Date: Tue, 10 Nov 92 16:33:45 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#098
Computer Privacy Digest Tue, 10 Nov 92 Volume 1 : Issue: 098
Today's Topics: Moderator: Dennis G. Rears
Re: Risks Of Cellular Speech
Re: 1-800-CURB-DWI
Re: Clinton Endorses Right to Information Privacy
Re: Posting grades by SSN
Re: ssn and traffic tickets
Re: SSN and unique IDs
Credit Thieves
Re: Risks of Cellular Speech
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: "Tom R. Rice" <tomrice@netcom.com>
Subject: Re: Risks Of Cellular Speech
Organization: Netcom - Online Communication Services (408 241-9760 guest)
Date: Sat, 7 Nov 1992 01:27:35 GMT
Dave King <71270.450@compuserve.com> writes:
>traffic is lighter. Scanners cost as little as $200, and are sold in virtually
>every shopping mall in Toronto.
It's astonishing that most people don't seem to realize
that cellular phones are "wireless", i.e., they are just
2-way radios fancied up a bit. The cellular industry
doesn't want customers to know this, but I'm boggled
that people just don't catch on. Would they discuss
sensitive information on a CB radio?
BTW, a scanner is not really necessary. The older TV sets
that have UHF tuners of the continuously-tuned type (rather
than the channel-switch type) can easily tune in cellular
calls.
Ahh, the marvels of technology!
trr
--
"Start off every day with a smile and get it over with." --W.C.Fields
Tom R. Rice WB6BYH Holler Observatory -
tomrice@netcom.com Longitude: 121 d 30 m 20 s W
CIS: 71160,1122 Latitude: 37 d 25 m 10 s N
------------------------------
From: Jarrod Staffen <uswnvg!uswnvg.com!jstaffe@uunet.uu.net>
Subject: Re: 1-800-CURB-DWI
Date: 6 Nov 92 22:58:42 GMT
Organization: U S WEST NewVector Group, Inc.
I personally think the idea of *DWI is great. I use a cellular phone and have
been on the road many times behind a dangerous driver. When it is clear that
the driver is under some kind of influence, I diall 911. It's free and it puts me through to State Patrol. On one occasion, I was behind a truck carrying 4
passengers. The three in the cap were hitting eachother, the truck was all
over the road. They were passing beers between the guy in the truckbed (who
had a case of beer) and the guys in the cab. I thought this was quite stupid,
but not nearly as stupid as when they saw a hitch-hiker ahead and pretended
they were going to run him over. Instead of running over him, they swerved at the last second and just threw a beer at him. I dialed 911 and followed these
pukeheads until a trooper caught up a few minutes later. Justice was served.
If I wanted to, I could have called anonymously as there are no means to trace
the origins of a cellular call (not easily, anyway).
Of course, the privilege could easily be abused. I couldn't give you a quick
answer to that. But I feel the bebefits greatly outweigh the risks of abuse.
Jarrod Staffen
jstaffe@uswnvg.uswnvg.com
------------------------------
Subject: Re: Clinton Endorses Right to Information Privacy
Date: 6 Nov 92 20:45:51 PST (Fri)
From: John Higdon <john@mojave.ati.com>
"Wm. L. Ranck" <ranck@joesbar.cc.vt.edu> writes:
> While the other stuff on the list doesn't bother me this one sure does.
> Basically it says that the government knows what is good for me and will
> not let me decide.
You will also notice the general tone of the entire statement that is usually
present in governmental attempts at "protecting privacy". The assertion
is that people (or "The People" if you will) need to be protected from
each other and, in the case now of the Democrats, from Big Bad Business.
The government, however, should know EVERYTHING about you--for your own
protection, of course.
If you look at the "privacy" statutes in California for example, the
only protection that is provided is against other ordinary citizens.
The government and even certain commercial enterprizes have full,
unrestricted access to your DMV records.
This is one reason that I have always maintained that the best privacy
protection is constant vigilance. Depending on "the government" to
ensure your privacy is like asking a street urchin to hold on to your
wallet while you tie your shoe. I get very nervous when I hear about
new "privacy" legislation.
> How long till it makes "dangerous" recreational activity
> illegal? "Sorry, skis and ski poles are dangerous, you can't buy them
> anymore."
In case you don't know, insurance companies already use various methods
to determine if a prospective insured participates in sky diving,
SCUBA, and other "risky" activities. And an insurance company would
like nothing better than to have a person lie on the application, find
information to the contrary, and then deny a claim based upon
falsification of an application--especially after collecting many years
of premiums.
> If a product is possibly dangerous then requiring some reasonable labeling
> is fine, but to "protect" the public from what is considered dangerous is
> not.
This is not how the government likes to work. Just look at the list of
banned products in the USA. Then see how many of them are in common use
in the rest of the world, perhaps with warning labels. One of them is
Thalydamide, which is an excellent low-side-effect tranquilizer. Of
course the major bad side effect, severe birth defects, can easily be
avoided by abstaining from the drug while pregnant. But our government
feels that US citizens cannot be trusted with sharp objects, as it
were, and bans all use of an otherwise useful product.
Remember, privacy has been "assured" on the cellular band--not by
making the communications secure with technology--but by taking the
radios that can tune cellular frequencies away from citizens.
Government is beneficent; Government is your friend. It protects you
from other PEOPLE. And coming soon: protection from Nasty Old
Corporations.
--
John Higdon <john@zygot.ati.com> (hiding out in the desert)
------------------------------
From: Ramesh Doddamani <ramesh@veda.esys.cwru.edu>
Subject: Re: Posting grades by SSN
Date: 7 Nov 1992 09:31:09 GMT
Organization: Case Western Reserve University, Cleveland, Ohio (USA)
Reply-To: ramesh@veda.esys.cwru.edu
I am reading a report which is supposed to have been published in a
magazine called "Education Daily" dated Aug 11, 1992. It is about a
suit filed by students at Rutgers University(Krebbs v. Rutgers)
regarding the posting of grades by SSNs. A federal judge has(had)
temporarily barred the university action saying that the practice may
violate students' privacy. University officials had said that this
happened in isolated cases and is not a university policy. I wonder
what happened to the case.
Ramesh
------------------------------
From: wbe@bbn.com (Winston Edmond)
Subject: Re: ssn and traffic tickets
Date: 7 Nov 92 18:26:57
Organization: Bolt Beranek and Newman, Inc., Cambridge, MA
Eric Hunt <bsc835!ehunt@uunet.uu.net> asks:
>In Alabama, your SSN is printed on your driver's license. It's *not* the
>DL#, but it is printed on the card itself.
>
>How many other states also have the SSN printed on the license?
In Massachusetts, your SSN will be used as your driver's license number
unless you specifically request otherwise. I vaguely recall that it took a
court case to force the Registry to make the option available.
-WBE
------------------------------
From: Stephen M Jameson <sjameson@fergie.dnet.ge.com>
Subject: Re: SSN and unique IDs
Date: 9 Nov 92 12:42:26
Organization: General Electric Advanced Technology Labs
Reply-To: sjameson@atl.ge.com
In article <comp-privacy1.96.6@pica.army.mil> sjameson@fergie.dnet.ge.com (Stephen M Jameson) writes:
>>
>>A scenario: NIST standardizes such an algorithm (perhaps with some
>>local parameters so that a third party with my SSN and a company's FID
>>_still_ couldn't get my ID) and use of it becomes compulsory as use of
>>SSNs by private entities becomes illegal; phased in over a 4-5 year
>>period, perhaps.
>>
...
>of privacy on the part of the individuals who are not compelled or
^^^
Of course this "not" shouldn't be here. It should read:
I know that "privacy" as used in this newsgroup usually refers to specific
kinds of privacy, but doesn't the whole idea of "use of it becomes compulsory"
and "becomes illegal" denote government violation of privacy on the part of the
individuals who are compelled or prohibited from taking certain actions?
--
Steve Jameson General Electric Aerospace
sjameson@atl.ge.com Advanced Technology Laboratories
Moorestown, New Jersey
****************************************************************************
** . . . but I do not love the sword for its sharpness, nor the arrow **
** for its swiftness, nor the warrior for his glory. I love only that **
** which they defend . . . **
** -- Faramir, "The Two Towers" **
****************************************************************************
------------------------------
cc: tdarcos@mcimail.com
Reply-to: TDARCOS@mcimail.com
From: Message Center <FZC@cu.nih.gov>
Date: Mon, 09 Nov 1992 22:23:37 EST
Subject: Credit Thieves
Article Summary, "The Credit Thieves"
(Washington Post, Nov. 9, Page D5),
"They Take Your Identity, Then Your Good Name."
In "The Credit Thieves" article author Stephen J. Shaw asks
if you have checked your credit rating lately; some thieves
have been known to find people's personal information, then
create new identities - and new credit histories - for some
people. Apparently name and address is enough to be able to
"borrow" someone else's credit information. Some so-called
"credit doctors" charge $500 to find someone else with the
same or similar name and a clean record, and give the buyer
that person's credit record.
Shaw declares personal exposure to credit fraud: his credit
rating showed "almost $100,000" in credit, services and
merchandise ("loans, credit cards, personal bank loans, plane
tickets, home-entertainment systems, computers, clothes,
furniture, cellular telephones and a slew of other consumer
goodies") granted to "him" even though he lives in
Washington DC, and the credit granted to "him" was to someone
in Orlando Florida, and he's never heard of the things claimed
to be charged to him.
He only found out about the incident when he applied for credit
with an organization and they asked him why he didn't declare
all the OTHER credit cards and such that he has.
Apparently almost anyone with access to a computer terminal
with access to a regular credit reporting agency can
probably find out your credit history.
His "Credit Double" was only caught because he tried to buy a
house using Shaw's name. The Secret Service is the agency that
handles trying to catch people who do this. The "credit mugger"
is in jail awaiting trial for four counts of bank and credit
fraud.
Happy ending, eh? NOT. Now getting rid of the inaccurate and
fraudulent credit requests is a job in and of itself.
"Equifax had deleted five of the bogus accounts, kept another
four on my report and added three new ones. TRW told me that
most of the disputed accounts had been deleted because the
creditor had not replied to TRW's inquiry, but added that the
'creditor may re-report item.' stating , in effect, that the
accounts could reappear in future editions." Trans Union did
not have the incorrect accounts, but still had the Florida
address. TRW also has his address listed as Florida.
A New York State agency found six out of 17 credit reporting
agencies which advertised would sell credit histories without
any attempt to verify the purpose of the request. An executive
at TRW told a 1991 Congressional hearing that "if someone is
willing to lie to get a consumer report on another individual,
there is nothing in the present law to act as a deterrent."
Apparently it's not all that hard even to get someone's credit
report legally. The Fair Credit Reporting Act (FCRA) allows
anyone with "a legitimate business need for the information"
can get your report; this includes prospective creditors and
employers. "This loophole covers anything from renting an
apartment to paying for something by check to joining a health
club or a dating service. Reports can be ordered legitimately
by employers checking on employees, insurance companies writing
policies, someone trying to collect a debt, and government
agencies deciding to grant any form of assistance or licenses."
The article notes one can request not to be put in the list of
"pre-screened" or "targeted" people that credit reporting agencies
sell to companies that sometimes offer credit. You can also ask
to be taken off mailing lists by writing the Direct Marketing
Association, Mail Preference Services, 11 West 42nd St,
Box 3961, New York, NY 10163-3861. They can also take reqests
just to remove your telephone number from some lists.
The article recommends contacting each of the three major agencies
twice yearly, and at least 6 months before a major purchase,
because some of them don't get what the others have. If something
is wrong, contact the creditor directly as well as the reporting
agency. If you can't get something corrected, ask to have a
statement inserted in your record.
If you're not satisfied, you can write the Federal Trade Commission
at Correspondence Dept, Room 692, Washington DC 20580.
The major credit reporting agencies are:
- Equifax, Box 740241, Atlanta GA 30374 1-800-685-1111
- Trans Union, Box 7000, North Olmsted, OH 44070
Regional Offices:
- Box 360, Philadelphia, PA, 19105 215-569-4582
- 222 South First St., Suite 201,
Louisville KY 40202 502-584-0121
- Box 3110, Fullerton, CA 92634 714-870-5191
- TRW National Consumer Relations Center,
12606 Greenville Ave., Box 749029,
Dallas TX 75374-9029 214-235-1200
(TRW allows one free report a year by mail from)
- TRW, Box 2350, Chatsworth CA, 91313-2350
---
Paul Robinson -- TDARCOS@MCIMAIL.COM
These (uninformed and probably inaccurate) opinions are mine
alone; nobody else is (stupid enough to be) responsible for
them.
------------------------------
Reply-to: TDARCOS@mcimail.com
From: Message Center <FZC@cu.nih.gov>
Date: Mon, 09 Nov 1992 22:56:37 EST
Subject: Re: Risks of Cellular Speech
In Telecom Digest 12-834, Frank Vance <airgun!fvance@uunet.uu.net>
wrote:
>I for one have been quite disappointed in the way the
>entire cellular privacy issue has been handled by
>the cellular providers and the U.S. Government
>1. First of all, why did the various cellular providers make
>promises of "safe and secure communications" when they knew
>anybody with a little money could buy a receiver to listen
>in?
>2. Why, instead of fixing the technical deficiencies in
>their product do they go sniveling to Congress to make it
>illegal to listen...
>3. Why in the world did our government accept the
>sniveling and pass the Electronic Communications
>Privacy act...most agencies of the government understand
>the problem...many of them have implemented digital
>scrambling.
I'd like to quote from two books by Robert A. Heinlein. In
his last book before he died, "To Sail Beyond The Sunset"
there is - coincidentally - a telecommunication question
asked where someone notices that the video telephones used
(in the story) in Kansas City are flat, and the video in
Dallas is stereophonic. He asks "Why is Kansas City still
using flatties? Dallas phones are all tanks now." To which
his mother informs him "Donald, any question that begins
with 'Why Do they' can usually be answered, 'Money.'"
In the second Heinlein book, "The Moon is a Harsh Mistress,"
the main character Mannie points out that people always ask
for a law to stop other people from doing something that they
don't like those people doing. "Nobody ever says, 'Please
pass a law to make me stop doing something I know I should
stop."
So the point is that it's all about money. It's a lot
cheaper (and dishonest) to leave cellular phones totally
open and make it illegal to listen to them, while causing
people to have the (misguided) impression that the medium
is secure.
Another point is that some agencies of the government DO NOT
want telecommunications to *really* have privacy; there are
some rumors that NSA monitors *all* overseas calls, or at
least all overseas calls to 'sensitive' countries. I am
sure NSA, FBI and a few others DO NOT want real security.
Also, you might ask the same question about why the
members of congress involved with Mr. Keating of
American Savings didn't tell him to fix the problems
with his S&L instead of "accepting the sniveling."
Call it very effective ahem "campaign contributions."
Did the same thing happen in this instance? We'll
probably never know unless some Senator's aide does
what one did to Ted "Chappaquittick" Kennedy.
---
Paul Robinson -- TDARCOS@MCIMAIL.COM
These opinions are MINE alone and nobody else's
------------------------------
End of Computer Privacy Digest V1 #098
******************************