Date: Tue, 23 Jun 92 16:57:49 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#054
Computer Privacy Digest Tue, 23 Jun 92 Volume 1 : Issue: 054
Today's Topics: Moderator: Dennis G. Rears
Re: What can be done about ADVO mailings?
Re: What can be done about ADVO mailings?
Can Merlins be used as bugs?
FBI Digital Telephony Proposal
Re: Privacy in video rental records?
Structure of the SSN
Re: Computer Privacy Digest V1#053
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: David Ruggiero <osiris@polari.online.com>
Date: Mon, 22 Jun 92 13:00:29 PDT
Subject: Re: What can be done about ADVO mailings?
pciszek@isis.cs.du.edu (Paul Ciszek) writes:
PC>ADVO, as some of you may know already, is a charming organization that
PC>sends people a half-pound of newsprint once a week. The newsprint is
PC>delivered with a postcard, which somehow makes it "mail". I have just
PC>sent my second request to ADVO asking that they stop sending my this stuff;
PC>[...]
PC>I have yet to hear back from ADVO.
I called up the local (Seattle) office of Advo last week (hard to find - they
aren't in the white pages or even the yellow pages under 'Advertising' or
'Mailing Lists'). The person answering was pleasant and helpful, taking my
name/address and saying I should give it twelve weeks or so before the pre-
printed labels are exhausted and I stop receiving mail under their cards.
(She also mentioned they get almost as many requests from people to get *on*
their lists as off them.)
Apparently the lists are all controlled by the national organization
(Conneticut?) and send electronically to the local branches.
PC>The post office says that these folks cannot be delt with in the same
PC>fashion as other direct marketers, as my name is not on any list; they
PC>just send a bundle to every possible address, inhabited or not.
Hmmm, this isn't quite true, at least in my area. The cards are all
individually printed and an exact street address. My letter carrier
(a veteran) says if he doesn't receive a card, I don't get the flyers; several
homes on his route are always skipped.
PC>SO, what can be done about ADVO? If I ask them to stop several times and
PC>they don't, is it harassment? Who would be willing prosecute them, anyway?
Give it a bit more time, then raise some more hell. Deal with the local office
(look at the fine print on one of the flyers/coupons for the "Product of
Advo (xxx) xxx-xxxx" to get their number).
PS: Stay tuned (seriously) for my upcoming FAQ in misc.consumers on "How to
Slay the Junk Mail Demons".
--
| J. David Ruggiero Osiris Technical Services Seattle, WA |
| osiris@polari.online.com or !uunet!polari.online!osiris |
| Living in Seattle is like being in love with a beautiful woman... |
| who's sick all the time. |
------------------------------
Date: Tue, 23 Jun 1992 12:59:25 PDT
From: Hans_Lachman.OSBU_North@xerox.com
Subject: Re: What can be done about ADVO mailings?
cc: hlachman.osbu_north@xerox.com
In article <comp-privacy1.51.5@pica.army.mil> pciszek@isis.cs.du.edu
(Paul Ciszek) writes:
>ADVO, as some of you may know already, is a charming organization that
>sends people a half-pound of newsprint once a week. The newsprint is
>delivered with a postcard, which somehow makes it "mail".
>
>The post office says that these folks cannot be delt with in the same
>fashion as other direct marketers, as my name is not on any list; they
>just send a bundle to every possible address, inhabited or not.
>SO, what can be done about ADVO?
>
>Paul Ciszek, pciszek@nyx.cs.du.edu
I don't get newsprint-type junk mail, but I get other kinds.
A few days ago I asked an administrator at my local post office
if they had any advice on reducing the amount of junk mail
I receive. She handed me a slip of paper that said:
The Direct Marketing Association's Mail Preference
Service has a new address. Upon request, the free
service arranges to keep consumers' names off
national mailing lists. Customers interested in
receiving fewer advertising and promotional mail
pieces should write to Mail Preference Service,
Box 3861 Grand Central Station, New York, NY
10163-3861.
Stop bulk mail!!
You can write to ADVO SYSTEMS. This is one of the
Nation's largest mailers of advertising mail. In order
to request removal from the ADVO lists, you should
write: DIRECTOR OF LIST MAINTENANCE,
ADVO-SYSTEMS, INC., 239 WEST SERVICE ROAD,
HARTFORD, CT 06120-1280.
Hans Lachman
hlachman.osbu_north@xerox.com
------------------------------
From: "Daniel P. B. Smith" <dpbsmith@world.std.com>
Subject: Can Merlins be used as bugs?
Organization: The World Public Access UNIX, Brookline, MA
Date: Tue, 23 Jun 1992 00:30:50 GMT
Our office AT&T Merlin systems offer a built-in speakerphone mode
(great for listening to music on hold hands-free while trying to
get through to Microsoft!), a "hands-free answering" mode, and
a veritable host of features too numerous to understand. It's
all programmable. Indeed, you control which buttons perform what
function. In fact, the thing on the desk that I think of as a
"telephone" is, according to AT&T, a "voice workstation."
(And for only $150 you can buy an add-on box that lets you plug
a modem into it. Sigh).
Here's the question. Potentially, it seems as if the system could be
used to eavesdrop on offices. The phone installer assured me that
this was impossible (translation: if there IS a way, they don't tell
him how). But I wonder if there are really engineered protections,
or whether eavesdropping is simply not a feature supported by the
"standard" software. Could a hacker reprogram it somehow? If a
big company said to AT&T, "we'll buy a bunch if you add this feature,"
would it be hard to add?
--Daniel P. B. Smith
dpbsmith@world.std.com
------------------------------
Organization: CPSR, Washington Office
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Mon, 22 Jun 1992 21:11:04 EDT
Subject: FBI Digital Telephony Proposal
The following is the latest version of the FBI Digital Telephony Proposal,
introduced in May 1992. This version removes the previous language that
authorized the FCC to set standards and now places it solely in the hands
of the Attorney General. Fines are $10,000/day for non compliance with
services within the public switched network having 18 months to
comply and services outisde having three years. The proposal now
manadates that the capability for remote government wiretapping must be
included into the system.
This proposal clearly enhances the ability of the FBI to monitor
communications. It takes the unprecendented step of placing control over
certification of telecommunications equipment in the hands of the
Attorney General and requires that the equipment be constucted to allow
government have the ability to monitor communications from a
"government monitoring facility remote from the target facility." All
telecommunications users should be concerned by the privacy and
security implications of creating systems that have holes for the
government or any other knowledgable user to plug into.
David Banisar
CPSR Washington Office
banisar@washofc.cpsr.org
_______________________________________________________________
102nd Congress
2nd Session
S. _____
[H.R. _____]
IN THE SENATE
[IN THE HOUSE OF REPRESENTATIVES]
M. ________________ introduced the following bill; which was
referred to the Committee on__________________
A BILL
To ensure the continuing access of law enforcement to the content of wire
and electronic communications when authorized by law and for other
purposes.
Be it enacted by the Senate and the House of Representatives of the United
States of America in Congress assembled,
SEC. 1. FINDINGS AND PURPOSES.
(a) The Congress finds:
(1) that telecommunications systems and networks are often used
in
the furtherance of criminal activities including organized crime,
racketeering, extortion, kidnapping, espionage, terrorism, and trafficking
in illegal drugs;
(2) that recent and continuing advances in telecommunications
technology, and the introduction of new technologies and transmission
modes by the telecommunications industry, have made it increasingly
difficult for government agencies to implement lawful orders or
authorizations to intercept wire and electronic communications and thus
threaten the ability of such agencies effectively to enforce the laws and
protect the national security; and
(3) that without the assistance and cooperation of providers of
electronic communication services and private branch exchange operators,
the introduction of new technologies and transmission modes into
telecommunications systems without consideration and accommodation
of the need of government agencies lawfully to intercept wire and
electronic communications would impede the ability of such agencies
effectively to carry out their responsibilities.
(b) The purposes of this Act are to clarify the responsibilities of
providers of electronic communication services and private branch
exchange operators to provide such assistance as necessary to ensure the
ability of government agencies to implement lawful court orders or
authorizations to intercept wire and electronic communications. SEC. 2.
(a) Providers of electronic communication services and private branch
exchange operators shall provide within the United States capability and
capacity for the government to intercept wire and electronic
communications when authorized by law:
(1) concurrent with the transmission of the communication to
the recipient of the communication;
(2) in the signal form representing the content of the
communication between the subject of the intercept and any individual
with whom the subject is communicating, exclusive of any other signal
representing the content of the communication between any other
subscribers or users of the electronic communication services provider or
private branch exchange operator, and including information on the
individual calls (including origin, destination and other call set-up
information), and services, systems, and features used by the subject of the
interception;
(3) notwithstanding the mobility of the subject of the intercept or
the use by the subject of the intercept of any features of the
telecommunication system, including, but not limited to, speed- dialing or
call forwarding features;
(4) at a government monitoring facility remote from the target
facility and remote from the system of the electronic communication
services provider or private branch exchange operator;
(5) without detection by the subject of the intercept or any
subscriber; and
(6) without degradation of any subscriberUs telecommunications
service.
(b) Providers of electronic communication services within the
public switched network, including local exchange carriers, cellular
service providers, and interexchange carriers, shall comply with
subsection (a) of this section within eighteen months from the date of
enactment of this subsection.
(c) Providers of electronic communication services outside of the
public switched network, including private branch exchange operators,
shall comply with subsection (a) of this section within three years from
the date of enactment of the subsection.
(d) The Attorney General, after consultation with the
Department of Commerce, the Small Business Administration and Federal
Communications Commission, as appropriate, may except from the
application of subsections (a), (b) and (c) of this section classes and
types of
providers of electronic communication services and private branch
exchange operators. The Attorney General may waive the application of
subsections (a), (b) and (c) of this section at the request of any provider
of
electronic communication services or private branch exchange operator.
(e) The Attorney General shall have exclusive authority to
enforce the provisions of subsections (a), (b) and (c) of this section. The
Attorney General may apply to the appropriate United States District Court
for an order restraining or enjoining any violation of subsection (a), (b)
or
(c) of this section. The District Court shall have jurisdiction to restrain
and enjoin violations of subsections (a) of this section.
(f) Any person who willfully violates any provision of
subsection (a) of this section shall be subject to a civil penalty of
$10,000 per
day for each day in violation. The Attorney General may file a civil
action in the appropriate United States District Court to collect, and the
United States District Courts shall have jurisdiction to impose, such fines.
(g) Definitions--As used in subsections (a) through (f) of this
section--
(1) Tprovider of electronic communication serviceU or Tprivate
branch exchange operatorU means any service or operator which provides
to users thereof the ability to send or receive wire or electronic
communication, as those terms are defined in subsections 2510(1) and
2510(12) of Title 18, United States code, respectively, but does not include
the government of the United States or any agency thereof;
(2) TcommunicationU means any wire or electronic
communication, as defined in subsections 2510(1) and 2510(12), of Title 18,
United States Code;
(3) TinterceptT shall have the same meaning as set forth in section
2510(4) of Title 18, United States Code; and
(4) Tgovernment' means the Government of the United States
and any agency or instrumentality thereof, any state or political
subdivision thereof, the District of Columbia, and any commonwealth,
territory or possession of the United States.
DIGITAL TELEPHONY AND INTERCEPTION BY CRIMINAL LAW
ENFORCEMENT AGENCIES
The telecommunications systems and networks are
often used to further criminal activities including white collar and
organized crime, racketeering, extortion, kidnapping, espionage, terrorism,
and trafficking in illegal drugs. Accordingly, for many years, one of the
most important tools in the investigation of crime for Federal and State
criminal law enforcement agencies has been the court authorized
interception of communications. As illustrated below, the majority of
original authorizations to intercept wire or electronic communications are
conducted by State criminal law enforcement agencies.
Interception Applications Authorized
State Federal Total
1984 512 289 801
1985 541 243 784
1986 504 250 754
1987 437 236 673
1988 445 293 738
1989 453 310 763
1990 548 324 872
Total 3,440 1,945 5,385
Approximately, 3/8 of authorized interceptions were conducted by Federal
agencies, while 5/8 of the authorized interceptions were conducted by State
criminal law enforcement agencies.1
The recent and continuing advances in
telecommunications technology, and the introduction of new technologies
by the telecommunications industry, have made it increasingly difficult
for government agencies to implement lawful orders or authorizations to
intercept wire and electronic communications, as well as to implement
pen register and trap-and-trace court orders or authorizations. These new
technologies inadvertently undermine the ability of criminal law
enforcement agencies to enforce effectively the criminal laws and protect
the national security. Without the assistance and cooperation of the
telecommunications industry, these new technologies will impede the
ability of the telecommunications industry, these new technologies will
impede the ability of the government to enforce the criminal law.
Accordingly, the purpose of this bill is to clarify the existing
responsibilities of electronic communication services providers and private
branch exchange operators, as established, for example, in 18 U.S.C. ____
2518(4), 3124(A), (B), to provide such assistance as necessary to ensure the
ability of government agencies to implement lawful orders or
authorizations to intercept communications.
Over the past twenty-five years, the working
relationship between the criminal law enforcement community,
particularly the Federal Bureau of Investigation as the federal
governmentUs primary criminal law enforcement agency, and the
telecommunications industry, in response to the appropriate court orders or
authorizations, has provided government agencies with timely access to
the signals containing the content of communications covered by the court
orders or authorizations. As a general proposition, this has involved
providing the means to acquire the communication as it occurs between
two individual telephone users at a remote location, not dissimilar to a
call
in which the two originating parties do not know that a third party is
listening, and in which the third party (the criminal law enforcement
agency) records the authorized and relevant calls.
Historically, and with relatively few exceptions, the
telecommunications industry has provided the criminal law enforcement
community with the ability to monitor and record calls:
1. at the same time asthe call is transmitted to the recipient;
2. in the same form as the content of the call was transmitted
through the network, notwithstanding the use by the target of custom
features of the network;
3. whether stationary or mobile;
4. at the government monitoring facility;
5. without detection by the target or other subscribers; and
without degrading any subscriberUs service.
However, the introduction of new technology has begun to erode the
ability of the government to fully effectuate interceptions, pen registers
and
trap-and-race court orders or authorizations that are critical to detecting
and
prosecuting criminals. As technology has developed, the
telecommunications industry has not always ensured the continued
ability to provide the same services to the criminal law enforcement
community. The telecommunications industryUs introduction of certain
types of new technology poses real problems for effective criminal law
enforcement. Legislation is necessary to ensure that the government will
be provided with this capability and capacity in the future by all providers
and operators and to maintain a level playing field among competitive
providers and operators in the telecommunications industry.
There have been instances in which court orders authorizing the
interception of communications have not been fulfilled because of technical
limitations within particular telecommunications networks. For
example, as early as 1986, limited capabilities became apparent in at least
one network which will only be corrected later in 1992. This technical
deficiency in a new technology forced criminal law enforcement agencies
to prioritize certain interceptions to the exclusion of other court orders.
Accordingly, for approximately six years, there have been court orders that
have not been sought by the criminal law enforcement community or
executed by the telecommunications industry and, as a consequence,
important criminal investigations have not been brought to fruition or
have been less than efficiently concluded. This is one classic example of
new technology affecting adversely the criminal law enforcement
community: a microcosm of what may be expected on a nationwide basis
without enactment of this legislation.
Section 1 of the bill states Congressional findings and purpose.
Section 2 is divided into seven subsections. Subsection (a)
establishes as a matter of law the responsibility of electronic
communication services providers and private branch exchange operators
to continue to provide, within the United States, the capability and
capacity for criminal law enforcement agencies to intercept wire and
electronic communications when authorized by law. These subsections
delineate the existing attributes of wire or electronic communication
interception.
1. Concurrent with Transmission. The application for a
court order to intercept telecommunications conversations or data
transmissions is rarely a leisurely process. For example, on the Federal
side, the development of the required affidavits, submission to the
Criminal Division of the Department of Justice for approval, transmission
of approval to the Assistant United States Attorney, the appearance of the
Assistant before a judge to request the order and the delivery of the
judgeUs
order to the appropriate telecommunications company is frequently
completed in a very short time. However, crime waits for no one and the
system for approval of interceptions must and does conform with the
realities of the activity that is sought to be investigated and, if
appropriate,
prosecuted as criminal offenses. Since time is of the essence, current law
requires that service providers and operators provide the government
forthwith all information, facilities and technical assistance necessary to
accomplish its mission. It is critical that the telecommunications industry
respond quickly to execute the court order or authorization. The ultimate
problem of timeliness, however, is the real-time monitoring of the
intercepted communications. As serious and potentially life- threatening
criminal conduct is detected, it may be necessary to move quickly to
protect innocent victims from that conduct. Accordingly, Rreal-timeS
monitoring is critical.
2. Isolated Signal and Services Used. Nearly all of the
communications network is partially RanalogS at this time. In
conducting an interception, for example, of a telephone conversation, the
government is allowed to monitor and record criminal conversation such
as a conspiracy, minimizing the acquisition of non-criminal or innocent
conversation. When an electronic communication services provider or
private branch exchange operator introduces a new technology--such as a
digital signal--the communications are converted into a different and more
efficient form for transmission, but a more difficult form to monitor
during interception. The bill requires only that the provider or operator
isolate and provide access to the electronic signal that represents the
content
of the communications of the target of the intercept2 from the stream of
electronic signals representing other communications. This provision
seeks to ensure that, in the new electronic environment in which signals
are mixed for transmission and separated at another switch for
distribution, the government does not receive the communications of any
individual other than the individuals using the targetUs communications
point of origin and receipt; the government must remain subject to the
minimization standards of 18 U.S.C. __ 2518(5).
This provision also makes it clear that an electronic
communication services provider or private branch exchange operator is
not required to provide for reconversion of the isolated communication to
analog or other form. The government expects that this process will be
accomplished by the government.
3. Mobility and Features. Increasingly, criminal acts are being
conducted or discussed over cellular telephones or by using special
telecommunications features. As this mobility is introduced, the electronic
communication services providers and private branch exchange operators
would be required to assure the capability and capacity for criminal law
enforcement agencies to continue lawful interception.
Further, this subsection makes it clear that features used by the
target do not defeat the court order or authorization. For example,
communications which have been addressed to the telephone number of
the target, but which may have been programmed through a
call-forwarding feature to another, otherwise innocent, telephone number,
must be captured and made available to criminal law enforcement
authorities pursuant to court order or authorization. This requirement will
obviate the need for applications for authority to monitor otherwise
innocent telephone numbers that receive, only intermittently, calls
forwarded by the target. The effect of this provision is to further
minimize
monitoring of calls of innocent parties. Similarly, certain speed dialing
features that mask the telephone number called by the target must be
identified for criminal law enforcement investigation. The ability to
consistently determine the destination of calls is critical to minimizing
the
monitoring of innocent calls.
4. Government Monitoring Facility. Government agencies do not
normally request the use of telecommunications industry physical
facilities to conduct authorized interceptions nor is it encourage by the
industry. Normally, the government leases a line from the electronic
communication services providerUs or private branch exchange operatorUs
switch to another location owned or operated by the government. This
minimizes the cost and intrusiveness of interceptions, which benefits the
service provider or operator, as well as the government. Accordingly, the
ability to monitor intercepted communications remotely is critical.
5. Without Detection. One of the reasons that governments
operate their own facilities is to reduce the risk of detection of the
interception, which would render the interception worthless. At the
present time, the existence of an interception is unknown to any subscriber
and is not detectable by the target, notwithstanding folklore and spy
novels. This provision merely ensures that the secrecy of effective
interceptions will be maintained.
6. Without Degradation. Maintaining the quality of the
telephone network is in the interest of the government, the industry and
the public. Presently, the existence of an interception has no effect on
the
quality of the service provided by any network to the target or any
subscriber. This provision ensures that the quality of the network will
continue to be uncompromised. Absent the assistance delineated by this
legislation, the execution of court orders and authorizations by the
government could well disrupt service of the newer technological systems,
a result that this legislation seeks to avoid.
Subsection (b) provides that electronic communication services
providers and private branch exchange operators with the Rpublic
switched networkS must be in compliance with the minimum intercept
attributes within eighteen months after enactment. Thereafter, new
technologies must continue to meet these minimum attributes.
Subsection (c) provides that electronic communication service
providers and private branch exchange operators that are not within the
Rpublic switched networkS must be in compliance with the minimum
intercept attributes within eighteen months after enactment. Thereafter,
new technologies must continue to meet these minimum attributes.
Subsection (d) provides that the Attorney General may grant
exceptions to the affirmative requirements of subsection (a), as well as the
implementation deadlines of subsections (b) and (c). In considering any
request for exception, the Attorney General will consult with Federal
Communications Commission, the Small Business Administration and
the Department of Commerce, as appropriate. Accordingly, the Attorney
General has the authority to except, for example, whole classes, categories
or types of private branch exchange operators where no serious criminal
law enforcement problems are likely to arise, such as hospital telephone
systems.
This subsection also permits the Attorney General to waive the
requirements of subsections (a), (b) and (c) on application by an electronic
communication services provider or private branch exchange operator.
Accordingly, if a particular company can not comply with one or more of
the requirements of subsection (a), or needs time additional to that
permitted under subsections (b) or (c), the Attorney General may grant an
appropriate waiver.
Subsection (e) provides that the Attorney General has exclusive
authority to enforce the provisions of the bill. While a number of States
have authority to seek and execute interception orders, they will be
required to seek the assistance of the Attorney General if enforcement of
this legislation is required. This section also provides for injunctive
relief
from violations of the provisions of the bill.
Subsection (f) provides for enforcement of the provisions of the
bill through imposition of civil fines against any company that is not
excepted from the provisions of the bill, does not acquire a waiver of the
provisions of the bill, and fails to meet the requirements of subsection (a)
after the effective dates set out in subsection (b) or (c), as appropriate.
A fine
of up to $10,000 per day for each day in violation may be levied; for most
companies in the telecommunications industry this amount is sufficient
to ensure that compliance will be forthcoming. Although this provision is
not expected to be used, it is critical to ensure that compliance with the
provisions of the bill will occur after the effective dates of the
requirements
of subsection (a).
Subsection (g) carries forward a number of definitions from the
current provisions for the interception of wire or electronic
communications under RTitle III.S The definition of RgovernmentS that is
currently in use includes all States, territories and possessions of the
United
States, as well as the United States, is made applicable to the bill.
[Footnotes]
1Interceptions for foreign intelligence and counterintelligence
purposes are not counted within the figures used here, but would likewise
benefit from enactment of the legislation.
2 Whether the content is voice, facsimile, imagery (e.g. video), computer
data, signalling information, or other forms of communication, does not
matter; all forms of communication are intercepted.
------------------------------
From: Carl Paukstis <carlp@frigg.isc-br.com>
Subject: Re: Privacy in video rental records?
Organization: ISC-Bunker Ramo, An Olivetti Company
Date: Tue, 23 Jun 1992 17:08:22 GMT
In article <comp-privacy1.53.4@pica.army.mil> prener@watson.ibm.com (Dan Prener) writes:
>In article <comp-privacy1.51.4@pica.army.mil> carlp@frigg.isc-br.com (Carl Paukstis) writes:
>>This weekend, I went to rent from them<Hastings>, and was told that they were
>>now required to "update my card", and wanted my SSN. I told them they
>Why didn't you just make up a number and give it to them? I doubt that
>it is a violation of any law to give an incorrect SSN to a video rental
>store.
1) I want to make them change, not just to circumvent their policy.
2) I don't want to give them somebody else's number. This is one of
my objections to their policy in the first place.
I suppose I could dig up that popular fake number that was, as I
recall, printed on most sample wallet cards years ago. I DID try
insisting that my SSN was 111-11-1115 (this passes the checking
algorithm in our software, but I don't know the algorithm). They told
me I was lying. I asked them how they knew, and what proof did the
last person give that the number they gave was correct. They stared
at me and asked for my REAL SSN. Sigh.
--
Carl Paukstis, Software Generalist | War On (some) Drugs -> Police State USA
ISC-Bunker Ramo / Spokane, WA | DoD #0432 I'm the NRA #TMB6692H
Phone: +1 509 927-5439 | AMA #634630 HOG #0507772 Mensa #1086355
Mail: carlp@frigg.isc-br.com | My employer accepts no responsibility...
------------------------------
Subject: Structure of the SSN
Date: Tue, 23 Jun 92 13:26:14 EDT
From: "John R. Levine" <johnl@iecc.cambridge.ma.us>
Since the question of the structure of the SSN has come up again, here is
a file I found on a local BBS a few years ago. The only thing that has
changed is that some of the 600 series numbers which are listed as unused
have been assigned to states that have run out.
Perhaps a FAQ with a pointer to an archive with this item would be in order.
Regards,
John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl
The Social Security Number
SSA has continually emphasized the fact that the SSN identifies a
particular record only and the Social Security Card indicates the person
whose record is identified by that number. In no way can the Social
Security Card identify the bearer. From 1946 to 1972 the legend "Not for
Identification" was printed on the face of the card. However, many people
ignored the message and the legend was eventually dropped. The social
security number is the most widely used and carefully controlled number in
the country, which makes it an attractive identifier.
With the exception of the restrictions imposed on Federal and some State
and local organizations by the Privacy Act of 1974, organizations
requiring a unique identifier for purposes of controlling their records
are not prohibited from using (with the consent of the holder) the SSN.
SSA records are confidential and knowledge of a person's SSN does not give
the user access to information in SSA files which is confidential by law.
Many commercial enterprises have used the SSN in various promotional
efforts. These uses are not authorized by SSA, but SSA has no authority to
prohibit such activities as most are not illegal. Some of these
unauthorized uses are: SSN contests; skip-tracers; sale or distribution of
plastic or metal cards; pocketbook numbers (the numbers used on sample
social security cards in wallets); misleading advertising, commercial
enterprises charging fees for SSN services; identification of personal
property.
The Social Security Number (SSN) is composed of 3 parts, XXX-XX-XXXX,
called the Area, Group, and Serial. For the most part, (there are
exceptions), the Area is determined by where the individual APPLIED for
the SSN (before 1972) or RESIDED at time of application (after 1972). The
areas are assigned as follows:
000 unused 387-399 WI 528-529 UT
001-003 NH 400-407 KY 530 NV
004-007 ME 408-415 TN 531-539 WA
008-009 VT 416-424 AL 540-544 OR
010-034 MA 425-428 MS 545-573 CA
035-039 RI 429-432 AR 574 AK
040-049 CT 433-439 LA 575-576 HI
050-134 NY 440-448 OK 577-579 DC
135-158 NJ 449-467 TX 580 VI Virgin Islands
159-211 PA 468-477 MN 581-584 PR Puerto Rico
212-220 MD 478-485 IA 585 NM
221-222 DE 486-500 MO 586 PI Pacific Islands*
223-231 VA 501-502 ND 587-588 MS
232-236 WV 503-504 SD 589-595 FL
237-246 NC 505-508 NE 596-599 PR Puerto Rico
247-251 SC 509-515 KS 600-601 AZ
252-260 GA 516-517 MT 602-626 CA
261-267 FL 518-519 ID *Guam, American Samoa,
268-302 OH 520 WY Northern Mariana Islands,
303-317 IN 521-524 CO Philippine Islands
318-361 IL 525 NM
362-386 MI 526-527 AZ
627-699 unassigned, for future use
700-728 Railroad workers through 1963, then discontinued
729-899 unassigned, for future use
900-999 not valid SSNs, but were used for program purposes
when state aid to the aged, blind and disabled was
converted to a federal program administered by SSA.
As the Areas assigned to a locality are exhausted, new areas from the pool
are assigned. This is why some states have non-contiguous groups of Areas.
The Group portion of the SSN has no meaning other than to determine
whether or not a number has been assigned. SSA publishes a list every
month of the highest group assigned for each SSN Area. The order of
assignment for the Groups is: odd numbers under 10, even numbers over 9,
even numbers under 9 except for 00 which is never used, and odd numbers
over 10. For example, if the highest group assigned for area 999 is 72,
then we know that the number 999-04-1234 is an invalid number because even
Groups under 9 have not yet been assigned.
The Serial portion of the SSN has no meaning. The Serial is not assigned
in strictly numerical order. The Serial 0000 is never assigned.
Before 1973, Social Security Cards with pre-printed numbers were issued to
each local SSA office. The numbers were assigned by the local office. In
1973, SSN assignment was automated and outstanding stocks of pre-printed
cards were destroyed. All SSNs are now assigned by computer from
headquarters. There are rare cases in which the computer system can be
forced to accept a manual assignment such as a person refusing a number
with 666 in it.
A pamphlet entitled "The Social Security Number" (Pub. No. 05-10633)
provides an explanation of the SSN's structure and the method of assigning
and validating Social Security numbers.
------------------------------
From: Mark Seiden <mis@seiden.com>
Subject: Re: Computer Privacy Digest V1#053
Date: Tue, 23 Jun 92 14:08:18 BST
... Blockbuster wants your SS#....
> >This really sucks. I like to rent there because they have great
> >selection, and also music and books and magazines, etc. Very nice
> >stores and helpful clerks. I'm bummed. Boycott Hastings?!?
>
> Why didn't you just make up a number and give it to them? I doubt that
> it is a violation of any law to give an incorrect SSN to a video rental
> store.
>
> --
> Dan Prener (prener @ watson.ibm.com)
sorry, not right, if this is a credit application. providing false
(fraudulent) information on a credit application is in fact illegal.
consider the (similar) case of someone who prefers to have a phone
listed under some contrived name, perhaps as a quick screen against
cold-calling telemarketers...
if one falls into the trap of *pretending to be* that imaginary person
when applying for service (as opposed to: "my roommate wants the phone
listed in her name, jq public, yeah, that's the ticket...") one
exposes themselves to the possibility of arbitrary prosecution later on,
regardless of whether the bill is paid or not. of course, tpc never
explicitly *tell* you when they ask you all those questions that
you're applying for credit and any false statements are prosecutable.
--
mark seiden, mis@seiden.com, 1-(203) 329 2722 (voice), 1-(203) 322 1566 (fax)
------------------------------
End of Computer Privacy Digest V1 #054
******************************