Date: Fri, 16 Apr 93 15:34:03 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#033
Computer Privacy Digest Fri, 16 Apr 93 Volume 2 : Issue: 033
Today's Topics: Moderator: Dennis G. Rears
Re: Computer Privacy Digest V2#032
Re: ssn as authenticator
SSN
National ID Card and the end of Privacy
Don't post to this group!
SOURCE to Macintosh PGP 2.2 in C available
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Mon, 12 Apr 93 16:32:33 PDT
From: Al Sargent <asargent@us.oracle.com>
Subject: Re: Computer Privacy Digest V2#032
~~
~~ From: chris.carpenter@loebbs.com (Chris Carpenter)
~~ Subject: Re: What can "they" do with my SSN?
~~ Date: 8 Apr 93 20:29:00 GMT
~~ Organization: The LAND OF ENCHANTMENT BBS! Albuquerque, NM 505 857-0836
~~
~~ TO: All
~~
~~ David Hoffman <hoffman@xenon.stanford.edu> asked:
~~
~~ >.After reading many articles here about how not to give your SSN away,
~~ >.it occurs to me that I don't know WHY I shouldn't give it away. What
~~ >.can some third party do with my SSN that I wouldn't like? I think
~~ >.every credit card company in the world probably knows mine by now.
~~
~~ Where I work or what I do doesn't matter. If I have sufficient
~~ knowledge of various agencies operations I can destroy your credit, give
~~ you a legal/traffic record (Issue a Warrant for your arrest), obtain/use
~~ your credit card #'s, assume your identify when conducting paper
~~ business with uncle sam, utilize your Social Security Benefits and much
~~ much more... whatever my imagination and ability enables.
~~
~~ -Chris
~~ (chris.carpenter@loebbs.com)
~~
This last risk -- the use of your Social Security Benefits by someone other
than yourself -- is a very real one. Over a year ago, when I applied for
unemployment insurance, I found that someone had somehow acquired my
SSN and had been collecting benfits on it. The guy at the unemployment
agency said that the numbers get collected and sold to illegal immigrants.
Of course, there was nothing he could do to correct the situation. He told
me that I would have to take care of the problem by going to the
social security administration office.
In my case, the government did not even check to make sure that my SSN
matched my name. They just gave this guy benefits because he could come
up with a valid SSN. It is truly amazing how inept the government is with
validating information that so much of our society is based on.
Al
--- net.disclaimer:
--- do you really think my opinions are those of my employer?
------------------------------
From: Joel M-for-Vnews Snyder <jms@opus1.com>
Subject: Re: ssn as authenticator
Date: 12 Apr 1993 21:50 MST
Organization: Opus One
Distribution: world
Reply-To: jms@opus1.com
News-Software: VAX/VMS VNEWS 1.50A
In article <comp-privacy2.32.6@pica.army.mil>, reed@interval.com (David P.
Reed) writes...
>Every time I get money from someone, I MUST provide my SSN (so they can
>file a 1099 form with the IRS, except in certain cases where I am allowed
>through "backup withholding" to pay for anonymity). There is a deep
>conflict between this use, which does not provide "proof" of identity, and
>use as an authenticator.
Not strictly true. An organization paying funds to an incorporated
entity may not require the employee of the incorporated entity to
provide a personal SSN. Organizations also don't file 1099s on
money they give to corporations.* As a payee, you can use the corporate
veil, at least, to save passing out your SSN. I suspect it's not worth
it, but it is possible for the truly ambitious.
jms
Joel M Snyder, 1103 E Spring Street, Tucson, AZ, 85719
Phone: 602.882.4094 (voice) .4095 (FAX) .4093 (data)
Internet: jms@Arizona.EDU BITNET: jms@Arizona
Yow! I just went below the poverty line!
* Not strictly true; something to do with medical payments you have to
report, but I never cared about that, and something else to do with
payments in lieu of interest or dividends.
------------------------------
From: fec@arch2.att.com
Date: Tue, 13 Apr 93 14:42 EDT
Original-From: arch2!fec (F E Carey +1 908 949 8049)
Subject: SSN
I have just been summoned for jury duty in Hunterdon County, New
Jersey. Along with the summons came a short questionnaire to be
promptly returned. On it I am expected to report such things as my
drivers license number, whether I have served as a juror in the last
year, whether I speak English, etc. And, of course, I'm asked to
divulge my Social Security Number. The court system further explained
in the summons package that jurors are selected, in part, from drivers
license files and that drivers license numbers are used to
differentiate people with the same name living at the same address.
After carefully reviewing all requested information and deciding that
my drivers license number is adequate identification, I decided to
omit my SSN and returned the questionnaire yesterday without it.
Does anybody know of any reason why the court would have a legitimate
need for my SSN? Do they withhold from the meager juror pay? Would it
be reasonable to argue that the SSN isn't needed until a person is
actually selected and reports for duty? Am I being paranoid?
Frank Carey at Bell Labs f.e.carey
[Moderator's Note: They need it for pay purposes. You can avoid giving
it to them up unitl the time you are chosen for jury duty. ._dennis ]
------------------------------
From: The Jester <ygoland@wright.seas.ucla.edu>
Subject: National ID Card and the end of Privacy
Date: 13 Apr 93 19:29:03 GMT
I am curious if anyone has any FACTS regarding the 'national medical
ID card'. Is the Clinton administration aware of the horendous
privacy implications this card has? How have they addressed these
issues? If you thought SSN's were bad, wait till you see what this
baby will do!
Please Post All Facts Available,
The Jester
--
The Jester -PGP VER2 Key on Request
Why all Politicians should be like Ross Perot:
"Hes too short to be seen, to rich to be bribed, and will quit
before he does any real damage"-Jay Leno
------------------------------
From: Mitch Collinsworth <mkc@graphics.cornell.edu>
Subject: Don't post to this group!
Date: 14 Apr 1993 17:02:48 -0400
Organization: Cornell University Program of Computer Graphics
Junk-Mail: Just say no.
Don't post to this newsgroup if you don't want to receive junk mail (yes,
snail mail) from Robert Ellis Smith's Privacy Journal. (And at over $100
for a subscription you really gotta be into this stuff to want it!)
Perhaps we need to invent a new header line to include in news postings
that indicates if the poster wishes not to receive junk mail. See
sample above.
Sheesh! What will they think of next?
-Mitch Collinsworth
mitch@graphics.cornell.edu
[Moderator's Note: It appears that the address was taken from his
.signature address. In a followup to a question of mine. Mitch writes:
It's not an e-mail solicitation, it's paper mail, but I feel certain it
was due to my having posted to comp.society.privacy a few times in the
past. Evidence of this is that the envelope is not addressed at all like
any address I ever use. Instead it contains the information available
from the headers of my news postings:
Mitch Collinsworth
Cornell University Program
of Computer Graphic
Ithaca, NY 14851
Except for the (incorrect) zip code, the above is contained in my From:
and Organization: news headers.
I couldn't tell you about alt.privacy or PRIVACY Forum. I have never read
alt.privacy, let alone posted there. I subscribe to PRIVACY Forum, but have
never posted. But the Organization: header doesn't go out in e-mail, only
in news postings. Also, for what it's worth, the PRIVACY Forum information
message contains the following:
>The names and e-mail addresses of subscribers to the PRIVACY Forum
>mailing list are private (naturally).
Now comp.society.privacy is not the only newsgroup I've ever posted to,
but it's the only one with any relavence to the topic of privacy.
._dennis ]
-Mitch Collinsworth
mitch@graphics.cornell.edu
------------------------------
From: 1016/2EF221 <grady@netcom.com>
Subject: SOURCE to Macintosh PGP 2.2 in C available
Organization: capriccioso
Date: Thu, 15 Apr 1993 22:38:53 GMT
Apparently-To: comp-society-privacy@uunet.uu.net
*** SOURCE code to Macintosh PGP 2.2 now available via anonymous FTP ***
FTP netcom.com
CD pub/grady
MGET MacPGP2.2src.sea.hqx
MGET MacPGP2.2srcSIGNATURE
Convert to a Compact Pro self-extracting archive with BinHex 4.0.
If appropriate, check the digital signature of the .hqx file with
your copy of PGP. (Non-Macintosh users wishing to check the digital
signature please note that 'CR' denotes the end-of-line on a Macintosh,
not 'LF' or 'CRLF'.)
For the purposes of the ITAR act, this 'unclassified technical
documentation' is hereby released into the public domain. (However
no representation is made as to copyright or other commercial rights
that may exist in this package.)
Full source code, Symantec THINK C 5.0.4 projects and full user
documentation is included for both 68020 and 68000 versions of Pretty
Good Privacy, a strong public key encryption and digital signature
application using the RSA algorithm patented in the United States
and the IDEA cipher patented in Switzerland.
No executables are included.
Executables are available via anonymous FTP from:
leif.thep.lu.se (Sweden)
night.nig.ac.jp (Japan)
van-bc.wimsey.bc.ca (Canada)
soda.berkeley.edu (P.R. of Berkeley)
src.doc.ic.ac.uk (United Kingdom)
ghost.dsi.unimi.it (Italy)
plaza.aarnet.edu.au (Australia)
nic.funet.fi (Finland)
Other's public keys are available from anonymous server sites:
(Send message subject "help" for more information.)
Internet sites:
pgp-public-keys@junkbox.cc.iastate.edu
Michael Graff
explorer@iastate.edu
FTP: tbird.cc.iastate.edu:/usr/explorer/public-keys.pgp
pgp-public-keys@toxicwaste.mit.edu
Derek Atkins
warlord@MIT.EDU
FTP: toxicwaste.mit.edu:/pub/keys/public-keys.pgp
pgp-public-keys@phil.utmb.edu
John Perry
perry@phil.utmb.edu
FTP: phil.utmb.edu:/pub/pgp/public-keys.pgp
pgp-public-keys@demon.co.uk
Mark Turner
mark@demon.co.uk
FTP: ftp.demon.co.uk:/pub/pgp/pubring.pgp
UUCP site:
pgp-public-keys@jpunix.com
John Perry
perry@jpunix.com
The executable application built from these sources has NOT been
licensed by RSA Data Security, Inc. nor has the RSA public key
algorithm or the IDEA block cipher algorithm been approved by
the National Security Agency.
This unclassified technical documentation is made available for
EDUCATIONAL USE ONLY; possession, distribution, or use of an
executable binary built from this source may be a civil or criminal
offense.
Suggested improvements, bugs, or comments should be directly posted
to alt.security.pgp or to the principal developers listed among
the source documents. General questions and comments about public
key cryptography or the IDEA cipher may be posted to alt.security.pgp
or to the sci.crypt Usenet groups.
--
grady@netcom.com 2EF221 / 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F
------------------------------
End of Computer Privacy Digest V2 #033
******************************