Date:       Thu, 18 Jun 92 16:14:49 EST
Errors-To:  Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From:       Computer Privacy Digest Moderator  <comp-privacy@PICA.ARMY.MIL>
To:         Comp-privacy@PICA.ARMY.MIL
Subject:    Computer Privacy Digest V1#051

Computer Privacy Digest Thu, 18 Jun 92              Volume 1 : Issue: 051

Today's Topics:				Moderator: Dennis G. Rears

                  Re: is personal privacy overrated ?
                  Re: is personal privacy overrated ?
                         Re: Photo-Credit Cards
                  Re: Privacy in video rental records?
                 What can be done about ADVO mailings?
                  More on Call Return in Area Code 516
          Social Security Numbers and Social Insurance Numbers
                       Re: Privacy and Technology
                        Re: Computer Entrapment
           Re: Can I lose the rights to my name and address?

     The Computer Privacy Digest is a forum for discussion on the
   effect of technology on privacy.  The digest is moderated and
   gatewayed into the USENET newsgroup comp.society.privacy
   (Moderated).  Submissions should be sent to
   comp-privacy@pica.army.mil and administrative requests to
   comp-privacy-request@pica.army.mil.
       Back issues are available via anonymous ftp on ftp.pica.army.mil
  [129.139.160.200].
----------------------------------------------------------------------

Date:	Mon, 15 Jun 1992 19:23:50 PDT
From:	Hans_Lachman.OSBU_North@xerox.com
Subject: Re: is personal privacy overrated ?


In some article, jartz@mitre.org writes:
> I think there are many benefits to the
> individual of unrestricted information flows....
> Not knowing about other people leads us to feel
> isolated and often unintegrated into the fabric of society....
> Before anyone dismisses this as laize faire lunacy, let me add that I 
> initially compared free flowing information as a philosophical goal to the 
> individual's right to vote....
> 						John M. Artz, Ph.D.

I think you're off the point.  The issue of concern, I think, is not
whether it's a good idea to publish information about the behavior
of large numbers of people, in an aggregate impersonal fashion.
The issue is whether we think it's OK to have unrestricted flow
of information that links specific facts to specific individuals.

On that subject, I think your position has merit if the goal is
to maximize freedom, e.g.:  you are free to sell my name to a
junk mail company, and I am free not to do business with people
like you.  But it appears that this society is willing to make itself
less free when there is a consensus that certain activities are
offensive and therefore should be restricted.  I agree with some
of these restrictions, e.g., in the case of pollution.  Pollution is
enough of a general offense that it should be restricted.

So, in the area of exchanging information about private
individuals, what activity do the people think is offensive
enough to be restricted?  Well, if someone sells my name to a
junk mail company, then they are conspiring to pollute my
home, and that offends me.  Even if they don't send me junk
mail, I consider it rude that businesses exchange data on me
without the courtesy of consulting me first.  Now, we can't
force everyone to act with good manners, but we CAN require
companies to extend specific courtesies to us private individuals.
(Of course, it would be better if they acted with courtesy in the
first place, and then we wouldn't have to talk about whether to
legislate it.)

Hans Lachman
hlachman.osbu_north@xerox.com

------------------------------

From: bear@tigger.cs.Colorado.EDU (Bear Giles)
Subject: Re: is personal privacy overrated ?
Date: Tue, 16 Jun 1992 20:47:16 GMT

In article <comp-privacy1.49.7@pica.army.mil> jartz@mitre.org writes:
>Clearly that is the heart of the issue.  I think there are many benefits to the
>individual of unrestricted information flows.  I will give one example and then
>generalize the point I am trying to make.
>
>If I join a grocery store shoppers club that collects data on all my  purchases,
>I might be reluctant to have that information dissemminated because it may
>reflect badly on me or I might be damaged in some way.  For example if I
>buy two bottles of wine every day and every girlie magazine on the shelf,
>I might be reluctant to have that information shared with my friends, neighbors,
>and prospective employers.  Clearly I would fear being exposed as a drunken
>pervert, etc, etc.  However, I claim that it is restricted information flows that
>leads to this problem.  If everybody's purchases were know, we might find
>out that 20 million people have purchasing habits just like mine.  If I am in
>the company of 20 million other people I might be less afraid of being 
>exposed.  
>
>My point here is that lack of information leads to supposition, inuendo (sp?),
>even superstition and prejudice.  We always see people on the television
>comming forward to announce their problems to the world in case somebody
>else is in a similar situation.  Not knowing about other people leads us to feel
>isolated and often unintegrated into the fabric of society.  Thus, I believe 
>that free flowing  information does provide potentially large benefits to 
>the individual.  
>						John M. Artz, Ph.D.
>						jartz@mitre.org

Three points:

First, you imply that people wish to 'hide' their personal habits, 
perhaps out of shame.  If only they knew of the thousands (millions)
of others just like them....

In a word: hogwash!  I have no doubt that many people in their teens
and twenties want privacy to avoid 'shame', but many people have
other reasons for wishing privacy.  We consider the number of people
who share our interests completely irrelevant.

In fact, I consider such a concern intellectually dishonest.  If you
are doing something wrong it doesn't matter how many other people are
doing it as well.  You justify your actions on their own grounds, not
by majority rule.

As a concrete example, I have purchased a substantial amount of adult
material during the past five years.  While many people would be
offended by that fact, I'm not concerned because I was using it as
a _tool_ to overcome childhood sexual abuse.  (It was classical
phobia treatment, where I had associated _any_ sexual context with
fear and pain -- a reasonable association given my past).

I may be the only person who has done this (although I doubt it),
but by your reasoning I'm simply one of 20 million who enjoys the
pictures!  (I have to use the exclamation point since it was anything
but enjoyable for a long time!)


Second, you imply the worst that can happen is a person will feel
'shame.'  Unfortunately, much worse is possible.

People generally don't have a right to work; their employment is
solely at the discretion of their employer.  It is _very_ conceivable
that a manager would force an employee out after learning something
'undesirable' about them.  (They may not fire them outright... just
give them undesirable jobs and poor reviews).

The way Ross Perot ran EDS gives a good example of this.  An on-the-
job dress code made sense, especially in the beginning.  But why should
EDS be concerned if an employee decides to live with a partner outside
of marriage?

Housing is a similar situation.  I don't have problems with an individual
setting (reasonable) standards for isolated properties... but why should
a large apartment complex be concerned with such arrangements?  (I remember
one complex (in Orlando) which made a point that they didn't mind an
unmarried mixed-sex couple sharing a one-bedroom apartment, but would
not rent to two same-sex friends.  (This was in college, when dorm rooms
were frequently _three_ people to a room)  It wasn't simply a problem with
students, since over half of their residents were students).


Finally, there is a _big_ difference between people admitting things
on their own (as I did above) and people being forced to admit to
problems.  The latter would create additional barriers to overcome
for people facing difficult situations.

Using a concrete example again, I could imagine a Christian
"outreach" which somehow picked up on me starting to remember my
childhood abuse and running to "help" -- completely ignorant of
the abuse's close association to the Church.  (Occurred at a
church-run preschool, threatened with Hell if I told, etc).  My
knowledge of how the Catholic Church has attempted to 'hush up'
pediaphilic priests would have prevented _any_ church-affiliated
programming from helping... but they could have done a _lot_ of
damage before they learned.


Bear Giles
bear@fsl.noaa.gov

------------------------------

From: "Wm. L. Ranck" <ranck@vtvm1.cc.vt.edu>
Subject: Re: Photo-Credit Cards
Date: 16 Jun 92 14:53:07 GMT


In article <comp-privacy1.49.9@pica.army.mil> jcp@islay.dco.dec.com (Jolly C. Pancakes) writes:

>       Having the picture on the card might not mean a thing, either.
>We had a case here recently where a field service engineer from HP was
>murdered in a downtown parking garage by a couple of fine youths,
>who then high-tailed it to the DMV where an accomplice (read:
>girlfriend) issued a new license in the murdered man's name - reporting
>his as "lost". The murderer was actually stopped by state police for
>speeding the next day and no one questioned why a 17 yr old black guy's
>picture was on the license of a man described as white and 35 yrs old,
>with a Lithuanian name.

Please note that in the case you describe here the criminal had an
accomplice on the "inside" at DMV to get the picture replaced.  The
fact that the cops didn't pay attention to the age on the license 
was not a fault in the license but in the procedures of the police.
Just because some guy is black doesn't mean he can't have a Lithuanian
sounding name, but the age should have been a clue.
   Anyway, I'm not convinced that pictures on credit cards are a good
idea.  I'm not convinced that they are bad either.  It bothers me that
some banks are apparently issuing them through the mail.  That seems 
like an invitation to fraud if you ask me.  If you had to go in person
to get your picture on the card it would make it harder for someone
to get his picture on another person's card.
   Just to clarify, the original poster asked why the bank was doing this
and how they justified the expense.  I was only trying to answer those 
questions, not depict the practice as good or bad.  I haven't made up
my mind about that yet.

 *************************************************************************
 * Bill Ranck    __ O          DoD #0496           RANCK@VTVM1.CC.VT.EDU *
 *                // \                                                   *
 *              //      Lean it like you mean it!                        *
 *************************************************************************

------------------------------

From: Carl Paukstis <carlp@frigg.isc-br.com>
Subject: Re: Privacy in video rental records?
Nntp-Posting-Host: frigg.isc-br.com
Date: Tue, 16 Jun 1992 20:11:33 GMT

In article <comp-privacy1.50.3@pica.army.mil> CStacy@stony-brook.scrc.symbolics.com (Christopher Stacy) writes:
>I picked up an application and a sample member's rental receipt at 
>a local Blockbuster Video (near Boston, MA) the other day, and I
>couldn't find any of the small print people have been referring to.
>Perhaps they have been convinced to discontinue the practice
>(or at least the notification), or maybe only some stores do it.

Are you referring to requiring SSN?  I have avoided Blockbuster for
this reason, and usually rent from Hastings (a national music store
chain which has also gone big into video in the last couple of years).

This weekend, I went to rent from them, and was told that they were
now required to "update my card", and wanted my SSN.  I told them they
couldn't have it, argued with them, argued with the manager, and was
turned away.  "It's company policy (tm).  You're free to rent
elsewhere".  Now that I've calmed down, I'll have to go back and ask
for the true story - chain-wide policy, or local?  Really, REALLY want
SSN?  Procedure for contacting the home office with a complaint, etc.

This really sucks.  I like to rent there because they have great
selection, and also music and books and magazines, etc.  Very nice
stores and helpful clerks.  I'm bummed.  Boycott Hastings?!?
--
Carl Paukstis, Software Generalist | War On (some) Drugs -> Police State USA
 ISC-Bunker Ramo / Spokane, WA     |    DoD #0432   I'm the NRA #TMB6692H 
 Phone: +1 509 927-5439            | AMA #634630  HOG #0507772  Mensa #1086355
 Mail: carlp@frigg.isc-br.com      |  My employer accepts no responsibility...

------------------------------

From: Paul Ciszek <pciszek@isis.cs.du.edu>
Subject: What can be done about ADVO mailings?
Keywords: Junk Mail
Date: Wed, 17 Jun 92 06:16:55 GMT
Apparently-To: uunet.uu.net!comp-society-privacy


ADVO, as some of you may know already, is a charming organization that 
sends people a half-pound of newsprint once a week.  The newsprint is
delivered with a postcard, which somehow makes it "mail".  I have just
sent my second request to ADVO asking that they stop sending my this stuff;
No matter how carefully I page through the advertising, there is a definate
possibility that pieces of "real" mail have gotten lost in it, due to the
amount of material that has to be crammed into a little apartment mailbox.
I have yet to hear back from ADVO.

The post office says that these folks cannot be delt with in the same
fashion as other direct marketers, as my name is not on any list; they
just send a bundle to every possible address, inhabited or not.
SO, what can be done about ADVO?  If I ask them to stop several times and
they don't, is it harassment?  Who would be willing prosecute them, anyway?


--
Paul Ciszek, pciszek@nyx.cs.du.edu | No nation was ever drunk when wine was
                                   | cheap.   -- Thomas Jefferson

------------------------------

Date:    Wed, 17 Jun 1992 13:29:32 -0400 (EDT)
From:    "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: More on Call Return in Area Code 516

In comp-privacy Vol 1 Issue 40, I wrote:

In article <comp-privacy1.48.1@pica.army.mil> NIEBUHR@bnlcl6.bnl.gov (Dave Niebuhr, BNL CCD, 516-282-3093) writes:
>>In today's {Newsday} there's an article about a concern from the head of the
>>State Consumer Protection Board regarding Call Return.  The intro goes into
>>a scenario where the phone is ringing while the homeowner is bringing in a
>>bag or bags of groceries and misses the call (the radio ad is even better
>>with the sound of breaking glass).
>>
>>This scenario was provided by a psychologist who described another scene
>>that affected him where he called a "highly disturbed individual, a convicted
>>felon" calling him back via *69 after the psychologist had called him.
>>
>>I quote here: "To my astonishment, this individual was on the line ... He
>>was able to access my private unlisted phone in my home by pressing a code
>>furnished by ... the telephone company."

In comp-privacy vol 1, Issue 50 barmar@think.com (Barry Margolin)


>I don't understand the psychologist's concern.  He wanted to talk to th
>disturbed individual, and succeeded.  Why is he now bothered that "this
>individual was on the line"?
>
>It's not the case that the disturbed individual now knows the doctor's home
>phone number (that's a concern with Caller ID, which is why people are
>calling for the ability to prevent your number from being delivered) and
>can call him night and day.  He can only call the doctor right after the
>failed call.  (Does the Call Return information ever time out?  Perhaps it
>should.)
>
>[Moderator's Note:  I have used call return several times.  On my bill is
>just a charge with the notation "Call Return".  _Dennis]
>-- 

Call Return is very new in my area code (516 - Long Island) and is still
in the "try-it-out" stage and will be in place permanently on July 1, 1992.

First of all, several things have to be in place for a phone number showing
up on a phone bill if and when Call Return is activated.

If the call is returned to a phone number that is local to the calling
number no itemization will appear on a phone bill if the Flat Rate billing
option is in effect.  If Message Rate billing is used, then the call would
show up after the "free" allowance was exceeded.

The next part to finding the phone number is more difficult if Flat Rate
usage is the billing method.  Information about all non-local calls can be
obtained from NYTel but it takes about a month to get that list.  I can
understand some of the paranoia but it seems that some people are trying
to make a mountain out of a molehill.

As a side note and a followup, the head of the Consumer Protection Board,
Richard Kessell, has petitioned the NY Public Service Commission to kill
Call Return until NYTel can come up with a way to prevent the above
situation (he's the mountain maker).  

Also, right now every residential in selected exchanges has carte-blanche
usage but that should drop off when the consumers find out the charges
($3.00 per month or 75 cents per use).

------------------------------

Date: Wed, 17 Jun 92 15:18:47 -0400
From: Susanna Elaine Johnson <sej3e@kelvin.seas.virginia.edu>
Subject: Social Security Numbers and Social Insurance Numbers

(1) SOCIAL SECURITY NUMBERS

There is a coding system involved in the SSN structure.  These
details are from memory and should be verified before being
relied upon.  Consider the structure ABC-DE-FGHI.

The group DE is a control group (I forget what the exact
nomenclature is).  If this group is ODD, then (generally) C is
EVEN.  If this group is EVEN, then (generally) C is ODD.  There
are validity ranges in the group DE, and these validity ranges
depend upon where the SSN is issued and when (i.e., at what point
in the last 60 odd years).  The group ABC is an area group, and
denotes where in the US the SSN was obtained.  The group FGHI isa
assigned sequentially and conveys no information other than
serial number.

(2) SOCIAL SECURITY NUMBERS

Consider the structure ABC-DEF-GHI.  A is an area code and
denotes the area within Canada from which the SIN was obtained.
The area code 9 is used to denote a foreign national not
permitted to work within Canada, and if a person obtains a job
and submitts to Revenue Canada a SIN beginning with 9 he/she will
shortly be visited by CSIS.  I is a checksum, and I wish that
somebody would be able to tell me the nature of the checksum.
The rest of the digits are a serial number.

(3) EVADING THE REQUIREMENT FOR A SSN IN THE UNITED STATES

IF YOU HAVE:

     (1) A Canadian driving licence
     (2) A college diploma
     (3) A job offer
     (4) $50.00 US

you can go to the border and obtain a T/C work permit.  If you
are a US citizen then you can keep quiet about that fact.  If you
have a T/C work permit you have a perfect excuse for not having a
social security number.

Disclaimer:  The above information is believed to be accurate but
nor warranty, express or implied, is extended.  Further, no
illegal action is suggested or implied, and anyone who uses the
information for any purpose whatsoever does so at his own risk.
Finally, the discussion contained in this transmission concerns
hypothetical cases and situations only and is not intended as
invitation, suggestion, or other encouragement to perform an
illegal act.

annaj@virginia.edu

------------------------------

From: Joshua_Putnam <josh@happy-man.com>
Subject: Re: Privacy and Technology
Reply-To: Joshua_Putnam@happy-man.com
Date: Wed, 17 Jun 1992 20:06:10 GMT

In <comp-privacy1.50.2@pica.army.mil> abc@brl.mil (Brinton Cooper) writes:

>As most of you probably know, the U.S. Military are about to
>collect DNA samples (blood and saliva specimens) from every member of
>our armed forces.  The advertised reason for this is to provide for the
>unequivocal identification of the remains of military folks killed in
>combat or in accidents.

>However, once the data are collected, who's to tell to what use they may
>be put?  

If the radio report I heard on this is accurate (a very big IF), then
misuse of the information will be more difficult than it sounds.  From
what the military spokesman said, the samples themselves are being
stored, not any analysis of the samples.  They described it as an
index card with a blood stain and a swab of saliva, all stored in
giant card catalogs.  Genetic analysis will be put off until needed,
since analyzing all the samples up front would be very expensive and
most would never be needed.

Again, this is all what I heard on the radio, and we know how careful
media science reporters are.  Does anyone have first-hand or better
documented information?

-- 
 Joshua_Putnam@happy-man.com    Happy Man Corp.  206/463-9399 x102
 4410 SW Pt. Robinson Rd., Vashon Island, WA  98070-7399  fax x108
 We publish SOLID VALUE for the intelligent investor.  NextMail OK
Info free; sample $20: Send POSTAL addr: Solid-Value@happy-man.com

------------------------------

From: daryl@aixwiz.austin.ibm.com
Subject: Re: Computer Entrapment
Followup-To: comp.society.privacy
Keywords: entrapment defense dangers
Reply-To: daryl@aixwiz.austin.ibm.com
Date: Thu, 18 Jun 1992 14:52:35 GMT


In article <comp-privacy1.44.7@pica.army.mil>,
NEELY_MP@darwin.ntu.edu.au (Mark P. Neely) writes:
> 
> Computer underground Digest    Sun May 17, 1992   Volume 4 : Issue 22
> 
>                       The Defense of Entrapment
>            As it Applies to Bulletin Board System Operators
> 
> By Randy B. Singer, Esq.
>
> You may surmise from my reticence to commit to
> saying that the defense of entrapment definitely WOULD apply that the
> defense of entrapment is not a defense that I recommend that you rely
> on.

It's good to see some informed, professionally stated facts introduced 
into the discussion.  I'd like to follow up Mr. Singer's excellent point
above by relating a caution on the entrapment defense which I was taught
while pursuing my degree in Criminal Justice.  I am not an attorney but
the instructor who told me this was.  He pointed out that one of the risks
of using the entrapment defense is that you must stipulate the factual
aspects of the allegation.  In other words, you must admit that the events
took place as the prosecution alleges.  Your defense is that these events
would not have taken place had you not been entrapped.  The problem is,
if the court does not accept the entrapment defense, you've essentially
confessed to the crime and surrendered your right to force the prosecution
to prove that aspect of their case.  In short, he cautioned that this
defense can not only fail, it can backfire.


Daryl Green

------------------------------

From: Wm Randolph Franklin <wrf@ecse.rpi.edu>
Subject: Re: Can I lose the rights to my name and address?
Date: Thu, 18 Jun 1992 18:54:40 GMT
Apparently-To: comp-society-privacy@cis.ohio-state.edu


In NYS, Walter Taylor, owner of Bully Hill wines, and a relative of the
Taylor who founded Taylor wines, was forbidden by a judge from using his
name on his wine.  This was at the request of Coca Cola, owner of Taylor
wines. 

Then he was forbidden from stating that he was forbidden to state his
name.

All he could do was to include a statement on the label saying to write
the winery if you wanted to know who the owner was.
-- 
Prof. Wm. Randolph Franklin,  wrf@ecse.rpi.edu, (518) 276-6077;  Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
======= LOST MAIL: Mail sent to me between F5-29-92 and M6-1-92 might ========
======= have been lost in a disk crash.  Please resend it.  Sorry.    ========

------------------------------


End of Computer Privacy Digest V1 #051
******************************