Date: Tue, 23 Mar 93 16:52:49 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#027
Computer Privacy Digest Tue, 23 Mar 93 Volume 2 : Issue: 027
Today's Topics: Moderator: Dennis G. Rears
: Social Security Numbers as ID
Re: Computer Privacy Digest V2#026
police asking arrestees for SSN (was: Social Security Numbers as ID)
Re: Digitizing signatures for credit card purchases
Re: Dorothy Dennings article in Comm. of ACM
Prof. D. Denning's trust in the FBI
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: news@saifr00.cfsat.honeywell.com
Subject: : Social Security Numbers as ID
Organization: Honeywell Air Transport Systems Division
Date: Fri, 19 Mar 93 03:01:37 GMT
In article 4@pica.army.mil, Matthew B Cravit <cravitma@student.msu.edu> () writes:
>I was discussing a recent bunch of bicycle and computer thefts here at Michigan
>State University with one of the campus police officers, and in the course of
>our discussion, I asked what he suggested one do by way of identifying
>property. I asked if it was advisable to put a SSN on the bottom of my computer
>by way of identification, as the police in Toronto (Canada) where I used to
>live suggested using your SIN (Canadian equivalent to an SSN) for
>identification of property. He said that quite apart from the fact that this
>is not a good idea from a privacy standpoint (I already knew that), putting a
>SSN on articles for identification was quite useless because he said that the
>Social Security Administration will NOT release the name belonging to a
>particular SSN to any local or state law enforcement agency FOR ANY REASON
>UNDER ANY CIRCUMSTANCES. Is this assertion of his correct?
>
>[Moderator's Note: This is true. The few law enforcement agencies I
>have dealt with have always recommended to use you driver license number.
>Of course this was before states starting using a SSN as a driver license
>number. ._dennis ]
>/Matthew Cravit, Undergraduate Communications/Computer Science Student
> Michigan State University, East Lansing, Michigan
> Internet: cravitma@studentc.msu.edu OR cravitm@clvax1.cl.msu.edu
The US Social Security Administration has the folowing program (at least,
they had it 2 years ago):
If you have someone's SSN and want to send them a letter, you can put it in
a stamped envelope and send it in another envelope, to the Social Security
Administration, requesting that it be send to that person. They forward it
to that person (or try to, anyway). They don't acknowledge the forwarding,
and of course you don't get that person's address from the Social Security
Admin., but that person has the choice of writing back to you.
----------------------------------------------------------------------------
S. Rathinam rathinam@saifr00.cfsat.honeywell.com
opinions, if any expressed, are mine and not my employer's
----------------------------------------------------------------------------
------------------------------
Date: Fri, 19 Mar 93 10:51:41 PST
From: Mark Bell <idela!bell@ide.com>
Subject: Re: Computer Privacy Digest V2#026
[Moderator's Note: Does anyone have the text of USC Title 5, Section
552a? ._dennis ]
Here's the part that has the fines:
Section 552a(i)(2) Any officer or employee of any agency who willfully
maintains a system of records without meeting the notice requirements
of subsection (e)(4) of this section shall be guilty of a misdemeanor
and fined not more than $5000.
Near as I can tell, the notice requirements referred to above means
that agents of the state cannot construct recordkeeping edifices
without due process.
There was a court case cited where a fellow said he would not furnish
his SSN on a voucher to receive a refund of some motor vehicle fees.
He would prevail if the state DMV SSN requirement had NOT been in
existence before 1974.
There was another court case cited where Aid to Families with Dependent
Children was denied because the applicant failed to obtain and disclose
SSN's for the children. This was held NOT to violate 552a.
After reading some of this stuff, I can see why there are lawyers.
What happens is, you read the law and it seems clear enough. Then you
read the notes that say what Congress' intention was and that seems OK
too. Then you sort of glance a few pages later and see what the
exceptions are, and they turn out to be bigger than the core law.
Stuff is grandfathered in, the CIA is excepted, there are exemptions
for "routine use" and it sort of goes on and on. But the bottom line
emerges if you have the right kind of lawbook. You want to read what
the court cases have been based on the law. These descriptions are
succinct and state the outcome clearly.
Your mileage may vary.
Mark Bell Applications Engineer, IDE Los Angeles bell@ide.com
------------------------------
From: Jonathan Thornburg <jonathan@hermes.chpc.utexas.edu>
Subject: police asking arrestees for SSN (was: Social Security Numbers as ID)
Organization: U of Texas at Austin / Physics Dept / Center for Relativity
Date: Sat, 20 Mar 93 07:34:30 GMT
In article <comp-privacy2.25.5@pica.army.mil> Wm Randolph Franklin
<wrf@ecse.rpi.edu> writes:
| [...] in some (most?) places, the police want an
| SSN when they arrest you. There was a local case a few years back,
| where someone was charged with, approx, obstruction of governmental
| administration for refusing. He beat that charge, but it probably took
| some work.
Gee, I wonder what happens if you don't have an SSN? Not everyone
arrested by American police is an American, certainly most foreign
tourists won't have SSNs...
Or alternatively, what if you have one but don't know it and don't
have the card with you?
- Jonathan Thornburg
<jonathan@hermes.chpc.utexas.edu> or <jonathan@einstein.ph.utexas.edu>
[until 31/Aug/93] U of Texas at Austin / Physics Dept / Center for Relativity
and [until ~Apr/93] U of British Columbia / {Astronomy,Physics}
------------------------------
From: "richard.b.dell" <rdell@cbnewsf.cb.att.com>
Subject: Re: Digitizing signatures for credit card purchases
Organization: AT&T
Date: Sat, 20 Mar 1993 18:51:36 GMT
In article <comp-privacy2.23.2@pica.army.mil> Dan Hartung <dhartung@chinet.chi.il.us> writes:
>wicklund@intellistor.com (Tom Wicklund) writes:
>>
>>Many stores are going to non-computerized forms of this -- they print
>>you a receipt, then print a second receipt which you sign and they
>>keep. You don't have a receipt with your signature.
>>
>>Since I doubt the store physically sends the signed receipt to the
>>bank, your bank also doesn't have a signed receipt unless they get it
>>from the store, which will have a hard time finding a particular
>>receipt out of the hundreds for a certain day.
>
Sometime ago I had occasion, I believe for warranty purposes, to get
a copy of the original receipt from Sears. They had absolutely no
trouble retrieving it and mailing me a copy within a week.
------------------------------
Date: Sat, 20 Mar 1993 17:05:48 -0500 (EST)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Re: Dorothy Dennings article in Comm. of ACM
In Computer Privacy Digest V2 #026 "Prof. L. P. Levine"
<levine@blatz.cs.uwm.edu> writes:
>Michael T. Palmer <m.t.palmer@larc.nasa.gov> writes:
>
>As an aside, watch the use of the term "suspect". Police use the term
>far too widely, blurring the term "suspect" with what should be called
>"perpetrator". For example, in a recent event on this campus the
>police reported that "the suspect was seen running down the hall
>carrying the stolen object" or some such comment. That is not true.
>The perpetrator of the crime was seen. Later, when someone was
>arrested that person should be called a suspect. When convicted, he
>or she is a convicted criminal.
The Suffolk County, NY, Police Departement uses the "perp", suspect,
criminal concept correctly.
My son was the victim of an Attempted Robbery in the 2nd degree last
December and the dectective in charge of the case used the terms in
their correct order. At first, it was the perpetrators and after the
arrests were made, they became the suspects. One is now a criminal
due to going into probation because of age and the other one is
awaiting trial after which he will become a criminal along with the
other one with the difference being my insistance of higher charges
for the "perp" than the accomplice.
The police as far as I'm concerned were very helpful and kind to us.
No one wants anything to happen to their kids and they helped us
get over a bad situation rather well.
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, NY 11973 (516)-282-3093
------------------------------
From: Carl Ellison <cme@ellisun.sw.stratus.com>
Subject: Prof. D. Denning's trust in the FBI
Date: 23 Mar 1993 21:31:52 GMT
Organization: Stratus Computer, Software Engineering
It's been pointed out several times that Dorothy Denning has an apparent
trust in the FBI not shared by many of us (or many people who remember
Watergate).
In her CACM articles (March 1993), she notes:
p.42 (right top): "none of the commentators has identified a single
act of wiretapping abuse occurring under the current wiretapping
statutes, which date back to 1968...."
Watergate occurred since 1968. Nixon's enemy list was since 1968. Granted,
this wasn't necessarily FBI behavior and may not have been related to the
statutes. So, the argument might run that the FBI is pure and therefore
this new authority should be given to them. However, in her main article,
she notes:
p.29 (middle, top): "Since the FBI conducts fewer than one-third of
all intercepts, the total benefits derived from electronic
surveillance by all law enforcement agencies is considerably
higher."
So, apparently, just giving the FBI permission to tap isn't good enough to
justify the legislation. This applies to state and local law enforcement
also. They're just as pure and uncorruptable as the FBI?
They might be. We see the local LE abuses first hand. We see FBI abuses
through J. Edgar's lingering PR campaign (eg., the TV series) so the FBI
looks pure to us.
Frankly I'm glad that
P.28 (middle middle): "The [Bush] administration, the Department of
Justice, and the FBI are all strong advocates for security in
telecommunications networks."
I hope the Clinton administration is at least as strong an advocate for
security in telecommunications. My approach is to use the strongest
encryption I can concoct, based on what I know and what's available to me
in order to ensure my communications security.
--
- <<Disclaimer: All opinions expressed are my own, of course.>>
- Carl Ellison cme@sw.stratus.com
- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
------------------------------
End of Computer Privacy Digest V2 #027
******************************