Date: Tue, 29 Sep 92 16:29:51 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#085
Computer Privacy Digest Tue, 29 Sep 92 Volume 1 : Issue: 085
Today's Topics: Moderator: Dennis G. Rears
Re: Address required on checks
Re: Computer access to SSN and bank accounts: 48hrs episode
Re: Computer access to SSN and bank accounts: 48hrs episode
Re: Computer access to SSN and bank accounts: 48hrs episode
Re: Computer access to SSN and bank accounts: 48hrs episode
Re: Citibank photo credit card
Re: Computer Privacy Digest V1#084
Privacy vs. Anonymity
Photos on credit cards
Re: cellnet privacy?
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: amdunn@mongrel.UUCP (Andrew M. Dunn)
Subject: Re: Address required on checks
Organization: A. Dunn Systems Corporation, Kitchener, Ontario, Canada
Date: Thu, 24 Sep 92 14:02:46 GMT
In article <comp-privacy1.78.1@pica.army.mil> James Zuchelli <claris!qm!James_Zuchelli@decwrl.dec.com> writes:
>
>Last year when I bought some books at a local community college they insisted
>that I put my street address on the check. (I have my P.O. Box printed on the
>checks.) I don't like giving out my address yet they refused to take the
>check unless it had an address.
>
>At one point they said they needed so "when your check bounces we can come
>find you."
>
>How much right do you have to not give out your phyusical address, how much
>right do the school bookstores have to refuse your check if you street address
>isn't on it.
>
They can decide what substitutes for cash currency they will let you
use to purchase goods from them. If they don't like it, you can't use
it.
Of course, cash will always be accepted without your address on it.
--
:-------------------------------------------------------------------------:
: Andy Dunn (amdunn@mongrel.uucp) ({uunet...}!xenitec!mongrel!amdunn) :
: "AT&T thinks Usenet is an Underground organization" - are we really? :
:-------------------------------------------------------------------------:
------------------------------
From: "Michael E. Adams" <madams@ecst.csuchico.edu>
Subject: Re: Computer access to SSN and bank accounts: 48hrs episode
Organization: California State University, Chico
Date: Sat, 26 Sep 1992 22:31:50 GMT
>got 2 people's names and addresses and were able to look up
>their SSN and their credit cards and bank balances
>via a computer at a private eye's office?
>
>Can anybody with a terminal and a modem do the same thing,
Yep. Anyone can! Just get an account with TRW, CBI or some other information
dealer, pay your monthly bill, and YOU can find out all about MY credit!
You can see who else is doing credit checks on me (handy if you need
to know if I'm talking to some OTHER salesman down the street), you can
find my employers name, where I used to live, how much I owe on my
home, etc.
As for the bank balances, I'm not sure about that one. I don't know
how to do it, but I do know that if there is a way to get the information
somone is selling it.
And that's where the REAL problem is. Information collection is not
bad as long as EVERYONE has access to it. But currently, only people who are
in the 'right job', wealthy, or powerfull can have regular access to
the data that is collected on ALL of us.
This sets an uneven playing field in all kinds of negotiations.
Ex. If I want to hire you, and you say you won't work for less than $xYY,
and I know your in debt up to your eyeballs,
then I may call your bluff and sweat you down to $YY.
Privacy is a myth. What we common people need is access!
--
Hi! I am a .signature virus. Copy me into your .signature to join in!
------------------------------
From: Dave Grabowski <dcg5662@hertz.njit.edu>
Subject: Re: Computer access to SSN and bank accounts: 48hrs episode
Organization: New Jersey Institute of Technology, Newark, N.J.
Date: Sun, 27 Sep 1992 05:19:42 GMT
In article <comp-privacy1.83.8@pica.army.mil> joe@babel.ho.att.com (Joseph M Orost) writes:
>Did anybody see the 48hrs episode on CBS on 9/23/92 where they
>got 2 people's names and addresses and were able to look up
>their SSN and their credit cards and bank balances
>via a computer at a private eye's office?
>
>Any idea how they did that?
>
>Can anybody with a terminal and a modem do the same thing,
>or is this some kind of "all people" database that
>one can subscribe to?
>
> regards,
> joe
>
I can't say how THEY did it, but I can tell you how I used to do it.
There are many not-so-moral people working at cerdit bureaus (TRW,
Trans-Union, Equifax, etc). It's not all that hard to obtain passwords
for their on-line services, and then it's only a matter of dialing it up
(not directly, they have nationwide ANI), and pulling anyone's credit
report: all you need is a SSN or part of a name & address.
-Dave
--
-----------------------------------------------------------------------------
Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu
9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com
------------------------------
From: James Hightower <jamesh@netcom.com>
Subject: Re: Computer access to SSN and bank accounts: 48hrs episode
Date: Sun, 27 Sep 92 08:32:11 GMT
Organization: Netcom - Online Communication Services (408 241-9760 guest)
joe@babel.ho.att.com (Joseph M Orost) writes:
>Did anybody see the 48hrs episode on CBS on 9/23/92 where they
>got 2 people's names and addresses and were able to look up
>their SSN and their credit cards and bank balances
>via a computer at a private eye's office?
>Any idea how they did that?
>Can anybody with a terminal and a modem do the same thing,
>or is this some kind of "all people" database that
>one can subscribe to?
I didn't see the show, however I do know that that sort of thing can
be done by pulling an "atlas" report from Trans Union. Since the report
contains no credit information, you do not need to be a credit granter
to get this report. All you need is a modem and a TU account. TRW and
Equifax provide similer reports.
-------------------------------------------------------------------------------
James Hightower jamesh@netcom.COM ...Don't try this at home!
------------------------------
From: hgpeach@ms.uky.edu (Harold Peach)
Subject: Re: Computer access to SSN and bank accounts: 48hrs episode
Date: Mon, 28 Sep 1992 13:47:21 GMT
Organization: University Of Kentucky, Dept. of Math Sciences
Joseph M Orost <joe@babel.ho.att.com> writes:
>Did anybody see the 48hrs episode on CBS on 9/23/92 where they
>got 2 people's names and addresses and were able to look up
>their SSN and their credit cards and bank balances
>via a computer at a private eye's office?
Yes, I was really bored by the whole thing. I expected to see
something new and exciting. All they did was use services/methods
that have been around for years to try and scare the more naive
viewers.
>Any idea how they did that?
Anyone who is a credit bureau member can find out most everything
they did using that "computer."
>Can anybody with a terminal and a modem do the same thing,
>or is this some kind of "all people" database that
>one can subscribe to?
Anyone who is a credit bureau member can do what they did from a
terminal. ANYONE can go to their local credit bureau and for a
reasonable fee get a paper copy of the same info.
At my previous job, we ran several credit reports per week, by
computer (an IBM PCjr!). With an SSN you can find out all of
the rest. The system will even let you know if the SSN is from
a valid range, making it hard to get by with a fake one.
With a name, you can usually find the person's
SSN and then get the rest. In today's world, it is virtually
impossible for anyone who maintains an AVERAGE lifestyle to get
lost from anyone for more than a month or two.
If you have a telephone, credit card, rent or buy a place to live,
have a car, etc. you just about can't get lost for long. Worrying
about giving out your SSN is moot, it is too late. I can (could when
I had access to the services) find out almost anyone's SSN with
just your name, or probably just from your address.
--
Harold G. Peach, Jr. ><> N4FLZ _% hgpeach@s.ms.uky.edu
------------------------------
From: Dave Grabowski <dcg5662@hertz.njit.edu>
Subject: Re: Citibank photo credit card
Organization: New Jersey Institute of Technology, Newark, N.J.
Date: Sun, 27 Sep 1992 05:19:42 GMT
In article <comp-privacy1.83.6@pica.army.mil> usenet_interface@almaden.ibm.com writes:
>
>
>I am a late comer to this group...so...
>
>Has there been a discussion about Citibank's commercial where they state
>that their CC's are the most secure?
>They completely ignore the fact that the thief need only put your CC
>number onto his CC with his photo...sounds like a sales gimmick to me.
>
Actually, I doubt that thieves would actually take the time to put
your CC# on their card. There are LOTS of easier ways to make credit
card purchases (I know.). Citibank claims that their cards are more
"secure" for you, but in actuality, is seems to be a benefit for THEM.
If your card is stolen, you are responsible for, at the most, $50. Big
companies, like Citibank, probably wouldn't even make you pay that. So,
supposing your card was stolen, and someone used it, it wouldn't hurt
you ANYWAY. Citibank is actually protecting themselves, but is selling
it on the premise that it will protect YOU.
On top of all that, I wouldn't want another ugly pic of myself like
the one on my driver's license, anyway!
-Dave
--
-----------------------------------------------------------------------------
Kappa Xi Kappa - Over & Above! dcg5662@hertz.njit.edu
9 Sussex Ave., Newark, NJ (car theft capital USA) 70721.2222@compuserve.com
------------------------------
Date: Mon, 28 Sep 1992 19:37:40 -0700 (PDT)
From: Steven Hodas <hhll@u.washington.edu>
Subject: Re: Computer Privacy Digest V1#084
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=us-ascii
Today I received an offer from Citibank to get my photo digitized on the
back of my MasterCard at no charge. Hmmm... My first thought, of course,
is suspicion, especially if Citibank likes the idea enough to offer it for
free. Now I'm wondering if it isn't perhaps a minimally intrusive way to
get some protection against simple fraud.
Anticipating feedback,
Steven
------------------------------
Date: Mon, 28 Sep 92 20:07:06 PDT
From: Jim Hunt <Jim.Hunt@eng.sun.com>
Subject: Privacy vs. Anonymity
I would like to discuss the difference between Privacy and Anonymity.
As always, read completely twice through before responding.
Definitions:
Privacy: keeping what I DO - in private - secret.
Anonymity: keeping my IDENTITY secret when interacting with others.
Observations:
At the time our constitution and bill of rights was written, there
was almost no concept of anonymity. Everyone in town knew everyone
in town, and "the stranger in blue" was sufficient for any newcomers.
Privacy with respect to government seems to be different from other
forms of privacy, in law, in these discussions, and in most matters.
To drive a car requires release of some anonymity, every car must
have a plate. (though this does not uniquely identify the driver)
=========
Plates are so we can catch those who violate the societal rules of the
road. Nobody says the requirement to carry a plate is a violation of
privacy, it is accepted. Why then do some people respond so vehemently
to a request to identify themselves? The idea of a unique identifier
is perfectly acceptable for every car on the road, and the requirement
that it be prominently displayed is also accepted. My freedom to drive
wherever is legal is not compromised by my plate.
I do not see how anonymity is a cornerstone of freedom. If I am
free to do something, I am free to announce my name while doing it.
If I choose NOT to announce my name while doing something legal,
then I still have no qualm with someone writing down my license
number, or snapping my picture, or shaking my hand for a DNA sample.
In cases where the law places unjust restrictions on my freedom,
the law should be attacked, not those who would identify you and
violate your anonymity, but NOT your privacy.
(NOTE, this is in public, don't stick a camera in my window)
The problem of proof of identity is at the core of many of these
discussions, and is often confused with privacy issues. I accept
that a merchant must have sufficient proof of my identity before
he/she should accept a piece of paper in lieu of cash. This is
an identity problem, not a privacy problem. That merchant is not
trying to find out what you do, but who you are.
There are many true abuses of this identity information. Mailing
lists are the most common and least worrisome. People living
alternative lifestyles are most at risk, but I do not want to see
freedom eventually lost by erosion of privacy. True freedom must be
protected, and I admit that privacy/anonymity are blurry at the
edges and overlap quite a bit.
I often get the impression that those who plan to break the law
are the ones attacking identification under the shield of privacy.
Anonymity helps those who break the law. The bombing of PG&E
power stations however, does NOT automatically give the FBI the
authorization to take down every license plate at an Earth First
rally. But if Earth First literature was found at the scene,
then the line gets vague. And further, should the FBI be restricted
from doing what any citizen could do?
In cyberspace, and our daily lives as they take on aspects of it,
these discussions often also hinge on the definition of private.
Courts have said your phone is private, unless they don't want it
to be (taps), or it would be too costly (encrypting of cell calls).
In my mind, your phone is thus NOT private. Email is even grayer,
and I'm sure will turn out just as private as your phone. (None!)
Perhaps the need is for a law that information given for the purpose
of identification not be released without permission. The selling of
mailing lists was never officially authorized by law or discussed in
Congress, it just started. I would like to see it stopped.
I could go on, but this should seed some discussion.
Card carrying member of the ACLU.
But then again, I'm still getting older...
jim hunt@Eng.Sun.COM yatta yatta disclaimer
George Bush is 68 years old and Dan Quayle is an idiot.
In '96, George Bush will be 72 and Dan Quayle will still be an idiot.
------------------------------
From: Steven Hodas <hhll@milton.u.washington.edu>
Subject: Photos on credit cards
Organization: University of Washington
Date: Tue, 29 Sep 1992 03:08:10 GMT
Today I received an offer from Citibank to get my photo digitized on the
back of my MasterCard at no charge. Hmmm... My first reaction, of course,
was suspicion, especially if Citibank likes the idea enough to offer it for
free. Now I'm wondering if it isn't perhaps a minimally intrusive way to
get some protection against simple fraud.
Anticipating feedback,
Steven
--
*****************************************************************************
NSA CIA BUSH HACKER KILL ASSASSIN IRAN FBI CRIME QUAYLE SPOOK
RSA PGP DES IRAQ DSS RDX RSA CUBA ENCRYPT LIBYA
*****************************************************************************
------------------------------
Date: Tue, 29 Sep 92 15:27:08 +0100
From: Mik Butler <mik@hpopd.pwd.hp.com>
Subject: Re: cellnet privacy?
Peter Debenham writes :
>/ hpopd:comp.society.privacy / ppxpmd@mips.ccc.nottingham.ac.uk (P.Debenham) / 12:34 pm Sep 25, 1992 /
>Someone mentioned finding out about Cellnet privacy laws over here in England.
>Well as far as I know it is NOT illegal to monitor someone's Cellnet telephone
>conversation as it is being broadcast in such a manner to be easily publically
>available (like to any Joe with a decent radio or scanner).
(rest deleted)
Sorry Peter, it IS illegal to monitor cellnet/vodaphone telephone conversations
in the UK. The Wireless Telegraphy Act (1949) states that you can in general
only legally receive to Broadcast stations (i.e. broadcast television
and radio), and Radio Amateur stations.
In practice, the dti (department of trade & industry, UK gov. body
responsible for among other things the airwaves) don't have the
resources to track down & prosecute people who illegally monitor the
radio frequencies. I can't remember the last time someone was prosecuted
for listening to Air Traffic Control (just go to Heathrow and see
how many aviation enthusiasts listen in), but prosecutions for
listening to Cellnet/Vodaphone, police, etc. do happen from time to time.
Mik Butler, G8RKO
11th commandment : "Thou shalt not get caught"
------------------------------
End of Computer Privacy Digest V1 #085
******************************