Date: Mon, 12 Apr 93 16:30:53 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#032
Computer Privacy Digest Mon, 12 Apr 93 Volume 2 : Issue: 032
Today's Topics: Moderator: Dennis G. Rears
Re: Information privacy and applying for an apartment
Re: Information privacy and applying for an apartment
Re: What can "they" do with my SSN?
Re: Controlled Items
Re: Controlled Items
ssn as authenticator
Re: Availability of Records
Re: Availability of Records
Re: Computer Privacy Digest V2#030
Re: [Christina Cole: Email Privacy]
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 8 Apr 93 16:57:13 -0700
From: "Glenn S. Tenney" <tenney@netcom.com>
Subject: Re: Information privacy and applying for an apartment
Dave Gomberg said that when he rented an apartment he needed an SSN to get
a credit check. Sorry, Dave, they may have TOLD you they needed it, but
none of the three major credit bureaus need it nor do they charge extra if
you don't have it -- this from both experience and talking with senior VP's
of those companies. They can, and do type in the person's name and address
and pull reports all the time. If there is no hit that way, or there is
more than one hit, then something like age/date-of-birth can be used to
pull up the right one -- or you can decline credit for lack of a credit
report.
It may be that the intermediary company (not the bureau itself) refused to
do a search without the ssn, or the person there just thought they had to
have it...
---
Glenn Tenney
tenney@netcom.com Amateur radio: AA6ER
Voice: (415) 574-3420 Fax: (415) 574-0546
------------------------------
From: bsherman@mthvax.cs.miami.edu (Bob Sherman)
Subject: Re: Information privacy and applying for an apartment
Date: 11 Apr 1993 03:52:36 -0400
In <comp-privacy2.31.5@pica.army.mil> Brinton Cooper <abc@brl.mil> writes:
>I should know this, but I don't: Is the SSN required for obtaining
>reports from credit reporting bureaus?
>_Brint
It certainly helps if you have it, and there are many ways to find it
out if you don't know it, but need it, including from the credit bureaus.
If you know a persons name and address, most of the time you can locate
their SSN through public records. If you know their name and DOB you
can also sometimes locate their SSN. The information web has become so
widespread now, it is hard to escape it..
--
bsherman@mthvax.cs.miami.edu | | MCI MAIL:BSHERMAN
an764@cleveland.freenet.edu | |
------------------------------
From: chris.carpenter@loebbs.com (Chris Carpenter)
Subject: Re: What can "they" do with my SSN?
Date: 8 Apr 93 20:29:00 GMT
Organization: The LAND OF ENCHANTMENT BBS! Albuquerque, NM 505 857-0836
TO: All
David Hoffman <hoffman@xenon.stanford.edu> asked:
>.After reading many articles here about how not to give your SSN away,
>.it occurs to me that I don't know WHY I shouldn't give it away. What
>.can some third party do with my SSN that I wouldn't like? I think
>.every credit card company in the world probably knows mine by now.
Where I work or what I do doesn't matter. If I have sufficient
knowledge of various agencies operations I can destroy your credit, give
you a legal/traffic record (Issue a Warrant for your arrest), obtain/use
your credit card #'s, assume your identify when conducting paper
business with uncle sam, utilize your Social Security Benefits and much
much more... whatever my imagination and ability enables.
-Chris
(chris.carpenter@loebbs.com)
---
* OLX V3.0 * LOE BBS - Where we operate at a 90. angle to reality
------------------------------
From: news@cbnewsh.att.com
Date: Fri, 9 Apr 93 02:27:18 GMT
Subject: Re: Controlled Items
Organization: Sorcerer's Apprentice Cleaning Services
In article <comp-privacy2.29.3@pica.army.mil> Richard Pierson <fist@iscp.bellcore.com> writes:
Just noticed something today while filling up the ole
commuter car today, a sign was posted on the diesel
pump of the selfserv I use in PA.
"All customers purchasing diesel fuel MUST fill out
a 'receipt' BEFORE fuel will be dispensed".
....
Is diesel now a controlled item ?
Just a guess -- at most self-serve gas stations I've been to, you have
to pay before pumping the gas, to reduce the probability that you fill
up your car and leave without paying. Most diesel use is business -
there are a few diesel Rabbits or Oldsmobiles around, but it's mostly
trucks - and businesses almost always want receipts, and often have
accounts at gas companies they deal with a lot.
Having *you* fill out the receipt is probably their way of handling the
pay-before-use and the business paperwork at the same time,
with minimal labor on their part.
Of course, here in New Jersey, we're not allowed to pump our own gas...
the small retailers have the legislature cooperating with them,
and any time they get enough pressure to think about changing it,
people make lots of speeches about safety and little old ladies write
letters to the Star-Ledger about how they'd have to pay lots more
money to have their gas pumped for them and how can these cruel people
treat their grandmas like that ... so we keep paying to get our gas pumped.
--
# Pray for peace; Bill
# Bill Stewart 1-908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
# Disclaimer available by finger (if you can get through our firewall :-)
------------------------------
From: Richard Pierson <bellcore!iscp.bellcore.com!fist@uunet.uu.net>
Subject: Re: Controlled Items
Organization: Bellcore
Date: Mon, 12 Apr 93 12:14:49 GMT
In article <comp-privacy2.29.3@pica.army.mil>, Richard Pierson
<fist@iscp.bellcore.com> writes:
|> Just noticed something today while filling up the ole
|> commuter car today, a sign was posted on the diesel
|> pump of the selfserv I use in PA.
|>
|> "All customers purchasing diesel fuel MUST fill out
|> a 'receipt' BEFORE fuel will be dispensed".
|>
|> I went inside and asked about this "receipt" and was
|> shown a form, from the Govt, that had Name,address,lic#,
|> Plate#, gallons, price, phone#. The attendent had no
|> idea what it was for but said she had to fill it out
|> using the purchasers license for info. Is this a federal
|> or state thing, the receipt had no ID as to who it was
|> from and I looked for a form number all over it. This
|> receipt is required whether cash or card is used. She
|> said that she thinks the owners put it in with the state
|> tax money they submit monthly for fuel taxes. This form
|> also gets validated on a printer at time of purchase.
|>
|> Is diesel now a controlled item ?
|>
|> --
Found out from the owner of the service station
that the diesel record form is from the federal gov.
It is make sure that the taxes are payed on all diesel
fuel sold. It is also supposed to be a method to keep
the sales points from selling home heating oil as diesel
fuel and thus avoid paying the tax.
--
##########################################################
There are only two types of ships in the NAVY; SUBMARINES
and TARGETS !!!
#1/XS1100LH DoD #956 #2 Next raise
Richard Pierson E06584 vnet: [908] 699-6063
Internet: fist@iscp.bellcore.com,|| UUNET:uunet!bcr!fist
#include <std.disclaimer> My opinions are my own!!!
I Don't shop in malls, I BUY my jeans, jackets and ammo
in the same store.
------------------------------
Date: Fri, 9 Apr 93 05:51:56 PDT
From: "David P. Reed" <reed@interval.com>
Subject: ssn as authenticator
A number of recent messages address the issue of why ssn's are needed for
various transactions in society. Underlying this is an apparent new
concern about misuse of the ssn. Originally the concern was unreasonable
linking of personal records in unrelated data bases (such as credit bureaus
and criminal/medical records bureaus). The privacy issue was the familiar
"big brother" one -- the creation of an all-knowing agency that sees all
sides of us, rather than just the side relevant to a mutual purpose.
The new issue seems to be that some agencies use ssn as some kind of
digital signature or authenticator to verify identity of an otherwise
anonymous purported person. I find it hard to believe that a court would
support a vendor who tried to claim that a valid contract existed because
they had received a correct SSN from a deliberate imposter as their only
proof of identity. On the other hand, stranger things have happened.
Every time I get money from someone, I MUST provide my SSN (so they can
file a 1099 form with the IRS, except in certain cases where I am allowed
through "backup withholding" to pay for anonymity). There is a deep
conflict between this use, which does not provide "proof" of identity, and
use as an authenticator.
Presumably anyone who uses a SSN as an authenticator of identity is
assuming a serious risk, and should be responsive to that point. At the
same time, this particular risk of ssn use to privacy (being "forced" to
divulge one's signature) would seem to be minor compared to the "big
brother" one of allowing data to be linked.
------------------------------
From: Executive Protection Assoc <cntrspy@netcom.com>
Subject: Re: Availability of Records
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Date: Fri, 9 Apr 1993 16:41:46 GMT
It all depends on the state, in California for instance you cannot release
DMV information without paying a permit fee, application, etc.
Most of the other things you mentioned are public record, and most states
are automated so that all I have to do is log onto a service, put in my
request and have results back within minutes to 1-2 days.
There is very little that is actually "private" information anymore, I can
even get your spending habits on CD rom if I want to cross reference.
It is scary how little privacy we really have left !!
Anyone with the fee for service activation, and a PC can access any/all
of these records, and If I can't get the info in one state, I go out of
state to another service who will happily supply it (legally) from that
state.
Hope this information wakes a few people up !!!
Rasch@dockmaster.ncsc.mil wrote:
: I am interested in learning whether anybody has done some comprehensive
: research on whether journalists (or anyone else) have lawful access to
: the following in all 50 states (or federally):
:
: (1) Police criminal history records (rap sheets) which are printed out
: by name of accused
:
: (2) Police blotter information -- records of arrest, conviction,
: relelease, etc.
:
: (3) Arrest reports and backup documents
:
: (4) Department of Motor Vehicle records
:
: (5) Police intelligence files
:
: In essence, my question is this -- if the police provide any or all of
: this information to a reporter doing a story, have either or bi�oo�th�t of
: them committed a crime?
:
------------------------------
From: bsherman@mthvax.cs.miami.edu (Bob Sherman)
Subject: Re: Availability of Records
Date: 11 Apr 1993 03:45:29 -0400
In <comp-privacy2.31.3@pica.army.mil> Rasch@dockmaster.ncsc.mil writes:
>I am interested in learning whether anybody has done some comprehensive
>research on whether journalists (or anyone else) have lawful access to
>the following in all 50 states (or federally):
>(1) Police criminal history records (rap sheets) which are printed out
>by name of accused
yes, in many, but not all states. yes in most counties in the country,
yes at the federal level. most require dob or ssn in addition to
the accused name.
>(2) Police blotter information -- records of arrest, conviction,
>relelease, etc.
yes on blotter information, see above for arrest records
>(3) Arrest reports and backup documents
>(4) Department of Motor Vehicle records
yes in almost every state.
>(5) Police intelligence files
depends on many factors, such as active or inactive cases, freedom of
information laws etc..
>In essence, my question is this -- if the police provide any or all of
>this information to a reporter doing a story, have either or biot of
>them committed a crime?
No based on above comments... There is no crime in providing public
documents to the public. Unless the state involved has deemed the
particular record(s) as not public. However most of the above are
considered public in most areas. There are also many other types of
records also considered public, including such things as court records
(arrests, any documents introduced during hearings, trials etc,
convictions, releases etc.), real estate records, voter records, and
much, much more.
--
bsherman@mthvax.cs.miami.edu | | MCI MAIL:BSHERMAN
an764@cleveland.freenet.edu | |
------------------------------
From: sean@sdg.dra.com
Subject: Re: Computer Privacy Digest V2#030
Date: 9 Apr 93 23:50:12 CST
Organization: Data Research Associates, St. Louis MO
In article <comp-privacy2.31.1@pica.army.mil>, Dave Gomberg <GOMBERG%UCSFVM.BITNET@cornellc.cit.cornell.edu> writes:
> In reply to Hans Lachman and why a SSN is needed to rent an apartment,
> he should know that an SSN saves about $30 in getting a credit check
> (the $30 is for getting his SSN). Wouldn't he think it abusive if he
> didn't give his number, and then was charged an extra $30 and they had
> it anyway?? And if they can't find it, they won't get a credit check
> and he won't get the apt. Refusing to give it out is just not
> reasonable IN THIS CASE.
Any reputable credit bureau can run a credit report without a SSN. Unless
a landlord is getting credit reports on the side, the lack of a SSN should
be of very little hinderance. The problem dealing with non-professional
credit managers, such as small landlords, is they often know as little
about how the credit reporting bureaus work as the typical consumer.
Remember the orginal complaint was the landlord refused to even
consider an application without a SSN, not there was a problem with the
applicant's credit history. While a landlord could refuse to rent to
someone who left "What is your middle initial?" blank on the rental
application, obviously not all the information on the application is of
equal necessity to make a decision. Whether the landlord is making a
rational decision not consider any application under any condition
without a SSN is debatable.
Of course landlords would like to know as much as possible about
perspective tenants. What was your Grade Point Average in college? Do
you own a noisy car? Have you been arrested, or convicted? Do you
have any psychological disorders? But what information does a
reasonable landlord need to make a rational decision? Is the Social
Security Number a piece of information so vital that it is impossible
for the landlord to make a decision without it? Or is the SSN just one
of several pieces a data that would be nice for the landlord to know
but not absolutely neccessary to make a decision?
The landlord could evaluate the application without the SSN, including
obtaining a credit report (assuming the landlord has an official
account with a credit bureau), and then decide whether to rent to the
person. If it turns out the landlord doesn't find a satisfactory
credit history (either because of ambigious information because of the
lack of a SSN, or because the SSN isn't valid) the landlord can then
decide not to rent to the person. If it turns out the person does have
a credit history that is satisfactory to the landlord (even if it
doesn't have a SSN, yes even people without SSN's have credit
histories), or because of other information (recomendation of a
previous landlord) the landlord can then decide to rent to the person.
But a typical landlord can't tell a valid SSN, from a fake one without
paying for a credit report. Why a landlord is willing to evaluate
applications that might have a fake 9-digit number in the SSN space,
but isn't willing to evaluate ANY application that leaves the SSN space
blank has very little to do with his need. But with his
misunderstanding of how the number is used. Most major creditors, such
as banks, credit cards, utility, etc will have procedures in place for
handling consumers without SSNs. But dealing with a small landlord is
pretty much beyond hope. They just don't have the credit management
background, so you'll never reach a common understanding.
An applicant should become suspicous if the creditor claims they can't
obtain a credit history without a SSN. This may indicate the creditor
is obtaining the credit reports through illicit means. By law the
applicant has the right to know which credit bureaus supplied
information to the creditor, and the creditor must tell the applicant
if the applicant asks.
[Moderator's Note: Then of course you have the big apartment complexes
that take the "Take it or leave it approach". They want a nonrefundable
charge for credit reports. They make the lease so tilted in their favour
and they get away with it because you need a place to live. I was
astonished when I moved to New Jersey from Florida at the nonflexibility
of landlords in NJ. ._dennis ]
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Domain: sean@sdg.dra.com, Voice: (Work) +1 314-432-1100
------------------------------
From: Paul Hardwick <hardwick@panix.com>
Subject: Re: [Christina Cole: Email Privacy]
Organization: PANIX Public Access Unix, NYC
Date: Sat, 10 Apr 1993 04:26:05 GMT
In <comp-privacy2.31.6@pica.army.mil> Brinton Cooper <abc@brl.mil> writes:
> Christina Cole <tinacole@uxa.cso.uiuc.edu> seeks information from/about
>employees whose
>"... private email messages had been intercepted by their
>supervisors..."
>and what to do if/when this occurs.
>Actually, the thing to do is not to send "private" e-mail on a computer
>owned by someone else and provided solely so that the employee can
>do the employer's (i.e., owner's) work more efficiently. Those of us
>who insist on the right to privacy of e-mail should sign up with
>services such as CompuServe. You may not be physically more secure, but
>you have a clear expectation to privacy when the service is being
>provided for YOUR convenience.
>_Brint
I am not sure if you actually have this clear expectation of privacy. two
of the most recent cases that have made headlines were based on E-Mail
taken from commercial services.
1-At Borland the E-mail being used in a theft of information case invloves
many E-Mail letters that were taken from MCI. The trick in this case is
that Borland paid for the account and therefore felt that THEY OWNED the
contents of that E-Mail box.
2-A second case was a while back at Epson( I think). A person in the
department that ran the E-mail was recording/browsing the messages that
went by into/out of peoples accounts. This included BOTH internal E-Mail
systems and E-Mail that was obtained over the gateway from MCI. I am not
sure who excatly paid for these accounts on MCI but I do not belive that
EPSON paid for all of them.
It is safer to expect NO PRIVACY AT ALL on E-Mail unless something
EXPLICITLY guarentees it. That can be law on public carriers such as CI$
or MCI. or explicit statements on used by the owners/maintainers on
private/inhouse systems.
--Paul
--
+-------------------------------------------------------------------------+
| Paul Hardwick | Technical Consulting | InterNet: hardwick@panix.com |
| P.O. Box 1482 | for MVS (SP/XA/ESA) | Voice: (212) 535-0998 |
| NY, NY 10274 | and 3rd party addons | Fax: (212) Pending |
------------------------------
End of Computer Privacy Digest V2 #032
******************************