Date: Thu, 06 Aug 92 17:16:12 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#070
Computer Privacy Digest Thu, 06 Aug 92 Volume 1 : Issue: 070
Today's Topics: Moderator: Dennis G. Rears
SSNs and Southern California
Re: SSN Required to Buy Car in Calif
Re: Encrypted Communications
Re: 800 numbers (Re: Caller ID decision)
Court Ruling on SocSec# at Rutgers, info needed
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Tue, 4 Aug 92 10:20:26 -0700
From: "Robert L. McMillin" <rlm@ms_aspen.hac.com>
Subject: SSNs and Southern California
You write:
> The plot thickens. I was required to give my SSN to PURCHASE
> (with cash) a television, and there was much wailing and gnashing
> of teeth when I explained that, as a foreign national, I do not
> have one.
> I also very nearly went to jail last week when I tried to use a
> Chevron CANADA card at a Chevron USA gas bar.
>
> I have noticed that in SC it has to be exactly by the book, no
> exceptions, or the transaction is disallowed. I am thinking of
> writing a monogtaph on the subject, entitled "Ritual-Taboo
> Behaviour in a Technological Society". The above does not appear
> to be true in other parts of the US.
You wouldn't think it ritualistic if you knew anything about what
happens on the other side of the counter. My father owned a retail
music store for three years and got a tremendous number of bad checks.
The problem is so bad in this state that even the treble damages law has
had seemingly little effect. (Retailers and others receiving a bounced
check are entitled to three times the amount on the check -- if they can
collect it, a mighty big if.) Stores where people routinely write
checks for large amounts (Home Depot comes to mind here) frequently keep
internally-generated lists of known rubber check writers. I expect that
this has much to do with the general overcrowding and poverty in the City
of Angels. I'm sure New York has similar problems. No doubt, its
merchants have similar policies to deal with them.
---
Robert L. McMillin | Voice: (310) 568-3555
Hughes Aircraft/Hughes Training, Inc. | Fax: (310) 568-3574
Los Angeles, CA | Internet: rlm@ms_aspen.hac.com
------------------------------
From: bear@tigger.cs.Colorado.EDU (Bear Giles)
Subject: Re: SSN Required to Buy Car in Calif
Organization: National Oceanic & Atmospheric Adminstration / Boulder Labs
Date: Wed, 5 Aug 1992 00:18:29 GMT
In article <comp-privacy1.65.2@pica.army.mil> gast@cs.ucla.edu (David Gast) writes:
>In article <comp-privacy1.63.2@pica.army.mil> idela!bell@uunet.uu.net (Mark Bell) writes:
>>Well, I bought a car for our kid a couple of weeks ago and
>>was stunned to find that they wouldn't sell it to me without SSN!
>
>>The law went into effect a few months ago.
>
>>Is there anyone out there who can advise how to beat this? I'd be happy
>>to guinea-pig a court case if someone has any ideas.
How did you pay for it? If you handed the salesman a thick wad of
currency he had a legitimate need to know your SSN due to our wonderful
War On Rights. All cash transactions over N dollars (used to be 10k,
but it may be down to 3k) require extensive documentation.
Personally, I would have told the salesman to produce a copy of that
law or sell me the car... or face a breach-of-contract suit. (I'm
assuming everything else was settled, papers signed, etc., when he
demanded the SSN).
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: bear@tigger.cs.Colorado.EDU (Bear Giles)
Subject: Re: Encrypted Communications
Organization: National Oceanic & Atmospheric Adminstration / Boulder Labs
Date: Wed, 5 Aug 1992 00:57:42 GMT
In article <comp-privacy1.68.2@pica.army.mil> dwp@sunsrvr3.cci.com (Dana Paxson) writes:
>In general, I think laws making encrypted communications illegal
>are wasteful, stupid and oppressive, for the following reasons:
>
>1) They would be a violation of free speech rights.
Irrelevant. The government could claim, with some justification,
that the "Freedom of Speech" applies to _public_, _political_ speech.
There is ample historical precedence for limiting non-political speech
(libel, speech causing imminent harm, and some forms of commercial
speech (cigarette and hard liquor ads on TV, actors drinking beer in
same), etc).
And private communications is not really "speech," especially if
it is encrypted so that a casual listener could not readily determine
its contents.
Finally, I would not be surprised to find our current courts accepting
the non sequiter that encryption, a priori, constitutes reasonable
suspection that the person is up to no good. After all, if the person
had nothing to hide, why did he go to the effort of encryption?
(Note: I do _not_ agree with these arguments, and in fact feel that
these arguments show an incredibly superficial understanding of what
the First Amendment is intended to protect. However, I have seen them
presented as legitimate arguments that encrypted, private communications
are not protected as "speech.")
>2) They would be a waste of time and effort, since
> determining violation can be impossible.
So's the Federal anti-drug parephenia (sp?) law, but our local U.S.
Attorney General has happily seized hundreds of thousands of dollars,
without filing a _single_ court case, since bothering to prove guilt
in a court would not be an "effective use of manpower" -- the forfeiture
laws provide "sufficient punishment." From the newspaper accounts,
he considers bothering to convict the shop owners of a crime unnecessary.
BTW, the shop owners got in trouble for selling the same items you
can get in any good hardware store... it's just that they also sold
tee-shirts and pipes instead of power tools and pipe (the kind used
in plumbing). (There were a few unusual items, but as the local
newspaper (a conservative one, BTW) pointed out the shop owners had
asked the local police if there was any problem selling these items,
and the items were all cleared).
>3) They would be a further waste of time and effort,
> since such laws are impossible to enforce.
See above.
>4) They would allow a government to apply enforcement
> selectively, singling out a few (for arbitrary
> reasons) and prosecuting them under the vague
> suspicion that some communication contained en-
> crypted matter.
Here's the crux of the matter.
Our laws have reached the point where law-abiding citizens are not
uncommonly compelled to break the law. I know it's happened to me --
omitting the boring (accounting) details I acted in good faith at
all times, but an obscure IRS regulation prevented me from doing the
logical thing when circumstances unexpectedly changed. (BTW, in my
case the amount in question was only a few hundred dollars, but my
finances are _extremely_ simple -- I can't imagine the trouble people
with complex finances face).
There are ways around this, the primary one being "Jury Nullification."
Unfortunately, the legal system is going to great lengths to eliminate
knowledge of Jury Nullification (many recent law-school grads have
never heard of it), and it's irrelevant when the government can confiscate
all of your property without the bother of a trial.
The government could make a major impact on citizen confidence by
strongly supporting personal encryption technology. Instead, I have
seen proposals to 1) require trapdoors in encryption software, 2)
spend ca. $300,000,000 to make it easier to implement legal wiretaps
(there were only a few hundred court-authorized wiretaps last year,
according to an article on Usenet, incidently), 3) make the maximum
digitial signiture length the same as the minimum length, despite
the obvious impact on security, 4) restrict RSA key length on exported
software to on obscene number like 32 bits (and present that as "good
enough" for domestic users as well),....
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: bear@tigger.cs.Colorado.EDU (Bear Giles)
Subject: Re: 800 numbers (Re: Caller ID decision)
Organization: National Oceanic & Atmospheric Adminstration / Boulder Labs
Date: Wed, 5 Aug 1992 01:05:40 GMT
In article <comp-privacy1.66.3@pica.army.mil> John Higdon <john@zygot.ati.com> writes:
>David Gast <gast@cs.ucla.edu> writes:
>
>> Rather I see a tradition over at least the last couple decades that no one
>> knows who is calling until the person identifies him or herself.
>
>Of course this has been the result of technological limitations, not a
>matter of conscious, determined policy. In every means of electronic
>communication that has been developed since the telephone, if the
>technology exists, a positive ID of the message originator has been
>built into the system.
Unlike early telephones that required operator assistance for _all_
calls?
When did automatic dialers become commonplace, anyway? I know the
_Andy Griffith_ show always showed the people calling through the
operator (who generally said something like "Andy, Goober is calling.
Say, how's your son?"), but it was set in a rural area.
Perhaps if we gave Caller ID a voice-synthesis front-end, instead of
an impersonal LCD panel...?
Bear Giles
bear@fsl.noaa.gov
------------------------------
Date: Thu, 6 Aug 1992 17:28:10 GMT
From: peterson@CS.ColoState.EDU (james peterson)
Subject: Court Ruling on SocSec# at Rutgers, info needed
Date: Thu, 06 Aug 1992 17:28:08 GMT
I just read a short article in the 5 August issue of the Chronicle
of Higher Education that a US District Judge (H. Lee Sarokin) had ruled
against Rutgers in a suit brought by present and former students, who
claimed that the institution had violated their privacy rights by
misusing their social security numbers.
Evidently, the judge did not order Rutgers to stop using the numbers
for routine administrative use (that would be too much of a hardship,
I guess) but rather to stop allowing distribution of the numbers (as in
rosters, etc.) cited as a practice which "allows any student to decode
another student's grades, obtain credit report, etc."
Does anyone know the details of this case, and exactly what is prohibited
by it? For example, does this ruling prohibit the the posting of grades
and social security numbers without names (a fairly wide-spread practice),
or merely the posting of rosters containing both names and SS#'s?
james sends
--
james lee peterson peterson@CS.ColoState.edu
dept. of computer science
colorado state university "Some ignorance is invincible."
ft. collins, colorado (voice:303/491-7137; fax:303/491-6639)
------------------------------
End of Computer Privacy Digest V1 #070
******************************