Date: Mon, 28 Sep 92 18:25:05 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#084
Computer Privacy Digest Mon, 28 Sep 92 Volume 1 : Issue: 084
Today's Topics: Moderator: Dennis G. Rears
Privacy and Living in Today's Society
Re: A pint of blood
Re: cellnet privacy?
Blockbuster & video rental records
Big Brother has this message on file!
Re: Teletrac
SSN & Bush
SSN in login ids
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
Date: Mon, 28 Sep 92 18:23:08 EDT
From: Computer Privacy List Moderator <comp-privacy@pica.army.mil>
Subject: Privacy and Living in Today's Society
As moderator I been following the discussions about releasing private
information to other entities in this forum and others (e.g. alt.privacy,
risks, etc). Among the topics are:
o Social Security Numbers on checks
o Social Security Numbers required to give blood
o Mothers and Fathers Drug/Alcohol history in order to get a
Birth Certificate (New Jersey)
o Video Rental Records (article in this digest)
o extended period time given to Mortgage Holder to check out
directly from the IRS the lenders record numbers
Some I feel are legitimate privacy concerns. Technology hurts our
privacy because of the ease of which data records can be searched and
compiled on individuals. If it wasn't for the technology I think it
would not be as much as a concern.
SSN (social security) are a big concern. I use to make a big thing
about not releasing it. My attitude now is one of "how much of a hassle
would it be for me not to release it". If now a defacto National
Identification Number. It is relativity trivial for one to get one's
social security number if an address or phone number is known.
My attitude about my personal privacy is there a few things I want
to keep private, other I don't really think care that much about. The
things I want to keep private, it is up to *ME* to do the work. That
means on some commercial transactions I use cash instead of plastic. Some
conversations I don't use my cordless/celluar phone or have the
conversation face to face. I have a PO box rather a residential address.
You can't depend on the governments (fed/state/local) to safeguard your
privacy or the commercial world.
Technology is a double edged sword. The technology that produces the
wonderful gadgets we have (CD, TV, stereo, radio, & computer) brings
the world together. Maybe a little bit closer together than some would
want. It is here and there is no going back. All in all I think the
great strides that technology has made in improving our standard of
living is worth some of the drawbacks we have to pay for it.
I think some of the concerns about privacy are more about "being left
alone", than privacy itself. A good example would be caller-id. I am
more concerned about being bothered by telemarketers than I am about
somebody knowing my phone number. I have solved the telemarketing
problem to my satisfaction while still having a listed number.
Incidently, I heard on the news today that NJ Bell is disappointed that
only 190,000 out of a possible 3,000,000 subscribers have subscribed to
Caller Id. That is about 6.3% of all eligible. I frankly can't see
paying $6 a month for that service. The few times I have had bad
calls, I use call return.
So much for my ramblings. I would like to refocus the direction of
submission to the technology aspects of privacy. I think we have beat
to death the discussion of SSN on checks, driver licenses, etc. Let's
talk about encrypted communications, the FBI Wiretap Bill, etc.
dennis
------------------------------
From: "K. Kadow" <technews@iitmax.iit.edu>
Subject: Re: A pint of blood
Date: Thu, 24 Sep 92 18:22:41 CDT
>
> Computer Privacy Digest Thu, 24 Sep 92 Volume 1 : Issue: 083
>
> This has to be taken in the context of the case before the court. If
> you are in court because it is alleged you have mistreated or sexually
> abused your children (as an example) then the court may well take your
> child away from you. The question would be the reasonableness of the
> requirement and/or the relationship it has to the case in dispute. If
> you are under the jurisdiction of the court you will obey the court or
> you will appeal for relief from the court's rulings -- you will not,
> however simply be disobedient or in contempt of the court. I think it
> would be deemed reasonable for the court to require some universal
> form of identification (such as SSN) when attempting to adjudicate a
> complex legal matter involving a large number of people making
> financial claims. Likewise if the court is hearing a paternity case to
> detirmine if you can be identified as the father of a child the court
> may well order you to have blood drawn and tested. So to answer your
> question, yes the court can demand your child and your blood if those
> requests are considered reasonable and withstand appeal.
>
> > The whole point at issue here is whether the court is legally
> > authorized to ask for your SSN, just as any other organization may or
> > may not be legally authorized to ask.
>
There are some questions that private organizations are not legally authorized
to ask (e.g. virginity, age, political/religious affiliation) and some
questions that even the court cannot ask. I sincerely hope that the court
is NOT authorized to order you to undergo a DNA test or blood test to prove
paternity (or settle any civil suit). They are certainly authorized to ask
your blood TYPE (which in many cases is on the birth certificate, driver's
license, or other "public record", and which can _disprove_ paternity) but
can the court ORDER any sort of "invasive" testing in either civil or
criminal cases?
------------------------------
From: "P.Debenham" <ppxpmd@mips.ccc.nottingham.ac.uk>
Subject: Re: cellnet privacy?
Organization: Cripps Computing Centre, University of Nottingham
Date: Fri, 25 Sep 92 11:34:42 GMT
Apparently-To: comp-society-privacy@uknet.ac.uk
Someone mentioned finding out about Cellnet privacy laws over here in England.
Well as far as I know it is NOT illegal to monitor someone's Cellnet telephone
conversation as it is being broadcast in such a manner to be easily publically
available (like to any Joe with a decent radio or scanner). It could (only
could) be illegal to record such information but even this is very doubtful.
I take for my evidence the case in the British (and a lot of the World's press
over a recorded CellNet phonecall which was CLAIMED to be between the Princess
of Wales and an admirrer. In all the flak thrown up by this there has been no
indication that the person doing the recording was doing anything illegal.
Immoral definately Yes but not illegal.
I only hope that the gut response of some MPs to submit a bill making such
monitoring illegal is shot down in flames as it deserves. I have heard
nothing from any offical government source so I think they are ignoring the
issue as politically and practically the best response.
The only thing that suprises me is that with the almost daily cases reported
in the British press of CellPhone and also Cordless phone conversations being
recorded that anyone is still stupid enough to expect privacy on one.
Peter D
------------------------------------------------------------------------------
'Death is better than a life of shame' Boewulf
------------------------------------------------------------------------------
------------------------------
From: Mike Johnston <shearson!jenny!mjohnsto@uunet.uu.net>
Subject: Blockbuster & video rental records
Organization: Lehman Brothers
Date: Mon, 28 Sep 1992 12:28:15 GMT
Apparently-To: uunet!comp-society-privacy
Recently my local corner video store shutdown and I was forced to find
a membership elsewhere. Since the only other store of consequence in my
town was Blockbuster Video, I decided to go there. The application
process was fairly quick and painless IE you show them ID and a valid
credit card and you're a member in just a few minutes. After you join
they give you a notepad sized piece of paper which explains the
terms of the membership.
I glanced at this note when I got home and was quite surprised. Imbedded
with the standard legalese about being responsible for rented tapes and
such is a clause that states, from memory:
Member grants Blockbuster Video the right to release all information
generated by or through the use of the membership card.
In other words, they can give out my rental records to someone without
permission. This is disturbing.
It's annoying to discover that I'm liable to wind up on a whole slew
of new mailing lists (video tape clubs etc), but to find out that most
anyone Blockbuster deems appropriate can get a list of what I've viewed
is appalling.
Is there any way I can restrict Blockbuster from doing this, or should
I just stop using them? This is a large chain, I'm sure many of you
have already run into this. What were your experiences?
MJ
--
Michael R. Johnston/System Administrator mjohnsto@shearson.com
=-=-= The official .signature of the 1992 Barcelona Olympics. =-=-=
------------------------------
From: "J. Porter Clark" <jpc@avdms8.msfc.nasa.gov>
Subject: Big Brother has this message on file!
Organization: NASA/MSFC
Distribution: na
Date: 28 Sep 92 18:30:15 GMT
Apparently-To: comp-society-privacy@ames.arc.nasa.gov
I just found out last week that the local network management
organization is archiving all network traffic onto 8 mm tape and has
been doing so for at least six months. They plan on keeping this data
indefinitely.
They would hand over the tapes to Federal investigators if asked, of
course. How could they do otherwise?
The reason they are doing this is supposedly to troubleshoot network
anomalies such as broadcast storms. This is a particularly offensive
problem here for various reasons. A typical use of this system would
be to play back a portion of tape into a Sniffer or similar device so
that network statistics could be compiled for some arbitrary period of
time.
The size of network involved here is several thousand machines, most of
which are PC's and Macs, but also including a substantial quantities of
workstations and mainframes. I ran a rough check based on the numbers
they gave me, and it looked to me like they would run through a 5 GB
tape in about 30 minutes during a typical peak.
This alarms me, but it's hard to say why. I'm not aware of anything
I'm doing with the network which is a violation of anything, except
occasionally common sense. However, I don't compose every e-mail
message with the idea that I might be seeing it in the Washington Post
tomorrow. Encryption isn't quite as handy as it might be, seeing as
how they're trapping every keystroke I enter unless I'm logged in right
at the machine.
I realize that tapping into the Internet is probably not safeguarded by
anything like the type of legal consequences afforded to telephone
wiretapping. But this sort of systematic archiving of every byte on
the net for an indefinite period of time seems to me to be typical of
Big Brother at his worst, or the Soviet Union during the Bad Old Days.
Compounded with this is the fact that this is a Federal Government
installation, and it is required that employees avoid the appearance of
guilt as well as actual guilt.
IMHO, this is a profligate waste of magnetic tape. Other than that,
what's wrong with the net police archiving net traffic like this?
I believe that they should:
(a) Recycle tapes after a couple of weeks. Else they find themselves
open to: "I got this e-mail message last January and accidentally
deleted it; can you get it for me?"
(b) Keep the headers only and strip out the message contents. If the
header is unrecognizable, keep the whole message. This should save
some storage space as well as enhancing privacy. I know that the
comparison with the phone system is not really legal here, but the
phone system records the sources and destinations of calls but not
the calls themselves. (Or do they?)
J. Porter ("Testing one, two, three...") Clark
--
J. Porter Clark jpc@avdms8.msfc.nasa.gov or jpc@gaia.msfc.nasa.gov
NASA/MSFC Communications Systems Branch
ICON: A picture or symbol that stands for a word. Icons are often used
in programs for young children who cannot yet read.
-- some doctor's waiting-room magazine
------------------------------
Date: Mon, 28 Sep 92 21:09:29 GMT
From: news@cbnewsh.att.com
Subject: Re: Teletrac
Organization: Big Brother Is Watching You..
Re: transponders on cars - you don't need it - the license plate is enough.
Optical character recognition technology is about good enough to read
license plates today, and keeps getting faster as algorithms improve
and number-crunching chip speed doubles every year or two.
So all they need is a good video camera and a reader.
The main advantage of transponders is that the stationary equipment is
likely to be cheaper, and you can force the car owners to buy the transponders.
[Moderator's Note: I have no idea who sent this. All I got was that the
news program sent it. ._dennis.]
------------------------------
From: "J. Philip Miller" <phil@wubios.wustl.edu>
Subject: SSN & Bush
Date: Thu, 24 Sep 92 22:29:20 CDT
As another issue about disclosure of SSN, I offer the experience of my 8th
grade daughter. It appears that our esteemed President will visit her school
on Monday. She has the opportunity to be accredited as a member of the press
(as reporter for the school newspaper) but to receive that accrediation she
has to submit her full name, date of birth and SSN!
Now if I were paranoid I would recall that on my 1040 there is a link between
her and me and that the Secret Service might retreive my file and deny her
access :-)
-phil
--
J. Philip Miller, Professor, Division of Biostatistics, Box 8067
Washington University Medical School, St. Louis MO 63110
phil@wubios.WUstl.edu - Internet (314) 362-3617 [362-2694(FAX)]
------------------------------
From: Eric Hunt <bsc835!ehunt@uunet.uu.net>
Subject: SSN in login ids
Date: Sat, 26 Sep 92 19:47:27 CDT
Mailer: Elm [revision: 66.25]
The University of Alabama/Birmingham's Engineering dept uses a student's
full SSN as a part of their computer login ids. This machine in Internet
reachable.
I was wondering what relevant laws, if any, applied to this situation? I found
out about it through a friend who told me what his Internet address was. I
was shocked, and told him not to give that address to ANYONE because it
contained his SSN.
--
Eric Hunt | bsc835!ehunt@uunet.uu.net (preferred)
Birmingham-Southern College | ehunt@aol.com
Birmingham, Alabama 35254 | <<insert witty saying here>>
------------------------------
End of Computer Privacy Digest V1 #084
******************************