Date: Thu, 11 Jun 92 11:52:02 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#046
Computer Privacy Digest Thu, 11 Jun 92 Volume 1 : Issue: 046
Today's Topics: Moderator: Dennis G. Rears
photo credit cards
Re: SSN's and blood
Re: SSN's and blood
Re: Privacy and blood
Re: Can I lose the rights to my name and address?
Another side of privacy
Re: SSN's and blood
Re: How to defeat call block (and how to guard against it)
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Subject: photo credit cards
From: "Wm. Randolph Franklin" <wrf@ecse.rpi.edu>
Date: Tue, 09 Jun 92 13:39:09 -0400
Photos on credit cards are not new. In the mid 1970s, my card from
Cambridge Trust (I think) had my photo on the back. The bank did the
photo; I don't know if they kept a copy. This was before credit
cards had magnetic stripes on the back; I don't know what the advent
of stripes did to the photos.
--------
Prof. Wm. Randolph Franklin, wrf@ecse.rpi.edu, (518) 276-6077; Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180
======= LOST MAIL: Mail sent to me between F5-29-92 and M6-1-92 might ========
======= have been lost in a disk crash. Please resend it. Sorry. ========
------------------------------
Subject: Re: SSN's and blood
Date: 9 Jun 92 11:01:39 EDT (Tue)
From: "John R. Levine" <johnl@iecc.cambridge.ma.us>
>The earlier posters both neglected to report whether or not the red
>cross actually GOT their SSNs out of them.
Of course they didn't. Neither the Boston nor the Philadelphia Red Cross
got my SSN, and both sent me donor ID cards with different substitute IDs.
The Boston ID is the first three letters of my last name followed by my
date of birth. The Philadelphia ID is a number starting with five zeros.
When I gave the Philadelphia bloodmobile people my Boston ID they couldn't
use it, since their system only uses digits.
As I mentioned in a previous message, if the Red Cross is serious about a
national excluded donor database, they might start by using consistent IDs.
There are certainly donors who have no SSN to give, e.g. foreign student
spouses, so they should have thought of that even without the privacy issue.
Regards,
John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
------------------------------
From: Jeff Hibbard <jeff@bradley.bradley.edu>
Subject: Re: SSN's and blood
Date: Tue, 9 Jun 92 18:04:03 GMT
tmkk@uiuc.edu (Khan) writes:
> Seems pretty silly to me. Not only is it a misuse of the SSN, but suppose
> AIDS Mary, who got infected and is now bitter and wants revenge on the
> world, decides to give blood in the hope of infecting others. She
> gives blood once, they test it, find out it has AIDS. Her SSN is added
> to the list. She gives blood again, only this time they refuse since her
> SSN is on the list. She catches on quickly, and gives a fake SSN the
> next time. They accept her blood.
I don't want to get involved in the main dispute about whether or not
the Red Cross should use SSNs, but the above argument is irrelevant.
The database (at least around here) is checked by people in the lab
during the course of processing the blood, which happens long after
the donor is gone. If they get a hit in the database, the blood is
discarded, but the donor has no way of knowing this. No Red Cross
employee likely to be in contact with the donor even knows that the blood
was discarded, and they will cheerfully accept another donation from her
the next time she comes in (only to have people in the lab discard it
again). There is no information available to the donor which would enable
her to "quickly catch on."
> I sure hope they test each and every
> donation, since she has easily circumvented the system. And since they have
> to test each and every donated pint *anyway*, what's the point in keeping
> the stupid database?
Yes, they test each and every donation, but the tests are not (and cannot
be made) absolutely perfect. The database is maintained in the hope of
catching some of the dangerous units of blood which falsely test negative.
Given the FATAL consequences of transfusing infected blood, I feel that
even the relatively small number of additional units caught by maintaining
the database is worth the effort (although they could probably accomplish
the same thing without using SSNs).
------------------------------
Date: Tue, 9 Jun 92 12:42 PDT
From: John Higdon <john@zygot.ati.com>
Subject: Re: Privacy and blood
"Robert L. McMillin" <rlm@ms_aspen.hac.com> writes:
> Irony of ironies: William Dannemeyer, (R-Anaheim, CA), arch-
> conservative and nationally famous homophobe had the temerity to suggest
> in 1985 that a database of all HIV-positive people should be kept in
> order to prevent these same from donating blood. At the time, this
> caused quite a stir among homosexuals (or at least, the more vocal
> ones).
[...]
> Normally I don't agree with much Dannemeyer has to say, but I frequently
> find that the propaganda put out by some of the more obnoxious elements
> of the homosexual community to be downright dangerous for themselves, if
> to no one else.
I suspect that Dannemeyer's intention with respect to such a database
had less to do with the control of AIDS than it did to do with having a
convenient means of identifying those dreaded homosexuals. If you
understood current blood-donating practices, you would see why such a
database is excess baggage.
People in "high risk" categories are simply asked to not donate blood.
This means that even though I may be HIV-, as a member of a "high risk"
subset of the population, my donation would be discarded without even
testing it. Furthermore, ALL collected blood is tested. Our blood
supply today is exceedingly safe; having a computerized database of gay
people would not make it safer, but could certainly be injurious to the
lives of the people on the list.
There is a tendancy to dismiss out of hand rantings by "obnoxious" and
"vocal" groups, but where there is smoke there is fire. Try to take
each thing for what it is and not let your prejudices get the better of
you.
> Just last year, I read a so-called 'saf-er sex guide'
> published via sci.med.aids that suggested that sex with multiple
> partners, fistf-cking, and prostitution, were all acceptable practices
> that "can be done with minimal risk of AIDS," and that warnings against
> these practices "are based on moralism not medicine." Oh really?
Mentioning this is typical of the tactics of those who want to have the
edge of emotionalism to bolster an inherently weak argument. We need
much less emotionalism and rhetoric and much more science and
practicality guiding our actions as members of a society. You may view
homosexuals as mindless animals, but most of us (not some, most)
consider our actions very carefully as do most heterosexuals.
I, for one, cannot believe that you would not consider (even for a
moment) that someone such as Dannemeyer, confirmed homophobe, just
might have another purpose in mind from that stated when he proposes to
keep a little list. Throughout his career as of late he has attempted
one dirty trick after another to rid society of the homosexual menace.
What could be better than a major list in just the right hands to
ensure that members of the gay community would be denied jobs, housing,
or any of the necessities of life? He has publically stated this as
one of his goals.
--
John Higdon | P. O. Box 7648 | +1 408 723 1395
john@zygot.ati.com | San Jose, CA 95150 | M o o !
------------------------------
From: Jim Haynes <haynes@cats.ucsc.edu>
Subject: Re: Can I lose the rights to my name and address?
Date: 9 Jun 92 21:06:27 GMT
Source-Info: From (or Sender) name not authenticated.
^^^^ ^^ ^^^^^^ ^^^^ ^^^ ^^^^^^^^^^^^^
That subject line reminded me of the story about Clarence Saunders. He
invented the supermarket, and named his "Piggly Wiggly". Well, in various
legal and financial problems he lost the right to the name. So he opened
another market named "Clarence Saunders, Sole Owner of My Name".
Later he went on to build the Keedoozle automated store, which was
then after a year changed to a conventional supermarket called "Zizz-Buzz"
--
haynes@cats.ucsc.edu
haynes@cats.bitnet
"Any clod can have the facts, but having opinions is an Art."
Charles McCabe, San Francisco Chronicle
------------------------------
Date: Tue, 9 Jun 92 16:07:20 PDT
From: Jim Warren <jwarren@autodesk.com>
Subject: Another side of privacy
It is difficult to strike a balance between the just desires of individuals
for personal privacy, and the just needs of a community to have an informed
accounting of the consequences of the actions of its individual members.
The problem with privacy is that there are those who intentionally use it
to cover their wrong-doing. Further, it shields those who are casually
irresponsible from being held accountable.
The following exemplifies the adverse side of privacy. It is not from an
Evil Corporation, nor a Naive Computer Neophyte, nor from a Person Who
Disprespects Privacy. Instead, it's from a mostly-consultant who is an
experienced computer pro, and someone who has long-illustrated deep concern
for ethical and civil-liberties issues.
Aside: This is similar to women who receive obscene or threatening phone
calls, but [a] can't get the local cops (or courts) to monitor the line,
and [b] are prohibited from having Caller ID to aid their personal defense
against anonymous electronic intruders in their homes. Police won't
furnish protection (or don't have the resources), and the law supresses
the tools for self-defense against unwanted intrusion.
Result: Phone-owners' privacy in their own homes is degraded or forfeited
in order to protect the privacy of anonymous, covert callers.
--jim
-----------posted with the author's explicit prior permission-------------
From autodesk!uucp Mon Jun 8 09:31:59 1992
Subject: Freedom
To: jwarren@well.sf.ca.us
I have a problem with certain privacy concerns (this time I am on the
anti-privacy side). I have court judgements against some southern CA
slime bags (you want a definition, their BUSINESSES will not identify
themselves when you call them, they answer "corporate" and if you ask
who you have reached repeatedly, they will hang up on you). I think I
have a RIGHT to know where they live and work so I can serve them with
legal papers. Remember, they have already LOST the suit, their day in
court is over. But without going to court AGAIN for a seperate order,
I cannot pull their credit records (privacy). BS! This is just a
makework thing for attornies and PIs. You see, I can get the credit
report illegally for $30 (instead of $8 if I had a right to it). What
a crock! Do you agree?
Worse yet, all this privacy BS has given us 3 seperate ID numbers. The
DMV wants driver's license number and birthdate, the credit guys want
SSN. I am all for a law-abiding guy trying to keep his private affairs
private, but when you have lost in court, those same laws keep you from
having to pay up. BS I say. Do you agree?
I am not sure I have an implementation, but I sure would work on one if
there were any reason to believe it would do some good. Dave
Dave Gomberg GOMBERG@UCSFVM Internet node UCSFVM.UCSF.EDU (415)731-7793
Seven Gateview Court, San Francisco CA 94116-1941
------------------------------
Date: 10 Jun 92 03:59:32 GMT
From: "Marc T. Kaufman" <kaufman@xenon.stanford.edu>
Subject: Re: SSN's and blood
tmkk@uiuc.edu (Khan) writes:
>In article <comp-privacy1.42.1@pica.army.mil> stevef@wrq.com (Steve Forrette) writes:
>>In article <comp-privacy1.32.6@pica.army.mil> johnl@iecc.cambridge.ma.us (John R. Levine) writes:
.-->The local red cross wanted my ssn when I gave blood. They got really
.-->ugly when I refused.
.->The people at the Red Cross can be remakably dense, particularly
.->considering that all their blood comes from unpaid volunteers. I donate both
.->here in Boston and at my beach house near Philadelphia. Both wanted my SSN.
.>In California, there is a statewide database of people who should be
.>excluded from donating blood for any reason. It is of course useful these
.>days for donors with AIDS, but the database predates the AIDS epidemic.
.Seems pretty silly to me. Not only is it a misuse of the SSN, but suppose
.AIDS Mary, who got infected and is now bitter and wants revenge on the
.world, decides to give blood in the hope of infecting others. She
.gives blood once, they test it, find out it has AIDS. Her SSN is added
.to the list. She gives blood again, only this time they refuse since her
.SSN is on the list. She catches on quickly, and gives a fake SSN the
.next time. They accept her blood. I sure hope they test each and every
.donation, since she has easily circumvented the system. And since they have
.to test each and every donated pint *anyway*, what's the point in keeping
.the stupid database?
Yes, every pint is tested, but testing is not 100% foolproof, and trying
to weed out bad blood before even taking it is useful. There are reasons
for refusing to accept blood that involve conditions that won't show up
on a test, such as a history of malaria or sickle cell anemia. If you don't
like SSNs as an ID, perhaps we should develop automated genotyping, and
record the genetic pattern of anyone who should not give blood. Then we
could refuse blood from your relatives, too.
--
Marc Kaufman (kaufman@CS.Stanford.EDU)
------------------------------
From: "Life..." <gberigan@cse.unl.edu>
Subject: Re: How to defeat call block (and how to guard against it)
Date: Wed, 10 Jun 1992 05:57:28 GMT
varney@ihlpf.att.com (Alan L Varney) writes:
>perry@drycas.club.cc.cmu.edu writes:
>>How to defeat call block for those who have caller ID.
>>
>>I have used this several times, so this method is based on fact, and works
>>in Baltimore, Maryland. I post this so that people who use call block will
>>be aware of this 'loophole'.
>:
>>3) Hang up and wait for call back. This should not be very long since the
>>person who answered the phone in step 3 will hang up after nobody is there.
>>
>>4) Phone rings, and the 'blocked number' appears unblocked.
> I'm not saying you are wrong, you understand. But *69 calls are
>from your phone to the other person's phone. If Caller-ID shows up on
>the "ring-back" to you (just before the call is made to the other party),
>that must be an unusual implementation.
Some places have the option that, if the number is busy, to have the
system watch the line for when it becomes free. When it does, it will
ring both sides of the call (as both typically would be on-hook). I
believe this is re-inventing something old and charging for it, but it
is one of the features they are implementing here. Gonna be hell on
BBS's and radio stations holding contests.
Still, it sounds like it might work. Be simple for the telco to fix
that though.
If you happen to have 2 lines, you can get a better reading from that
trick. Use the code to dialback, then immediately dial with the other
line (block it). Even if it hasn't been picked up yet off the first
call, the second will be busy. Then setup the dialback. Hang up first
phone, second will ring, with their number. (Possible that your number
is showing on the dialback on their end though... wanna give a prank
caller your private-line number? Maybe if it is your dedicated computer
line. He tries calling back, he gets carrier in his ear.)
>And your number will be
>sent to the *69-ed party, who can use the same mechanism (if it works)
>on you....
No problem, as they obviously knew your number first anyway. Unless it
was someone who dialed a wrong number by accident when dialing the local
movie theatre blocked to avoid being culled into a database. But then
they wouldn't be doing any heavy breathing on your line.
>Al Varney - just my opinion
--
/// ____ \\\ | CAUTION:
| |/ / \ \| | | Avoid eye contact. In case of contact, flush
\\_|\____/|_// | mind for 15 minutes. See a psychiatrist if
\_)\\/ | irritation persists. Not to be taken
gberigan `-' cse.unl.edu | seriously. Keep out of sight of children.
------------------------------
End of Computer Privacy Digest V1 #046
******************************