Date: Sat, 05 Dec 92 13:14:34 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#108
Computer Privacy Digest Sat, 05 Dec 92 Volume 1 : Issue: 108
Today's Topics: Moderator: Dennis G. Rears
Re: Lucky Supermarkets copies social security numbers on to checks.
Re: Privacy in VA
Re: Privacy in VA
Re: Privacy in VA
Re: Privacy in VA
Re: Privacy in VA
Medical Credential info
Privacy in the Commonwealth of Virginia
SSN
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 3 Dec 92 15:11 PST
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: Lucky Supermarkets copies social security numbers on to checks.
jms@carat.arizona.edu (A virtually vegetal non-entity)
> I hope that the solution to this problem is obvious: take a small
> kitchen magnet, place it in close contact with your drivers license,
> and erase the strip.
Minutes ago, I put my license through a professional grade video tape
degausser. I do not recall seeing or hearing any admonition to refrain
from doing this. There are plenty of people out there without the mag
stripe on the back of the license, so until it is universal I do not
feel like being placed at any particular disadvantage.
If the time comes that it can be demonstrated to me, the citizen, that
the mag stripe on the back of my license is of benefit to ME, then I
will consider taking it in for re-recording. Until then, I am not going
to be stapled, folded, or mutilated.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
From: Steve Johnson <johnson@trwacs.fp.trw.com>
Subject: Re: Privacy in VA
Organization: TRW Systems Division, Fairfax VA
Date: Thu, 3 Dec 1992 23:43:07 GMT
Paul Olson <olson@dstl86.gsfc.nasa.gov> writes:
>>
>>4. Etc
>>Are there related issues I should know about but haven't thought to ask?
>Yea, radar detectors are illegal in VA. In fact, only VA and DC ban radar
>detectors. Personally, I wouldn't live in a state which says I can't own a
>radio receiver, not to mention that it's overbuilt, over crowded and you can't
>get anywhere on a Saturday because of traffic. If you're going to be working
>in DC, I'd look into moving to Maryland. But that's just my opinion.
I've lived in both and concur with Paul (although some parts of Maryland
are better than others. Don't fall for the "the taxes are lower in Virginia
bit". About two years ago, while living in Virginia, my tax man goofed and
punched in MD for my state of residence. When I got the return in the mail,
noticed the error and reported it he, after apologizing most profusely,
corrected it to VA and all was right with the world. The best part was that
I got to get a REAL comparison of the income tax situation in VA and MD with
the same input data. The result: I saved about $100 in VA. Of course, I had
a ten year old car (VA has a personal property tax and levies it on cars,
boats, airplanes, and just about anything else they can find EVERY year) and
didn't have to shell out anything in taxes (well almost nothing) for it.
The Commonwealth (geez what ego) has truly learned the fine art of the
nickel-and-dime tax (including the so called VA Pilot's License).
Unfortunately, Mayor (oops Governor) Schaefer of Maryland is beginning to
learn this technique from Governor Wilder so I can't say how much longer
this situation will continue and of course your mileage may vary. BTW I
live in one of the highest taxed areas in MD; Montgomery County. Live
somewhere else (like Frederick) and things are cheaper still.
------- Any views expressed are those of myself and not my employer. --------
Steven C. Johnson, WB3IRU / VK2GDS |
TRW | johnson@trwacs.fp.trw.com
FP1 / 3133 | [129.193.172.90]
1 Federal Systems Park Drive | Phone: +1 (703) 968.1000
Fairfax, Virginia 22033-4412 U.S.A. | Fax: +1 (703) 803.5189
--
------------------------------
From: Carl Oppedahl <oppedahl@panix.com>
Subject: Re: Privacy in VA
Date: Fri, 4 Dec 1992 00:30:11 GMT
Organization: PANIX Public Access Unix, NYC
In <comp-privacy1.105.4@pica.army.mil> Allen Warren <allen@tessi.com> writes:
>This information came to light in an article noting differences between
>credit card and bank check payment. When a store accepts your check,
>they assume liability. When they accept your credit card, there is no
>liability to the store, the liability is with the credit card company.
>Whenever a store asks me to list my telephone number on my credit card
>receipt, I put down 555-1212. I had one clerk notice the number and she
>stated that the number was not valid since it was information. I then
>stated that this was the number I wrote on the receipt and I wouldn't give
>out my unlisted number. .....
New York State has a law that they cannot make you give your phone number
or address for a credit card slip. The idea is that the store has already
gotten credit approval for the charge slip and has no legitimate
need to know anything else.
Carl Oppedahl AA2KW (intellectual property lawyer)
30 Rockefeller Plaza
New York, NY 10112-0228
voice 212-408-2578 fax 212-765-2519
------------------------------
From: Christopher J Burian <cburian@ux4.cso.uiuc.edu>
Subject: Re: Privacy in VA
Organization: University of Illinois at Urbana
Date: Fri, 4 Dec 1992 02:17:18 GMT
Apparently-To: comp-society-privacy@ux1.cso.uiuc.edu
Craig Wagner <Craig.Wagner@p2.f120.n109.z1.fidonet.org> writes:
> RL> 2. SSN, CC#, Phone # on checks What is VA law on stores wanting to
> RL> write any of the above on your check before honoring it?
> RL>
> RL> [Moderator's Note: I sure as hell hope they don't restrict the
> RL> practice. You have no *RIGHT* to cash a check. A store has a
> RL> legitimate need for the SSN. ]
>They _do_ restrict the credit card numbers here. Nothing else, though, to the
>best of my knowledge.
> RL> [Moderator's Note: Once again I have to ask: Does the
> RL> knowlege of one SSN affect that's person privacy? I say no. All the
> RL> SSN does is act as a global indentifier. In today's technology it is
> RL> not difficult for a legitimate business to get a persons SSN. You
> RL> don't need a SSN to get a credit report just a name and address.
> RL> ._dennis ]
>This comment almost makes it sound as though the only privacy issues
>are (1) protection from "a legitimate business" or (2) for protecting
>credit reports. Privacy includes the protection of _any_ information
>an individual chooses to consider "none of 'your' business," including,
>if they so choose, the SSN from being given to friends, neighbors, or
>strangers. As long as organizations use the SSN as an identifier for
>conducting transactions (American Express does this for phone
>transactions, and other organizations rely too heavily - and singularly
>- on it), an individual is being reasonable in making efforts not to
>have his SSN become any more public than it already is. It's precisely
>because of these issues that some states (the recent report of actions
>within the Virginia legislature is an example) are taking efforts to
>help individual's protect their SSN number.
>[Moderator's Note: The point I am making is that the SSN has become the
>defacto Universal Identification Number. I don't like but I have to
>accept that fact. ._dennis ]
The point of the word "privacy" isn't to deny identification when for a
legitimate business use. The problem is businesses and government
organizations that can get the job done without the SSN. It's fairly
easy to make someone's life miserable if you know their SSN, according
to the people who want to restrict its use. If this or that form
doesn't NEED the SSN to ensure payment or collect taxes, then don't
ask for it!
Chris Burian---
------------------------------
From: "Michael T. Palmer" <palmer@icat.larc.nasa.gov>
Subject: Re: Privacy in VA
Date: 4 Dec 92 17:56:12 GMT
Organization: NASA Langley Research Center, Hampton, VA USA
Paul Olson <olson@dstl86.gsfc.nasa.gov> writes:
>Yea, radar detectors are illegal in VA. In fact, only VA and DC ban radar
>detectors. Personally, I wouldn't live in a state which says I can't own a
>radio receiver, not to mention that it's overbuilt, over crowded and you can't
>get anywhere on a Saturday because of traffic. If you're going to be working
>in DC, I'd look into moving to Maryland. But that's just my opinion.
Well, you're right about the radar detectors at least. But I thought that
Connecticut also outlawed detectors... either way, I just can't fathom why
this law has not been successfully challenged.
Now about the rest of this statement... you must be talking about Northern
Virginia in the DC area. If you took the time to visit the rest of the
state, you'd find one of the prettiest and friendliest around!
--
Michael T. Palmer, M/S 152, NASA Langley Research Center, Hampton, VA 23681
Voice: 804-864-2044, FAX: 804-864-7793, Email: m.t.palmer@larc.nasa.gov
PGP 2.0 Public Key now available -- Consider it an envelope for your e-mail
------------------------------
From: David Banisar <Banisar@washofc.cpsr.org>
Subject: Re: Privacy in VA
Organization: Computer Professionals for Social Responsibility
Date: Sat, 5 Dec 1992 03:49:09 GMT
Apparently-To: comp-society-privacy@uunet.uu.net
Since there has been much recent discussion about privacy in
Va., I thought the readers might be interested in this new provision
of Va. law, enacted in 1992. It provides for an opt-out system for
personal information collected by merchants. Its fairly weak in its
disclosure and enforcement provisions but it is a start. Readers
might want to consider showing this to their legislators. In
addition, Va. also has a privacy law, fairly closely modeled after
the 1974 Federal Privacy Act.
Both the legislature and the Council on Information Management
have expressed some interest recently in a data commission to
protect privacy. CPSR is working on a draft bill to present to the
legislature and the council that would increase enforcement of
privacy provisions and remove many existing loopholes among other
functions.
The legislature expressed great interest in removing the SSN off
of driver's licenses and may do so in the next legislative session.
It may be possible to speed up the processing if notices for new
liscences are included in every already existing mailing that the
DMV already sends out. (ie registrations, tickets, etc.). We will
present this alternative to the legislature when the bill is
drafted (unless someone here forwards the idea sooner).
If anyone is interested in either an electronic copy of the full
Virginia code on privacy protection or the testimony I gave at the
SSN hearing, feel free to email me at banisar@washofc.cpsr.org. Both
are a bit long for submission here.
Dave Banisar
CPSR Washington Office
TITLE 59.1. TRADE AND COMMERCE
CHAPTER 35. PERSONAL INFORMATION PRIVACY ACT
| 59.1-442. Sale of purchaser information; notice required
No merchant, without giving notice to the purchaser, shall sell to
any third person information which concerns the purchaser and which is
gathered in connection with the sale, rental or exchange of tangible
personal property to the purchaser at the merchant's place of
business. Notice required by this section may be by the posting of a
sign or any other reasonable method. If requested by a purchaser not
to sell such information, the merchant shall not do so. No merchant
shall sell any information gathered solely as the result of any
customer payment by personal check, credit card, or where the merchant
records the customer's driver's license number.
For the purposes of this section "merchant" means any person or
entity engaged in the sale of goods from a fixed retail location in
Virginia.
| 59.1-443. Exceptions
This chapter shall not apply to information gathered for purposes of
extending credit or the recording and sale, rental, exchange or
disclosure to others of information obtained from any public body as
defined in the Virginia Freedom of Information Act (| 2.1 -341 et
seq.).
| 59.1-444. Damages
Any merchant who violates the provisions of this chapter shall be
liable for damages in the amount of $100, payable to the purchaser
whose personal information was sold or otherwise disclosed in violation
of this chapter. In addition, such purchaser may recover reasonable
attorney's fees and costs. Actions under this section shall be brought
in the general district court for the city or county in which the
transaction which gave rise to the action occurred.
------------------------------
Date: Fri, 4 Dec 1992 01:02:14 -0500 (EST)
From: Paul Eric Stoufflet <pes3@cunixf.cc.columbia.edu>
Subject: Medical Credential info
(I sent this to alt.privacy, but received no reply)
I am a medical resident at Columbia Presbyterian Medical Center in NYC.
It recently came to my attention that the Department of Medicine was
giving information on myself (and presumably the other residents at
CPMC) to the American Board of Internal Medicine, which oversees the
credentialing of 'board-certified' physicians. In addition to assessments
of performance, they provide personal information including the
omnipresent SSN.
I do not recall granting any permission, written or otherwise, to
Columbia to disseminate this information. I am sure that Columbia
University receives federal funds, and so does Presbyterian Hospital.
Are they in violation of the 1974 Privacy act? Can I do anything
about it?
Please respond via Email.
Thanks-
/ \ / \ Paul Stoufflet / \ / \
| / \ | Columbia Presbyterian Medical Center | / \ |
| \ / | internet: pes3@cunixf.cc.columbia.edu | \ / |
\_/_\_/ All opinions are my own \_/_\_/ �
------------------------------
From: "Paul Robinson, Contractor" <FZC@cu.nih.gov>
Reply-to: TDARCOS@mcimail.com
Date: Thu, 03 Dec 1992 21:49:00 EST
Subject: Privacy in the Commonwealth of Virginia
Aproximately two years ago, Chesapeake & Potomac Telephone
Company of Maryland, and Virginia introduced the Caller-ID
feature on their electronic telephone switch systems.
The Public Service Commission of the District of Columbia
specifically forbade Chesapeake & Potomac Telephone Company
of Washington, DC to provide Caller-ID either on interstate
local calls or to calls made within DC.
So for a time, if you called from Maryland or Virginia, to
someone in either of those states who has Caller ID, the
holder of the device could get your number; you had no means
to block the number.
After a short period of time, the Maryland Public Service
Commission issued an order to C&P Telephone of Maryland to
allow "per-call" blocking by dialing *67 / 1167. It was
at this time that the DC PSC told C&P of DC that they could
offer Caller-ID if they also implemented blocking. They
did.
The Washington Post ran a series of articles about people who
had troubles because of Caller-ID. It wasn't until their
competitor, the Washington Times, told about it, that anyone
knew that the Post had installed Caller ID on its lines when
it installed its new PBX system. The Post, for some reason
never said anything to anyone about it.
In Virginia, there is still no way to block Caller-ID on a
call dialed from one of their numbers. But callers in DC
or Maryland can block the delivery of their number. And,
a Caller-ID subscriber can refuse to accept blocked calls.
I have a drivers' license from the State of Maryland. While
they asked for my social security number on the application,
the number appearing on my license is a long "soundex" number.
(California had it interesting; my old license from there
was N71xxxxx. This told anyone who knows California licenses
that mine was originally issued in 1977.
My brother has an identification card from the Commonwealth
of Maryland. My mother has an (expired) id card from the
District of Columbia. Both the Virginia card and the DC card
use the Social Security number as the serial number. Had I
turned in my California license before it expired, when I
was living in DC, the license they would have issued me would
have used my social security number.
----
Paul Robinson -- TDARCOS@MCIMAIL.COM -- These opinions are mine alone.
------------------------------
Date: Fri, 4 Dec 92 06:22 GMT
From: Andrew Koran <0003967939@mcimail.com>
Subject: SSN
Dennis, I think you're missing the point on this SSN debate. I have to
agree that if youre writing a check in a store the merchant has to ID
you, but your SSN is not supposed to be an ID. If your worried about
your privacy or your credit record pay cash (if you can) You
mentioned before that it pretty much defacto as an ID, but how did it
get that way in light of the present abuses. Issue number 105 has a few
words about correcting your credit bureau reports, near impossible,
and that if someone, some merchant abuses it like I;ve had done, I
can just imagine the problem you'll have trying to correct the artwork
of some bogus fool abusing your ID. The burden of all of this tends
to fall right on the shoulders of the individual.
Andrew A. Koran
------------------------------
End of Computer Privacy Digest V1 #108
******************************