Date: Thu, 25 Jun 92 15:20:24 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#055
Computer Privacy Digest Thu, 25 Jun 92 Volume 1 : Issue: 055
Today's Topics: Moderator: Dennis G. Rears
re: Privacy in video rental records?
Re: Social Security Numbers and Social Insurance Numbers
Re: Social Security Numbers and Social Insurance Numbers
Re: What can be done about ADVO mailings?
Re: privacy dilemma
Re: SSNs and Social Insurance Numbers
Re: Privacy and Technology
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Tue, 23 Jun 92 08:47:46 PDT
From: Phydeaux <reb@ingres.com>
Subject: re: Privacy in video rental records?
>>turned away. "It's company policy (tm). You're free to rent
>>elsewhere". Now that I've calmed down, I'll have to go back and ask
>>for the true story - chain-wide policy, or local? Really, REALLY want
>>SSN? Procedure for contacting the home office with a complaint, etc.
>
>>This really sucks. I like to rent there because they have great
>>selection, and also music and books and magazines, etc. Very nice
>>stores and helpful clerks. I'm bummed. Boycott Hastings?!?
>
>Why didn't you just make up a number and give it to them? I doubt that
>it is a violation of any law to give an incorrect SSN to a video rental
>store.
My sister used to like to get those free 'gifts' from department
stores when they got you to apply for their credit cards. Every time
she went past one of those displays she would fill out an application
and collect whatever junk they were giving away that day. A few years
later, she applied for a credit card and was turned down because they
had several combinations of names, addresses and SSNs for her. Now, I
doubt that your friendly video rental store is going to report your
SSN and other information to TRW and the like, but one never knows.
Making up a SSN and associating it with other *correct* information
about yourself may be a bad idea... As usual, your own mileage can
and probably will vary.
reb
-- *-=#= Phydeaux =#=-* reb@ingres.com or reb%ingres.com@lll-winken.llnl.GOV
ICBM: 41.55N 87.40W h:828 South May Street Chicago, IL 60607 312-733-3090
w:reb Ingres 10255 West Higgins Road Suite 500 Rosemont, IL 60018 708-803-9500
==============================================================================
It has been my experience that people who have no vices have very few virtues
-- Abraham Lincoln
------------------------------
From: lance@unix386.Convergent.COM (Lance Norskog)
Subject: Re: Social Security Numbers and Social Insurance Numbers
Date: 24 Jun 92 00:35:00 GMT
Organization: Unisys/Convergent, San Jose, CA
I'm pretty sure the last digit is not a check digit.
My two brothers and sister were all registered en masse
(born in Chile) when the folks moved back to the states,
and their numbers go in a line.
What is the federal law that prohibits use of the SSN by
private organizations? What are the penalties, if any?
Lance Norskog
------------------------------
From: Denis Coskun <dcoskun@alias.com>
Subject: Re: Social Security Numbers and Social Insurance Numbers
Organization: Alias Research, Inc., Toronto ON Canada
Date: Wed, 24 Jun 1992 15:14:28 -0400
In <comp-privacy1.51.7@pica.army.mil> sej3e@kelvin.seas.virginia.edu
(Susanna Elaine Johnson) asks about the Social Insurance Number
(which is the Canadian equivalent of the U.S. Social Security Number):
> Consider the structure ABC-DEF-GHI. A is an area code and
> denotes the area within Canada from which the SIN was obtained.
> ... I is a checksum, and I wish that
> somebody would be able to tell me the nature of the checksum.
Yes, `I' is a checksum, and `A' encodes the region in which the SIN was
issued (and therefore a good indication of where someone lived when he
got his SIN).
The region codes are:
1 Atlantic provinces (Nova Scotia, Newfoundland,
Prince Edward Island, and New Brunswick)
2 Quebec
4 Ontario
5 Ontario (beginning only in the last couple years)
6 Prairie provinces (Manitoba, Saskatchewan, Alberta)
7 Pacific region (British Columbia)
9 issued to anyone requiring a SIN but who's not a Canadian
citizen or permanent resident (if he later became a citizen
or permanent resident, he'd get a regular SIN)
I don't know the region code used for the Northwest Territories or the
Yukon, but I'd suspect that they'd be grouped together with one or more
of the above.
The checksum, known as the Luhn error check (widely used on credit cards,
bank cards, etc.), detects single digit errors or the reversal of two
digits. Here's the procedure on, say, SIN 123-456-78:
1. Start with the incomplete SIN: 1 2 3 4 5 6 7 8
2. Use these weight factors: 1 2 1 2 1 2 1 2
3. Multiply each digit by its weight: 1 4 3 8 5 12 7 16
4. Sum the individual digits: 1 + 4 + 3 + 8 + 5 +1+2+ 7 +1+6 = 38
5. Divide this sum by 10: 38 / 10 = 3 remainder 8
6. If the remainder is 0, goto step 8.
7. Subtract the remainder from 10: 10 - 8 = 2 (this is the checksum)
8. Append to complete the SIN: 123-456-782
A few comments on the procedure:
Doubling alternate digits (steps 2 & 3) checks for the common mistake of
transposing two digits while typing the number. The only pair of digits
that can be transposed without affecting the checksum are 9 and 0.
Since the Luhn error check is used on other numbers that may have an even
or an odd number of digits, the convention for doubling of alternate
digits is to begin from the right (ie, from the least significant position).
Step 7 buys you nothing in the way of error detection. I guess it's
there for a tiny improvement in efficiency for a program that does SIN
validation. Instead of calculating the checksum on 123-456-78 and
comparing the result to 2, a program could do the algorithm on the whole
number and then check that the result is 0, as shown:
1 2 3 4 5 6 7 8 2
1 2 1 2 1 2 1 2 1
1 4 3 8 5 12 7 16 2
1 + 4 + 3 + 8 + 5 +1+2+ 7 +1+6+ 2 = 40
40 / 10 = 4 remainder 0
Remainder is 0, so it passed the test.
--
Denis Coskun (416) 362-9181 ext.346
Alias Research Inc. dcoskun@alias.com
Toronto, Canada utcsri!alias!dcoskun
------------------------------
From: "J.David Ruggiero" <osiris@polari.online.com>
Date: Wed, 24 Jun 92 08:41:07 PDT
Reply-To: David Ruggiero <osiris@polari.online.com>
Subject: Re: What can be done about ADVO mailings?
pciszek@isis.cs.du.edu (Paul Ciszek) writes:
PC>ADVO, as some of you may know already, is a charming organization that
PC>sends people a half-pound of newsprint once a week. The newsprint is
PC>delivered with a postcard, which somehow makes it "mail". I have just
PC>sent my second request to ADVO asking that they stop sending my this stuff;
PC>[...]
PC>I have yet to hear back from ADVO.
I called up the local (Seattle) office of Advo last week (hard to find - they
aren't in the white pages or even the yellow pages under 'Advertising' or
'Mailing Lists'). The person answering was pleasant and helpful, taking my
name/address and saying I should give it twelve weeks or so before the pre-
printed labels are exhausted and I stop receiving mail under their cards.
(She also mentioned they get almost as many requests from people to get *on*
their lists as off them.)
Apparently the lists are all controlled by the national organization
(Conneticut?) and send electronically to the local branches.
PC>The post office says that these folks cannot be delt with in the same
PC>fashion as other direct marketers, as my name is not on any list; they
PC>just send a bundle to every possible address, inhabited or not.
Hmmm, this isn't quite true, at least in my area. The cards are all
individually printed and have an exact street address. My letter carrier
(a veteran) says if he doesn't receive a card, I don't get the flyers; several
homes on his route are always skipped.
PC>SO, what can be done about ADVO? If I ask them to stop several times and
PC>they don't, is it harassment? Who would be willing prosecute them, anyway?
Give it a bit more time, then raise some more hell. Deal with the local ADVO
office (look at the fine print on one of the flyers/coupons for the "Product
of Advo (xxx) xxx-xxxx" to get their number.
| J. David Ruggiero Osiris Technical Services Seattle, WA |
| osiris@polari.online.com or !uunet!polari.online!osiris |
| Living in Seattle is like being in love with a beautiful woman... |
| who's sick all the time. |
------------------------------
From: samsung!ulowell!willow.ulowell.edu!welchb@uunet.uu.net
Subject: Re: privacy dilemma
Organization: University of Lowell
Date: Wed, 24 Jun 1992 16:34:13 GMT
> Does the individual have any "right" to know where he or she
> stands in relation to other individuals even though that knowledge
> may result in an invasion of privacy for other individuals ?
> Please don't give me the statistical arguement, because I think
> it just avoids the issue.
I feel ambivalent. I have previously worked at places where
the "traditional" thought has been, what I make is my own business. The
secretary who hands out the paychecks should only look at your name,
not how much you make.
I now work for a state agency. Yes, in some sense my salary
is public knowledge. Yes, it could be obtained via Freedom of Info
(at least I think it can; but maybe that info would only be about
job titles and pay, and then you would have to go again to link up
my title and job slot with the allocated funds). Yes, I agree that I
should know where I stand in relation to other individuals in my group
(although that, I think, is exactly what private employers try to avoid.)
Here is a similar dilemma. We received a receipt for a property
tax bill on a postcard (because it was a cheap, computer-generated way
for the town). I agree that the tax assessment for all property in the
town is publicly available, and should be. Yet, it seemed to be an
offense against the American idea of politeness and privacy to think that
someone could simply read my taxes off a postcard. I felt I was being
singled out for special mistreatment, whereas I would not feel so if
they obtained my payment from a list of all payments.
--
Brendan Welch, UMass/Lowell, W1LPG, welchb@woods.ulowell.edu
------------------------------
From: Flint Pellett <flint@gistdev.gist.com>
Subject: Re: SSNs and Social Insurance Numbers
Date: 24 Jun 92 21:05:20 GMT
Organization: Global Information Systems Technology Inc., Savoy, IL
NIEBUHR@bnlcl6.bnl.gov (Dave Niebuhr, BNL CCD, 516-282-3093) writes:
>In Privacy Digest Vol #1, Issue #51 Susanna Elaine Johnson
><sej3e@kelvin.seas.virginia.edu> writes:
>>(1) SOCIAL SECURITY NUMBERS
>>
>>There is a coding system involved in the SSN structure. These
>>details are from memory and should be verified before being
>>relied upon. Consider the structure ABC-DE-FGHI.
If anyone really knows about SSN's, I'd love to know what plans
exist for them in the future. They only have 9 digits, and since
we have 250,000,000 people (or more-- I haven't kept track)
currently alive in this country, that indicates that most likely
20 to 25% of the available numbers are in use by persons currently
living. I would guess that within the next 100 years that we'll
run out of 9 digit numbers that haven't already been used: do they
plan on re-using the numbers of deceased people, (a big potential
problem, I would think, since estates often live on a long time
after the person), or are they going to go to 10 digits and break
computer programs all over the place?
--
Flint Pellett, Global Information Systems Technology, Inc.
100 Trade Centre Drive, Suite 301, Champaign, IL 61820 (217) 352-1165
uunet!gistdev!flint or flint@gistdev.gist.com
------------------------------
From: Duke McMullan n5gax <ee5391aa%triton.unm.edu@lynx.unm.edu>
Subject: Re: Privacy and Technology
Date: Wed, 24 Jun 92 23:14:29 GMT
Organization: University of New Mexico, Albuquerque
In article <comp-privacy1.51.8@pica.army.mil>
Joshua_Putnam@happy-man.com writes:
>In <comp-privacy1.50.2@pica.army.mil> abc@brl.mil (Brinton Cooper) writes:
>>As most of you probably know, the U.S. Military are about to
>>collect DNA samples (blood and saliva specimens) from every member of
>>our armed forces. . . .
>>However, once the data are collected, who's to tell to what use they may
>>be put?
>If the radio report I heard on this is accurate (a very big IF), then
>misuse of the information will be more difficult than it sounds. From
>what the military spokesman said, the samples themselves are being
>stored, not any analysis of the samples. They described it as an
>index card with a blood stain and a swab of saliva, all stored in
>giant card catalogs. Genetic analysis will be put off until needed,
>since analyzing all the samples up front would be very expensive and
>most would never be needed.
As things stand, and will continue to stand in the near future, this certainly
will be the case. However, as the State Of The Art improves, the price will
drop. Period. End of sentence.
It is forseeable, although surely not certain, that a time will come when it's
easier (read: cheaper) to a) do the analysis and b) store the results in
whatever form of imperishable mass storage happens to seem best.
It necessarily is a tradeoff . . . individual security vs. national security
. . . and something as fundamental as DNA "genoprints" do seem pretty spooky
to us today.
Keep up your guard.
d
--
"I don't smoke, I don't drink, I don't do drugs and I don't wear high heels."
-- Marilyn vos Savant
Duke McMullan n5gax nss13429r phon505-255-4642 ee5391aa@triton.unm.edu
------------------------------
End of Computer Privacy Digest V1 #055
******************************