Surveillance, Technology! (Over 150 weeks on the Air!) The Net Connection -- Listen in Real Audio on the Web! http://pages.ripco.com:8080/~glr/glr.html ------ ------------------------------ From: Beth Givens Date: 29 Feb 1996 18:21:56 -0800 (PST) Subject: A Far-Reaching Privacy Bill California state senator Steve Peace has introduced a bill, which if it passes, will give consumers a great deal of control over their personal information. The bill reads in part: "No person or corporation may use or distribute for profit any personal information concerning a person without that person's written consent. Such information includes, but is not limited to, an individual's credit history, finances, medical history, purchases, and travel patterns." Senator Peace himself admits that the language is very broad at this time, and that the bill will no doubt be altered radically before it comes up for a vote. -- Beth Givens Voice: 619-260-4160 Project Director Fax: 619-298-5681 Privacy Rights Clearinghouse Hotline (Calif. only): Center for Public Interest Law 800-773-7748 University of San Diego 619-298-3396 (elsewhere) 5998 Alcala Park e-mail: bgivens@acusd.edu San Diego, CA 92110 http://pwa.acusd.edu/~prc ------------------------------ From: bo774@freenet.carleton.ca (Kelly Bert Manning) Date: 01 Mar 1996 20:51:42 GMT Subject: Re: KING Radio Checks out Bill Gates Organization: The National Capital FreeNet, Ottawa, Ontario, Canada That was KING TV, of course. My wife and children often don't let me use our cumputer and phone line till they've turned in for the night. I guess the late hour takes it toll in my composition. The tuesday show found a lot of public record data about him. Apart from the make and year of 5 vehicles they also found registration data for 2 boats, as well as the title details and tax details for his estate. The story mentioned that KING didn't look at his credit report because they didn't have permission, but said that there were companies that would do sell them a copy even though that is illegal. They were able to find his SSN and noted that it was apparently being used by a California man with a different name. Tuesday's show also mentioned a copy (Acxiom?) along with picture of robotic tape retrieval and said that it has all sorts of personal information including the names and ages of your children. Wednesday's show had a volunteer grant permission to start with a driver's licence and look at her credit report, as well as the stuff they did monday. This lady had also been divorced and was startled to hear them read off some of the details of who got what in the settlement(nice starting point for burglars after a paticular item they already have a buyer lined up for?). The issue of credit report innaccuracy also came up, since it reported a loan and a law suit/food poisoning incident that had nothing to do with her. The general tone of this series is that these kinds of problems and exposures are "a wake up call". There was a bit on medical record privacy, but the suggestion of paying cash seemed a bit ineffective, even to one of the other journalists. -- notice: by sending advertising/solicitations to this account you will be indicating your consent to paying me $70/hour for a minimum of 2 hours for my time spent dealing with it ------------------------------ From: "Prof. L. P. Levine" Date: 02 Mar 1996 10:34:30 -0600 (CST) Subject: Info on CPD [unchanged since 11/22/95] Organization: University of Wisconsin-Milwaukee The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy or vice versa. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. This digest is a forum with information contributed via Internet eMail. Those who understand the technology also understand the ease of forgery in this very free medium. Statements, therefore, should be taken with a grain of salt and it should be clear that the actual contributor might not be the person whose email address is posted at the top. Any user who openly wishes to post anonymously should inform the moderator at the beginning of the posting. He will comply. If you read this from the comp.society.privacy newsgroup and wish to contribute a message, you should simply post your contribution. As a moderated newsgroup, attempts to post to the group are normally turned into eMail to the submission address below. On the other hand, if you read the digest eMailed to you, you generally need only use the Reply feature of your mailer to contribute. If you do so, it is best to modify the "Subject:" line of your mailing. Contributions to CPD should be submitted, with appropriate, substantive SUBJECT: line, otherwise they may be ignored. They must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. Do not include entire previous messages in responses to them. Include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. All contributions considered as personal comments; usual disclaimers apply. All reuses of CPD material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy; publications using CPD material should obtain permission from the contributors. Contributions generally are acknowledged within 24 hours of submission. If selected, they are printed within two or three days. The moderator reserves the right to delete extraneous quoted material. He may change the Subject: line of an article in order to make it easier for the reader to follow a discussion. He will not, however, alter or edit the text except for purely technical reasons. A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password identifying yourid@yoursite. The archives are in the directory "pub/comp-privacy". People with gopher capability can most easily access the library at gopher.cs.uwm.edu. Web browsers will find it at gopher://gopher.cs.uwm.edu. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Web: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ End of Computer Privacy Digest V8 #020 ****************************** .