Date: Thu, 18 Mar 93 17:23:02 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#026
Computer Privacy Digest Thu, 18 Mar 93 Volume 2 : Issue: 026
Today's Topics: Moderator: Dennis G. Rears
Yet another White House address
Re: Employee Monitoring Systems
Re: Dorothy Denning's article in Comm. of ACM
Re: What is passwording?
[ac388@freenet.hsc.colorado.edu (Jack Decker): Use of Medical
Clearing House]
Re: Social Security Numbers as ID
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Wed, 17 Mar 1993 12:17:50 -0500 (EST)
From: TDARCOS@mcimail.com
Subject: Yet another White House address
MCI Mail announced yet another E-Mail address for messages to be sent to
the White House. It stated in the note that messages sent to the address
would be sent as paper mail to the White House via the USPS, rather than
as E-Mail.
The implication, since the usual charge for individual messages is 50c for
the first 500 characters, that this could conceivably be something that
the White House is paying for, since MCI Mail permits "autoforwarding" of
a message sent to a mailbox to be sent to a fax number, another E-Mail
address or a Paper Mail address.
If MCI is doing this to encourage MCI Mail subscribers to send messages,
then messages from users on Internet will almost certainly either bounce
or not be sent.
I encourage people on Internet to try sending a message to the address
supplied by MCI Mail for messages to the White House to see what happens.
I guess that's all I need to say.
OH YES! You need the E-Mail address, don't you? :)
0005895485@MCIMAIL.COM
---
Paul Robinson -- TDARCOS@MCIMAIL.COM
------------------------------
Subject: Re: Employee Monitoring Systems
Date: Wed, 17 Mar 93 09:53:57 EST
From: Bill Hefley <weh@sei.cmu.edu>
Ellen Wentz writes that she is "currently doing research on the impacts of
computer-based monitoring systems on employee behavior," and invites
comments.
I'd recommend a rather extensive report on the subject that should be
available through libraries, especially government repository libraries. It is
now out of print at the Government Printing Office.
Title The Electronic Supervisor : new technology, new tensions.
Organization United States. Congress. Office of Technology Assessment.
Publisher Washington, D.C. : Congress of the United States, Office of
Technology Assessment, [1987]
Description book vii, 141 p. : ill. ; 26 cm.
Subjects Supervision of employees - Data processing.
Privacy, Right of - United States.
Quality of work life - United States.
Notes Includes bibliographical references.
Date 1987
Language english
Standard No. $6.50
Sudoc Y 3.T 22/2:2 El 2/7
OCLC No. 16869147
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Subject: Re: Dorothy Denning's article in Comm. of ACM
Date: Wed, 17 Mar 93 10:29:08 CDT
Phones: (414) 229-5170 office; 962-4719 home; 229-6958 fax
Michael T. Palmer <m.t.palmer@larc.nasa.gov> writes:
>Well! Maybe it's just me, but I thought wiretapping was used against
>SUSPECTS that MAY have committed a crime. Hmmm. Now we really open
>that can of worms, don't we? Because this means that private citizens
>who MAY or MAY NOT have committed a crime (and all the people who talk
As an aside, watch the use of the term "suspect". Police use the term
far too widely, blurring the term "suspect" with what should be called
"perpetrator". For example, in a recent event on this campus the
police reported that "the suspect was seen running down the hall
carrying the stolen object" or some such comment. That is not true.
The perpetrator of the crime was seen. Later, when someone was
arrested that person should be called a suspect. When convicted, he
or she is a convicted criminal.
This is not a trivial difference. It took a long time to get the
police and the authorities to understand that they do not catch
criminals, they catch suspects. The courts then determine if the
suspect is a criminal. Now we see them blurring the line again, being
unable (or more likely unwilling) to see the difference between who
actually did it (the perp) and who they have taken into custody (the
suspect).
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Leonard P. Levine e-mail levine@cs.uwm.edu |
| Professor, Computer Science Office (414) 229-5170 |
| University of Wisconsin-Milwaukee Home (414) 962-4719 |
| Milwaukee, WI 53201 U.S.A. FAX (414) 229-6958 |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
------------------------------
Organization: Penn State University
Date: Wed, 17 Mar 1993 16:17:44 EST
From: "Peter M. Weiss" <PMW1@psuvm.psu.edu>
Subject: Re: What is passwording?
In article <comp-privacy2.25.1@pica.army.mil>, "Michael A. Vitale"
<vitale@athena.cas.vanderbilt.edu> says:
>[Moderator's Note: It's calling up all your accounts and telling the
>person you want to 'password' you account. After your account is
>passworded no information can be given out unless the requestor knows the
>password. ._dennis ]
How is the "bad guy" prevented from spoofing you, _before_ your account
is passworded, requesting that your account now be passworded -- locking
out the legitimate owner?
/P
[Moderator's Note: I password my accounts when I open them up. You might
say I am a frequent mover :-). If somebody has passworded you account
you can write them or see them in person. ._dennis ]
------------------------------
Date: Wed, 17 Mar 93 15:12:57 PST
From: RISKS Forum <risks@csl.sri.com>
Subject: [ac388@freenet.hsc.colorado.edu (Jack Decker): Use of Medical
Clearing House]
Use this if you wish. It seems less appropriate for RISKS.
---------------
Received: from [35.214.1.1] by csla.csl.sri.com with SMTP id AA20093
(5.65b/IDA-1.4.3.12 for risks); Wed, 10 Mar 93 07:02:36 -0800
Date: Wed, 10 Mar 93 09:30:43 EST
Message-Id: <265@freenet.hsc.colorado.edu>
From: ac388@freenet.hsc.colorado.edu (Jack Decker)
To: risks@csl.sri.com
Subject: Use of Medical Clearing House
Lines: 43
X-Mailer: PCElm 3.01
[Moderator's Note: This was forwarded to me from Peter Neumann,
moderator of the Risks Digest. ._dennis ]
The following message first appeared in a Fidonet conference called
ADAJOBS (I got it via the EMPLOYMENT conference on BIZynet, a
Fidonet-technology business-oriented network). The risks of the use of
such a database as the one described below should be obvious (how does one
know if they were denied employment because of information contained in
this database? For that matter, how does one even know if the information
contained in the database is accurate?). Any replies should probably go
to the original author (Herbert Mansmann at Fidonet address 1:273/201,
which is herbert.mansmann@f201.n273.z1.fidonet.org in Internet notation):
=====================================================================
* Forwarded by Chris Gunn (1:202/1008)
* Area : ADAJOBS (ADAnet - Job Hunting When Disabled)
* From : Herbert Mansmann, 1:273/201 (08 Mar 93 10:55)
* To : All
* Subj : USE OF MEDICAL CLEARING HOUSE
=====================================================================
I have been told by several personnel recruiters that something known as
the Medical Clearing House exists for companies or other employers to check
on person's medical expenses before hiring them, similar to a credit check.
This information is kept in regional databases and is accessible over the
phone to high level employee relations personnel at major corporations
only. Supposedly it is illegal to release this information to unauthorized
users, but it is being done routinely for high medical expense individuals
since the penalties are few, the savings can be substantial, and the
enforcement of the laws against this are lax. Our daughter has Cystic
Fibrosis which has very high medical costs associated over many years. We
believe this information and information about other medical conditions
that do not interfere with someone's ability to work is being sold to avoid
medical costs. Since over two thirds of the employers now self-insure
instead of utilizing a real insurance company, they are motivated to
eliminate these costs. If you have any information about this practice,
please respond on E-mail or anonymously to Herbert Mansmann, 224 Swedesford
Rd., Malvern, PA 19355. It is important to get this subject out in the
open and to include it in healthcare reform. Thanks. Feel free to call
(215)647-3698.
--- TMail v1.31.3
* Origin: U.S. Telematics, Yardley PA (215)493-5242 (1:273/201)
Jack Decker | Internet: ac388@freenet.hsc.colorado.edu
Fidonet: 1:154/8 or jack.decker@f8.n154.z1.fidonet.org
Note: Mail to the Fidonet address has been known to bounce. :-(
------------------------------
From: news@cbnewsh.att.com
Date: Thu, 18 Mar 93 21:13:49 GMT
Subject: Re: Social Security Numbers as ID
In article <comp-privacy2.25.5@pica.army.mil> Wm Randolph Franklin <wrf@ecse.rpi.edu> writes:
That's interesting, because in some (most?) places, the police want an
SSN when they arrest you. There was a local case a few years back,
where someone was charged with, approx, obstruction of governmental
administration for refusing. He beat that charge, but it probably took
some work.
A few years ago I was arrested for photographing some cops
(technically the charge was "interference with an officer", but ...)
and during the booking process they asked for my SSN, which I refused.
They told me I had to give them the number, I said I'd like to see the
law, they said "I'll bet you *would*", I said I'd like to see my
lawyer, they said I couldn't see my lawyer, I said they'd already read
me my Miranda rights and now they were trying to violate them, they
said, ok I could see my lawyer *after* they finished booking me, but
that they wouldn't be finished booking me until they had my SSN. I
said I wanted to see my lawyer *now* and he *was* out in the hall,
since he'd been at the events that led me to photograph the
miscreants.
After a few conversations between the cop and the sergeant out in the
hall, we arrived at the truth of the matter, which was along the lines
of
"This isn't a threat, it's just a choice you can make", and
that if I wanted to remain silent I could do so at the county jail,
under somewhat more severe charges than I was currently charged with,
and that since I was scheduled to leave on vacation the next day and
bail for additional bogus charges was more than a cash machine could
cough up in one night, and wasn't it a shame that it was Saturday night
and the judge wouldn't be in until Monday to do habeas corpus. Since I
know a threat as well as the next guy, I chickened out.
Well, it took about 9 months before we got a trial scheduled so they
could dismiss all the bogus charges in return for me not suing them
for false arrest, and by the time I'd gotten sufficiently
non-disgusted to look up the Privacy Act of 1974 and all the nifty
parts about $5000 fines for individual government employees who
violate it, the 2-year statute of limitations had expired.
However, if this happens to you, or if it happens to me again,
you can point out to the nice police officers that the fines in
US Code, Title 5, Section 552a apply to them *personally* and not
merely to their town government, and you can read the gory details
making it hard to enforce that afterwards.
[Moderator's Note: Does anyone have the text of USC Title 5, Section
552a? ._dennis ]
--
# Pray for peace; Bill
# Bill Stewart 1-908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
# Disclaimer available by finger (if you can get through our firewall :-)
------------------------------
End of Computer Privacy Digest V2 #026
******************************