Date:       Wed, 30 Sep 92 15:56:54 EST
Errors-To:  Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From:       Computer Privacy Digest Moderator  <comp-privacy@PICA.ARMY.MIL>
To:         Comp-privacy@PICA.ARMY.MIL
Subject:    Computer Privacy Digest V1#086

Computer Privacy Digest Wed, 30 Sep 92              Volume 1 : Issue: 086

Today's Topics:				Moderator: Dennis G. Rears

                            cellnet privacy?
      Re: Computer access to SSN and bank accounts: 48hrs episode
                          Re: SSN in login ids
                                PO boxes
                             Bank balances
                    SSNs and Drivers Liscenses in NY
                       Re: Privacy vs. Anonymity
                     Re: Address required on checks

   The Computer Privacy Digest is a forum for discussion on the
  effect of technology on privacy.  The digest is moderated and
  gatewayed into the USENET newsgroup comp.society.privacy
  (Moderated).  Submissions should be sent to
  comp-privacy@pica.army.mil and administrative requests to
  comp-privacy-request@pica.army.mil.
   Back issues are available via anonymous ftp on ftp.pica.army.mil
  [129.139.160.200].
----------------------------------------------------------------------

Date: 29 Sep 92 17:39:56 EDT
From: "Murray J. Brown" <mbrown@vnet.ibm.com>
Subject: cellnet privacy?

A Toronto radio station reported today that the Supreme Court of Canada
has upheld a lower court's decision that Cellular Telephone Calls are not
deemed to be 'private communications' as defined by the Criminal Code of
Canada and are thereby legally subject to interception by a third party.
Reportedly, police departments welcome this decision in aid of their fight
against criminals who make extensive use of this technology.
 .
| Murray J. Brown                       | E-mail: mbrown@vnet.ibm.com |
| Distributed Services Technology,      | Telephone:   (416) 448-3185 |
| IBM Canada Ltd. (Toronto) Laboratory  | Standard Disclaimer Applies |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------

From: Ben Gross <gross@ux1.cso.uiuc.edu>
Subject: Re: Computer access to SSN and bank accounts: 48hrs episode
Reply-To: b-gross@uiuc.edu
Organization: University of Illinois at Urbana
Date: Tue, 29 Sep 1992 21:59:25 GMT

Did anyone tape this that would be willing to loan their copy out for a few
days?
Ben

-- 
! Mail to: b-gross@uiuc.edu       /!\    NeXT mail: gross@sumter.cso.uiuc.edu !
! No matter where you go, there you are.   --Buckaroo Bonzai--                !
!-------------> Reality is only for those who lack imagination. <-------------!
!-----------> Disclaimer:  I am the Lorax, I speak for the trees. <-----------!

------------------------------

From: Dave Grabowski <dcg5662@hertz.njit.edu>
Subject: Re: SSN in login ids
Organization: New Jersey Institute of Technology, Newark, N.J.
Date: Wed, 30 Sep 1992 00:02:04 GMT

In article <comp-privacy1.84.8@pica.army.mil> bsc835!ehunt@uunet.uu.net (Eric Hunt) writes:
>The University of Alabama/Birmingham's Engineering dept uses a student's 
>full SSN as a part of their computer login ids. This machine in Internet
>reachable. 
>
>I was wondering what relevant laws, if any, applied to this situation? I found
>out about it through a friend who told me what his Internet address was. I
>was shocked, and told him not to give that address to ANYONE because it 
>contained his SSN.

  A few weeks ago, I posted a msg about how NJIT uses student's SSN's
for Student ID's and for UNIX System ID's as well. It was the custom for
exam grades to be posted by SSN as well, but as I just found out today,
it seems that, at least in the Physics Dept., this is no longer going to
be done. They have now changed it so that the listing is done by >FIRST
NAME< only. This has GOT to be the most ridiculous way to post grades.
The Prof. mentioned that in one of his other classes, there were three
"Mark"'s in a row. Another person (who was checking her grade while I
was) said, "Nobody else has my name, anyway" (it was something obscure,
like Aretha).

  Perhaps it's time for schools to realize that SSN's aren't the way to
go, and some crazy methods like this don't work either.

-Dave

-- 
 -----------------------------------------------------------------------------
Kappa Xi Kappa - Over & Above!                         dcg5662@hertz.njit.edu
9 Sussex Ave., Newark, NJ (car theft capital USA)   70721.2222@compuserve.com

------------------------------

Date: Tue, 29 Sep 1992 19:31 EST
From: "Garnet (x5738)" <GHARRIS@lando.hns.com>
Subject: PO boxes


>In Computer-Privacy-Digest: Volume 1, Issue 082, Gordon Burditt 
> <gordon@sneaky.lonestar.org> asks

>Now, for those who say that giving false information is fraud:
>what happens if the information is blatantly and obviously false
>to anyone who looks at it?  Is that giving false information, or 
>just withholding it?
>Example:  on a credit application form, filling in SSN: JUS-TS-AYNO
>Example:  on a credit card slip, filling in "your phone number" 
>(literally) on the line marked "phone number".
>Example:  when an address is asked for on a check, filling in
>"Go swim in a toilet".
 
On a federal tax return, it is called "filing a frivolous return" which is
subject to fines and penalties.  The same is true of any derogatory remarks
about the IRS that you write in the margins of the form.  [I guess they
can't take a joke.]

>Another question:  You have a physical address where you *CANNOT*
>receive mail.  You have a post office box where you can receive mail

I face this problem every time someone asks for my address.  I usually
respond by asking: "street or mailling?".  Sometimes it leads to confusion 
when giving the address to people who assume that the Post Office always 
delivers to the door and leave off the PO box number.  Fortunately, the
town is small enough that they will look up the box number.

 -------
Garnet
gharris@lando.hns.com

------------------------------

Subject: Bank balances
Date: Tue, 29 Sep 92 21:14:09 EDT
From: "Michael P. Deignan" <kd1hz@anomaly.sbs.risc.net>
Reply-To: kd1hz@anomaly.sbs.risc.net

-> As for the bank balances, I'm not sure about that one.  I don't know
-> how to do it, but I do know that if there is a way to get the information
-> somone is selling it.

Rather easy, actually. All you need is a bank account number. Call the bank
and say "I'm Mr. X doing a credit check on Ms. Y - her account number is
ZZZ". Usually, the drone on the other end will say something to the effect
of "Yes, Mr. X.... Ms. Y opened her account on MM/DD/YY, and currently has
a balance in the [high,mid,low] [single, double, triple, etc.] digits.

You can then go to the person in question and give them a rough idea of
how much they have in their account (i.e. "ah, looks like you have a
couple thousand...") without giving an actual number (which generally
flucuates for most people, anyway.)

MD
-- 
--  Michael P. Deignan                      / Sex is hereditary. If your 
--  Domain: mpd@anomaly.sbs.com            /  parents never had it, chances 
--    UUCP: ...!uunet!rayssd!anomaly!mpd  /   are you won't either...
-- Telebit: +1 401 455 0347              /

------------------------------

Date:    Wed, 30 Sep 1992 9:46:43 -0400 (EDT)
From:    "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: SSNs and Drivers Liscenses in NY

My wife recently received her invitation to renew her driver's liscense
and the only time an SSN is required is for a commercial liscense according
to the instructions on the card's back.

This is surprising since NY seems to want to know everything about a person
including visits to the throne room :-).

Dave

Dave Niebuhr      Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973  (516)-282-3093

------------------------------

Return-Path: uucp@mathcs.emory.edu
From: Pete Hardie <nastar!phardie@emory.mathcs.emory.edu>
Subject: Re: Privacy vs. Anonymity
Date: 30 Sep 92 14:04:20 GMT
Organization: Digital Transmission Systems, Duluth, GA.


In article <comp-privacy1.85.8@pica.army.mil> Jim.Hunt@eng.sun.com (Jim Hunt) writes:
>To drive a car requires release of some anonymity, every car must
>have a plate.  (though this does not uniquely identify the driver)
>
>Plates are so we can catch those who violate the societal rules of the
>road.  Nobody says the requirement to carry a plate is a violation of
>privacy, it is accepted.  Why then do some people respond so vehemently
>to a request to identify themselves?  The idea of a unique identifier
>is perfectly acceptable for every car on the road, and the requirement
>that it be prominently displayed is also accepted.  My freedom to drive
>wherever is legal is not compromised by my plate.

Two comments here:

1) Driving is (mainly) a necessity in modern society.  If you do not drive,
   you are severely limited in your place of employment, your choice of
   shopping places, etc.  If something in a necessity, people will
   sacrifice other considerations for it.

2) A license plate on a vehicle merely identifies the vehicle, and does not
   limit *my* movements, or allow unscrupulous monitoring of my other
   activities.

>The problem of proof of identity is at the core of many of these
>discussions, and is often confused with privacy issues.  I accept
>that a merchant must have sufficient proof of my identity before
>he/she should accept a piece of paper in lieu of cash.  This is
>an identity problem, not a privacy problem.  That merchant is not
>trying to find out what you do, but who you are.

Why should the merchant care *who* I am, as long as the money I am
giving for purchase is good?  Note that if I pay cash, the merchant
will not ask for any ID, or proof that I have the money legally.  The
only issue I feel a merchant has is "Is the credit there?  Is there
really money behind this check?"

With a better-designed credit card system, my number, etc could be completely
invisible - the clerk would run the card through a magnetic scanner, enter the
purchase amount, and never know my name, credit card number, or anything else.
And that would suit the need of merchants quite well.


>I often get the impression that those who plan to break the law
>are the ones attacking identification under the shield of privacy.

But our legal system is based on the principle of 'innocent until proven 
otherwise" - we cannot remove anonymity for all just to catch the criminal
few.

>Anonymity helps those who break the law.  The bombing of PG&E

Anonymity helps those who hold unpopular views/lifestyles/etc.  Think how
many people you know about would persecute a Wiccan solely because they
dislike the faith?

Case in point:  I am getting married on Halloween, for the two reasons of
liking the holiday, and it falling on a weekend this year.  My fiancee, when
she was telling someone about the wedding, was asked "What religion is your
fiance?" in a manner that made her feel intimidated.  The Bible Belt still
holds strong intolerance, at least.

Basically, I hold to the idea that my actions are not to be recorded unless
there is a demonstrated need, simply because if there is data on me, someone,
somewhere, will find a way to abuse it, whether legally, economically, or
otherwise.

-- 
Pete Hardie:  phardie@nastar  (voice) (404) 497-0101
Digital Transmission Systems, Inc., Duluth GA
Member, DTS Dart Team           |  cat * | egrep -v "signature virus|infection" 
Position:  Goalie               |

------------------------------

From: Wm Randolph Franklin <wrf@ecse.rpi.edu>
Subject: Re: Address required on checks
Organization: Rensselaer Polytechnic Institute, Troy, NY
Date: Wed, 30 Sep 1992 17:53:45 GMT
Apparently-To: comp-society-privacy@cis.ohio-state.edu


In article <comp-privacy1.85.1@pica.army.mil> on Thu, 24 Sep 92 14:02:46 GMT,
amdunn@mongrel.UUCP (Andrew M. Dunn) writes:

  > Of course, cash will always be accepted without your address on it.

Oh?  

1. Service Merchandise, a local catalog store gets quite unfriendly when
I pay in cash.  They've told me they must have a name.  (So I give them
'Mario Cuomo').

2. Then there's Radio Shack.

3. You must give id when spending over $10K with one merchant in, I
believe, one year, or the merchant can get in serious trouble.

4. I've heard stories about IRS offices refusing to accept cash, though
I can't vouch for them myself.

There is one loophole however, which is probably still open.  You can
buy money orders anonymously, put whatever name you want on them, and
then use them to pay people who refuse cash.
-- 
Wm. Randolph Franklin,  wrf@ecse.rpi.edu, (518) 276-6077;  Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA

------------------------------


End of Computer Privacy Digest V1 #086
******************************